The future of your identity

05/02/23 Thomas J. Petry - AITP NoVa 1

The Future of Your Identity

Thomas (Pete) PetryAITP NOVA

Thursday, May 10th, 2006Ft. Myers Officer’s [email protected]: 202-367-5971

mailto:[email protected]


The Future of your Identity

A

Healthcare

Informatics

Perspective


Overview

The Human Thirst for Knowledge Informatics

– Healthcare Informatics (HCI) and Personal Informatics (PI)– How HCI and other related fields impact PI– Key HCI Stakeholders

Healthcare– Administrative Law– HIPAA– US Healthcare Market

Point of no return– Technological and Regulatory Trends– Convergence and Vortex of the Future– The Future of your Identity


Proverbs Chapter 25 Verse 2

“It is the glory of God to hide a thing ...”

“… but it is the glory of Kings to seek out a matter …”


Humans Like Information

We Seek it … We Collect it … We Classify it … We Manipulate it … We Store it .. We Retrieve it … and We Disseminate it …


The Thirst of Knowledge

“Knowledge is Power”– Sir Francis Bacon– Sir Isaac Newton– Sir Winston Churchill

“Knowledge is Power; Information liberating; Education the premise of progress in every society and in every family”– Kofi Atta Annan, Seventh Secretary-General of the United

Nations (1997-2007) co-recipient of the Nobel Peace Prize in 2001


Overview






What is Informatics?

Short Answer:– The Science of Information


What is Informatics?

Short Answer:– The Science of Information

More Definitive:– The coupling of IT with applied information

sciences in a given field– A bridge that connects people, information

and technology to a given field of study


People

Information Technology

Informatics


History of Informatics

Coined in the 1960’s by the French Came from Applied Information Science Popularized by the Soviets (Informatika) US continued to use Information Science During late 70’s several fields of IT flirted with

the term Medical/Healthcare Informatics caught hold


Need for Informatics

– Vast amounts of data are being generated in virtually all fields of science and is increasing exponentially …

– Rapid advances in computer hardware and software allows us to capture more and more data …

– Rapid proliferation of broadband networks and high speed data communication protocols …

– Trend is for information storage to continue become more and more pervasive …

Hence: The need to understand and warehouse this data and the emergence of Informatics particularly in Medicine, Biology and other related sciences …


Informatics Studies

The structure, behavior and interactions of natural and artificial systems that:

– store– process, and– communicate information

Healthcare Informatics (HCI) is the study of the cognitive, information processing, and communication tasks of human medical practice and the systems we employ use in the diagnosis, treatment, research, regulation, education, funding, payment, or reimbursement for services designed to provide desired healthcare outcomes …


Communication

Data Processes

Informatics/Technology


Merging of HCI Sub Disciplines

Medical Informatics is expanding into HCI– Bio Informatics (Biometrics)– Structural Informatics– Clinical and Clinical Research Informatics– Pathology Informatics– Imaging Informatics– Public Health Informatics– Pharmacy Informatics– Health Informatics Law

Shift from Medical to Total Healthcare Solutions Shift to recognize citizens as agents of their own care


Clinical

Imaging Consumer Health

Healthcare Informatics


Human Biological Informatics

Your own body can be thought of as a massive database storing data in basic storage units called DNA …

DNA contains the genetic instructions used in the development and functioning of your body

It provides long-term storage of information– genes, chromosomes, genomes …

Provides instructions to regulate the use of that information:– DNA Sequences/Bases …


Human Biological Informatics

Human bodies contain approximately 3 billion base pairs of DNA …

Arranged nicely into 46 chromosomes … In the same way that the body stores and

uses information … Informatics allows us to understand these complex processes and to apply these concepts to other related fields


Non-Medical Informatics

Chemical Informatics … Geographic Informatics … Mechanical Informatics … Economic Informatics … Identity Informatics … Social Informatics … Personal Informatics …


