Wennergren: Health IT demands rapid innovation

The changing nature of healthcare in America is forcing innovation at the federal level in data security, mobility, sharing and protection.

But innovation -- whether in the use of a new idea or shared technology between federal agencies -- must be recognized and implemented quickly, without the years-long buildup common to projects in some departments, according to Dave Wennergren, assistant deputy chief management officer at the Defense Department.

"How do you bring innovation into this space with speed?" asked Wennergren, speaking at a FedInsider leadership forum titled "Digital Innovation in Healthcare" on Nov. 27. He said departments such as DOD sometimes take years to put large programs together, and that such time periods will not work for a rapidly evolving space.

"The healthcare field is a microcosm of where we're at overall with information technology," Wennergren said. "Big programs that take a lot of time are not usually good for innovation; innovation in smaller chunks works better."

Wennergren cited the Veterans Affairs Department's Blue Button program as an example of intelligent innovation. The program is based off what Wennergren called a "common data model" and clearly understood architecture -- with components such as a health-data dictionary. The model enables an easy expansion of the program as it allows different healthcare entities to speak the same language.

More than 1 million veterans -- and their physicians -- have easier access to their healthcare records through Blue Button, which started in 2010. DOD and the Centers for Medicare and Medicaid Services also now use VA's framework.

As healthcare changes and consumers become more independent, Wennergren said people will inevitably "want options" such as those offered by Blue Button.

With increased flow of information such as healthcare records comes added stress for federal agencies, said panelist Vish Sankaran, former director of the Federal Health Architecture program in the Office of National Coordinator for Health Information Technology in the Health and Human Services Department. That pressure is magnified further as more people gain access to healthcare in the coming years and more money is spent on it nationally.

Healthcare costs last year topped $2.6 trillion -- in 2021, Sankaran said those costs will reach $4.8 trillion.

"This big shift happening in healthcare is not what we're used to," he said. "The way it will be delivered and consumed will change in this country, and it's happening right now."

Sankaran said federal agencies need to continue moving toward shared solutions and to consolidate various IT management solutions, not only to combat fraud and waste but for analytical purposes.

With increased information exchange, payment and care-model transformations and Medicaid's expansion, agencies will have to "know their performance," he noted.

"From a federal perspective, it is about, ‘How do you manage these programs, how do I know these are successful programs,'"Sankaran said. "That is where healthcare is going in the coming years."

Security remains a big concern in healthcare, too, especially with mobile devices playing an ever-larger role in how Americans consume data, said panelist Andrew Regenscheid, lead for hardware-rooted security in the Computer Security Division at the National Institute of Standards and Technology.

Regenscheid co-wrote NIST's draft guidelines that outline the baseline security technologies mobile devices should include to protect the information they contain and distribute. Those policies are then used by other federal agencies.

"Patients, doctors, employees and contractors want access to critical information anytime and anywhere," Regenscheid said, noting mobile devices pose the problem of verifying individuals' identity when trying to access information through the devices.

Another problem is that standard mobile devices -- while extremely powerful in some cases -- are often full of vulnerabilities and bugs or lack data protection.

Regenscheid said software fixes can go a long way toward securing mobile devices right now, but in the near future with the next-generation mobile devices, he believes it will take more than that.

"We don't think software solutions will be solutions in the long run," he said.

Instead, he sees healthcare data shared in the future through mobile devices operating with "hardware-based roots of trust." In next-generation mobile devices, such security could allow policies to be set on specific mobile applications, meaning a user could fully control what information a single app can access.