Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

Consumers Take Risk Trading Health Data For Health Insurance Discounts

Posted on August 28, 2015 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

When Progressive Insurance began giving car owners the option of having their driving tracked in exchange for potential auto insurance discounts, nobody seemed to raise a fuss. After all, the program was voluntary, and nobody wants to pay more than they have to for coverage.

Do the same principles apply to healthcare? We may find out. According to a study by digital health research firm Parks Associates, at least some users are willing to make the same tradeoff. HIT Consultant reports that nearly half (42%) of digital pedometer users would be willing to share their personal data in exchange for a health insurance discount.

Consumer willingness to trade data for discounts varied by device, but didn’t fall to zero. For example, 35% of smart watch owners would trade their health data for health insurance discounts, while 26% of those with sleep-quality monitors would do so.

While the HIT Consultant story doesn’t dig into the profile of users who were prepared to sell their personal health data today — which is how I’d describe a data-for-discount scheme — I’d submit that they are, in short, pretty sharp.

Why do I say this? Because as things stand, at least, health insurers would get less than they were paying for unless the discount was paltry. (As the linked blog item notes, upstart health insurer Oscar Insurance already gives away free Misfit wearables. To date, though, it’s not clear from the write-up whether Oscar can quantify what benefit it gets from the giveaway.)

As wearables and health apps mature, however, consumers may end up compromising themselves if they give up personal health data freely. After all, if health insurance begins to look like car insurance, health plans could push up premiums every time they make a health “mistake” (such as overeating at a birthday dinner or staying up all night watching old movies). Moreoever, as such data gets absorbed into EMRs, then cross-linked with claims, health plans’ ability to punish you with actuarial tables could skyrocket.

In fact, if consumers permit health plans to keep too close a watch on them, it could give the health plans the ability to effectively engage in post-contract medical underwriting. This is an unwelcome prospect which could lead to court battles given the ACA’s ban on such activities.

Also, once health plans have the personal data, it’s not clear what they would do with it. I am not a lawyer, but it seems to me that health plans would have significant legal latitude in using freely given data, and might even be seen to sell that data in the aggregate to pharmas. Or they might pass it to their parent company’s life or auto divisions, which could potentially use the data to make coverage decisions.

Ultimately, I’d argue that unless the laws are changed to protect consumers who do so, selling personal health data to get lower insurance premiums is a very risky decision. The short-term benefit is unlikely to be enough to offset very real long-term consequences. Once you’ve compromised your privacy, you seldom get it back.

Wearables Data May Prevent Health Plan Denials

Posted on August 27, 2015 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

This story begins, as many do, with a real-world experience. Our health plan just refused to pay for a sleep study for my husband, who suffers from severe sleep apnea, despite his being quite symptomatic. We’re following up with the Virginia Department of Insurance and fully expect to win the day, though we remain baffled as to how they could make such a decision. While beginning the complaint process, a thought occurred to me.

What if wearables were able to detect wakefulness and sleepiness, and my husband was being tracked 24 hours a day?  If so, assuming he was wearing one, wouldn’t it be harder for a health plan to deny him the test he needed? After all, it wouldn’t be the word of one doctor versus the word of another, it would be a raft of data plus his sleep doctor’s opinion going up against the health plan’s physician reviewer.

Now, I realize this is a big leap in several ways.

For one thing, today doctors are very skeptical about the value generated by patient-controlled smartphone apps and wearables. According to a recent survey by market research firm MedPanel, in fact, only 15% of doctors surveyed see wearables of health apps as tools patients can use to get better. Until more physicians get on board, it seems unlikely that device makers will take this market seriously and nudge it into full clinical respectability.

Also, data generated by apps and wearables is seldom organized in a form that can be accessed easily by clinicians, much less uploaded to EMRs or shared with health insurers. Tools like Apple HealthKit, which can move such data into EMRs, should address this issue over time, but at present a lack of wearable/app data interoperability is a major stumbling block to leveraging that data.

And then there’s the tech issues. In the world I’m envisioning, wearables and health apps would merge with remote monitoring technologies, with the data they generate becoming as important to doctors as it is to patients. But neither smartphone apps nor wearables are equipped for this task as things stand.

And finally, even if you have what passes for proof, sometimes health plans don’t care how right you are. (That, of course, is a story for another day!)

Ultimately, though, new data generates new ways of doing business. I believe that when doctors fully adapt to using wearable and app data in clinical practice, it will change the dynamics of their relationship with health plans. While sleep tracking may not be available in the near future, other types of sophisticated sensor-based monitoring are just about to emerge, and their impact could be explosive.