Personal Identity Informatics

Expanded far beyond your SSN PI now concerned with:

– Financial Services Identity (Credit and Portfolio)– Health Identity (Pre-Existing Conditions)– Criminal Identity (Background Checks)– Employment Histories– Education, Licensing, and Accreditation– Address Information– Vital Statistics and other public records– Business and Commercial Identity– Use of Biometrics– Data Breach Notification and Response– Security and Privacy Concerns– Identity Management


Ethical

Social Legal

Personal Identity Informatics


Concepts of Informatics

The specialization of information management to the processing of data, information and knowledge in a named field of study …

– Introduces relational concepts and theory– Enriches the understanding of both the data and the field of study– Deals with storage, retrieval, relational design and optimal use of

information– Aids in problem solving and decision making– Covers the entire spectrum of information in the related field

including all basic sciences– Studies the social, ethical and human factors of a given field– Ties business process, data, and communications– Can be thought of as the next generation of Library Sciences


The Glory of Kings

Informatics is logical end point to Human Thinking … The more information we collect … The more we classify that information … The more we classify … The better we define our body of knowledge … The more defined our concepts … The more we understand other data … The better we define Concepts of Informatics … The more information we collect …


Key HCI Stakeholders

National Institute of Standards and Technology (NIST)

Health Level 7 (HL7) National Committee on Vital and Health

Statistics (NCVHS) Centers for Disease Control and Prevention

(CDC) Healthcare Information and Management

Systems Society (HIMSS)



National Committee for Quality Assurance (NCQA)

Joint Commission on Accreditation of Health Care Organizations (JCAHCO)

American National Standards Institute (ANSI) World Health Organization (WHO) The American Health Information

Management Association (AHIMA)



American Health Information Community (AHIC)

American Society for Testing and Materials Association for Electronic Health Care

Transactions (AFEHCT) National Center for Health Statistics Center for Healthcare Information

Management (CHIM)



College of Healthcare Information Management Executives (CHIME)

Healthcare Information and Management Systems Society (HIMSS)

Health Informatics Standards Board (HISB) Agency for Healthcare Research and Quality

(AHRQ) Massachusetts Health Data Consortium

(MHDC)



National Association of Health Data Organizations (NAHDO)

National Institutes of Health (NIH) National Human Genome Research Institute

(NHGRI) National Institute of Biomedical Imaging and

Bioengineering (NIBIB) International Medical Informatics Association

(IMIA)


Overview






Current US Regulatory Environment

Constitutional Law (Amendments)– Over 10,000 introduced since 1789– Only 27 ratified (last ratification in 1992 Limiting Congressional Pay Raises)– Bill of rights was actually the last 10 of 12 proposed (ratified between 1789 and 1791)– 27th amendment was actually the 2nd of the first 12 introduced

Legislative Law (USC)– Acts of Congress cannot violate the Constitution– Hundreds of Thousands introduced into House and/or Senate– Close to 600 actually got ratified

Requires both Congressional Ratification then President “signs into law” Unless VETO by the President or Reconsideration by Congress after VETO Must pass Judicial Scrutiny

Administrative Law (CFR)– New regulations issued daily– Published in a Multi-Volume set known as the code of federal regulations– Divided into 50 distinct categories known as titles– Several Thousands have been codified– Containing hundreds upon thousands of titles, chapters, parts, and sub-parts


Administrative Law

Results from rulemaking, adjudication, or enforcement of a specific regulatory agenda by an agency of the US Government

Scope of Authority comes from both Executive Order and Congressional Legislation

Decision-making bodies (tribunals, boards, commissions, agencies, etc.)

