There’s lately been a flurry of activity around the concept of online health platforms. The intersection of technology and health information has given rise to the term Health 2.0 . This is one holy grail that has been promised for a long time. There are a number of issues that have prevented adoption of online platforms that promise to store and analyze personal health information. Microsoft recently made an entry into the market with HealthVault. There are many other initiatives that are under various phases of development and deployment. Amy at DiabetesMine has an excellent synopsis of some of the offering that were previewed at the Health 2.0 Conference. While there are a number of social, political and cultural issues and barriers that are impeding the growth of this concept, my focus has been in the area of the technology, data, security, privacy and identity.
I’ve been extremely concerned about the use of technology in managing personal health information. I believe that there is a lack of transparency in the way the data is stored and used. So I decided to come up with a few fundamental principles that I believe every online health platform should address.
- Implement a standards based identity management protocol. Let’s face it. Every vendor is going to claim that they will be the ultimate destination for online health information management. The reality is that you, as an end user, will probably use a combination of sites for managing different aspects of your health. The last thing you want to do is to worry about creating multiple user profiles for each site. What if you defined your profile once, and used that profile on every health site? What if your profile contained privacy and preference settings tha you want enforced in every site that gathers and stores your data? Vendors have to first agree to a common identity and privacy management solution that will guarantee the portability of user profiles across multiple platforms. The standard needs to be public, and the user needs to be given authority to decide profile visibility and access. The standard also needs to support a delegation model that will allow a user to delegate i.e. provide restricted access to selectable parts of the user’s data.
- It is your data. You should own it, and have access to it. While this concept may seem to be a no-brainer, you’d be surprised at how difficult it is to get your own medical data from a device. Companies seem to think that the data belongs to them, leaving patients in the lurch. Take the example of a blood glucose (BG) meter. A BG meter is the primary means by which a diabetic measures blood sugar and subsequently medicates oneself based on the blood glucose value. Do you realize that companies that manufacture these BG meters will not document their device and data protocols? Every BG meter that is capable of storing and exporting data ships with software, usually for the Microsoft Windows platform, and a proprietary cable. However, the data formats and the access protocols are not documented, thus preventing others from offering better software for analyzing and reporting on the data on multiple operating systems. As of October 5th 2007, not a single device company provides software for the Apple Macintosh platform, let alone Linux. Even existing versions of software that are supposedly Windows compatible just plain refuse to function under Microsoft Windows Vista. If one is lucky to ultimately get the data from the device on to the PC, the good news stops there. Vendors will not document data formats so the data can be analyzed and used in different ways. If online health care platforms are serious about data, they must first standardize on and then stick to universal data formats for specific health data profiles. Folks like Bernard Farrell have been trying to standardize data formats for diabetes related information. Bernard’s effort can be found at the Diabetes Data Wiki. It is vital to document data formats generated by medical devices and systems. that data belongs to the patient. And the patient has a right to access it and use it in any way that they see fit.
- Make the data standard and portable. It is not enough if users have access to device data and protocols. They also need to move that data from one system to another. As a user, you may not like to continue with a specific online provider. You should have the right to take your data with you and move it into a new provider’s system. Access to data in most online health and financial systems is behind a walled garden. The philosophy of companies running these systems is use it or lose it. That has to change. Changing providers does not mean that you lose access to past data. This makes a stronger case for universal data formats and data portability. It is not enough to say that a CSV (Comma Separated Value) file export option is available for a user to export medical device data. That data needs to conform to an open standard, so that it can be easily consumed by multiple systems without complicated mapping and transformations.
- Make the data storage and encryption technology open and transparent.These days, it is all too familiar to hear about confidential personal data being compromised due to data theft. Health data is all the more important, and requires both technology and process to secure it. It is not enough for online health systems to promise data security by publishing a privacy policy on their websites. Nor is it enough for these systems to tout their uber-secure data protection technologies. History has taught us that data protection is not just about what encryption system is used, but also about how well the key is hidden. Much like the vulnerabilities of electronic voting systems were exposed, so too will the vulnerabilities of the online health platforms be exposed. Online health platforms can avoid this nightmare by being open about how they plan to secure data. Allowing an external audit of the data security system will not only catch potential loopholes, but will also gain credibility from the security industry and promote a feeling of safety among users. If the method and process of encrypting and securing the data is openly published, it becomes easier for online health platforms to gain acceptance among even the most diehard skeptics.
- Expose the platform to developers. The success of modern social networking sites is primarily driven by the opening up of these platforms to the developer communities. Developers are provided a series of application programming interfaces (APIs) that allow them to access and reinterpret the data in a number of creative ways (The Web 2.0 term for this phenomenon is called Mashups). Online health platforms must also follow in these footsteps. If they implement an open platform that developers can access and write applications around, they provide greater value to the end customer. Of course, the owner of the data has the final say on who can use the data, and how that data will be utilized. The key is to co-operate, collaborate and stick to open standards.
Consumers have long suffered under the hands of the financial services and the credit industry. They have given up the right to have access to their own financial and credit data. They must not repeat the same mistakes with their health information. This time, the consumers must call the shots. You can rebuild your credit history, but you cannot rebuild your medical history. You have one life to live. Choose your online health platforms wisely.