A New Pothole on the Health Interoperability Superhighway

A New Pothole on the Health Interoperability Superhighway

8
SHARE

On July 24, the new administration kicked off their version of interoperability work with a public meeting of the incumbent trust brokers. They invited the usual suspects Carequality, CARIN Alliance, CommonWell, Digital Bridge, DirectTrust, eHealth Exchange, NATE, and SHIEC with the goal of driving for an understanding of how these groups will work with each other to solve information blocking and longitudinal health records as mandated by the 21st Century Cures Act.

Of the 8 would-be trust brokers, some go back to 2008 but only one is contemporary to the 21stCC act: The CARIN Alliance. The growing list of trust brokers over our decade of digital health tracks with the growing frustration of physicians, patients, and Congress over information blocking, but is there causation beyond just correlation?

A recent talk by ONC’s Don Rucker reports:

One way to get data to move is open APIs, which the 21st Century Cures Act mandates by tasking EHR vendors to open up patient data “without special effort, through the use of application programming interfaces.”

Rucker emphasized the distinction—without quite naming what it is—between open APIs for vendors and open APIs for providers. “We’re hard at work at defining those,” he said. One difference is how the APIs are implemented: Vendors must allow for the APIs technologically, in their products, and providers must actually take advantage of the APIs.

Trust brokers on the health information highway are like the checkpoints of militias in a war zone. What gets through is limited in scope to the lowest common denominator and limited in distance to the path that crosses the fewest boundaries.

The 8 trust brokers did not arise by popular demand of the physicians and patients. Before the era of big EHR vendors for big hospitals, information flowed among physicians and patients over mail, fax, and phone using open and public interfaces and without the “added value” of trust brokers. Faxes are free, universal, and there’s no blocking on the basis of “trust”. When faxes fail, it’s typically obvious, and coupled with a phone call, reliability is high. The current situation is worse for patients as the new digital alternatives add confusion because they vary greatly from provider to provider and add frustration by being unpredictable and unreliable.

It’s hard to put a toll booth in a forest. But as the health information highway became paved (with massive taxpayer subsidy), a growing list of rent-seeking intermediaries have seized the opportunity to put a checkpoint and associated toll booth where none existed before. Hindsight is always 20/20 but the massively bipartisan 21stCC (the Act passed with 392 votes in the House and 95 votes in the Senate) gives the new administration’s ONC the opportunity to begin to take down the checkpoints.

One way to take down the trust broker’s checkpoints is called patient-directed exchange. (The word patient is preferable to consumer because patients have significant legal rights beyond mere consumers and because clinicians have a relationship with us as patients, not as consumers.) Under HIPAA, Meaningful Use Stage 3, and ONC’s API Task Force recommendations, patients get a free pass down the paved health information highway. The pass is literally free in that patients, unlike providers, cannot be charged for sending information down the new digital highway to anyone they specify. It’s as if the toll booths apply only to trucks and private cars are free. Could patient-directed exchange spell doom for trust brokers by giving patients a pass on the highway we already paid-for with taxes?

Here’s where CARIN comes in. An unaccountable and unpublished list of members gets together as an “alliance” to develop yet another set of trust rules as new potholes in the information highway. These rules don’t directly create a checkpoint but they damage the road enough to add costly maintenance to patient-directed exchange. Part of this maintenance cost is to have alliance process closed to non-members. This practice distinguishes CARIN from standards groups and other private industry collaborations that are allowed to coordinate without running afoul of antitrust law.

As the API Task Force concluded, the law is clear that “trust” and “trust framework” do not apply to patient-directed exchange. Epic, holder of medical records for 54% of the US population, provides a leading example of this under their Open.Epic API initiative. More than 30 hospitals using their most recent software are already listed on the Open.Epic website. One of them happens to have records for my 91 y/o mom and, as her proxy, I had a password to that major hospital’s patient portal for many years. After a 30-second online verification of my own name, I was able to use that portal password to access the hospital’s FHIR API and send live EHR information to a new app without any trust framework or other information blocking interference. This is not a fluke. I checked with the hospital’s CIO after the fact.

CARIN’s claim to “Consumer-Directed Exchange” is just the latest attempt to slow-walk and confuse interoperability. Trust frameworks do not apply to patient-directed exchange. Elimination of the trust framework by Open.Epic is only the critical first step in implementing the “without special effort” clause in 21stCC. The HEART workgroup, co-chaired by ONC, recently issued the first specifications for how to improve the patient experience of interoperability, including standards for automated app registration and a refresh capability to allow the patient to determine how long it is before they are asked for their portal password again. ONC should hail the Open.Epic demonstration as an example of making patients first-class citizens in control of our own data and a first step toward a new approach to interoperability based on patient rights.


The public comment period for the Trusted Exchange Framework and Common Agreement will end on ­­­­­­­­­August 25, 2017. A version of this post will introduce the specific comments of Patient Privacy Rights. If you care about the promise of digital health and would like make longitudinal health records a reality, please consider submitting your comments as well.

Leave a Reply

8 Comments on "A New Pothole on the Health Interoperability Superhighway"


Member
William Palmer MD
Aug 16, 2017

I support fully what you guys are trying to do, albeit being impressed by its difficulties. Eg if you are going to allow the “patient to manage the interchange of his own data”–as is stated as a goal in your HEART WG–just seeing and knowing his own data is going to evoke in many patients the desire to change or alter his own data. You know all the reasons: wife doesn’t want anyone, especially husband, to know that D&C contained producrs of conception. Husband does not want wife to learn that his urethral culture showed N. gonorrhea. Gentleman on job search doesn’t want potential employer to learn about his metabolic syndrome….there is no end to reasons for wanting privacy. Just wanting body mass index kept private is going to be on the minds of 25% of the population who have high BMIs.

