This page documents an Open MnM Hot Topic, i.e. a methodology issue requiring a resolution from Modeling and Methodology.

Introduction

In recent discussions, the idea has arisen that e-mail, but also Facebook or Twitter posts/chats are becoming increasingly interesting as a source of secondary clinical information. This could include patient-provider communication (usually in addition to face-to-face or telephone encounters), but also contact person-provider communication (e.g. when it comes to family members asking questions on behalf of juvenile or elderly patients), provider-provider communication (professional consultations) and even patient-patient communication (groups for sharing patient experiences).

We believe there should be a standardized way to model this type of exchange, most likely as an Act with classCode INFRM, with the source and destination of the exchange marked as participants. The next question then becomes how you identify these participants. An obvious way would be to simply identify them via their e-mail, Twitter or Facebook accounts (whichever applies). This would make an application interface (plug-in) between the messaging/social media application and the clinical application quite simple (although privacy and security would certainly be a major concern). Of course these can be treated as telecom addresses, but the question then arises whether social media (Twitter, Facebook, etc). are covered by RFC 1738? Alternatively, we could treat this as true IDs, in which case there needs to be an OID (preferably universally used) for e-mail accounts (separate OID for each provider?) and for the major social media… Has this ever been discussed in HL7?

By the way, I think there is a very real marketing opportunity here too. There is reality where social media are increasingly used (whether appropriate or not) for the abovementioned type of communication. Some of that information exchange is certainly relevant for inclusion in a patient’s EHR (and/or PHR). I think Facebook and Twitter might be seriously interested in investigating their role in the healthcare arena. Before you know it, we could have them join our ranks as active participants (and benefactors ;-) in HL7 development. HL7 cannot direct which media are used for healthcare exchange, but it should certainly support any media that are used in practice. In this case, we see media that were not intended for healthcare use per se, becoming more and more important as an exchange mechanism. The boundary between healthcare and social media is becoming flexible and we should be prepared for that.

Security issues

Peter Hendler:

There is a huge problem with this and patient privacy. There is no way we (USA) would ever be able to discuss any clinical information with patients on non secure social media. Not even for them to tell us about head ache or for us to tell them to take an aspirin. No Personal Health Information (PHI) ever over any non secured channel.

Maybe in other countries it would be allowed but we are not allowed to use any non secured system for any PHI what so ever, and the fines are $250,000 for every single breach.

Tom de Jong:

Well, first of all, I’m not suggesting that Twitter or Facebook make for a safe communications channel to exchange clinical information. But fact is that in many countries there are experiments (sometimes controlled by authorities, but usually spontaneous) to give electronic communications a place in the dialogue between patients and providers. The most common example are doctors that allow patients to ask them questions via e-mail (in Holland this is perfectly allowed, even when the e-mail is not sent over a secure channel). But we also have a use case where a nursing home allows family members to communicate with staff via social media. That’s information that could very well be relevant for the patient’s record.

It’s hard to predict what these experiments will lead to, but the fact that a channel is deemed unsafe has rarely stopped developments in the past. That’s what people said of the phone 100 years ago. If it’s convenient, I’m sure it will be used. The challenge is then to make the channel safer.

Klaus Veil:

I agree with Tom - I think there is no suggestion to use Social Media for official exchanges of Personal Health Information (PHI). Other countries also have patient privacy legislation and penalties ...

However, there is a growing use of Social Media for access and authorisation (eg OAuth for accessing the Blue Button: http://motorcycleguy.blogspot.com.au/2012/09/abbi-security.html, OpenID, etc.) which we cannot ignore.

Also, end users are increasingly using their Social Media worlds to communicate what they wish to share, often on a one-to-one basis. I see many people now use Twitter Direct Messaging and Facebook Messages (which even support attachments) instead of e-mail and SMS/Texts. So if we are OK with people communicating one-to-one via e-mail/SMS/Texts, we need to be prepared for the same one-to-one communication via Twitter's and Facebook's e-mail equivalents.

So Tom has given a good heads-up for HL7 to look at new communications channels that are already being quite widely used and I agree that we need to seriously look at this.

Peter Hendler:

Your probably right, and it will be developed in other countries (then the USA) but we could be prosecuted for making PHI breachable. We can't email our patients at all. We have secure portal using HTTPS. Our patients leave us questions, and we leave them answers. The regular email is involved to the extent that the patient will receive and email limited to the information, "you have a message". Then they log into the secure portal. Unsecured Email, Twitter or anything is strictly prohibited from containing any medical information.

I suppose we could use Twitter to send the message "you have a message" and then they'd have to log in securely to the https portal.

Tom de Jong:

To all the people who replied that it was very dangerous, or even illegal, to use social media to exchange healthcare information: I never intended to promote usage of social media for that purpose, I just wanted us to be aware that it happens and to be prepared for dealing with it. Moreover, although all the attention focussed on social media, what I wrote was just as much applicable to an ‘old-fashioned’ e-mail exchange. I assure you the use case for including threads/chats in the EHR is very real, or just around the corner, in the Netherlands and elsewhere.

Klaus Veil:

HL7 definitely has an opportunity (and I believe the obligation) to provide the standards for capturing any person-relevant data exchanges no matter how they are communicated. I believe that the issues of privacy and security should be left to the realms and organisations policies as well as the lower layers of the communications stack...

Keith Boone:

A comment on “Very Dangerous” or “Illegal”

The former is a risk assessment regarding risks of using social media. The latter is an interpretation of existing laws and regulation.

