3 years, 4 months ago

An Architecture for a Customer-Centric Healthcare Information Infrastructure

Link: http://organizational-economics.blogspot.com/2017/10/an-architecture-for-customer-centric.html

1.    Healthcare IS: The Obsolete and Broken Infrastructure

The healthcare Information Infrastructure is both an obsolete and broken system.  It has at least four major problems.  The total system is technologically fractured between paper-based systems and computer-based; and the computer-based system is shattered among competing technologies, (for example, PC versus smart phone).  The number of health-care information regulations and standards militates against a coherent information infrastructure. 

The Fractured System

Any system in a technology change process will be fractured between the old and new technologies.  However, the healthcare system is particularly fractured because of overburdening federal regulations for insurance, for care, and for HIPA. 
Then there are the interlocking state regulations and insurance policies and procedures.  All of these make creating a healthcare information infrastructure difficult and complex.
Additionally, a significant portion of the medical professionals are the opposite of tech-savvy.  So they stick to paper—lots and lots of paper.  Compared with electronic storage, the simple storage of paper is expensive.  Then there is the time and expense of retrieving a patient’s medical records.  All of these costs are absorbed in the cost of healthcare.
But there is yet another, potentially life threatening expense; the loss of records and the inaccessibility of records when patients are on travel.  When people move for a new job or other reasons, the medical data contained in their records is more frequently than not lost.  
When they travel and have an accident or medical problem, their medical records contained in this fractured infrastructure are normally inaccessible.  The inability of onsite medical personnel to have access to a patient’s medical record can be an unnecessary death sentence for the patient.

Number of Regulations and Standards

There are other problems caused by this fractured healthcare information infrastructure.  As noted, there is a large increase in office staff to manage the paper records caused by the regulations supporting the “affordable care act”. 
This is in addition to the HIPA and state regulations, and insurance company’s policies and standards. Is it any wonder that doing paperwork is the single largest expense in a doctor’s office or medical center?

Non-linkage to Research

One of the most significant challenges in medical research on various diseases is tracking a disease through generations to determine if the disease is caused by environmental factors, or by a person’s generic heritage.  Given a set of standards and regulations (not over regulations) an integrated healthcare information infrastructure could provide the necessary information to enable much better insight in a much shorter time, at much less expense.

Non-linkage to Technology

There is another very expensive problem caused by the highly fractured and fragmented information infrastructure.  Currently and increasingly, there are many digital sensors on the medical device market.  These sensors include, X-ray, MRI, and cat scan machines.  There are also digital thermometers, blood pressure sensors, heart rate monitors (including Fitbit, Garmin, and Apple watches).
Additionally, they include a host of equipment for evaluating eyes, ears, blood, nervous systems and the hundreds of other evaluation sensors.

2.    Customer (Patient) Centric healthcare Information Infrastructure Architecture

A goal of a customer-centric healthcare information infrastructure architecture is to enable the customer to have complete access control over his or her health data and information in an ultra secure data network (USDN) while providing a high-level access to non-personal (i.e., aggregated) data for research and development.
I recently posted a high-level architecture for such an USDN; having said that I will now the healthcare information infrastructure as an example.

Customer ID and HIPA

The first component of this USDN is the user (customer) interface.  The key concept embedded in the HIPA rules and regulations is to keep access to the customer’s data to only those with a need to know.  Currently, the person who gives written permission is the customer [Sidebar: I don’t like the term patient because of its implications and connotations.]
With the USDN, the user/customer would give permission to medical personnel by inserting a smart card.  This card would contain biometric data.  The user/customer would then use the sensor on the medical terminal to confirm that they are who they say they are.  For example, put their finger on a fingerprint reader. 
If the biometric information on the card matches the information given by the user/customer then the medical personnel can get to the portion of the customer’s medical record and history they need to do their job.
If a customer comes into an emergency room unconscious the medical personnel can get authorization in much the same manner.  This could save the customer’s life.
In a hospital, the access to the customer’s record and history could be systematically extended to all appropriate personnel through the use of authorization or entitlement meta-data.

