This wiki has undergone a migration to Confluence found Here
<meta name="googlebot" content="noindex">

Representation of e-mail and social media exchanges

From HL7Wiki
Jump to navigation Jump to search

Introduction

In recent discussions, the idea has arisen that e-mail, but also Facebook or Twitter posts/chats are becoming increasingly interesting as a source of secondary clinical information. This could include patient-provider communication (usually in addition to face-to-face or telephone encounters), but also contact person-provider communication (e.g. when it comes to family members asking questions on behalf of juvenile or elderly patients), provider-provider communication (professional consultations) and even patient-patient communication (groups for sharing patient experiences).

We believe there should be a standardized way to model this type of exchange, most likely as an Act with classCode INFRM, with the source and destination of the exchange marked as participants. The next question then becomes how you identify these participants. An obvious way would be to simply identify them via their e-mail, Twitter or Facebook accounts (whichever applies). This would make an application interface (plug-in) between the messaging/social media application and the clinical application quite simple (although privacy and security would certainly be a major concern). Of course these can be treated as telecom addresses, but the question then arises whether social media (Twitter, Facebook, etc). are covered by RFC 1738? Alternatively, we could treat this as true IDs, in which case there needs to be an OID (preferably universally used) for e-mail accounts (separate OID for each provider?) and for the major social media… Has this ever been discussed in HL7?

By the way, I think there is a very real marketing opportunity here too. There is reality where social media are increasingly used (whether appropriate or not) for the abovementioned type of communication. Some of that information exchange is certainly relevant for inclusion in a patient’s EHR (and/or PHR). I think Facebook and Twitter might be seriously interested in investigating their role in the healthcare arena. Before you know it, we could have them join our ranks as active participants (and benefactors ;-) in HL7 development. HL7 cannot direct which media are used for healthcare exchange, but it should certainly support any media that are used in practice. In this case, we see media that were not intended for healthcare use per se, becoming more and more important as an exchange mechanism. The boundary between healthcare and social media is becoming flexible and we should be prepared for that.

Security issues

Peter Hendler:

There is a huge problem with this and patient privacy. There is no way we (USA) would ever be able to discuss any clinical information with patients on non secure social media. Not even for them to tell us about head ache or for us to tell them to take an aspirin. No Personal Health Information (PHI) ever over any non secured channel.

Maybe in other countries it would be allowed but we are not allowed to use any non secured system for any PHI what so ever, and the fines are $250,000 for every single breach.

Tom de Jong:

Well, first of all, I’m not suggesting that Twitter or Facebook make for a safe communications channel to exchange clinical information. But fact is that in many countries there are experiments (sometimes controlled by authorities, but usually spontaneous) to give electronic communications a place in the dialogue between patients and providers. The most common example are doctors that allow patients to ask them questions via e-mail (in Holland this is perfectly allowed, even when the e-mail is not sent over a secure channel). But we also have a use case where a nursing home allows family members to communicate with staff via social media. That’s information that could very well be relevant for the patient’s record.

It’s hard to predict what these experiments will lead to, but the fact that a channel is deemed unsafe has rarely stopped developments in the past. That’s what people said of the phone 100 years ago. If it’s convenient, I’m sure it will be used. The challenge is then to make the channel safer.

Klaus Veil:

I agree with Tom - I think there is no suggestion to use Social Media for official exchanges of Personal Health Information (PHI). Other countries also have patient privacy legislation and penalties ...

However, there is a growing use of Social Media for access and authorisation (eg OAuth for accessing the Blue Button: http://motorcycleguy.blogspot.com.au/2012/09/abbi-security.html, OpenID, etc.) which we cannot ignore.

Also, end users are increasingly using their Social Media worlds to communicate what they wish to share, often on a one-to-one basis. I see many people now use Twitter Direct Messaging and Facebook Messages (which even support attachments) instead of e-mail and SMS/Texts. So if we are OK with people communicating one-to-one via e-mail/SMS/Texts, we need to be prepared for the same one-to-one communication via Twitter's and Facebook's e-mail equivalents.

So Tom has given a good heads-up for HL7 to look at new communications channels that are already being quite widely used and I agree that we need to seriously look at this.

Peter Hendler:

Your probably right, and it will be developed in other countries (then the USA) but we could be prosecuted for making PHI breachable. We can't email our patients at all. We have secure portal using HTTPS. Our patients leave us questions, and we leave them answers. The regular email is involved to the extent that the patient will receive and email limited to the information, "you have a message". Then they log into the secure portal. Unsecured Email, Twitter or anything is strictly prohibited from containing any medical information.

I suppose we could use Twitter to send the message "you have a message" and then they'd have to log in securely to the https portal.

