Contents:
Introduction
This conference was the fourth in the brief history of the ISO Health Records committee, the earlier ones being Orlando, Florida (August 1998), Berlin (April 1999), Tokyo (November 1999). In terms of the ISO/TC215 process, it was important because it was the one in which work items developed by the five work groups (modelling, messaging, content, security, and health cards) were to be ratified as going through to the 'committee draft' stage. The work groups committed themselves to producing committee drafts of their work items as a result of this conference, which would then be voted on at the next meeting in March 2001.
Structure of the Meeting
Prior to the meeting proper, there was a short course organised by ASTM (the American Society for Testing and Materials) on security and access control. In this was displayed the 'state of play' from the US point of view in these matters. Of most relevance to us was the address by Lori Forquet-Reed of the CHIME institute in Connecticut (USA), on processes using attribute certificates for role identification as part of access control. She emphasised the early nature of this work, but intimated that there had been heavy investment by some security companies, and that some 'products' were now becoming available. We shall return to the matter of the investment made by corporate interests and the effect of this on attempts to develop an ISO standard, at the end of this report. The ASTM presentation also included items on Privacy, Confidentiality and Access (E31.17) and Personal Health Records (E31.26) which were of some interest.
The meeting itself began with a plenary and introduction led by Peter Treseder (Australia) from the Chair. Most of the meeting consisted of separate Work Group discussions, followed by the concluding plenary session (TC 215). The latter was scheduled to run for a day and a half, but ended up running for less than a day.
Work Group One
This was the locus of our main involvement, and the meeting occurred over two days. I will give a brief overview of the presentations.
Presentation by Ken Toyoda (Japanese delegation)
The Japanese delegation is hampered by language difficulties, also perhaps a national (cultural) reticence about asserting their point of view directly in open discussion. It was particularly significant then that Ken chose to make an address at this point, in which he alluded to the 'very important discussion' that occurred at the Dunedin meeting on cross-cultural issues. He was referring to our Access work item, and the stressing of the differently constituted cultural worlds that we incorporated in that report. He re-emphasised the importance of these matters, and listed cultural differences, racial characteristics, alternative medicine, and government policy as four determinants of approaches to international standards for healthcare records. He emphasised the low or absent representation of non-OECD nations at the ISO/TC215 conferences, and suggested that an ISO standard would be a standard for the world, not just the limited set of mainly Western nations represented at present.
Presentation by Woody Beeler of HL7 on the RIM
This was an overview of the HL7 Reference Information Model. It has been said of the US position at these conferences that 'anything goes' as long as it is the 'RIM'. Peter Treseder suggested from the chair at the opening session of the Vancouver meeting that the HL7 RIM be simply adopted by ISO as the international standard. So what is it, this RIM?
First it should be mentioned that there are two RIMs, the current one for use with Version 2.3 of HL7. This is a rather ad hoc way of handling data which works, but has little to do with Version 3 RIM except that it is hoped that there will be backwards compatibility.
Version 3 is 'semantic' - that is, the stock of concepts are meaningful. They talk of syntax below semantics, and then there is the service layer (eg, XML) and the channel (eg, hard copy, telephone links, satellites, etc).
Beeler emphasised the huge cost incurred in donated time to achieve the RIM. He was quite sceptical of the suggestion that the RIM be simply made into the ISO standard, saying how difficult it had been to achieve what they had on a national (USA) basis. He emphasised that the RIM was the product of voluntary work, and donated resources. He implied that international involvement might divert the development of the RIM, which was hard enough to achieve anyway. In short, he was not enthusiastic, and later, when I again mentioned that 'just adopting the RIM' had been seen as an option by Peter Treseder, he again emphasised that this suggestion did not come from HL7.
One feature of HL7 thinking, based on the object-orientated programming paradigm, is that of states and transitions, and triggers. It does seem that they want to make healthcare into a 'big machine' that delivers very detailed responses and protocols when 'trigger' events happen. Necessarily, the machine 'works' by the US commercial model. Necessarily, there is US cultural baggage and assumptions in the 'way it works', and simply adopting it would result in changed practices and behaviours, particularly outside the USA. The healthcare world which results would likely be over-determined toward the US cultural model, a possibility that is not visible for them, or at least not an apparent concern.
General Domain Model
After the US Head of Delegation's comments at the Dunedin meeting it would have been surprising if the Domain Model had survived in the form put on it by Peter White. It was interesting to hear it mentioned in the domain of the US military, which has an idiosyncratic health delivery model of its own, and which has nothing to do with HL7. However, with the defections of Peter White and Robert Mayes from the group, it lacked both an author and a sponsor. The way to deal with that, apparently, was to cancel the work as it stood, and start again from stage 00.
Nobody seemed to know what to do next. The Australians tabled a new proposal entitled 'A general conceptual model for health information' (http://www.health.nsw.gov.au/iasd/imcs/iso-215/ccurrent/wg1.conc.pdf). It points out that there are a number of well established modelling conventions in common use, and states that each would be capable of accessing and implementing an agreed conceptual model without sacrificing technical integrity. It has as yet no suggestions to make about what such a model might be like.
This is not surprising. Although dependent on time donated by already busy people, a successful General Domain Model work item would be trying to 'cap' in some way the efforts of all other players. Furthermore, it would be doing it at a time when nobody has quite put an overall definition on the domain - precisely because there is no General Domain Model. I strongly suspect that this has been set up by certain parties to fail. The mocking castigations, directed at this and other work items on many occasions since the inception of WG1, lead us to the question the intent of some participants.
We have become convinced that as long as the 'game' of developing an ISO standard is set up in this way, it cannot succeed, and will likely degenerate into becoming an agency for one or more market forces.
Access Work Item
At the meeting, there were further protestations of support for the stance we had taken, and the absence of input from WG4 deplored. David Lloyd commented on the multi-potential solution that had been offered. He noted that the solution was like a 'clever trick', a 'fix' for the problem. He noted that the ISO standard did not have a General Domain Model, and therefore did not have a concept or definition of what was to be protected. Ours was a solution to the security/access part that could be 'kept in waiting' until the argument was further advanced. He agreed that the concept could apply to many architectures, including those yet to be developed or even conceived.
Later in private conversation he said I had provided a solution to a problem which had not yet been addressed in GEHR work. This was about how to provide for confidentiality and security of data at different levels of grain in the architecture. He appeared to suggest that the access work was a useful complement to CEN and GEHR work already done. This possibility is further suggested by the comment there has been from Sam Heard, that the internal referencing system for GEHR was not yet defined. There would seem to be an opportunity to use the access object concept to help complete their model, while the access model itself would be able to adapt (as noted above) to other architectures, and to others as yet undreamed of.
Lori Forquet-Reed of CHIME (Connecticut, USA) also attended the WG1 presentation. She said that the 'policy' and 'implementation model' parts of the paper ought to be more separate. The question for her appeared to be whether the first part, with modification, could be the ISO technical report to which she could then refer. She appeared to think this would be possible. Among omissions was 'time duration' specification of an access technique, and I agreed that this also ought to be part of a 'standard' which might regulate these matters. The work she had presented made extensive use of attribute certificates. There were some commercial products now becoming available using them, which did not employ them as we had suggested. She thought it would be real problem for such companies if suggestions we had made became part of an ISO standard, because these vendors would have to rescind their work, which they would be less than willing to do. It was unclear whether direct lobbying would ensue in such a case, and what the response of ISO should be.
Preparatory to the security work group presentation, MM briefly discussed the status of the access work item with the US Head of Delegation. He suggested that we must have been satisfied with the presentation at the WG1 meeting, and its reception. He cast himself in the role of supporter.
He talked about the concept of a 'safety net', identifying key common minimum elements of access protection, which should apply globally, eg the physician-patient sacrosanct bond. MM suggested that we needed a more radical cultural relativity than that, and that baseline interoperability might be only by accord on such matters as the definition of anonymous data, and the sharing of an actual way of doing access control.
We delivered the presentation to WG4 on the Wednesday afternoon at 2 pm.
The WG4 Presentation
The latest version of the paper was distributed as hard copy to all WG4 members, and for most, one gathered, it was their first exposure to it. Some delegates commented later that it had not been available to them before the meeting, and wondered why not. This may have been because it was in a protected area of the NSW (New South Wales Health Department) hosted WG1 web site. The fact that so many delegates did not know of its existence indicated a major failure of communication within the ISO committee process, or a possible political motive at work.
The presentation was made in Power Point format (available here).
After the presentation, the first comments came from Mr. Klein. He said that what was really required was a document that would address some sort of requirements for standards that would meet business needs about confidentiality and access. Our paper had surprised him, and it was not what he had been expecting. He mentioned various technical matters that we had not addressed, adding that these were not our field, but he might have expected them addressed anyway. He noted that we were proposing technical solutions which were new, unusual, not well known, untested, and that it was not surprising there was some hesitation in accepting our suggestions, and that we had not been expected to go into that detail. He had hoped that our work would give internal guidance for the TC, to define further specific work items. He suggested the ISO process requires a lot of documents which will put standardisation policies into perspective. He repeated that he thought the paper valuable (as an internal document, not for publication!), but hoped that WG4 can make substantial contributions to this discussion document.
He recognised that PKI (public key infrastructure) was important, but also recognised that access control was a subject in its own right (I subsequently discovered that he had opposed the proposed global PKI proposal from WG4). He suggested there was little in the report about trying to define standardisation tasks. It was inappropriate to state what people should do. He said the document should only inform about what is possible.
Peter Williams said he should have given guidance on what is considered appropriate. It was again pointed out that we had had no collaboration although being promised it. He pointed out that the document might be considered a 'Best Practice' document, not an informative report but more of a 'normative' statement.
Next, Pekka Ruotsalainen from Finland spoke. He said that ISO is for vendors. Like Lori Forquet-Reed, he pointed out that vendors had already spent billions of dollars in existing systems. He appreciated that we want to have better interoperability for new commercial products, but wondered how our contribution would help. He said we need practical, dirty, quick standards. Mr. Klein asked him if he thought we can expect to get this, and he replied negatively, suggesting that an access standard was 'Mission Impossible'. He reiterated the need for 'practical standards'.
Peter Williams again talked to the matter next, and said that if we say it is desirable to set up a global access system such as the work item suggested, it would not take long to do it. He suggested that an access standard that was not practical for consumers was not going to get used. He said that the biggest barrier in Australia to the development of electronic health records was access. He suggested that if we did not get a regime for this, that the whole concept would not work.
Ted Cooper, a US delegate, said that the paper investigated the roles of support mechanism for health consumers, and that he had not really thought about that before, and the place of different cultures in this, that it simply had not been considered.
A delegate from Australia said that the new component is the work on the cultural issues. He said that although the OECD work gives us ways of thinking about these things, in our future work, it would be valuable if the cultural view was merged with our own. We were bound to stick with our definitions, but a lot of our concepts need to be put into the framework. He suggested that the paper was a broad policy on how standardisation on access control should go forward. He asked if we could take it forward until we have meeting of the minds about what access control is all about. He said there was a need for integration of the traditional work of the committee into broader cultures.
Gunnar Klein replied that the intent was to develop a Technical Report. There was no 'clock ticking', and he thought the document should be withdrawn. However, the exercise has been helpful, as it had created new thoughts. We should make sure we continue the collaboration. David Menkes had been with them in Tokyo, and this was the second meeting. He would like to see the document relabelled as 'requirements' for standards in this area. It was not in itself a TR, but the task might become clearer when we know what it is we want to standardise. The work would needs to be more substantial before it is something that can guide the developments. He said, 'It is not going to be quick, is going to take many years.'
David Menkes said that it was important to be clear about what we were trying to establish. The draft report was not something we need to publish externally. He said we have been keen to get comments, but that it has not been possible to collaborate as much as intended (a euphemism for saying that no collaboration had been offered). He suggested that as a draft, there is the inherent flexibility still present. Nothing had convinced him yet that this should not happen.
Gunnar again spoke and said he thought there should be a reduction of the scope. Although there was lots of interesting informative material, he would rather see it reduced to describing requirements. He said that they had decided that they did no want to work further on that document.
Then there was a long silence, before we were invited to leave following a rather fatuous round of applause called for by Peter Waegemann to recognise our "hard work".
Subsequently, David met Gunnar who explained how much he had supported our work item, and acknowledged that he had been remiss in failing to collaborate after Tokyo (November 1999) or even reply to emails. He also intimated that his hand had been forced and, indeed, the decision to reject our work had been made prior to Michael Mair's presentation at 2 pm. It was implied, but not specified, that a general failure to appreciate the work was mobilised by an element that was openly antagonistic and promoted its rejection.
Discussion
A number of 'tracks' in the ISO argument have not done too well. Events have moved on in the world outside ISO, and some of these realities are now reflected in the ISO proceedings.
Firstly, 'Snomed' has taken over Read Codes and neutralised 'Galen' (the European financed universal coding system developed by Alan Rector). This new proprietary monopoly has taken over WG3, with Prof Schute from 'Snomed' in supervisory control. The role of ISO appears to be to 'rubber stamp' this process.
Secondly, HL7 has taken over WG2. At a recent meeting, the messaging division of CEN effectively gave over control of future developments in the health area to the US-based HL7-based organisation. Ed Hammond of HL7 always ran this anyway, but the opposition has now joined, and ISO for this group is at best a convenient further 'forum' for activities that are continuing anyway within the HL7 group.
Thirdly, WG4 has proven to be equivocal or at least inarticulate about the task of developing freely accessible access control for the ISO/TC215 committee. It has been demonstrated that large corporate concerns that have spent billions in this area are an unanswerable counter-argument to any attempt to develop true interoperability in this area.
This of course puts real doubt on the viability of a central goal of the ISO process - interoperability. If there is not interoperability of access control, then clearly there is not interoperability at all for record systems outside private treaty. The concept is indeed being developed, but outside ISO, and by participants who have no intention of using the ISO forum as any kind of 'lead committee'.
Conclusion
Further thoughts on Access/Security
The evolution of a global standard for access and security in the EMR appears to be in a state of filibuster and wry manoeuvring by the big players. There is a sign on the door saying 'creative contributions not welcome'. The big players have not delivered anything for ISO yet, nor will they, we suspect.
Australia and New Zealand need a way of running their health sectors electronically, and we suggest that we develop the access object idea, and then work on interoperability among our principle vendors. Then we could gradually introduce a national system of paying/auditing/recording medical transactions. The message of the ISO process is that there is no message. Furthermore, what we do could be of enormous international significance.
Further thoughts on the ISO process
Like any process that is genuinely in evolution - any sincere conversation - we do not yet know what will happen, but must consider whether it is appropriate for us to remain part of it. Should we again invite international input into a 'requirements for a global access standard' technical report? This is how our task has now been redefined. It is to be put forward for Committee Draft approval. It is unlikely to get such approval. However, the inclusion of some of our ideas and the cross-cultural perspective appears to be genuinely welcomed in the process, and we are the only ones to have espoused it.
It might be good to go to the Korean meeting in March 2001, partly for completeness - so we do not simply 'cop out', and partly because we might leave these issues in a condition where these worthy causes can continue to be advanced within the ISO process. However, this seems a very one-sided dedication, and we must be sensitive to the financial and personal cost of continuing, when the response has been so discouraging from some influential quarters.
We might also have to have reservations about the relevance of the ISO process to international healthcare. It appears to have been properly hijacked by the corporate lobby. I suggest that there must and will have to be an 'alternative' ISO or other standard for the safe culturally sensitive exchange of medical information, which is not controlled by these agglomerates.
Where to from now ... from Michael Mair
I have begun to broaden my interest into the ontology of sign systems from a semiotic perspective, and hope to make a statement of the relation between that and EMR as my contribution to the discussion on the 'model of models' (the General Domain Model). I will continue to develop the access concepts with interested parties.
I continue my Ophthalmology, which must return to a central spot in my pre-occupations. My practice is preparing for ISO 9000 accreditation, and I need to work with the New Zealand Software Corporation in this area as well, to introduce online real-time audit measures based on epidemiological considerations.
Where to from now ... from David Menkes
The effort to operationalise cultural differences by modelling differing access procedures will continue. This has been of tremendous interest to us in Australasia and has gained broad support notably among the non-white, non-English-speaking delegations. Research will hopefully allow definition of the parameters which distinguish different nations and cultures. In addition to the obvious academic interest of doing this work, I suggest it will ultimately bear fruit in terms of furthering the trusted communication of health information around the world.