The Bridge/Portcullis

A second unique feature of the Ultra-Secure Data Network is the network bridge with portcullis.  The bridge converts the standard Internet communications protocols (that are well known to hackers and which malware uses to attack computers) into a set of network protocols much less well known. 
The portcullis allows only a limited set of formally defined data in formally defined data formats across the bridge.  The portcullis has other functions that are somewhat arcane, but which are important for security. [Sidebar: A high-level description of these is found in my post on the Ultra-Secure Data Network]

Centrally Organized Geographically Distributed Datastore

The data storage software will be what is currently being call “in the cloud”.  That means that the data is stored in data centers that are protected by the USDN including the bridge/portcullis.  Additionally, the operating system and application software will be customized to accept only data that is in the authorized formats.

Datastore for Research

The Medical Information Infrastructure is a cornucopia of data for medical research.  Currently, this data is, in the main, inaccessible to medical researchers due all of the rules and regulations for the current fractured system and to the nature of gathering data from a fractured system.
With the functions and features of using the USDN, data from the Medical Information Infrastructure could be made available to researcher without destroying the privacy of the customers of the system.  In turn, this would reduce the cost of medical research significantly.

3.    Building the USDN

Because of the size, scope, and complexity of the Medical Information Infrastructure it will take at least 10 years for the initial build out.  I will describe the major tasks of the build out, as I envision them, currently.

Setting up the Governance of the Infrastructure

The key to the USDN is setting up the processes for defining data, meta-data, governance, and infrastructure management.  Without these, the infrastructure will either be hacked immediately or be completely ineffective.

·         Governance

As I see it, the governance of the infrastructure will make or break both the security and utility of the infrastructure.  This governance sets the data, meta-data, and infrastructure management policies, standards, and rules for the infrastructure. 
That is why it needs to be the first task; though it will run concurrently with other tasks.
As I envision it the board of governors (guiding group, whatever the name) should be made up of medical professionals, medical researchers, insurance personnel, and IT professional from business and academia.  Getting that eclectic group moving in the same path will be difficult.  Therefore, I think an Enterprise Architect with a Systems Engineering group will be needed. 

·         Data

There will need to be a process set up for defining the data that should be in the USDN, the format for communicating that data and for creating, updating, and deleting data formats and structures.  Once set up this will be one of the key governance processes; changing data types and the actual data formats as technology changes.
One key to the USDN is that no unformatted data, like e-mails and e-mails with attachments will be allowed.  This cuts off one prime access points for hackers.

·         Meta-Data

For security purposes, the definition and delimitation of the infrastructure’s meta-data is of seminal importance.  It is what enables authentication, authorization, and access to the data of the Medical Information Infrastructure.  The governance body together with the Enterprise Architect and the Systems Engineering group will need to make decisions as to what is and what is not allowed, always with an eye to securing the data.
For example, the terminals connected to the internet, in turn connect to the USDN through the Bridge/Portcullis.  Each of these terminals will have a specific and static Media Access Control (MAC) address.  I would recommend that these terminals also have a static Internet Protocol (IP) address and other static information tied to that particular terminal.  This would make is difficult to spoof the bridge/portcullis into allowing a hacker through the gateway.
Additionally, there are many other ways this static (or infrastructure management only) meta-data can be used. But they will be guided by the rules and policies set by the governance board.

·         Infrastructure Management

The infrastructure management team will manage the hardware, software, and meta-data of the Medical Information Infrastructure as the prototype is rolled out and the operational version is built out.  It will be under the guidance of the governance board.

Developing the Bridge/Portcullis

The design requirements for the bridge/port will come from the standards and policies set by the governance board as architected by the enterprise architect and the functional and component designs will come from the Systems Engineering team.
There are several technical innovations required for an operational USDN.  I would recommend that a series of prototypes be developed using a cyclic process, like the one I developed and was patented by the Northrop Grumman Corporation.  That is, design, create the prototype, test, and repeat until all of the requirements are met.  I would expect that this development effort will take a minimum of one year and can be started about three to six months after the governance board begins their work which will identify the requirements for the equipment.
The first is the Bridge/Portcullis.