True, there’s no guarantee that health insurers will change their ways. But my guess is that if doctors have more data to back up their requests, health plans won’t be able to tune it out completely, even if their tactics issuing denials aren’t transformed. Moreover, as wearables and apps get FDA approval, they’ll have an even harder time ignoring the data they generate.

With any luck, a greater use of up-to-the-minute patient monitoring data will benefit every stakeholder in the healthcare system, including insurers. After all, not to be cliched about it, but knowledge is power. I choose to believe that if wearables and apps data are put into play, that power will be put to good use.

Accenture: “Zombie” Digital Health Startups Won’t Die In Vain

Posted on August 24, 2015 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

I don’t know about you, but I’ve been screaming for a while about how VCs are blowing their money on questionable digital health ventures. To my mind, their investment patterns suggest that the smart money really isn’t that smart. I admit that sorting out what works in digital health/mHealth/connected health is very challenging, but it’s far from impossible if you immerse yourself in the industry. And given how much difference carefully-thought out digital health tools can make, it’s exasperating to watch failing digital health startups burn through money.

That being said, maybe all of those dollars won’t be wasted. According to no less an eminence grise than Accenture, failing digital health ventures will feed the stronger ones and make their success more likely. A new report from Accenture predicts that these “zombie” startups — half of which will die within two years, it says — will provide talent and technology to their surviving rivals. (OK, I agree, the zombie image is a bit unsettling, isn’t it?)

To bring us their horror movie metaphor, Accenture analyzed the status of 900 healthcare IT startups, concluding that 51% were likely to collapse within 20 months.  The study looked at ventures cutting across social, mobile, analytics, cloud and sensors technologies, which include wearables, telehealth and remote monitoring.

While most researchers try to predict who the winners will be in a given market, Accenture had a few words to say about the zombie also-rans. And what they found was that the zombies have taken in enough cash to have done some useful things, collecting nearly $4 billion in funding between 2008 and 2013.

The investments are part of an ongoing funding trend. In fact, digital health dollars are likely to pour in over the next two years as well, with healthcare IT startups poised to take in $2.5 billion more over the next two years, Accenture estimates. Funding should focus on four segments, including engagement (25%), treatment (25%), diagnosis (21%) and infrastructure (29%), the study found.

So what use are the dying companies that will soon litter the digital health landscape? According to Accenture, more-successful firms can reap big benefits by acquiring the failing startups. For example, healthcare players can do “acqui-hiring” deals with struggling digital health startups to pick up a deep bench of qualified tech staffers. They can pick up unique technologies (the 900 firms analyzed, collectively, had 1,700 patents). And acquiring firms can harvest the startups’ technology to improve their products and services lineups.

Not only that — and this is Anne, not Accenture talking — acquiring healthcare firms get a wonderful infusion of entrepreneurial energy, regardless of whether the acquired firm was booking big bucks or not. And I speak from long experience. I’ve known the leaders of countless tech startups, and there’s very little difference between those who make a gazillion dollars and those whose ventures die. Generally speaking, anyone who makes a tech startup work for even a year or two is incredibly insightful, creative, and extremely dedicated, and they bring a kind of excitement to any company that hires them.

So, backed by the corporate wisdom of Accenture, I’ve come to praise zombies, not to bury them. While they may give their corporate lives, their visions won’t be wasted. With any luck, the next generation of digital health companies will appreciate the zombies’ hard work and initiative, even if they’re no longer with us.

Experiences Crafting a New API at Amazing Charts

Posted on August 21, 2015 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://radar.oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

A couple months ago, Amazing Charts announced an upcoming API for their new electronic health record, InLight. Like athenahealth, whose API I recently covered, Amazing Charts is Software as a Service (SaaS), offering its new EHR on the Web.

The impetus toward an API wasn’t faddish for Amazing Charts; they had a clear vision of what they wanted to achieve by doing so. They found that their interactions with various health care providers–payers, labs, radiologists, and others, along with accepting medical device data–has been hampered by reliance on common standards that involve HL7 messaging and EDI. The HL7 standards are inconsistently implemented and EDI is non-standardized, so each interface requires weeks of work.

I talked to Prayag Patil, product manager of patient engagement solutions at Amazing Charts. (They also offer patient portals to the institutions they serve.) For all their data exchanges, he said, they expect a RESTful API to provide standardization, speed, and simplicity in implementation. It should also be more suited to quick, fine-grained data transfers.