Tom de Jong:

To all the people who replied that it was very dangerous, or even illegal, to use social media to exchange healthcare information: I never intended to promote usage of social media for that purpose, I just wanted us to be aware that it happens and to be prepared for dealing with it. Moreover, although all the attention focussed on social media, what I wrote was just as much applicable to an ‘old-fashioned’ e-mail exchange. I assure you the use case for including threads/chats in the EHR is very real, or just around the corner, in the Netherlands and elsewhere.

Klaus Veil:

HL7 definitely has an opportunity (and I believe the obligation) to provide the standards for capturing any person-relevant data exchanges no matter how they are communicated. I believe that the issues of privacy and security should be left to the realms and organisations policies as well as the lower layers of the communications stack...

Keith Boone:

A comment on “Very Dangerous” or “Illegal”

The former is a risk assessment regarding risks of using social media. The latter is an interpretation of existing laws and regulation.

Both are debatable assessments or interpretations. HIPAA does not forbid e-mail as a communication method. What the HIPAA privacy and security rule says is that communications of PHI need to be secure and encrypted. There are ways to do both with e-mail (e.g., as was done with Direct). Similarly, providers today use web-sites that secure information, and there are some forms of Social Media which enable communications to be performed securely, and which do not provide access to content to anyone without appropriate credentials. Some forms are even being used to support consultation between physicians (e.g., Doximity).

Yes, I would regard use of dominant social media platforms such as twitter and facebook as being “Very Dangerous”, in part, because those social media platforms don’t secure content in a way that complies with existing

Tom de Jong:

The security of this type of electronic exchange (or lack thereof) is a matter of local policy. The point of the Hot Topic is not to scrutinize or define such policies, but to come up with a model for data and identifiers.

Jay Wack:

Perhaps we could all take advantage of the work done by ANSI for banking. They have published a standard, X9.73-2010, that provides for a granular approach to persistent protection and differential access control consistent with the Declared objectives of HIPAA and HL7. In particular, Annex D, explaining the Normative.

How to model e-mail/social media exchanges

Question:

What would be the ‘standard’ way of modelling this type of thread/chat between healthcare parties, say as part of a patient record transfer?

Kevin Coonan:

All Acts can (should?) convey a human readable text and title property. The data type is ED, so you can include any MIME type that is allowed. However, most pictures are probably Observations and would be conveyed as the value.

Also, there also may be a use for structured data. Why not include home measurements and let the patient use it? Eg wt, peak flow, glucose, fetal kick counts, contractions, height, pain severity, etc. Giving users a choice (pick lists, drop down) for coded data entry may also be helpful.

Ewout Kramer:

Are you suggesting that when I need to communicate to my fellow caretakers "Father was really confused last week, I think we should not allow too many visitors for some time", that I just use a generic Act with this text in the Act.text property? I guess I don't want an Observation of 'confusion' with my father as subject, linked with an Observation in GOAL mood with 'less visitors' as the goal ;-)

Kevin Coonan:

You may want to have the Observation as "confusion" and a separate Act that states your intent to limit visitors. It depends on your needs and how much interoperability is required. If this is just for person-to-person communication, then title/text can probably suffice. If you want your physicians EHRS to recognize that there is a problem, then coded data and more structure are required to convey the semantics.

Lloyd McKenzie:

Each individual statement would be an observation. However, what's more interesting is what represents a "thread". What is the common structure that ties a bunch of these things together that a participant could choose to follow?

William Goossen:

We have the statement collector RMIM for that.

Tom de Jong:

Do you actually think this is an Obseravation, or do you pick that class because that’s what usually happens if no exact semantic fit is found?

I personally don’t think these are Observations at all. They are exchanges of information. Nothing is being observed and there is no result value. Although the definition of classCode INFRM seems a bit too restrictive, that sounds much more like what we’re dealing with than Observation.

  • The act of transmitting information and understanding about a topic to a subject where the participation association must be SBJ.

I think this definition needs a lot of work, but it’s the closest thing there is to a message/post in an electronic thread.

Lloyd McKenzie:

Well, everything we do in HL7 is "sharing information". We generally use INFRM when we want to say "please tell" or "I did tell" or "if x happens then tell". That doesn't appear to be the case here. Someone's simply making a statement and sharing that in some sort of forum. For pure v3 modeling, we could simply use Act with .text. However, there can be a challenge of somewhat weak semantics. A fixed value code might help though.

Kevin Coonan:

q.v. Marcio von Muhlen, Lucila Ohno-Machado. Reviewing social media use by clinicians. J Am Med Inform Assoc 2012;19:5 777-781 http://jamia.bmj.com/content/19/5/777.full.pdf+html

How to identify the authors in the exchange

Question:

How do you identify the participants in such an exchange? Grahame pointed at http://www.iana.org/assignments/uri-schemes.html for URI schemes. That would work if the participants are ‘identified’ by their telecom address. The other option would be to assign OIDs to internet service providers (for e-mail) or social networks, and then using the combination of the OID and the account name as a unique identifier.