·         Designing

Designing the bridge/portcullis can be divided into two functional designs.  The first is the design of the network bridge.  This should not be as much about creating a design as resurrecting a design of a network bridge from the late 1990s.
The second is the design of the portcullis.  This is a wholly new functional and component design, though based on many standards.
When these functional and component designs are complete, then the entire bridge/portcullis will need additional functional integration design work.

·         Prototyping

A series of prototypes will need to be constructed, in following the Technology Readiness Level (TRL) characteristics.  I expect that the bridge can be prototyped at level 7 or 8 right from the start.  However, the network portcullis starts as a TRL level 1 or 2.  It will need to cycle through a number design, prototype, test cycles before it will be ready for integration with the bridge.

·         Testing

All prototypes will be evaluated against the metrics as defined by the requirements.  This means that prior to testing the systems engineering team will need to establish metrics for each requirement.

·         Rollout

When all of the cycles of design and functional testing and requirement evaluation of the bridge/portcullis are completed, the unit will be replicated two or more times for use in the pilot testing effort.

Developing the User Terminal(s)

The user terminals for the Medical Information Infrastructure are an interesting combination of advanced technology being used for a single purpose terminal (a throwback to the 1960s).  Some of the functions of this terminal type are discussed in my post on the USDN.  One key function will be enabling automated medical sensors (X-ray, MRI, etc. machines) to report results of tests through the terminal to the Medical Information Infrastructure.

·         Design

Again, the design of this terminal should start as soon as its requirements are identified (3 to 6 months.  In this case, the design is really more in terms of a system integration of functions rather than the development of new technology.

·         Prototyping

Constructing prototypes of the terminal should not nearly as difficult as the development of the bridge/portcullis.  But again, it is likely that several prototypes will be needed to get the functions and form factor correct for the terminal.

·         Testing

Likewise, testing should be relatively straightforward.  The most extensive set of tests will be those associated with terminal and network security.

·         Rollout

When all of the cycles of design and functional testing and requirement evaluation of the terminal is completed, the unit will be replicated several times for use in the pilot testing effort.


The datastore, the hardware and software for storing the customer’s data, is by far the simplest of the functions/components that will need to be developed.  The reason is that commercial off the shelf hardware and software is available.

·         Design

In this case the challenge is to write custom code and define the parameters of standard database software and the operating system such that the data is secure from hacks inside individuals (the technical staff) and to provide the access for the various functions of the infrastructure.  For example, giving access to researchers to summarized or anonymous data would be one such function.
This development exercise would use a cyclic process, like the one I developed and Northrop Grumman patented.

·         Prototyping and Testing

Even while a software service is being coded it will be evaluated on a daily basis and formally tested at least once a month.  Frequently, the testing will not only reveal bugs and inconsistencies, but also additional governing board requirements and technical risks.

·         Rollout

As opposed to the bridge/portcullis and terminal, I expect that the datastore appliance (the combination of hardware and software) will be rolled out as an Initial Operating Capability (IOC) with a minimum number of data structures and software functions.
Additionally, I expect that one a one to three month cycle, new versions of the software will be integrated into the appliance.

Pilot Testing and Updating

Once the governance board has decided that enough of the bugs, defects, and other “gotchas” have been worked out of the system (likely after about one and a half to two years), the infrastructure will need to be acceptance tested.  For this type of system pilot testing is the only procedure guaranteed to clearly demonstrate all of defects in the total system from the various users’/stakeholders’ perspectives.
Ideally, this would be a progressive slow roll out, first to a single site, then to three sites, then to 10 to 12 sites with at least 3 data centers.  Ideally, this piloting phase will take one to two years.
At the same time there should be a significant increase in the types of data the infrastructure can store and the number of functions the infrastructure can perform for the various stakeholders.

Build out of the Infrastructure

Within six months of the start of pilot testing, the build out of the infrastructure can begin with user/stakeholder education about the infrastructure.  These educational activities will prepare the medical and medical IT professionals to deal with the coming changes in a more orderly manner.
As the pilot testing is coming to an end, hardware and software companies should be invited to start building products to the infrastructure’s specifications.  These would be sent to a test environment for certification as meeting all of the specifications.
These competing products could then be sold to the medical community as the infrastructure is built out across the nation.