Published in the CFR (Code of Federal Regulations) Expanded Greatly in 20th century world wide – Not

just in the United States


Well Known Administrative Laws

Interstate Commerce Act – 1887 Communications Act – 1934 Old Age Pension Act – 1935 Federal Food, Drug and Cosmetic Act – 1938 National Aeronautics and Space Act – 1958 Social Security Act – 1965


Areas of Administrative Law

International Trade Banking/Commerce Manufacturing Environment Taxation Broadcasting Immigration Transport Labor

Agriculture Homeland Security Elections Employee Benefits Housing Highways Education Telecommunications Public Health


Scope of Administrative Laws

Must be consistent with legislative intent Must be consistent with statutory authority Cannot violate Constitutional authority Cannot violate Legislative authority Generally cannot explicitly deny authority Cannot overlap a duplicated authority Must be based on factual findings Must serve the public interest


Federal Rulemaking Process

Q: How does Administrative Law work under the US Constitution?



Q: How does Administrative Law work under the US Constitution?

Answer:– Enacted by Congress by the

Administrative Procedures Act of 1946– Follows the Federal Rulemaking Process



Ensures the public is informed Allows the public to comment Allows public access to the proposed rules Ensures agencies analyzes public comments Ensure agencies create permanent record of their

analysis and the rulemaking process Ensures agency rules can be reviewed by judicial

branch to ensure correct process was followed Has seven (7) distinct steps or phases


1. Legislation

The US Congress passes a law and assigns an agency of the government to promulgate additional regulations

– Example: Clean Water Act– Delegation: EPA


2. Advance Notice of Proposed Rulemaking

This is an optional step AKA: Notice of Intent (NOI) Involves publishing the agencies initial

analysis of the subject matter Asks for early public input on key issues All data and communications made

available to the public


3. Notice of Proposed Rulemaking (NPRM)

Publication of the actual proposed regulatory language (Federal Register)

Full discussion of the justification and analysis behind the rule

Includes agency response to any prior public comment on advanced notice


4. Public Comment

Public Comment Period Begins Agency required to respond to each issue

raised in the comments Comment periods may last for 30 to 180 days

or more Similar to Private Rulemaking – Internet,

Java, American National Standards, ISO, etc.


5. Final Rule

Usually the proposed rule becomes the final rule with some minor modifications

Agency publishes full response to issues raised by public comments and an updated analysis and justification for the rule including an analysis of any new data submitted by public (Code of Federal Regulations)

In some cases agencies may publish a second draft proposed rule


6. Judicial Review

In some cases interested parties file law suits (this step is therefore situational)

Courts review whether regulation exceeds authority

In USA Administrative Law carries the same authority as Legislative Law or Constitutional Law if not in conflict


7. Effective Date / Compliance Date

Rule does not immediately become effective Allows regulated parties to “come into

compliance” Might allow for up to several years to comply Compliance Dates can be extended Compliance Dates can be selectively

enforced– Complaint Based– Good Faith Effort


Overview



Healthcare– Administrative Law– HIPAA – Legislative or Regulatory?– US Healthcare Market



HIPAA - Legislation

The Health Insurance Portability and Accountability Act of 1996 (Kennedy-Kassebaum Act)– Title I – Portability– Title II – Accountability – Delegated wide

authority to the Department of Health and Human Services


HIPAA Title II - Regulation

Title II included a provision known as Administrative Simplification (or A/S)

Delegated Authority to the Department of Health and Human Services to draft rules aimed at increasing the “efficiency of the US Healthcare system” by creating standards for the use and dissemination of healthcare information

Delegated Authority to HHS:– HSS already controls Medicaid, Medicare and State

Children Health Insurance Programs– HSS now regulates portions of the entire healthcare

industry


HHS Promulgated Five Rules

The Privacy Rule The Security Rule The Enforcement Rule

– Mostly Legal Implications The Transaction and Code Set Rule The Unique Identifiers Rule

– Mostly Technological Implications

Note: All five of them had a direct impact on your Healthcare Identity


Privacy – Security – Enforcement

Defined who has access to your data Defined how to protect that access Set civil penalties for violations and

established procedures for investigations Defined two distinct terms related to your

Healthcare Identity:– Individually Identifiable Health Information (IIHI)– Protected Health Information (PHI)