Grahame Grieve:

well, can you identify people this way? An unidentified person, with a name and a telecom address?

the alternative is to extend II to allow a URI in the root....

Twitter-address in http is: http://twitter.com/@GrahameGrieve

Registry for URI schemes: http://www.iana.org/assignments/uri-schemes.html. This is not authoritative.

If you want to use an URI as an identifier in an II data type:

<id root="2.16.840.1.113883.4.583" extension="http://twitter.com/GrahameGrieve"/>

The designated OID for URIs is 2.16.840.1.113883.4.583 (http://www.hl7.org/oid/OID_view.cfm?Comp_OID=2.16.840.1.113883.4.583)

Keith Boone:

For identifying participants in an e-mail or IM exchange, a URL is a suitable unique identifier, (e.g., mailto:keith.boone@ge.com or im:kwboone@skype.com). To turn these identifiers into a complete II, all we need is an OID for the namespace defined by URLs. I wouldn’t assign OIDs to ISPs (e.g., yahoo, gmail, et cetera), because that is simply overkill. One OID will cover the whole Internet with respect to URLs.

With respect to modeling messages, well, most are based on content supported via mime types. I’d model these as attachments containing encapsulated data. I don’t know about chats (e.g., via Skype), but e-mails have a message identifier that is used to manage threads. Twitter, Facebook and Google have identifiers which uniquely identify each communication.

Gerald Beuchelt:

In this discussion, you will need to engage not only with the HL7 Security WG, but also with the wide identity management community: there are a number of national efforts in place in at least the US., parts of Europe, and Japan to create reliable identity management schemes in cyber. In general, there seem to be two general directions:

1. Re-use existing identities and allow exchanges based on these identities (BYOI - bring your own identity). THis would leverage Google, Facebook, Twitter, AOL, telephone carrier, etc. identities and use them to define access rules and/or map digital identities to humans.

2. Issue new credentials (like national ID cards with PKI, or similar) and use these new identifiers for citizen--to-gov or citizen-to-biz interactions.

Either way, the very first step must be a determination of scope and level of identity assurance requirements. THis will directly tie back into the credential management framework and credential and identifier lifecycle business processes. Simply picking an identifier scheme will not be sufficient anymore in these days IMHO.

A way ahead would be to work with the Security WG on their ontology work, and then go out on a "fact finding" mission to investigate the regulatory requirements in the various countries/realms we are interested in.

John Moehrke:

I think all that HL7 needs is a way to encode an identifier. This is what Keith did a good job of explaining. URI is a fantastic method of encoding identifiers. Especially those found in the Internet space, especially when using RESTful technologies. I understood the scope of this request to be able to ‘document’ that a conversation has happened that used internet means, vs some old-style model. This scope should not pass judgment on that conversation.

I think that HL7 should NOT get involved in the determination of if a specific type of identifier is a legitimate identifier. This is the space of POLICY. It is policy that will determine what identifier types carry the appropriate level of accuracy, assurance, trust, etc . These discussions must happen, but they happen at an operational policy level. I am actively involved in these discussions. They are fantastic discussions, but they have no relevance to HL7 definition of how to document that a conversation happened.

The Level-Of-Assurance is a specific topic that is in this Policy space, And it isn’t a simple policy discussion. Who issues credentials is another. Why should I trust an identifier is another. These are policy decisions. They do factor into the ‘authentication’ capability of a protocol, as they are critical to the Access Control decision. But, specific Access Control decisions are simply an enforcement of Policy. This is the appropriate place to put the concern of ‘legitimacy’.

I assure you that when operational environments will choose legitimate technologies to use for communications between provider and patient; they will make these decisions. By that time they might have worked out the concerns. It would be inappropriate for us to indicate today that Facebook couldn’t possibly evolve into a highly secure, privacy protecting, and reliable system. (Wow, that was hard to say  ) Ultimately this decision will be made using Risk Assessment, that includes the benefit to the patient/provider that the communications brings vs the risks that the communications brings. Some conversations will surely use communication because the threat is acceptable vs the benefit.

External sources with example use cases

http://healthcaremadesimple.ca/

http://well.blogs.nytimes.com/2012/10/08/texting-the-teenage-patient/


Resolution

From minutes of Jan 2013 WGM (Jan 17 - Phoenix)

RIM Modelling

  • Sharing of information from one to another is an inform act
  • Speaker is the performer
  • who they are communicating to is the receiver of the act
  • the author might be someone else or the performer
  • the conversation is wrapped in an Encounter
  • Lloyd repudiates his previous comments with "I am not convincing to me at this time"
  • Tom will draw a model snippet & consult Clinical Statement

Identifiers

  • If you want to use an URI as an identifier in an II data type:
<id root="2.16.840.1.113883.4.583" extension="http://twitter.com/GrahameGrieve"/>