Both are debatable assessments or interpretations. HIPAA does not forbid e-mail as a communication method. What the HIPAA privacy and security rule says is that communications of PHI need to be secure and encrypted. There are ways to do both with e-mail (e.g., as was done with Direct). Similarly, providers today use web-sites that secure information, and there are some forms of Social Media which enable communications to be performed securely, and which do not provide access to content to anyone without appropriate credentials. Some forms are even being used to support consultation between physicians (e.g., Doximity).

Yes, I would regard use of dominant social media platforms such as twitter and facebook as being “Very Dangerous”, in part, because those social media platforms don’t secure content in a way that complies with existing

Tom de Jong:

The security of this type of electronic exchange (or lack thereof) is a matter of local policy. The point of the Hot Topic is not to scrutinize or define such policies, but to come up with a model for data and identifiers.

How to model e-mail and social media exchanges

Question:

What would be the ‘standard’ way of modelling this type of thread/chat between healthcare parties, say as part of a patient record transfer?

How to identify the authors in the exchange

Question:

How do you identify the participants in such an exchange? Grahame pointed at http://www.iana.org/assignments/uri-schemes.html for URI schemes. That would work if the participants are ‘identified’ by their telecom address. The other option would be to assign OIDs to internet service providers (for e-mail) or social networks, and then using the combination of the OID and the account name as a unique identifier.

Grahame Grieve:

well, can you identify people this way? An unidentified person, with a name and a telecom address?

the alternative is to extend II to allow a URI in the root....

Twitter-address in http is: http://twitter.com/@GrahameGrieve

Registry for URI schemes: http://www.iana.org/assignments/uri-schemes.html. This is not authoritative.

If you want to use an URI as an identifier in an II data type:

<id root="1.3.6.1.8.3" extension="http://twitter.com/GrahameGrieve"/>

The designated OID for URIs is 1.3.6.1.8.3 (http://oid-info.com/get/1.3.6.1.8.3)

Keith Boone:

For identifying participants in an e-mail or IM exchange, a URL is a suitable unique identifier, (e.g., mailto:keith.boone@ge.com or im:kwboone@skype.com). To turn these identifiers into a complete II, all we need is an OID for the namespace defined by URLs. I wouldn’t assign OIDs to ISPs (e.g., yahoo, gmail, et cetera), because that is simply overkill. One OID will cover the whole Internet with respect to URLs.

With respect to modeling messages, well, most are based on content supported via mime types. I’d model these as attachments containing encapsulated data. I don’t know about chats (e.g., via Skype), but e-mails have a message identifier that is used to manage threads. Twitter, Facebook and Google have identifiers which uniquely identify each communication.

Gerald Beuchelt:

In this discussion, you will need to engage not only with the HL7 Security WG, but also with the wide identity management community: there are a number of national efforts in place in at least the US., parts of Europe, and Japan to create reliable identity management schemes in cyber. In general, there seem to be two general directions:

1. Re-use existing identities and allow exchanges based on these identities (BYOI - bring your own identity). THis would leverage Google, Facebook, Twitter, AOL, telephone carrier, etc. identities and use them to define access rules and/or map digital identities to humans.

2. Issue new credentials (like national ID cards with PKI, or similar) and use these new identifiers for citizen--to-gov or citizen-to-biz interactions.

Either way, the very first step must be a determination of scope and level of identity assurance requirements. THis will directly tie back into the credential management framework and credential and identifier lifecycle business processes. Simply picking an identifier scheme will not be sufficient anymore in these days IMHO.

A way ahead would be to work with the Security WG on their ontology work, and then go out on a "fact finding" mission to investigate the regulatory requirements in the various countries/realms we are interested in.

John Moehrke:

I think all that HL7 needs is a way to encode an identifier. This is what Keith did a good job of explaining. URI is a fantastic method of encoding identifiers. Especially those found in the Internet space, especially when using RESTful technologies. I understood the scope of this request to be able to ‘document’ that a conversation has happened that used internet means, vs some old-style model. This scope should not pass judgment on that conversation.

I think that HL7 should NOT get involved in the determination of if a specific type of identifier is a legitimate identifier. This is the space of POLICY. It is policy that will determine what identifier types carry the appropriate level of accuracy, assurance, trust, etc . These discussions must happen, but they happen at an operational policy level. I am actively involved in these discussions. They are fantastic discussions, but they have no relevance to HL7 definition of how to document that a conversation happened.

The Level-Of-Assurance is a specific topic that is in this Policy space, And it isn’t a simple policy discussion. Who issues credentials is another. Why should I trust an identifier is another. These are policy decisions. They do factor into the ‘authentication’ capability of a protocol, as they are critical to the Access Control decision. But, specific Access Control decisions are simply an enforcement of Policy. This is the appropriate place to put the concern of ‘legitimacy’.

I assure you that when operational environments will choose legitimate technologies to use for communications between provider and patient; they will make these decisions. By that time they might have worked out the concerns. It would be inappropriate for us to indicate today that Facebook couldn’t possibly evolve into a highly secure, privacy protecting, and reliable system. (Wow, that was hard to say  ) Ultimately this decision will be made using Risk Assessment, that includes the benefit to the patient/provider that the communications brings vs the risks that the communications brings. Some conversations will surely use communication because the threat is acceptable vs the benefit.

External sources with example use cases

http://healthcaremadesimple.ca/

http://well.blogs.nytimes.com/2012/10/08/texting-the-teenage-patient/