The Health Internet has to get trust right

The Health Internet is currently being defining within a government-run Wiki. The goal is to come up with both security standards and policies that vendors can implement quickly, allowing health records to be exchanged between any clinics or hospitals in a matter of months rather than years.

An electronic medical record (EMRs) that just sits in your doctor's office isn't doing much good. (Picture from CNET.)

But when should it be allowed to move? Who should your doctor trust? What should be required before they trust an online connection and send your health records somewhere else?

This is a key question that must be solved for the so-called Health Internet -- the National Health Information Network -- to work.

The NHIN Connect system shown at HIMSS and profiled here in early March uses a top-down approach. "Getting into the network takes technology, clearances, contracts and training. All these elements are also required for private health records and scans to be transferred securely under HIPAA."

The NHIN Direct system would be different. Connections could be ad-hoc, so long as both sides of the data transfer meet technical specifications and agree to a transfer. Any doctor, hospital or network could use NHIN Direct.

The group is currently defining standards within a government-run Wiki. The goal is to come up with both technology standards and policies that vendors can implement quickly, allowing EMR data to be exchanged between any clinics or hospitals in a matter of months rather than years.

But how can you guarantee trust? Sending medical records flying to who-knows-where guarantees security problems.

Fred Trotter, an expert on open source in health technology, developed a trust model at a health information exchange called Healthquilt in Houston. He's pushing for that work to be a model for NHIN Direct:

  • Health data should use a standard encryption system called X.509.
  • There should be multiple Certificate Authorities, recommended by authorities running the network, handing out credentials to use the system.
  • The encrypted Health Internet would be a VPN tunnel, with both sides of every transfer having certificates and encryption keys.
  • Certificate Authorities could pull credentials, and members of the Health Internet would know that if someone has credentials they have been vetted.

Trotter calls this "automatic inclusion" comparing it to the way you buy a book on Amazon using https. (Check it out next time you're buying something -- https has security on it which normal http connections lack.)

There are problems with this model, Trotter admits. Not all actors in the medical industry trust one another. Some don't want the network deciding who is trustworthy. Trotter responds that his model is precisely how current Internet trust systems work.

Trotter, who is usually distrustful of Microsoft, writes that the company is on the side of the angels in this one, having already argued against a top-down trust model.

This post was originally published on Smartplanet.com