She is standing in her bathroom, brushing her teeth while catching up on the morning news and weather, when the heads-up display in her mirror alerts her that her son is running a fever. She goes to his room and finds that yes, he is feeling sick. She calls her family doctor and he shows up immediately via her telehealth app. She learns the doctor is already aware of her son’s illness because he’s already been notified of the fever. After a brief discussion, he orders a script for her son, which is later delivered to her doorstep via a pharmacy drone.
That story was one of many used at a conference I recently attended to illustrate the real-time experience that healthcare technology is on the brink of bringing to the world. A true Utopian vision where things work almost magically to make our lives better.
The conference is an under-the-radar event conducted by global management consulting firm McKinsey & Company and featured presentations from CEOs, CFOs, CIOs, and other strategic decision makers from major health systems and insurance providers. They were there to paint a vision of our industry in 2025 and, as one of few vendors among a group of the titans of health care, I felt out of place and lucky to be there.
Because my work deals with the intersection of healthcare and technology, you might not be surprised to find that I think a lot about the possible unintended consequences of what technology can do. My experience at the McKinsey conference did not do a lot to settle those concerns in my mind.
The theme of the conference was 2025: A Healthcare Odyssey – The Journey to a New Tomorrow. The underlying message was that these stories of digital transformation are possible and we are not that far away from realizing it. That it’s just a matter of orchestration to make it happen.
Accelerating demand for patient authorization
The infrastructure required to make this vision come to life is what I like to call patient-centered interoperability. That’s the idea that data access is centralized and under the control of the patient, who has the power of deciding who they’d like to access it.
This is widely regarded as a long-term solution to this interoperability problem. The data exists; the technology to access it exists; the patient chooses who to authorize to access and use their personal data. That’s not a new concept, of course. It’s really just like how you authorize your calendar app on your phone to access your calendar data.
Conference speakers from CMS Administrator, Sema Verma, to UnitedHealth CEO, Steve Nelson, (and yours truly) alluded that this is the world we are moving to – a world of patient-centered interoperability. The thing that struck me over the head was that, while this is not a new idea, it is something industry leaders had previously been very nervous about.
Over the years I have talked to many of those leaders about how we can release data directly to patients and allow them to use apps on top of it. But because of the risk-adverse nature of our industry (and maybe paternalistic culture), I heard comments like ‘patients don’t need data, they need doctors to talk to them’. And ‘they wouldn’t be able to understand the data if they had it’.
But the reality is, over the past year capped by this conference, everyone is saying this is what needs to happen. And regulations from MU3/MACRA to 21st Century Cures all push the industry further in this direction.
While this future could obviously benefit patients and maybe lead to healthier populations, the whole idea brings with it questions of privacy, data rights, and ethics. The concept of sovereign human beings or ‘patients’ as we call them in healthcare, being in control of their data and giving access to that data is not new outside of healthcare. Thanks to the Internet, it’s become the understood norm.
The modern authentication protocol to do this is called Open Authorization (or more specifically, three-legged OAuth 2.0). That is the open standard for access delegation that allows Internet users to grant access to their information to multiple apps without necessarily sharing passwords. When you use your Google or Facebook account to sign in to something online, you’re going through an OAuth mechanism. What we are talking about now is bringing that to healthcare.
So you sign in with an account that has access to your records and then grant any app of your choosing access to your data. The app creates the user experience that transforms that data into useful information. The obvious concern staring us in the face is the risk involved, like what happened with Facebook using the very same methodology. Thinking back on the Facebook/Cambridge Analytica scandal, the public was outraged with our friends lists and likes being used outside of what was authorized. But that’s far less sensitive than our medical data.
Should we be afraid?
Imagine instead, we have an app with hundreds of thousands of medical histories where patients are authorizing that app to use their data. That is a fundamental problem with data, it’s non-rival. So once I give it to one person it can be shared infinitely without diluting its value.
That is a scary proposition.
These new risks are accelerating healthcare into the privacy and data ethics arguments that society is dealing with on many levels. We find ourselves in the strange situation of confronting these in the consumer world while, at the same time, pushing forward in healthcare to create that very same environment, perhaps without learning from our experience in the consumer space. We are copying the consumer experience somewhat, and honestly, I don’t know where it should go.
What I do know is this: technology is headed to a world where consumers will be empowered to utilize their data to drive exchanges. That model is where every other industry has gone, and it only follows that healthcare goes in that direction as well.
This is the steady state and the right side of history. Furthermore, entrepreneurs are pushing us with advancements that require this functionality. But there are barriers to establishing a patient-centered infrastructure, and those core pieces of infrastructure are now missing from the marketplace. Thankfully, there are various private and public efforts that are trying to solve the infrastructure problem.
If we were to solve interoperability today, we would have another problem on our hands that would feel as big as the lack of interoperability does right now.
So the end of the story may be a question. Not ‘can we do it?’ The problems associated with creating this vision for the future of healthcare technology will eventually fall. No, the question is not can we do it, but must we? And if we must, exactly how should that be carried out?
Those questions are a large part of what makes our job at Redox very interesting.