This report was issued by JASON, an independent group of scientists that periodically advise the federal government on issues of science and technology. The report was commissioned by the Office of National Coordinator for Health Information Technology and the Agency for Healthcare Research and Quality.
The JASON report called for increased federal attention to health data interoperability through support of a software architecture strategy, or third-party application program interfaces (APIs) that would bridge and exchange data within current electronic health record (EHR) systems. The report outlines principles for such API-based interoperability:
- Use public APIs and open standards, interfaces, and protocols
- Be agnostic as the type, scale, platform, and storage location of the data
- Encrypt data at rest and in transit
- Separate cryptographic key management from data management
- Include with the data the corresponding metadata, context, and provenace (chain of custody)information
- Address migration pathways needed from legacy EHR systems
The JASON report also is explicit in its patient-consumer-centric approach: “[t]he software architecture that JASON proposes adopts the principle that the ultimate owner of a given health care record is the patient him/herself.” Through identification, authorization, and privacy services, both the patient and the patient’s providers would make privacy and access choices down to an “atomic data element” level. For example, the report suggests that there could be standardized “patient privacy bundles” that reflect patient options for levels of permissions and authorizations. By shifting the control of health information from current EHR vendors to a more open software-driven “ecosystem” with a diversity of products and “apps” created for use both by patients and providers, improved functionality and convenience will drive the health information exchange marketplace. In other words, the focus of market forces will shift from who controls (and maintains control over) health information data to how that data is useful, and actually used.
In terms of infrastructure, the JASON report bluntly concludes: “[a] sustainable business model for HIEs [organizations that oversee and loosely govern the exchange of electronic health information] remains to be established.” The JASON report also is critical of ONC’s strategy to support harmonization and standardization of what it calls “common mark-up language for storing electronic health records”, rather than the API strategy JASON recommends.
The JASON report also calls for a balance between privacy of individual level data with the “public interest” use of population level data for clinical practice improvement and biomedical research. Moreover, the JASON report calls for health information exchange to incorporate genomic and patient-generated/reported data. The report also warns about the risk of re-identifying or deciphering de-identified data, and calls instead for a national unique patient identifier system.