With two large players, Microsoft and Google, entering the health IT marketplace, it would make sense that the two would drive standards for information exchange between applications and their PHR systems.

Microsoft and Google are notorious for innovation and driving development towards their own ends yet neither seems too vocal on electronic health records and the inevitable leap in innovation the industry will experience over the next five years.

Both Microsoft and Google have electronic health portals for use by patients to create and store a patient health record (PHR) yet neither has been very vocal to drive interoperability and consistent formatting. For an industry we literally entrust our lives to, patient records have the least governance for standardization.

It makes sense that the national health exchange would dictate standards for formatting to both share doctor driven EHRs and patient driven PHRs, but with the states gaining control of the backbone of data exchange, it seems unlikely that all 50 states will agree upon a standard format. Where does the industry turn? HITSP? HHS? Industry leaders?

In the past, the health care industry seems happy to invent their own cryptic standards such as HL7, but with the aggressive time table for implementation it seems fruitless to spend time reinventing the wheel. There are many options available, but why not use XML? With XML accelerators available on the market to process large quantities of data, a structure easy to customize and modify as requirements change, and the perfect way for disparate software platforms to communicate to each other. It seems XML would be a perfect solution for vendors to use to export data from practice to national health data exchange and then again to PHR systems for the patient to view their data. XML data exporters can be effectively optimized for speed, security and integrity.

Close to any modifications and upgrades to the health IT infrastructure in use within the United States must always be the security of the patient’s health information. HIPAA security requirements are weak at the best of times, but generally are open for any knowledgeable hacker to obtain from the average health care provider. It is imperative to treat the security of patient health information with the care we treat our financial information.