Nation-Wide Anesthesia Information Exchange Proposal

Introduction: The development of electronic medical records in the United States has proceeded in an uncoordinated fashion, with inconsistent documentation of benefits and costs. After initial euphoria over the possibilities made possible by computers, the reality of the size of the task and the resulting necessity of development of an overall system in selected small chunks have become apparent. Spurred by a GAO study indicating $600 per patient savings possible in the VA Hospital system, the NIH Institute of Medicine has issued a report indicating the determination to move the United States toward electronic medical records. Multiple ventures are now beginning to work on selected portions of this goal and there are many institutional development projects, but there are no known inter-institutional anesthesia records interchange projects.

We believe the technological impediments are no longer the major stumbling blocks to nationwide transfer of medical data, and we propose a development to allow such transfers on a prototype basis. Accomplishing our purpose is broken into several steps:

Software Developments:

• Construction of a Kerberos-type authentication server to provide user identification at each participating location. [1] This server will maintain a list of validated users and their encrypted passwords and will issue electronic time-stamped tickets to grant access.
• Creation of uniform "patient data server" software to be installed at all participating institutions will standardize inter-institution access to local databases. One version of this server will be created as an application under a secured World-Wide Web server. An alternate technology will use specifically-developed Windows-compliant TCP/IP drivers allowing socket-based connections from one institution to another, linking a validated user directly to such the standardized interface provided by such a "patient data server." One module of the data server will accomplish the connection to the local database; later institutions joining our group must only customize this one module to allow access to their existing data sources.
• A universal "patient data access" program ("browser") will be developed to allow validated users at a distant facility to access medical data on their patient at any connected location. This may be possible using available or altered versions of World Wide Web browser programs, making the technology very user-friendly.
• Patient Protection: In order to provide confidentiality protection for medical data, this access will be limited by the following constraints:
  • At the time of data gathering: An individual patient's data will be inaccessible to this system unless the patient has previously given permission.
  • At the time of data retrieval: A conscious patient must give permission for data access and proof must be provided to and stored at the distant site of data storage.
  • Also at the time of data retrieval: All audit trails of data retrieval will be archived based on the Kerberos authentication of the user.
• Encryption Techniques: Encryption techniques now exist that will allow the secured transfer of sensitive medical information across insecure electronic networks with safety. A specific proposal for a protocol using such techniques.

Legal Development: We propose the development of a contract which would allow two or more healtcare delivery institutions to join in agreement over the mechanisms to be used to share information. This contract would include:

• Each institution agrees to maintain internal security equivalent to that of Level 2 requirements of the federal government's IRM Manual, Part 6, "Automated Information Systems Security Program Handbook"
• Each participating institution agrees to utilize the encryption protocols specified above.
• Each participating institution agrees to accept that if the Internet is utilized for communications, the Internet is recognized as providing service without guarantees (though with an impressive record of service) and to rely on the encryption protocols and techniques above as the primary confidentiality and security afforded to the medical record data. If the Internet is utilized, the participating institutions agree to indemnify all providers of service who are involved, and agrees also to hold these providers harmless.
• Each participating institution agrees that if timely service is not provided by a non-commercial communications network such as the Internet, that they will revert to using another communications medium such as the telephone and fax machine, or modem.

Discussion: Successful development of both the software and legal steps above would allow the prototype transfer of information between healthcare institutions. Standards-setting organizations are developing mechanisms for connections between disparate devices, and these steps would allow the usage of those message language standards to be extended beyond the boundaries of one healthcare institution.

Shea S, et al., Network information security in a phase III Integrated Academic Information Management System (IAIMS) Proceedings of the 16th Symposium on Computer Applications in Medical Care, 1992, 283-286.