News & Comment: Amazon, Alphabet, Microsoft and others want to fix one of the most broken things about health care

COMMENT:

According to  Pravin Kothari, CEO of cloud security vendor CipherCloud (San Jose, CA):

“Alphabet, Amazon, IBM, Microsoft, Oracle and Salesforce announced support for a common set of standards for the exchange of healthcare information, called the Fast Healthcare Interoperability Foundation (FHIR). FHIR combines the best features from HL7 and other standards with the modern web development technologies. FHIR enables developers to build out modern web applications quickly through the use of the interoperability it supports.

The goal is to provide easy access to patient records stored in the cloud to facilitate better patient care. The challenges with such a goal are huge, and involve significant barriers to data protection, compliance, and interoperability.

Strong data protection is essential. We have seen in the most recent news that cloud data is very vulnerable to exposure through misconfiguration, cyberattack at the application program interface (API) level, and more. The FHIR standard will not provide the data protection necessary to meet these threats – that is up to the entity that stores and manages the data. The more the data is shared and made accessible, the greater the risk of accidental exposure, compromise or theft.

HIPAA compliance also drives the baseline for necessary cybersecurity defense. Given the current HIPAA requirements for disclosure of a possible data breach, the only safe harbor in the event of exposure or breach would be to use end-to-end encryption. The use of end-to-end encryption ensures that under just about any circumstances, healthcare cloud data would remain secure and protected.

Finally, the barriers to the easy interchange of data under FHIR are also quite significant. Today, most of the medical data is stored within proprietary systems. HL7 is used for the transfer of clinical data between healthcare applications such as physician operated electronic medical records systems (EMR/EHR), diagnostic labs, radiology centers, hospitals and physician organizations such as ACO/IPA’s. DICOM is the dominant standard for medical imagery – there are many billions of DICOM format images stored across a very large number of proprietary healthcare systems and centralized repository picture archiving and communications systems (PACS). The largest vendors tout support for HL7 and DICOM standards for the release of data but still move very slowly to share access with other applications to their patient data repositories.”