Individually Identifiable Health Information

Member or Subscriber Names All geographic subdivisions smaller than a state Dates of Birth, Admission, Discharge, Death Telephone Numbers Fax Numbers Social Security Numbers Member Identification Numbers Email Addresses, Web URLs, IP Protocols Any other information that could be used alone or in

combination with other information to identify a person who is the subject of the information


Protected Health Information

PHI is any information containing IIHI weather:– Oral, written, electronic, visual, pictorial, physical,

or any other form;– That relates to an individuals past, present or

future; Physical or mental health Status, condition, treatment, service, products

purchased, or provision of care Which reveals the identity of the individual


Disclosure of PHI

Covered Entities can disclose PHI within chain of trust:– Business Associate/Business Associate Agreement– Minimum Scope of Disclosure– Notice of Disclosure– Authorization of Disclosure

Exceptions made:– Law Enforcement– Public Health Programs– National Security– Other


Transaction and Code Set Rule

Standard Transactions– Enrollment and Maintenance– Eligibility Request/Response– Referrals and Authorizations– Claims– Claim Status Request and Response– Remittance Advice and Premium Payments

Code Sets to be used in transactions– Internal and External Code Sets– Medical and Non-Medical Code Sets

Important Note: This made the format of your Health Information Record a matter of Public Knowledge


Health Care Data Element Dictionary

Contains over 1,000 data elements just to support nine required transactions necessary to support the lifecycle of a healthcare claim from enrollment of a beneficiary to the remittance for services

Each of these data elements reference external code sets that in turn call upon hundreds upon thousands of external code descriptions

Future transactions anticipated for the future:– Report of first injury– Claims Attachments– Electronic Medical Records and Personal Health Records– Clinical Decision Support Systems– Regional and National Health Information Exchanges (HIE)– Non implemented enumeration systems


Unique Identifiers Rule

National Health Plan ID (N Plan ID)– Handled by National Plan and Provider Enumeration System

(NPPES) National Provider ID (NPI – May 23, 2007 Compliance Date)

– Handled by National Plan and Provider Enumeration System (NPPES)

National Employer ID (EIN)– Used Existing EIN assigned by SSA

National Patient ID … – Most Controversial of all rules– Congress provisioned additional congressional approval– NOI Put on hold/additional hearing postponed indefinitely– Privacy and Security not the only Concerns– Consider the cost of enumerating 300 million Americans


Did HIPAA Solve the Problem?

An attempt to control 20th century medicine with 19th century paperwork

An attempt to regulate the Healthcare Industry into adopting standards it was unwilling or unable to do by consensus

– Tried to solve a business problem through regulation– Healthcare spending still way out of control

An attempt to solve an administrative nightmare through the use of additional paperwork

– Short Term increased rather than decreased the cost of Healthcare HIPAA isn’t a collection of compliance dates – it’s a process

– Notice of Proposed Rulemaking (NPRM) continues– HHS still has widely delegated powers


Overview






Current US Healthcare Market

Spending 15% of the GDP increasing to over 20%– 3 times more costly than the United Kingdom– Highest Pharmaceutical costs in the world– Highest Overall Healthcare costs in the entire world

17% of the US Population still has no Insurance Emergency Medical Treatment and Active Labor Act (EMTALA)

ensures they get treatment anyway Plagued with

– Healthcare disparities– Equal access to quality healthcare– Preventable Adverse Drug Events– Plagued with Preventable Medical Error


Current US Healthcare Market

Most scientifically and technologically advanced healthcare system in the world, But:

– Lacks the elements Of a free market– Lacks the elements of transparent pricing– Lacks incentives necessary to build industry consensus– Highly Regulated on supply side– Healthcare Systems are still highly complex, fragmented and use

multiple IT systems and vendors incorporating different standards– Results in healthcare inefficiencies, waste, adverse drug reactions

and medical errors AND: Only country in the developed world where you loose

your health insurance at the same time you loose your ability to purchase more


The US Healthcare Evolution

Self Pay– 1ST Party Payment (Patient at risk)– Early 1900s

Indemnity– 3rd Party Payment (Insurance Co at risk)– Employer based group plans– 1920’s through 1990’s

