The Security Scrutinizer with Howard Anderson

Sizing Up the Role of XML in EHRs

Presidential Panel Envisions Embedded Privacy Protections
Sizing Up the Role of XML in EHRs

Creating what amounts to a standard format for EHRs based on what the President's Council of Advisors on Science and Technology called a universal exchange language is a good long-term goal. But is it truly achievable? And if so, how soon?

Given that so many healthcare organizations are still struggling to kick the paper record habit, moving to a next-generation of EHRs may seem unrealistic. But the presidential council deserves credit for outlining the possibilities and forcing regulators to consider new standards.

Comments on XML Plan Sought

The Department of Health and Human Services' Office of the National Coordinator for Health Information Technology is seeking comments on the presidential panel's proposal.
How fast can healthcare make the transition to truly standard electronic health records? 

Among the many questions ONC poses is: "Given currently implemented information technology architectures and enterprises, what challenges will the industry face with respect to transitioning to the approach discussed in the PCAST report?"

You have to crawl before you can walk, and for many smaller organizations, the baby steps toward implementing an EHR are challenging -- much less movement to XML-based records.

But the president's council wants the new XML standards to be a requirement for participating in future stages of the HITECH electronic health record incentive payment program.

The ONC is in the early stages of preparing requirements for Stage 2 of the Medicare and Medicaid incentive program, which starts in 2013. Proposed requirements are due at the end of next year.

Make Your Voice Heard

Would it be too much of a quantum leap to include the XML requirement in Stage 2? What about Stage 3? It's time to make your voice heard.

A universal exchange language would enable a movement from today's electronic health records "to a more medically useful and secure system in which individual bits of healthcare data are tagged with privacy and security specifications," the council said. The advisory body, however, stressed that physicians would not have to replace their EHR systems because they could be made compatible with the new language through middleware.

The best way to manage and store data for advanced data-analytical techniques, according to the report, is to break them down into the smallest individual pieces that make sense for data exchange or aggregation. These "tagged data elements" pair data with a mandatory "metadata tag" that describes the attributes and required security and privacy protections of the data, according to the council.

"A key advantage of the tagged data element approach is that it allows a more sophisticated privacy model -- one in which privacy rules, policies and applicable patient preferences are innately bound to each separate tagged data element and are enforced both by technology and by the law," the council said. For example, a system that incorporates a universal exchange language could make it clear that a patient has requested that certain portions of her record should not be shared with certain clinicians via health information exchange.

"Addressing a widespread privacy concern, such a system would not require the creation or assignment of universal patient identifiers, nor would it require the creation of any centralized federal database of patients' health information," the council noted.

Resolving Privacy, Security Concerns

XML-based EHRs hold the potential to help address a number of critical privacy and security issues, including patient consent. But how fast can healthcare make the transition to truly standard electronic health records?

First things first. Let's see if the HITECH Act's incentive program succeeds in its goal of getting hospitals and physicians to make significant progress toward widespread implementation of EHRs. Meanwhile, it's a good time to contemplate what comes after that.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.