|
|
|
|
|
|
by adolph
757 days ago
|
|
|
Yes. In the US, this is part of the EHR push, each EHR is supposed to accept any outside application. Here are some docs on how it works with Epic: https://open.epic.com/Home/InteroperabilityGuide?whoAmI=deve... A big tricky part is understanding all the different health systems that have part of the patient's record. Typically speaking you can scrape all health system FHIR access point's and perform some geo matching to offer the ones they likely have seen. From there you do the Oauth2 dance with each health system where the patient authenticates (if they remember their login) and your app gets a token good for a certain time period after which the patient has to log in again. The advantage of Metriport's approach is that they are getting a hook into the vendor operated HIEs. The patient doesn't have to remember/select which health care systems that have records for them since the VOHIEs have all that. The big hurdle is managing some authentication on behalf of the patient to a third party that they don't have a direct relationship to, the VOHIE. I suppose the VOHIE can pass the patient off to one of the member health systems and do the same Oauth dance but instead of just getting one health systems data, you get the whole enchilada. The evil part of the operation is that now Metriport has proxy access to the data and eventually will get hacked and bought by private equity that will sell the data to TransEquirian Insurance Score agencies. |
|
|
To be explicit for readers here, outside applications can connect to some EHR systems using SMART on FHIR, but not all (this is what Apple Health supports in their PHR) - and this is separate from HIEs. For reasons OP mentioned, this is impractical for treatment at scale, but is currently the best way to get your health records in your pocket, or to insurance companies, for example.
Fasten is a great OSS project that facilitates this flow for individuals, and I'd suggest you check them out: https://github.com/fastenhealth/fasten-onprem
> getting a hook into the vendor operated HIEs
This is a only part of the equation - for example, one of the biggest networks we connect with is Carequality, and this is more of a framework that's not operated by any vendors. Rather, vendors connect to a shared directory and speak the same language for medical data exchange.
> The evil part of the operation is that now Metriport has proxy access to the data and eventually will get hacked
This just speaks even more volumes to our open source approach - we're not hiding behind obscurity for security.
> and bought by private equity that will sell the data to TransEquirian Insurance Score agencies.
Only if someone wants spend a long time in prison! We can not legally do anything with the data we have proxy access to, except deliver it to the healthcare organizations we work with that are involved with treating the patient - nor would we want to. There are acquisition events with healthcare organizations all the time, and the HIPAA rules protecting the data do not change.
Hopefully you can agree that, especially with us being the only vendor in the space that's open source, there is no evil at play.