Part 3IT Solutions and Technology Frameworks

Chapter 11: Healthcare Data and Interoperability

Chapter 11: Healthcare Data and Interoperability

Introduction

Interoperability—the ability to exchange and use health data across systems—is the foundation of modern healthcare delivery. Without seamless data flow, care coordination fails, analytics are incomplete, and patients suffer fragmented experiences. The 21st Century Cures Act mandates interoperability, making it a regulatory imperative, not just a technical goal.

This chapter provides detailed guidance on FHIR APIs, data platforms, real-time streaming, consent management, and governance frameworks for IT consultants building interoperable healthcare systems.

FHIR APIs and Integration Patterns

Core FHIR Resources

ResourcePurposeKey ElementsUse Cases
PatientDemographics, identifiersname, birthDate, identifier, telecom, addressPatient matching, portal access
EncounterClinical interactionstatus, class, type, subject, participant, periodVisit tracking, care coordination
ObservationClinical findings, lab resultscode (LOINC), value, effectiveDateTime, subjectVitals, labs, assessments
ConditionDiagnoses, problemscode (ICD-10/SNOMED), clinicalStatus, subjectProblem list, quality measures
ProcedureInterventions performedcode (CPT/SNOMED), performedDateTime, subjectSurgical history, billing
MedicationRequestPrescriptionsmedication (RxNorm), dosageInstruction, subjectMedication reconciliation, alerts
AllergyIntoleranceAllergies, adverse reactionscode, clinicalStatus, criticality, subjectSafety checks, CDS
DiagnosticReportTest reportscode, result (Observation refs), conclusionLab, radiology results
ClaimBilling claimtype, diagnosis, item[], totalRCM, claims processing
CoverageInsurance coveragepayor, beneficiary, periodEligibility verification

Implementation Guides (IGs)

IGPublisherPurposeKey Profiles
US CoreONC/HL7Baseline for US FHIR APIsPatient, Observation, Condition, Medication, Procedure
CARIN BBHL7Payer-to-patient claims/EOBExplanationOfBenefit, Coverage
Da VinciHL7Payer-provider workflowsCoverage, Prior Auth, Quality Measure Reporting
SMART App LaunchHL7EHR app integrationOAuth 2.0 scopes, context parameters
Bulk Data ExportHL7Large-scale data export$export operation, NDJSON format
SubscriptionsHL7Real-time notificationsSubscription, Notification

API Patterns

1. RESTful CRUD Operations:

  • GET /Patient/12345 → Retrieve patient
  • POST /Observation → Create observation
  • PUT /Condition/67890 → Update condition
  • DELETE /AllergyIntolerance/111 → Remove allergy

2. Search:

  • GET /Observation?patient=12345&code=2339-0&date=ge2024-01-01 (glucose readings since Jan 2024)
  • GET /MedicationRequest?patient=12345&status=active (active prescriptions)

3. Bulk Data Export ($export):

POST /Patient/$export
Accept: application/fhir+json
Prefer: respond-async

→ Returns Content-Location with status URL
→ Poll status URL until complete
→ Download NDJSON files (Patient.ndjson, Observation.ndjson, etc.)

Use Case: Research cohort export, payer data exchange

4. Subscriptions:

{
  "resourceType": "Subscription",
  "status": "active",
  "criteria": "Observation?code=2339-0&patient=12345",
  "channel": {
    "type": "rest-hook",
    "endpoint": "https://app.example.com/fhir-notifications",
    "payload": "application/fhir+json"
  }
}

Use Case: Real-time alerts for lab results, vitals

Data Platforms and Architecture

Lakehouse Architecture (Medallion Layers)

graph TD
    BRONZE["BRONZE LAYER (Raw)<br/>HL7 v2, FHIR JSON, Claims (X12), CSV extracts<br/>Immutable landing zone, partition by source/date"]
    SILVER["SILVER LAYER (Cleaned & Normalized)<br/>FHIR-normalized, deduplicated, enriched with MDM IDs<br/>Terminology mapping (local codes → SNOMED/LOINC)"]
    GOLD["GOLD LAYER (Business-Ready, Aggregated)<br/>Star schema, patient summary, quality measures<br/>ML features, dashboards, analytics-ready tables"]