Shared Risk (but still employer based)– Capitation – 2nd Party Payment (Provider at risk)– Integrated Networks (Insurance and Provider)– Consumer Driven Health Plans (all share risk)– 2000 and beyond


Employer Based Healthcare

America's Insured46.6 Million People in the US without Healthcare

Insurance for Part of 2005

59% Through Employer

9% Purchase Directly

27.3% GovernmentPrograms


US Healthcare Costs

Growing at a rate of 2.5 times faster than our economy Rose from 7% to 15% of GDP in last 35 years, rapidly approaching 20% Huge price-shifting strategies to accommodate

– Uninsured patients– Litigation– Research

Yet still we continue to fund research and trials– $111 billion in 2005– $61 billion for pharmaceuticals

Why?– Consistent ROI – $2.5 to $38.5 ROI for every extra $1 spent on healthcare– Value of Life (VOL) between $50,000 and $100,000 – We might save money if we didn’t but more people would die from disease

or accidents and less babies would survive …


Overview






Point of No Return

Can’t go back to Free Market Healthcare Can’t put our Personal Identity back in the box

– We were told SSN would never be used for anything else– Asking for SSN in merchant transactions has proliferated our SSN into

countless databases– Healthcare informatics and other trends are likely to proliferate our

Healthcare Identity into thousands upon thousands of more Can’t turn back the regulatory clock

– Regulatory Capture– Deregulation Ineffective

Can’t switch off and slow down technology– Roadrunner Culture– World of Instant Gratification– Do you really want to go back to a world without advanced medical care?

So where are we going?


Health Technology Reform

National Health Information Infrastructure (NHII)– Distributed National Health Information Database– Regional Health Information Organizations (RHIO)– Proliferation of Health Information Exchanges (HIE)– Expanded use of EMR, EHR, and PHR

Clinical Improvements– Expanded use of Clinical Decision Support Systems

(CDSS)– Expanded use of Computerized Physician Order Entry

(CPOE)– Proliferation of Retail Healthcare Clinics– Globalization of Standard Clinical Vocabulary


Health Technology Reform

Interoperability between Medical Devices (HL7) National Patient Identification System Expanded use of RFID Technology in Healthcare Multiple Quality Initiatives for Improvements to patient

safety Wider Use of electronic Prescribing (e-Prescribing)

– Improvements to pharmaceutical and patient safety– Wider availability of patient histories including medication

usage– Elimination waste fraud and abuse (physician shopping)


Convergent Globalization

Convergence of technology (research, connectivity, integration), inter-dependence, economic (pricing, products, wages, interest rates, profits), geopolitical (social, cultural, political) towards a developed countries norms

– Every day life is being standardized throughout the world– Life expectancy almost tripled in developing countries since WWII– Child Labor drops from 24% in 1960 to 10% in 2000

In healthcare ICD directly impacts global standardization:– Most widely used statistical classification system in the world– Web-based approach to revise ICD-11 planned for 2008-2014– ICD-9-CM 1977 (USA) – ICD-10-CM/PCS 1983-1992 (Many other

countries) Read the book “The World is Flat” 2006 by Thomas L. Friedman

– Advanced technologies developed– Engineers in New Delhi, programmers in Poland, customers is Boise


Convergent Legislation and Regulations

World Intellectual Property organization Copyright Treaty (WIPO) 1996

Digital Millennium Copyright Act (DMCA) 2000 Patriot Act of 2001 Identity Theft and Assumption Deterrence Act of 2003 Real ID Act of 2005 – DHS promulgating rules Payment Card Industry Data Security Standard (PCI

DSS)


