314e Corporation

Russell TaitVP Professional Servicesrtait@314e.com

PHRSecurity and Privacy

2

Topics

Introduction

Definitions

Information Lifecycle

Technology Trends

Legislation

Q&A

3

PARTNERS/CORE RELATIONSHIPS

HIT Consultants, 100% Healthcare Focus

Two core practice areas - EMR and Security

Main offices in SF and LA areas

Leading Security Consultant - multiple Fortune 500 experience

Corporate Member of HIMSS; HIMSS Privacy and Security Workgroup

Who are we?

CLIENTS

Why do we care?PHR is Inevitable

Cost/Benefit ratio

Disintermediation

Moore’s LawFast, Cheap and Out of Control

Cathedrals and Bazaars

UGCUser Generated Content - we don’t need no stinking business model

Definitions

National Alliance for Health Information TechnologyAn electronic record of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be drawn from multiple sources while being managed, shared, and controlled by the individual. (5/21)

• AHIMAThe personal health record (PHR) is an electronic, universally available, lifelong resource of health information needed by individuals to make health decisions. Individuals own and manage the information in the PHR, which comes from health care providers and the individual. The PHR is maintained in a secure and private environment, with the individual determining rights of access. The PHR is separate from and does not replace the legal record of any provider.”

Healthcare = Information Management

Information LifecycleCapture/Acquisition

Storage

Distribution

Access - Search and Retrieval

Capture/AcquisitionNot just clinical anymore..User Generated Content - Youtube, Myspace

Consumer Devices - Nike,Wii (WiiFit), iPhoneNew Technologies- zWave, iControl; cf AviationVoice Recognition - RibbitAll words ever spoken by human beings - 5 exabytes (1EB= 1 million Terabytes or 1000 Petabytes)

Google processes 20 petabytes of information/day

-> trending quickly to zero acquisition cost

Information Lifecycle

StorageCapacity - e.g Amazon S3, storage is “unlimited”Cost - Amazon S3- $0.15 per GB/month + transfer

Backup

-> trending quickly to zero storage cost

Information Lifecycle

DistributionAnywhere, anytime

Wireless: WiMax, LTE - up to 42Mbs (800 times faster than dialup)

Mobile population

-> trending quickly to zero distribution cost

Information Lifecycle

Access - Search & RetrievalSearch - any questions?

20% of Google searches are Healthcare related

Interfaces - touch, speech, hi-res screens

Missing - good interface, Web 2.0?

Value added search, pre and post processing

Context, interactions, suggestions

-> trending quickly to zero retrieval cost and HIGH value; Network Effect

Information Lifecycle

Actionable informationWho has the most at stake?Who pays?What is the value of inaccessible data?More data is (generally) better data

Disintermediation: travel agents, bookstores, record companies (Napster!), newspapers

Smart Data (Complex data formats)

User control in complex systems: cars, the internet

Where is the most value?

So where does that lead?Google Health - www.google.com/health

• It’s a start - CCR• Access before security, privacy

• Who cares about my... Immunizations, appointments, reminders

• Value in the market - Bank Robbers, EMR Robbers?

• Sequestration - granularity of Security• Informed Consent• Gen Y ideas of privacy

Legislative backgroundFederalHIPSA - HIPAA with a stick?

Timing

Enforcement

GINA - 23andme.com

Technical complexity - suitable for Legislation?

Edge cases

Demographic pressure

Other thoughtsPersonal Health Record = Personal needsEase of use - User Centered DesignSufficient Security, Privacy; DelegationAccuracy before confidentialitySharing and Sequestration - granularity of securityComprehensible and Actionable; PHRMM??Informed

• NCVHS view of Context: Provider, Personal, Population Health, Payer

• Government, Employer, Third Party

15

Final Comments

It will happen

We are already way behind

Good enough is better than nothing

We need better terminology

We need better definitions

It is a PERSONAL Health Record

Questions?

Russell Tait(877) 314e HIT

[877-314-3448]