How are you going to allow patients to redact electronically certain data from certain providers or readers? …and what if patients want certain data permanently destroyed?…and not even seen by “trusted agents”? Just seeing the redaction is going to give clues to the reader.

PS I just learned that in Japan they don’t even allow payers acess to the EMR. That would be a show stopper here!

Member
Michael Chen MD
Aug 16, 2017

Great question:
Regarding the issue of a patient redacting or altering their records, there are 2 major safeguards to the design of our proposed system.

In the patient centered health record component (which is essentially an single-patient EHR that when a patient accesses it is a patient portal), the access level that the patient declares when they login limits what they can do in terms of ordering labs/RXs and signing records. If a patient wants to add or edit a problem list item or medication for instance (like how they are taking it versus what was prescribed), they can certainly do it, the edit would be seen but marked as needing to be reconciled by a physician. That way, it would begin that conversation between patient and care provider and only when the care provider has reconciled this discrepancy that any one with access to that record can see the status of that item itself.

The second safeguard ties into another critical component and that is the self-sovereign identity piece (which uses the blockchain as the public ledger). For an order to be considered legitimate, the physician who logs in and electronically signs the order on the patient EHR will show that particular order to be electronically “notarized”, meaning that all the information (which would be in FHIR JSON format) is “immortalized” as an encrypted hash and that transaction is saved in the blockchain so that the receiver of that order can verify on the blockchain (since it is a public ledger) that that order has not been tampered with electronically (like from a patient). Because it is encrypted, the public cannot see the actual contents of the order for privacy and security. It is essentially the same idea of a physician printing a prescription on tamper proof paper but in a digital way without having to trust an singular intermediary (like SureScripts, government, etc) that the order is legit.

Hope that makes sense

Member

A disturbing look behind the curtain….how rent seekers and our health policy gurus continue to use federal legislation for power and profit.
I especially liked:
“The current situation is worse for patients as the new digital alternatives add confusion because they vary greatly from provider to provider and add frustration by being unpredictable and unreliable.
“It’s hard to put a toll booth in a forest. But as the health information highway became paved (with massive taxpayer subsidy), a growing list of rent-seeking intermediaries have seized the opportunity to put a checkpoint and associated toll booth where none existed before.”

and a reminder of how well it worked in the good old days:
“Before the era of big EHR vendors for big hospitals, information flowed among physicians and patients over mail, fax, and phone using open and public interfaces and without the “added value” of trust brokers. Faxes are free, universal, and there’s no blocking”

Member
Res Morgan M.D.
Aug 16, 2017

“Before the era of big EHR vendors for big hospitals, information flowed among physicians and patients over mail, fax, and phone using open and public interfaces and without the “added value” of trust brokers. Faxes are free, universal, and there’s no blocking”

We’re still on paper and that’s the way we run our office. With a well trained staff that knows what I need, I never lack for any required information. Patients are allowed to read their charts while waiting in the exam room and can have copies of any or all of it.

Why are we so committed to making things worse?

Member

“Why are we so committed to making things worse?”
…costing billions. I wish I had a doctor network that only kept paper records….where doctors could have a discussion with you instead of staring at the screen and going through a computer screen prompted set of questions and push screen directed recommendations. Medical record IT would be light years ahead if there weren’t all the mandates and subsidies that forced adoption ahead of viability and locked in poor systems that are hard to displace (deterring the innovators out there).

Member
Adrian Gropper, MD
Aug 17, 2017

Electronic health records were developed as a way to shift power away from the licensed professional in the direction of institutional administrators. Doctors failed to see this as a power grab until it was a fait accomplis. Now we have a new generation of doctors that never experienced the opportunity to control the essential information and communication tools of our profession. This may be irreversible unless technology overtakes the institutional EHR model and moves records to a patient-centered longitudinal model that Michael Chen and I champion. The “trust frameworks” that are the subject of this and my previous THCB post are key part of this institutional power trip.

Nonetheless, I am hopeful as technology costs drop and open source software makes peer review and communications support practical, doctors and patients that want to control their information tools and how they are accessed over the network, will gain traction.

Member
William Palmer MD
Aug 18, 2017

It’s time to reset this top-down ONC-driven-EHR effort and let people like you and Cheng, using open source software, to come to a bottom-up rescue. The open source approach is key because it will give everyone an evolutionary tilt to come together eventually…just like Linux is doing. This must be true because if everyone is using the same open source tools, and the docs all need the same result, the form will follow the function. We have to figure out ways to get the government to remove its hands from this thing. Get its paws off! Maybe the best way is to declare that the EHR push is now done and only the use of it–interoperability–is the last hurdle…which obviously has to be done by tedious bottom-up spade work with vendors and hospitals. So get the government away from your work bench and busying itself trung to wheedle and cajole the hospitals and the Epics (an impossible job) to share information…while you guys are developing, in stealth, the correct system. The industry needs peace and quiet for this to be done correctly. Good luck!.

Member
William Palmer MD
Aug 18, 2017

It’s just like the industrial revolution in the sense that first we have the brand new non-human-muscle power source, the steam engine, and then it takes millions of innovative brains to figure out ways to use it and make it integral to human culture. This could not have happened with government telling people what to do with steam engines–it never would have had the imagination.