One of the common complaints of the older HL7 standards such as the CCD-A is that they are monolithic. EHR vendors and healthcare providers shove a lot into them without deciding what the recipient really needs. As Patil says, “it makes the 80% use case hard to do.” Nor is the standard used consistently by all correspondents (labs, practice management systems, devices, etc.), so extracting what’s really important at the receiving end is harder.

They’ve found that sluggish exchange has real effects on patient safety. For instance, a set of lab results, medications, and other information from a hospital discharge should be available immediately. If you wait, the patient their primary care provider won’t have it just after discharged, when its value is often critical, and the patient might lose interest and not bother to look at it later.

Amazing Charts, like athenahealth, also recognizes the value of a third-party marketplace. Patil says that innovation tends to “come from the smaller, scrappier vendors” that are enabled to produce useful apps by open APIs. The company already has a third party marketplace for apps in care coordination, revenue cycle management, patient engagement, and other tasks. But up to now the APIs weren’t published, so their developers had to work individually with any vendor who came to them, offering tools and the help needed to integrate with Amazing Charts’ service.

The company plans to introduce a patient engagement platform that will be open and accessible, with a focus on using standardized RESTful APIs to enable third party app developers to offer solutions. The company also plans to increase participation by creating thorough documentation for the APIs, and standardizing them. They are looking forward to standards such as FHIR, SMART-on-FHIR, and OpenID/OAuth, which are better specified and more consistently implemented than the currently available interfaces.

Here are the lessons I draw for others who are looking enviously at projects with APIs: going forward without all the pieces in place will be like driving on one flat tire. You just won’t get the results that you hoped for when investing in the project.

I applaud Amazing Charts for taking the difficult first steps toward API access, and doing it with good goals in mind. Their experience shows that an open API is still a hard process to get going–even as more and more companies take the leap–and one that calls for coordinated efforts throughout the organization in software design, publicity, documentation, and support.

Are EMRs Getting Worse Or Doctors Getting Smarter?

Posted on August 20, 2015 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

I know it sounds crazy — it’s hard to imagine doctors being more annoyed with EMRs than they already are — but according to one study that’s just what’s happening.

A newly-published study by the American Medical Association and the American College of Physicians’ AmericanEHR division suggests that doctors like the current crop of EMRs less than ever.

About half of study respondents said that their EMR was having a negative impact on costs, efficiency or productivity, the groups reported. Only 22% said they were satisfied with their EMR, and a scant 12% said they were “very satisfied.”

Doctors’ happiness with their EMRs has dropped substantially since five years ago, when 39% reported being satisfied and 22% said they were very satisfied, according to a prior study by AmericanEHR.  In other words, nearly 4 out of 10 doctors surveyed seem to have been content with what they had. But conditions have clearly changed.

The reasons for this are unlikely to be the result of mere peevishness. After all, with EMRs being a reality of doing business today, it seems unlikely that physicians would simply revert into sulking. Actually, my own unofficial survey — of several docs I’ve actually seen as a patient — suggests that most have gone through their stages of grief and decided that EMRs aren’t unholy. (My PCP said it best: “You get used to them, then they’re not so bad.”)

Instead, I’d argue, something good is actually happening, though it may not look that way on the surface. Having adapted to the need to use EMRs, physicians are engaging with them deeply, and beginning to expect more from them than a kludgy interface slapped on a slow database can provide.

Some are actually proposing that EMRs go beyond traditional medical record paradigm, something I see as an exciting development. For example, Dr. Arlen Meyers, CEO of the Society of Physician Entrepreneurs, argues that it’s time to “unbundle and re-engineer the care processes model” by introducing new templates into EMRs. In fact, he’s a fan of rethinking the hallowed SOAP (symptoms, objective findings, assessment and plan) approach to patient notes:

Given how things are changing, it might be time to give the pink slip to SOAP. The main problems are that 1) the model does not prioritize information by levels of urgency, 2) it does not provide decision support when it comes to how one disease affects the other or how one medicine affects another, and 3) it does not add efficiencies to taking care of increasingly complex patients.

And Meyers is not the only one. In fact, a recent paper published in JAMA Internal Medicine suggests that a new format flipping the elements of the SOAP note and reordering them as APSO (assessment, plan, subjective, objective) works well in the EMR age.

According to a 2010 study detailed in the paper, APSO notes were fairly successful at the University of Colorado ambulatory clinics. The study, which looked at APSO use in 13 clinics, found that 73% of participants were “satisfied” or “very satisfied” with the new format, and 75% “preferred” or “strongly preferred” reading APSO notes.

I’m betting that physicians will only be satisfied with EMRs again when EMRs are reshaped to embrace new ways of working. Since new workflow demands are generated by using EMRs, in turn, this cycle may never end. But that’s a good thing. If physicians are engaged enough with their EMRs to propose new ways of working, it will benefit everyone.