    BRONZE --> SILVER --> GOLD

Benefits:

  • Bronze: Raw audit trail, reprocessing capability
  • Silver: Consistent format for downstream consumption
  • Gold: Optimized for specific use cases (BI, ML, reporting)

Master Data Management (MDM/EMPI)

Patient Identity Resolution:

Matching MethodAccuracyUse Case
DeterministicHigh (exact match)SSN, MRN exact match
ProbabilisticMedium-HighFuzzy match on name, DOB, address
ML-BasedHigh (with training)Complex matching across disparate sources

Matching Attributes:

  • First name, last name, DOB, gender
  • SSN (if available), phone, email, address
  • MRN (facility-specific)

Match Scores:

  • 90%: Auto-link

  • 70-90%: Manual review queue
  • <70%: No link

Provider Directory (NPM):

  • NPI as unique identifier
  • Affiliation, specialty, location, credentials
  • Network status (in-network, out-of-network)

Terminology Services

Normalization Workflow:

graph TD
    SRC["Source System Code<br/>(e.g., 'GLU' for glucose)"]
    LOOKUP["Terminology Service Lookup"]
    STD["Standard Code:<br/>LOINC 2339-0 (Glucose, serum)"]
    STORE["Store both source +<br/>standard code"]

    SRC --> LOOKUP --> STD --> STORE
StandardDomainGovernanceExample
SNOMED CTClinical terms (diagnoses, findings)SNOMED International73211009 = Diabetes mellitus
LOINCLabs, observationsRegenstrief Institute2339-0 = Glucose, serum
RxNormMedicationsNLM860975 = Metformin 500 MG
ICD-10-CMDiagnoses (billing)WHO/CMSE11.9 = Type 2 diabetes
CPTProcedures (billing)AMA99213 = Office visit, est

Real-Time Data and Streaming

HL7 v2 to Event Streaming

Architecture:

graph TD
    ADT["Hospital ADT System"]
    HL7["HL7 v2 Feed"]
    ENG["Interface Engine"]
    PARSE["Parse & Validate"]
    KAFKA["Kafka Topic<br/>(patient-events)"]
    PROC["Stream Processors<br/>(Flink, Spark Streaming)"]
    DASH["Real-time dashboard"]
    ALERT["Alert engine"]
    LAKE["Data lake (bronze layer)"]

    ADT --> HL7 --> ENG --> PARSE
    PARSE --> KAFKA --> PROC
    PROC --> DASH
    PROC --> ALERT
    PROC --> LAKE

HL7 v2 Message Types:

  • ADT^A01: Patient admission
  • ADT^A03: Patient discharge
  • ORU^R01: Lab result
  • ORM^O01: Medication order

Change Data Capture (CDC)

Use Case: Sync EHR database changes to analytics platform

Pattern:

  1. CDC agent monitors EHR database transaction log
  2. Captures INSERT/UPDATE/DELETE events
  3. Publishes to Kafka topic
  4. Stream processor updates lakehouse (Delta Lake, Iceberg)
  5. Near real-time analytics without EHR performance impact

Tools: Debezium, AWS DMS, Qlik Replicate

Low-Latency Alerting

Example: Sepsis Alert Pipeline:

graph TD
    OBS["Patient vitals/labs →<br/>FHIR Observation → Kafka"]
    PROC["Stream Processor<br/>(evaluate sepsis criteria)"]
    CHECK["If risk >70% →<br/>Publish alert event"]
    SVC["Alert Service →<br/>FHIR Task → EHR inbox"]
    NOT["RN notified<br/>within 30 seconds"]

    OBS --> PROC --> CHECK --> SVC --> NOT

SLA: <30 sec from data entry to alert delivery

Consent and Data Governance

Consent Models

ModelDescriptionImplementation
Opt-InExplicit consent requiredFHIR Consent resource, purpose-of-use
Opt-OutDefault sharing, patient can restrictConsent directives, break-glass override
GranularPatient controls specific data types, recipientsConsent policies per resource type

FHIR Consent Example:

{
  "resourceType": "Consent",
  "status": "active",
  "scope": {"coding": [{"code": "patient-privacy"}]},
  "category": [{"coding": [{"code": "HIPAA-Auth"}]}],
  "patient": {"reference": "Patient/12345"},
  "provision": {
    "type": "permit",
    "purpose": [{"code": "TREAT"}],
    "data": [{"meaning": "instance", "reference": {"reference": "Observation/67890"}}],
    "actor": [{"role": {"coding": [{"code": "PRCP"}]}, "reference": {"reference": "Practitioner/111"}}]
  }
}

Data Sharing Agreements (DSA)

Key Terms:

  • Permitted Uses: Treatment, payment, operations, research (if consented)
  • Data Minimization: Only share minimum necessary
  • De-identification: Safe Harbor or Expert Determination (HIPAA)
  • Re-identification Controls: Contractual prohibitions, technical controls

De-Identification Methods

HIPAA Safe Harbor (remove 18 identifiers):

  1. Names
  2. Geographic subdivisions smaller than state (except first 3 ZIP digits if >20k population)
  3. Dates (except year)
  4. Phone, fax, email
  5. SSN, MRN, account numbers
  6. Device IDs, serial numbers
  7. URLs, IP addresses
  8. Biometrics, photos
  9. Any unique identifying number/code

Expert Determination:

  • Statistical/scientific analysis by qualified expert
  • Very small risk that data could be re-identified

Audit and Lineage

AuditEvent (FHIR):

{
  "resourceType": "AuditEvent",
  "type": {"code": "rest", "display": "RESTful Operation"},
  "action": "R",
  "recorded": "2025-01-05T10:30:00Z",
  "agent": [{"who": {"reference": "Practitioner/111"}, "requestor": true}],
  "source": {"observer": {"reference": "Device/ehr-system"}},
  "entity": [{"what": {"reference": "Patient/12345"}, "role": {"code": "1"}}]
}

Data Lineage:

  • Track data from source → transformations → consumption
  • Tools: Databricks Unity Catalog, Apache Atlas, Collibra

Data Quality SLAs:

MetricDefinitionTarget
Completeness% required fields populated>95%
Accuracy% records matching source of truth>98%
TimelinessLag from source event to availability<15 min
ConsistencyCross-system reconciliation match rate>99%

Implementation Checklist

✅ FHIR APIs

  • IG Selection: Determine required IGs (US Core, Da Vinci, CARIN BB)
  • Profiling: Define organization-specific profiles, constraints
  • Validation: Implement FHIR validator, conformance testing
  • Security: OAuth 2.0/SMART scopes, TLS 1.2+, rate limiting
  • Bulk Export: Implement $export for large-scale data sharing

✅ Data Platforms

  • Architecture: Define medallion layers (bronze/silver/gold)
  • MDM/EMPI: Implement patient/provider matching, match review workflow
  • Terminology: Deploy terminology service, mapping tables
  • Schema Evolution: Plan for FHIR version upgrades, backward compatibility

✅ Real-Time Streaming

  • CDC: Implement change data capture from source systems
  • Event Bus: Deploy Kafka/Kinesis, topic strategy, partitioning
  • Stream Processing: Build real-time alert, aggregation pipelines
  • Latency SLA: Define and monitor end-to-end latency

✅ Consent and Governance

  • Consent Model: Define opt-in/opt-out, granular controls
  • Data Sharing Agreements: Legal review, technical enforcement
  • De-identification: Implement Safe Harbor or Expert Determination
  • Audit: Log all data access (FHIR AuditEvent), retention policy
  • Data Quality: Monitor completeness, accuracy, timeliness metrics

Conclusion

Interoperability and data governance are the bedrock of healthcare IT. FHIR APIs, lakehouse architectures, real-time streaming, and robust consent frameworks enable care coordination, analytics, and regulatory compliance.

Key Takeaways:

  • FHIR Standards: US Core, Da Vinci, CARIN BB drive API interoperability
  • Lakehouse Medallion: Bronze (raw) → Silver (normalized) → Gold (business-ready)
  • MDM/EMPI: Critical for patient identity across systems
  • Real-Time: CDC and streaming enable low-latency alerts, dashboards
  • Consent & Governance: FHIR Consent, de-identification, audit trails ensure privacy

Next Chapter: Chapter 12: Cybersecurity and Compliance

Previous Chapter
10. Advanced Technologies Transforming Healthcare
Next Chapter
12. Cybersecurity and Compliance
Back to Table of Contents