I was reading an article in Contactless News about "HealthCare Providers seeking convergence" in Identity Management as Meaningful Use criteria come in to play in the HealthCare field. It got me thinking about the future for Patients in a world of Patient Portals.
Meaningful use demands that
For Providers to comply with Meaningful Use they will no doubt deliver a Patient Portal. Many of the Practice Management Systems provide the capability almost out of the box.
But what happens when a patient is needing to visit the Primary Care Physician, a couple of specialists, may be a surgery center, a retail clinic and the local hospital? How many Portals will they have to navigate? How will they get a comprehensive view of their records?
In order to comply with HIPAA regulations I can see HealthCare providers implementing complex userid and password requirements. Not letting patients reuse a password, having different rules that prevent the same password being used in multiple systems. Again, don't get me wrong, these are all commendable steps to secure data. But when a patient is managing multiple systems and user accounts the end result is that if they can't easily remember a userid and password they will either write it down, or just hit the password reset button and have a new password setup via an email mechanism.
Is this really better security?
There are two steps that HealthCare Industry system providers can adopt that can dramatically improve this situation:
1. Adopt OpenID/OAuth for Authentication.
2. Support the Rainbow button Initiative
OpenID/OAuth is broadly the process by which Facebook and Twitter allow users to connect their respective account to another service. The benefit of this is that a user can login to another service using their Facebook or Twitter account credentials - without ever revealing their account password to the new service. The big advantage of this is that there are fewer password resets because the user is making use of a userid and password combination that they use on a regular basis and therefore are more likely to remember.
OpenID/OAuth is already being adopted by the Federal Government to allow citizens to login to federal websites. If it is good enough for the Government shouldn't it be good enough for HealthCare. The Twitter Authentication mechanism is also being baked in to the core of Apple's iOS 5 making it a standard across hundreds of millions of Apple devices.
I urge every HealthCare Portal developer to integrate Single Sign-on using OpenID/OAuth. Development libraries are available from companies like JanRain. I implemented the JanRain Library on HealthCa.mp in about an hour using a JanRain plugin for Wordpress. If you want to be a really proactive developer you can fully implement OpenId/OAuth so that your portal account can act as credentials to connect to other sites. This is something that any Health Care Payer organization should be thinking about.
The big win for the member/patient is that as patient portals proliferate life doesn't have to get more complicated. When they have to connect to a new Patient Portal they can reuse their account credentials from elsewhere. This can even simplify account setup on a new portal by allowing basic demographic data to be taken from the source account. e.g. Name, Address, Email, Gender, Date of Birth.
At Patients 2.0 and
Blue Button - Download my Health Data to my computer using a standard format
Green Button - Allow me to donate my health data anonymously to another organization
White Button - Allow me to send/upload my detailed Health Data to another Provider (or copy me when my data is sent between providers)
Red Button - Lock elements of my Health Record I do not want to be shared.
By implementing these simple buttons a Portal provider can give Patients a simple set of tools to manage their Health Records. Allowing them to import and export their data.
If we don't take steps in these early days of Meaningful Use to provide tools, like single sign-on and data interchange buttons, to simplify life for Patients then we will be creating yet another overly complicated, archaic monster that patients are forced to navigate around.
Failure to act will chalk up Meaningful Use as yet another great idea that becomes a barrier to better health in it's implementation. After all, we have been here before. HIPAA was about Portability and yet it became just another form to fill in and an excuse for locking up data from patients while still freely sharing it amongst industry business partners.