A Mature API for an Electronic Health Record: the OpenMRS Process

Posted on August 14, 2015 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://radar.oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

By some measures, OpenMRS may be the most successful of the open source EHRs, widely deployed around the world. It also has a long experience with its API, which has been developed and refined over the last several years. I talked to OpenMRS developer Wyclif Luyima recently and looked at OpenMRS’s REST API documentation to see what the API offers.
Read more..

ICD-10 Training Games and Lookup

Posted on August 12, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

NueMD has recently launched what they’re calling their ICD-10 Training Lab. To be honest, I wasn’t sure what to expect when they sent it over to me. They told me it was a free ICD-10 training lab. With ICD-10 breathing down our necks, I was interested to see what they’d put together.

If you’re looking for a full scale ICD-10 training course, then this isn’t it. I asked my HIM Manager friend, Erin Head, on Twitter about the training and she replied that “It’s very basic level but a good start. Still need to know how to code. Nice mobile view.”

Erin brings up a fine point. The ICD-10 training lab is not going to teach you to code. I don’t think that was NueMD’s intent. I think their intent was to provide a tool for those who already understand coding to be able to learn some of the new ICD-10 codes. In fact, since they’ve broken it out into specialties, my guess is that they really hope this ICD-10 training lab will help doctors to get up to speed on the most common new ICD-10 codes for their specialty.

My favorite part of the ICD-10 training lab is the ICD-10 Training games:
ICD-10 Training Games
What’s better than a game to learn something? Plus, when you’re trying to memorize something, repetition is a real key to learning. Games are great at providing a fun way to get in your repetitions.

The ICD-10 training lab also includes an ICD-10 code lookup. You can tell they’ve put in quite a bit of effort to make their ICD-10 code search work quite well. Although, it’s still just an ICD-10 code search. Something that should be incorporated in most EHR systems.

What Does e-MDs and AdvancedMD Under the Same Private Equity Mean?

Posted on August 11, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The healthcare IT world has seen a lot of movement and investment lately. Kareo raised $55 million recently. Modernizing Medicine acquired gMed last month. Accolade secured $22.5 million in funding. medCPU closed $8 million in financing. BoardVitals raised $1.1 million to build the Wikipedia of Medicine. Premier acquired CECity. Plus, that doesn’t even mention the $1 billion acquisition of Merge healthcare by IBM. I’m sure that there are many more that people can share in the comments.

There’s a lot of investment going into healthcare IT. No doubt there’s a huge opportunity for health IT companies. However, I’ve been most interested in what’s happening with the EHR companies involved in these deals. For example, one recent transaction that I didn’t mention above was Marlin Equity Partners acquiring AdvancedMD from ADP. The ADP acquisition of AdvancedMD never seemed to work. The idea of doctors offices being small businesses and ADP offered a bunch of small business services kind of made sense, but most doctors offices treat their EHR purchase very different than other tech investments for their office. The EHR purchase is its own beast. So, it’s not surprising that ADP would divest itself of an EHR software company.

What’s more interesting about the deal is that Marlin Equity Partners had already acquired EHR vendor e-MDs in March of 2015 and merged it with MDEverywhere. Now Marlin Equity Partners has e-MDs and AdvancedMD under their umbrella. I asked them what their plans were now that they had two EHR vendors (competitors) in their portfolio. They declined to comment until the acquisition of AdvancedMD closed.

Something has to give. I can’t imagine Marlin Equity Partners continuing with two software companies. Hard to say whether e-MDs will win or AdvancedMD, but I expect we’ll see one of them being sunset in the next year or two. They’ll offerer a way to convert from one to the other, but switching EHR software is never fun. It’s even less fun when it’s being forced upon you by the vendor.

The crazy thing is that I think we’re just getting started with this kind of activity. 300 EHR vendors is not sustainable long term. I don’t think we’ll get to 5 EHR vendors like most suggest, but we could narrow it down to 100 and still have plenty of options. That’s a lot of doctors being left high and dry when their EHR gets consolidated.

OpenUMA: New Privacy Tools for Health Care Data

Posted on August 10, 2015 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://radar.oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The health care field, becoming more computer-savvy, is starting to take advantage of conveniences and flexibilities that were developed over the past decade for the Web and mobile platforms. A couple weeks ago, a new open source project was announced to increase options for offering data over the Internet with proper controls–options with particular relevance for patient control over health data.