4.    Issues

I would forecast that creating the Medical Information Infrastructure will reduce the total medical bill paid by customers, insurance companies (including governments) by 10 to 30 percent while producing much better outcomes.  This is a significant reduction in cost (hundreds of billions of dollars per year).
However, there are powerful groups that will oppose the infrastructure’s creation.  Some of their arguments will be economic and some emotional (in terms of politics or organizational culture).

Implementation Costs

Many in the current medical establishment point that the implementation of this system will be very expensive.  It will; there is no doubt of that.  It may run into $100 billion over ten years, but it will likely save more than $10 trillion over that same period.  That seems like a good investment for the country.  With the added bonus that it will save lives.
From a hospital or insurance company’s CFO perspective, this will turn into a gigantic expense for which there will be no immediate ROI. [Sidebar: This turns “short-term cost conscious” CFO type financial engineers nuts—I know.]  Again, they are correct.  But there will be a significant ROI long-term.

Politics/Cultural Issues

There are also many political/culture issues

·         The Affordable Care Act, Medicare/Medicaid, HIPA

[Sidebar: The US Constitution specifically states that governmental healthcare, like other social entitlements are within the purview of the states, not the federal government; an attitude that my ultra-left leaning “social responsible” friends find distressing.  However, since we’ve already entered this financial black hole that lead to dystopia, I think we need to find a way out of it or at least to ameliorate many of its worst effects.]
These federal laws mandate a great many enforcement rules and regulations.  These rules and regulations will be unnecessary with the Medical Information Infrastructure.  However, many federal and state bureaucrats will have to find other employment if they are removed.  So, politically they will lobby for most of them to remain.  This will cause a great deal of process friction and greatly reduce the benefits of the infrastructure.

·         Pilot Testing

[Sidebar: “The first instance of a superior principle is always inferior to a mature instance of an inferior principle”.]
Critics of the Medical Information Infrastructure will have a field day with its pilot testing.  Like many complex military systems, (three being the B-52, the M-1A2, and the CVN 78) and like many versions of software in beta testing, the system will have many hiccups and gotchas when first brought up in a pilot.  Even if the program, describes above, is followed there will be technical defects.  And like the critics of other complex systems, there will be many that will say the Medical Information Infrastructure will never live up to its hype or its promise.  In the short term they will be correct, but wrong in the long term [Sidebar: The Gartner Group calls this the hype-cycle, I call it the path that the way the future becomes the now.]

·         Medical Culture

There are three cultural issues associated with implementing the Medical Information Infrastructure.  The first is the current medical culture.
The Medical Information Infrastructure is being proposed as part of the conversion of the medical information system from the Age of Print to the Age of the Computer (as I discussed in a previous post). 
As such, people brought up in the age of print have much greater difficulty in dealing with this type of change.  That is true for medical personnel as well as everyone else.  Consequently, they will resist any automated system.
Even in medical facilities that have automated the records management this change will be difficult.  It’s like learning how to use a tablet after only using a PC.

·         Insurance Culture

Insurance is the transference of the consequences of a risk (an unknown) from the customer to organization insuring.  This comes at a price, the cost of insurance.
The cost of insurance is based on the probability that something bad will happen.  The probability is based on statistics of how often the bad thing happens within a population.  That, in turn is based on data—data that would be stored in the Medical Information Infrastructure instead of now, in a huge collection of digital and paper files spread across the country.
This means that there would much less cost in gathering and maintaining this information, but it also means that the culture of insurance selling, and adjusting would change.  And as with the medical professional, cultures resist change.

·         Customer Acceptance

One of the major challenges will be acceptance by the customer base.  In the pilot phase, customers, not fully into the computing culture will be very anxious about the processes, where his or her records are stored, and why the change is necessary.
Additionally, the customers will be anxious about the necessary changes in law to enable this system to function effectively and cost efficiently.  This stress will be hyped in the media and transmitted to congress.  There is no way to stop it, but education/marketing will be able to ameliorate it to some extent.

Meeting the Issues

Meeting these cultural issues will require significant education, training, and marketing to  create initial grudging acceptance.