Markle Addresses Authentication for Health Records

Late last week, the Markle Foundation’s Connecting for Health initiative released its latest report: Consumer Authentication for Networked Personal Health Information. As with previous reports from Connecting for Health, this report is heavy on policy and much of it can be quickly skimmed, after all, it is some 37 pages in length. But within those 37 pages the report does an excellent job of framing the issues, providing a series of recommendations and a number of appendices that delve deeper into specific topics regarding authentication. If authentication is of interest to you or your company – get this report.

As I have commented before, the PHR vendors have, as an industry, done a woefully poor job of addressing privacy and security issues pertaining to consumer/patient records. Sure, many PHR vendors are doing an admirable job, but I am talking about the industry as a whole and not any single company. This report could easily be the foundation for this industry and assist them in establishing clear guidelines for all PHR vendors to adopt.

And while my comments here are predominantly focused on PHRs, the applicability of this authentication report extends well beyond those boundaries with guidelines and recommendations that are applicable to any entity that handles digital health records. Such entities would range from large hospitals with extensive electronic medical record (EMR) systems, to small physician practices that have only begun to look at digital record keeping, to pharmacies, payers and the list goes on.

After reading this report though, I was left with a couple of questions:

• Why is a non-profit foundation like Markle producing such excellence and guidance as is this not the purview of the federal government?
• As for those that did participate in this work group, the Dept. of Health & Human Services had only one representative, an individual from CMS. Granted CMS is the biggest payer in the country, but why was there not anyone from HHS representing the National Health Information Network (NHIN) side of the fence? Odd as one would think that NHIN would have a HUGE vested interest in this topic.