The User-Managed Access (UMA) standard supports privacy through a combination of encryption and network protocols that have a thirty-year history. UMA reached a stable release, 1.0 in April of this year. A number of implementations are being developed, some of them open source.

Before I try to navigate the complexities of privacy protocols and standards, let’s look at a few use cases (currently still hypothetical) for UMA:

  • A parent wants to show the child’s school records from the doctor’s office just long enough for the school nurse to verify that the child has received the necessary vaccinations.

  • A traveler taking a temporary job in a foreign city wants to grant a local clinic access to the health records stored by her primary care physician for the six months during which the job lasts.

The open source implementation I’ll highlight in this article is OpenUMA from a company named ForgeRock. ForgeRock specializes in identity management online and creates a number of open source projects that can be found on their web page. They are also a leading participant in the non-profit Kantara Initiative, where they helped develop UMA as part of the UMA Developer Resources Work Group.

The advantage of open source libraries and tools for UMA is that the standard involves many different pieces of software run by different parts of the system: anyone with data to share, and anyone who wants access to it. The technology is not aimed at any one field, but health IT experts are among its greatest enthusiasts.

The fundamental technology behind UMA is OAuth, a well-tested means of authorizing people on web sites. When you want to leave a comment on a news article and see a button that says, “Log in using Facebook” or some other popular site, OAuth is in use.

OAuth is an enabling technology, by which I mean that it opens up huge possibilities for more complex and feature-rich tools to be built on top. It provides hooks for such tools through its notion of profiles–new standards that anyone can create to work with it. UMA is one such profile.

What UMA contributes over and above OAuth was described to me by Eve Maler, a leading member of the UMA working group who wrote their work up in the specification I cited earlier, and who currently works for ForgeRock. OAuth lets you manage different services for yourself. When you run an app that posts to Twitter on your behalf, or log in to a new site through your Facebook account, OAuth lets your account on one service do something for your account on another service.

UMA, in contrast, lets you grant access to other people. It’s not your account at a doctor’s office that is accessing data, but the doctor himself.

UMA can take on some nitty-gritty real-life situations that are hard to handle with OAuth alone. OAuth provides a single yes/no decision: is a person authorized or not? It’s UMA that can handle the wide variety of conditions that affect whether you want information released. These vary from field to field, but the conditions of time and credentials mentioned earlier are important examples in health care. I covered one project using UMA in an earlier article.

With OAuth, you can grant access to an account and then revoke it later (with some technical dexterity). But UMA allows you to build a time limit into the original access. Of course, the recipient does not lose the data to which you granted access, but when the time expires he cannot return to get new data.

UMA also allows you to define resource sets to segment data. You could put vaccinations in a resource set that you share with others, withholding other kinds of data.

OpenUMA contains two crucial elements of a UMA implementation:

The authorization server

This server accepts a list of restrictions from the site holding the data and the credentials submitted by the person requesting access to the data. The server is a very generic function: any UMA request can use any authorization server, and the server can run anywhere. Theoretically, you could run your own. But it would be more practical for a site that hosts data–Microsoft HealthVault, for instance, or some general cloud provider–to run an authorization server. In any case, the site publicizes a URL where it can be contacted by people with data or people requesting data.

The resource server

These submit requests to the authorization server from applications and servers that hold people’s data. The resource server handles the complex interactions with the authorization server so that application developers can focus on their core business.

Instead of the OpenUMA resource server, apps can link in libraries that provide the same functions. These libraries are being developed by the Kantara Initiative.

So before we can safely share and withhold data, what’s missing?

The UMA standard doesn’t offer any way to specify a condition, such as “Release my data only this week.” This gap is filled by policy languages, which standards groups will have to develop and code up in a compatible manner. A few exist already.

Maler points out that developers could also benefit from tools for editing and testing code, along with other supporting software that projects build up over time. The UMA resource working group is still at the beginning of their efforts, but we can look forward to a time when fine-grained patient control over access to data becomes as simple as using any of the other RESTful APIs that have filled the programmer’s toolbox.

AHCA Health IT Symposium Videos

Posted on August 5, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’m a real fan of local healthcare IT events. They are usually more steeped in practical discussions and they are a great way to really connect with the people doing the hard work in healthcare IT. The larger conferences are great for me to attend as well, but they are usually a much higher level discussion and it’s hard for many in the trenches to make it to the larger events.

With that in mind, I was interested to check out the video from the AHCA Florida’s Health IT Symposium. You can check out all the videos from their sympoisum on the ACHA Florida YouTube page, but I was quite interested in what was said in the Practical Applications session of the symposium, so I’ll embed them here for you to enjoy as well:

And Part 2: