Trends at HIMSS 2018: Giving people control of their data

Ad Hoc attended HIMSS (Healthcare Information Management Systems Society) 2018 conference ( This was our team’s first trip to HIMSS. It was great to connect with the broader healthcare technology community, and to get to a closer look at all the amazing things going on in the space.

One of the more prominent themes of HIMSS in general was interoperability. Walking around the massive Exhibit Hall, the word “INTEROPERABILITY” featured prominently. It’s clear that data, and making it available and usable, is an acute challenge facing the industry.

We focused our time at the conference on the government agencies presenting at HIMSS. The Centers for Medicare & Medicaid Services (CMS) and the Department of Veterans Affairs (VA) both had a significant presence at HIMSS, including keynote speeches by the CMS Administrator and the VA Secretary.

The theme of interoperability was strong with the government as well. CMS Administrator Seema Verma announced CMS’s new MyHealthEData initiative. The goal of the program is to open up patient data in a controlled manner to third parties. The CMS USDS team was present to launch Blue Button 2.0 to give Medicare patients control of their healthcare data. VA Secretary Shulkin was at HIMSS to promote VA’s Lighthouse initiative. This is aimed at opening up Veteran health data to third parties. VA’s Lighthouse team gave an overview of the initiative and shared the new developer site.

This all fits with the theme of interoperability, but takes one important step further that is significant. CMS and VA are not only seeking to open up access to data, they are doing so in a patient-centric, patient-controlled manner. This is an important distinction that makes a huge difference and is noteworthy.

Government is a steward of data that belongs to individuals. Although practices exist (Privacy Impact Assessments, Federal Register comments) that provide people insight into how government will use their information, it’s rare if not unheard of for government to give people the tools to control their own data. These initiatives represent a bold step forward in giving people control of their own data.

The wrong way to approach this is what we saw recently with Facebook. Facebook allowed third parties to access user data without consent. Users couldn’t even find out who was accessing what portions of their information. This erodes significant trust in the data steward, in this case Facebook.

In the wake of’s launch, efforts to evolve government technology focused on human-centered design and user experience, in building services designed with users in mind. But before, there were many efforts that were working on not only building services that met user’s needs, but that put the user in control of their data. This was the birth of the various button programs: Blue Button, Green Button, Gold Button, the Smart Disclosure Program, and projects like MyUSA. These projects sought to give people control of the data the government maintained on their behalf, and let them control access to it. The technology employed, OAuth, was commonplace even back then in the consumer Internet world, but still new to government. It’s fantastic to see this make a resurgence and to see these major agencies commit to putting users in control of their own data.

With both of these initiatives, there exists the very real possibility of game-changing applications. Medicare beneficiaries can authorize third party access to their health records. Any time they visit a new doctor, they can save hours of time in filling out forms and requesting transfer of records from one provider to another. A simple click and authorization, and their data is there. For Veterans as well, this approach would open up community care options to supplement VA’s hospital network, ensuring Veterans get quick access to the care they need.

There are applications that will increase security and privacy online as well. Government holds key information that can help third parties, commercial entities, validate that people are who they say they are. To do this now requires people to carry around sensitive information with things like their military service record, Veteran status, or eligibility for benefits. With this technology in place, it will be simple to build applications that let third parties ask government questions, and receive simple, yes/no answers that protect an individual’s privacy, but at the same time enable companies to validate their status. This has the potential to save millions of dollars across our economy, and take a huge bite out of fraud and abuse online.

It’s encouraging to see these trends emerging this year at HIMSS, and I hope it’s the start of government putting people in control of their data.