Potential Future Legislation

Cyber-security Enhancement and Consumer Data Protection Act, HR 836

The Internet SAFETY Act, HR 837 The Spy Act, HR 964 HR 948 unlawful to sell or buy Social Security

numbers Prevention of Fraudulent Access to Phone

Records Act, HR 936


ID Theft Still Real and Continuing

Retail Giant TJX recent disclosure – as many as 45.7 million customer records stolen by intruders

The President's Identity Theft Task Force has plans for creating a national identity theft law center and educating the public on the dangers of identity theft

– Government seeking national data protection standards in the private sector

– Task force aimed recommendations at both private companies and government agencies

Ordinary citizens now beginning to protect themselves through the use of an alias

– In future ordinary citizen use of alias could out number use by criminal element

– Still the fastest growing crime in the world


Putting SSN back in the box

ID Task Force recommends reduced use of SSN as an identifier but knows patients must still be enumerated

Social Security Administration knows of wide spread breaches in use of SSN

Some have proposed scrapping the SSN system and starting over

Use of National ID system may eventually replace SSN and also solve Patient ID and other problems (Bio-surveillance, immigration)


Bio-Surveillance

Anticipated to be used by both public health and homeland defense

Expanded use of Healthcare technology in all areas to serve the public interests

Requires the use of both Healthcare Informatics and Geographic Informatics

Must exploit data from multiple sources and monitor for:– Naturally occurring epidemics– Potential Bio-Terrorism

Delicate balance between your personal freedom’s and the safety and security of an improved quality and security of life


Your Digital Identity

Pieces of your personal identity scattered across multiple domains:

– Employer– Social Security Administration, IRS and State Tax Agencies– Financial Institutions and Brokers– Insurance Carriers– Retail, Utility and Telecommunication Providers

Internet has caused our digital identities to become even more numerous and more fragmented

Ability to coordinate, interact and control our identity has become increasingly more difficult

– Name, Address, SSN, Dates of Birth, Death, Marriage, Divorce– Account Numbers, User ID’s and Passwords– Transaction Data, IP Addresses


Patient Identification Technology

Six-digit compression of the patient’s health ID number– Could eventually be expanded to replace SSN

Expanded use of Biometric technologies:– National Health ID Card based on a number of key Personal

Biometric Indicators: Any one of which would be difficult to duplicate Used in combination would be highly unlikely it could ever be

reproduced– What arbitrary number is assigned to you, therefore

becomes meaningless from a Personal smart card technology


Trust Hierarchy and Authentication

Necessary to ensure Health Information in the hands of the right people at the right time (homeland defense, public health,

A dozen different states are already competing to host a new, $450 million government Bio-Defense research lab that will employee approximately 300 researchers

Extensible hierarchical based authentication trust trees– Includes standards for optimal use by both government and private

providers– Current recommendations include accelerating the definition and

establishment of same Wider use of Federated Identity Management (FIM)

– Security Assertion Markup Language (SAML)– Federated Trust Models

Authentication means for anonymous entities


Vortex of Convergence

Convergence of Informatics Convergence of Standards Convergence of Legislation Convergence of Globalization

The Convergence of multiple phenomena is driving us to towards a seemingly unstoppable future which will directly impact our identities (both personal and digital) of the future …


What is the Future of your personal identity?

An individuals comprehension of him or herself as a discrete, separate identity:

– Personal Identity is defined by you!– Can anyone really steal your personal identity?– Is a person at one time the same person at another time?

Your electronic Identity is defined by others:– Financial Identity (Credit and Portfolio Profiles)– Health Identity (Pre-Existing Conditions)– Criminal Background Checks– Employment Histories– Address Information– Business and Commercial Identity

What responsibilities do we have as IT Professionals?


Overview






QUESTIONS?

Thomas (Pete) PetryCell: 202-367-5971

Email: [email protected]

Thank You for your time!

mailto:[email protected]

The future of your identity

Technology

Transcript of The future of your identity