Wednesday, December 27, 2006

Sun on Identity for Healthcare and the Cost Problem

Health IT World has published an interview by John Russel called Sun’s Healthcare Mantra: Reduce Cost and Complexity with Sun Director of Healthcare and Life Sciences, Joerg Schwarz. He weighs in on Identity and provides a few interesting scenarios for federation:

Some RHIOs [regional health information organizations] follow the central model. Some follow the federated model. I chose a centralized model, which naturally creates a lot of animosity by privacy advocates, by patients, by people who are just afraid of having all the data concentrated in one place and I don't want to say who's right or wrong, but these are the two fundamental models. You centralize everything and use that as a model, or do you have a federated model where you keep the data where it is. You just have to make sure that when you need it you can save it to the aggregate it together.

When asked which model was better...

...identity management because data protection to control who accesses information through the entire lifecycle. The best way to do this is building a federated identity management concept so that a doctor that is known and authenticated with one institution can request data from another institution where he is unknown, but that gives him doctor level credentials to access information involving a patient.

Early in the interview, he explains that although most hospitals today have digital records, they are not linked, and primary care physicians typically don't have access to them. It seems that linking hospitals has a strong business case, and its just a matter of time before that gets into full swing...but what about the primary care physicians? A few barriers exist here:

1. $$$ - docs don't have the money to invest in infrastructure like this. And more importantly...
2. Why would they? Why would they want to share their info with other primary care physicians which could possibly give competitors an edge?

So there still seems to be a case for doctors as data consumers, although there seems to be a conflict of interest for them to behave as data providers. This might be circumvented if patient data can be released while protecting data regarding the physician history.

This would be a wonderful scenario for user-centric identity...

No comments: