CONNECT: The Feds Answer to Health Info Exchange

by | Jul 1, 2009

Connect09The feds are beating the CONNECT drum. This week, ONC sponsored a two-day event in DC to begin educating the market as to what CONNECT is and how it may be leveraged to support information exchange.  At least that is the impression one had in signing up for this event.  In actuality, the event was somewhat schizophrenic in gyrating back and forth between the National Health Information Network (NHIN) and CONNECT, the software platform upon which the National Health Information Exchange (NHIE) and intra-agency network.

In terms of attendance, probably close to 700, with a huge contingent of consultants (beltway bandits) such as Harris, Northrup, MITRE, IBM, SAIC and of course Sun (soon to be Oracle).  Event also attracted high level visibility with ONC head David Blumenthal kicking off the event, followed by Obama’s new CTO, Aneesh Chopra.  (Note, for all of you developers out there, Aneesh talked about government transparency and the new site. Though in its infancy, released just over a month ago, may provide some interesting mash-up opportunities but unfortunately lacking healthcare data.)

So what is CONNECT?

In simplest terms, CONNECT is a technology stack built with Open Source software (Sun-derived) to support the development of the NHIE and more broadly a NHIN.  Thus, from the onset CONNECT has had broad participation from the likes of CMS, the VA, DoD, Bureau of Indian Affairs and the first true test case user, the Social Security Administration (SSA) who recently completed a successful beta test of the platform with RHIO MedVirginia.  In March 2009, V1.0 of CONNECT was released to the market.  On July 9th, V2.1 will be released.  While CONNECT was developed to create an NHIE, it longer-term goals are to become the backbone to the NHN.

CONNECT was built on Open Standards, mostly the Sun open source stack.  The underlying database today is Sun Solaris, on top which sits a common 3-tiered architecture built with Java tools.  Directly above the database is the secure, NHIN messaging layer for secure transport.  A Services layer for query, search, patient identification and exchange sits above messaging. The final layer is the “Profile” layer for specific domain functionality and the building of novel apps such as those for biosurveillance, population health, quality reporting, etc.

In building the core CONNECT platform, developers paid special attention to keeping functionality to a minimum to insure flexibility and enable innovation as the NHIN gains traction.  Naturally, Web Services are supported within the context of CONNECT’s core SOA.  For the consumer preference profile, CONNECT developers adopted the OASIS standard, XACML.  The CONNECT services directory uses UDDI V3.0.

And Current Thinking on the NHIN?

John Glaser, who was also on the agenda listed five key activities of the NHIN development:

  1. Create and demonstrate a series of standards and protocols for defining data exchange at State & National level.
  2. Establish DURSA (Data Use & Reciprocal Support Agreement) & legal agreements for data exchange.
  3. Establish governance mechanism to set path for future development direction of the Open platform.
  4. Conduct a series of demos to test functionality, usability and value.
  5. Promote development of “interstitial technology” for NHIN platform to make it actually functional and useful (e.g. patient identifier).

And in grand style, Glaser went on to conclude that the NHIN sets the “framework, the structure and foundation” for broader future exchange in support of “meaningful use.”  In fact, throughout the first day numerous speakers would keep circling back to meaningful use, the HITECH ACT, ARRA etc. and how CONNECT fits in.  Many of these connections between CONNECT and ARRA legislative language were quite a stretch of the imagination making one wonder why the need for such over-reaching justification? Does CONNECT really need to be so heavily pitched to the market to justify its existence and promote its adoption?

Business Model Anyone?

Maybe one of the biggest red flags was a complete lack of discussion over the course of this two-day event on viable business models for Exchanges, a notorious issue that most public-sponsored Exchanges have struggled to address. That’s not to say the money is not there, it just seems as though the policy wonks in DC and the multitude of beltway bandit contractors that the feds (HHS) hires just don’t think about this issue, or just do not know how to address it.

For example, currently, the SSA spends $500M/year (yes a half billion dollars a year folks) on converting medical records to a digital format, and that has nothing to do with the huge back-load of disability claims that SSA is trying to address which has its own hidden costs to both providers and the SSA.  Now there is a business here, we’re sure of it and CONNECT might play an important role if one were to develop a novel “interstitial app” on the platform that would facilitate the SSA in addressing this problem.

Addressing Data Ownership: The Bane of Most Exchanges

In Chilmark’s past research on Exchanges, beyond establishing a viable business model, data ownership within the Exchange is an extremely difficult challenge where it appears only the lawyers come out ahead.  For the CONNECT NHIN, the initial consortium has drafted a DURSA that addresses virtually all aspects of data exchange and use, from consent, to obligations to permitted purposes for using data and ultimately data ownership.  The DURSA is currently undergoing internal agency review and likely to be released by end of year.

Key components of the DURSA include:

  • Extension of HIPAA to all participants on the NHIN.
  • HIPAA is the floor for all activities on NHIN but local and State laws that go beyond HIPAA are not preempted.
  • Limited permitted uses of data (e.g., neither use for research or legal/enforcement is allowed).
  • All participants must respond to a data request from an NHIN member. One is not required to share data, but must, at a minimum, acknowledge request for data.
  • Once data is transferred to recipient, data is now owned by recipient and they can share/exchange data anyway they see fit that is in conformance to their policies.

Clearly, the fed consortium that put together this DURSA is looking to maximize data liquidity.  Despite their good intentions, it is unlikely that this will be readily adopted in the market for despite assurances, risks to the consumer, the patient appear greater than the value derived.  In speaking with one doctor after the DURSA session, he just shook his head saying that very few practicing physicians that he knows would accept these DURSA terms.

Where is the Consumer Voice in All of This?

One the morning of the first day, Sarah Wade, the wife of a retired soldier wounded in Iraq spoke to the challenges of caring for her husband in this convoluted healthcare system that we all, as citizens, must contend with.  Her talk was real, it was heartfelt and something that many of us can relate to within some aspect of our own lives.  Yes, the secure exchange and sharing of personal health information (PHI) has far more benefits than many of the purported risks.  But that does not mean that citizens do not have a voice in these discussions as ultimately, these discussions involve the most personal aspects of their lives, their PHI.

Unfortunately, there seems to be little here within the hallowed walls of those developing the NHIN that pertains to the US citizen.  Yes, they have insured that at a minimum, HIPAA is there to protect PHI, and yes, there are provisions to gain consent for exchange of PHI among certain participant types and maybe most importantly, one of the six permitted data uses is allowing the consumer to request that their data be exported to a PHR – all well and good, but simply not enough.

First, when data is exchanged on the NHIN there is no capability to discretely tag data to share only that data which is pertinent to specific care and treatment.  A spokesperson stated that data tagging was simply too complicated an issue to address, thus taken off the table.  Weak excuse – Microsoft HealthVault has that capability today.

When asked about the role of consumer data ownership and the PHR within the context of the NHIN, ONC stated that they have had internal discussions, yet have reached no conclusions, apparently, no clear policies.  For now, it looks like they have put this on the far back-burner.

As mentioned previously, the DURSA allows for the transmittal of PHI from one participant to another and once the requester receives the data, the requester becomes the data owner as well and may share/distribute the data in anyway they desire in accordance with their own policies and guidelines.  Big question here is how will the NHIN provide a citizen with a clear audit trail of all who have viewed their PHI? No answer to date.

Based on what was presented this week, it appears that these critical issues were by and large side-stepped as the agenda for CONNECT and NHIN is all about the enterprise, be it a government agency or a hospital.  Certainly understandable that someone like the SSA would have such a view but it is unfortunate that HHS/ONC has not been more inclusive of the citizen in its deliberations and development of core policies.

Looking Ahead

At first blush, Chilmark saw CONNECT competing with existing Exchange vendors such as Axolotl, InterSystems, Medicity and Wellogic. Conversations with a couple of these vendors, however, gave a different view – they see little threat today. CONNECT is simply too immature and despite it being open source, adoption of the CONNECT platform will still need a full team to configure and implement the solution and support it, no small task.  As one vendor told me: “…technology is only 20% of the problem in setting up an Exchange.” For the foreseeable future, it is unlikely that CONNECT will impact these vendors.  Of course, a large service provider with a strong healthcare IT practice (e.g., CSC, IBM, Perot, etc.) could make a play here successfully leveraging CONNECT into a full-service offering competing directly with these vendors. Yet even this scenario is still a few years out due to CONNECT’s immaturity as a full-fledge Exchange platform.

Where CONNECT will see the greatest traction is within the federal and possibily state governments that are looking to take waste out of the system, such as the SSA example cited previously.  In that context we will see service providers capitalize on this service opportunity to government agencies.  We will also see vendors create CONNECT gateways allowing others outside of government to participate in the NHIN in support of anything from meaningful use (quality reporting and information exchange) to facilitating care transition (military to private practice – RelayHealth did a nice demo of this), to supporting transactional processes.

But CONNECT and the NHIN have a long road ahead of them.  For CONNECT it will be about the creation of a community of developers that look to build apps and ultimately businesses that leverage the core technology stack that is CONNECT.  Unfortunately, at this event organizers did not have anyone address the business opportunity of building for CONNECT.  Without that ecosystem of apps, CONNECT may ultimately fade into a small, relatively irrelevant platform.

On the NHIN-side, it is hard to see a massive groundswell of support. Within the context of the NHIE, yes there is value, but when one extends the model beyond those confines it becomes increasingly difficult to define a sustainable model and some of the DURSA language will be met with strong resistance outside the cloistered government view.

In addition to sustainability, there are some serious issues regarding citizens’ PHI rights to control the sharing of their data.  Without clearer, more defensible answers to some of the questions outlined above regarding PHI, NHIN could face some siginifcant hurdles on the public stage.  HHS leadership would be wise to go back and rethink their strategy to engage citizens in promoting NHIN beginning with giving the citizens a greater say in just how there PHI will be shared and used. Ultimately, HHS/ONC is going to need that strong citizen support to induce change in the healthcare sector, including adoption and use of the NHIN.


  1. Paul Edge

    John, you mention the database technology is “Sun Solaris”. Do you mean MySQL?

    • John

      Paul, you are correct, Solaris is hardware, not software and CONNECT does indeed use MySQL as the open source database for this Exchange platform.

      Thanks for the catch.

  2. Tim Cook

    While I usually enjoy the insights from Chilmark; it seems that they have really missed “the mark” on this one.

    It should seem obvious by now that the power of open source driven by major players with funding is a huge market disrupter.

    It seems that some of your interveiwees may have theri head in the sand.

    Kind Regards,

  3. Shilpa

    Thank you for the description on NHIN Direct/Connect. I am a newbie in this space. So just trying to understand. What is so vital about CONNECT that makes it different from the other HIEs. Also, if a organization has best of breed thrid party EMR vendors that is it worth using CONNECT. what are some reasons. I have loads of questions – just trying to understand. thanks



  1. NHIN Connect Viability | E-Health Designs, LLC - [...] [...]
  2. NHIN: The New Health Internet? « Chilmark Research - [...] health & wellness services, PHRs, etc.). In June, we attended the NHIN CONNECT conference and our write-up provides a…
Submit a Comment

Your email address will not be published. Required fields are marked *

Related Content

Epic UGM 2023: Some News, Some Olds, and the March of Progress Continues

Epic UGM 2023: Some News, Some Olds, and the March of Progress Continues

Green FHIR APIs,
Climb Mount Fuji,
Come see the sunlight!
*Variation on Kobayashi Issa “O, Snail”

My second UGM (Epic’s User Group Meeting) offered a great perspective on the thousands of users on Epic coming together to share, exchange, learn, and advance their practices. Gathering around 13,000 attendees, Epic’s team has done a wonderful job just like a year before, making the atmosphere friendly while highly professional. The unique charm of Wisconsin, and Madison in particular, makes it a truly outstanding conference with a myriad of learning opportunities.

read more
From Obstructed to Empowered

From Obstructed to Empowered

Will severe information blocking penalties liberate data for patients? Final information blocking rules allow OIG to levy high severe fines for noncompliance.

read more
Powered By MemberPress WooCommerce Plus Integration