Uncategorized

Confusing ‘Standards’ With ‘Interoperability’–Lessons For The 111th Congress From HIPAA

As we debate whether or not the Obama Administration and the 111th Congress should work towards directly funding EHRs, one of the key questions seems to be whether or not EHRs and interoperability standards are mature enough.

My colleague, John Halamka, Chair of the Healthcare Information Technology Standards Panel (HITSP), made an rational and impassioned plea last week that we have reached a state of interoperability that is at least good enough not to delay allocating Federal funds for investments in EHRs. Dr. Halamka had earlier in December advocated direct grants from the Federal government of $50,000 per U.S. clinician to states to fund the purchase of CCHIT compliant commercial EHR products.

In the ideal world, I agree with John’s position, but have spent perhaps too much time in the real EHR world and in health care standards to truly believe we are where we think we are.  We have been here before and our best intentions were subverted.

On that note, in December the Healthcare Information and Management Systems Society (HIMSS) published its Recommendations for the Obama Administration and 111th Congress. HIMSS also advocates that the Federal government directly fund the purchase of EHRs. In addition, HIMSS would require that, ‘that federal funding to assist providers and payers within these programs adopt health IT only (my emphasis) be used for the purchase or upgrade of new health IT products that apply Healthcare Information Technology Standards Panel (HITSP) interoperability specifications and have Certification Commission for Health Information Technology (CCHIT) certification.’

John Halamka has always been very open about disclosing his affiliations, his own biases, and any conflicts of interest, but nowhere in the HIMSS document is there any disclosure of HIMSS’s close affiliation with HITSP and CCHIT – the very organizations they advocate be the de facto gatekeepers on what systems qualify for Federal funding.

HIMSS is the lead sponsor of HITSP and Mark Leavitt, the Chairman of CCHIT, is on leave of absence as Chief Medical Officer of HIMSS. HIMSS does not disclose the economic benefit that will directly accrue to Dr. Leavitt, HIMSS, or HIMSS members if Congress follows HIMSS recommendations. HIMSS also does not disclose that they are the
sponsors of the Electronic Health Record Vendor Association (EHRA/EHRVA) whose membership will be the direct recipients of the $25 billion HIMSS recommends to be allocated to purchase commercial EHRs. In addition, the EHRVA holds a seat on the HITSP Board and its members co-chair and effectively control the agenda and work of all the core standards workgroups within HITSP.

I think that not disclosing conflicts of interest is unconscionable and unethical. Regardless of this, the key issue with the HIMSS recommendations, and without the ethical overtones, those of Dr. Halamka, is the question of whether we really are ready to state that the standards HITSP has mandated support ‘adequate’ interoperability between existing EHRs.

As I mentioned, we’ve been here before and the simplest analogy is to review the health care industry’s experience with HIPAA.

Unfortunately, The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is now primarily thought of as a bill passed by Congress to deal with patient privacy rights.  Patient privacy, however, is a nominal part of the original HIPAA legislation. The key legislative aims under HIPAA were insurance portability and administrative simplification.  Insurance portability under HIPAA was to allow individuals to retain their health plan when then went from one employer to another – fabulous idea but completely subverted in practice.

Administrative simplification under HIPAA was intended to decrease the complexity of insurance administrative and claim transactions and therefore decrease overall health care overhead and expenditures.  The legislation called for the definition of standards for each type of health care insurance claim and associated transactions, which all health care insurers as well as Medicare and all Medicaid programs would then be required to comply with. In addition, all claims after a predefined date, with some exceptions, would be required to be electronic, reducing errors, improving efficiency, and speeding up health care payments.

From the insurance industry’s perspective this involved two standards – ASC X12 and NCPDP. ASC X12 was the broader electronic data interchange (EDI) industry’s ANSI accredited standards development organization (SDO). The health care group within ASC X12 had already developed the 837 standard to replace the paper HCFA-1500 and UB-92 claim forms, and the 835 standard to replace paper explanation of benefit (EOB) forms.  NCPDP was the pharmacy and PBM industry trade group, and while at the time not an ANSI accredited SDO, had developed the NCPDP pharmacy claim. It all seemed pretty easy – adopt the 837, 835, and NCPDP pharmacy claim and let’s go.

Not so easy. HIPAA stated that the standards had to come from an accredited SDO.  The NCPDP pharmacy claim had been built by industry and NCPDP was not an accredited SDO so HL7, an accredited SDO that had their own pharmacy claim standard, cried foul. The problem was that 98% of pharmacies and over 99% of pharmacy claims were already standardized under NCPDP, already 100% electronic, and extremely efficient and cheap. Pharmacy claims adjudication costs, then and now, are insignificant in the overall cost of prescriptions drugs – between $0.05 and $0.20 per claim. Medicare (CMS) and the Federal government, which at that time did not pay for prescription drugs, were unaware of this and HL7 lobbied for NCPDP to be excluded from consideration.

Fortunately reason prevailed, NCPDP applied for and was granted ANSI accreditation, and the NCPDP pharmacy claim was defined as the HIPAA standard for pharmacy claims.

The X12 837 and 835 also had some opposition from HL7 which had also developed a health care claims standard, but that was short lived due to strong support for ASC X12 within the payor community. Electronic claims submission in 1996 was not yet widely deployed, and the problem with the 837 was that where it had been implemented, it had been
modified to meet each specific payor’s needs. This meant that two 837s defined by two different payors were not the same, even if the claim information was identical. If this were the case under HIPAA each physician practice or hospital needing to support electronic claims would have to support hundreds of different ‘standardized’ formats just to get their claims out.

The health care insurance industry lobbied for a single, standardized implementation guide for the X12 837 standard under HIPAA (as well as the 835). Under electronic data interchange (EDI) in health care, both the providers (physician practices and hospitals) and the payors were beholden to the claims clearinghouses who ran proprietary closed EDI networks and charged a transaction fee on every claim. The feeling at the time (1997-1998) was that secure transactions over the Internet would be the ideal way to manage health care claims, eliminating the clearinghouses, decreasing costs, and improving efficiency.

Enter AFEC/AFEHCT, the Association For Electronic Health Care Transactions, which is the trade and lobbying association for all of the EDI claims clearinghouses. AFEHCT and its members, particularly the market leading clearinghouse, Envoy-NEIC, knew that if a uniform 837 implementation guide were established and secure Internet transactions approved under HIPAA the clearinghouses would be out of business. Tom Gilligan, contract Washington DC lobbyist and Executive Direct of AFEHCT and Kepa Zubeldia MD, AFEHCT Board Member and VP of Technology for Envoy-NEIC, lead the charge. Exerting relentless pressure, AFECHT and the EDI vendors established two principles that prevailed. First, AFECHT established that clearinghouses played a critical role in making health care transactions efficient – claiming they saved the practices, hospitals, and insurers from managing the incompatible standards formats and from connecting to each other directly. The primary ploy was that they would be more cost effective than everyone having to implement a ‘new’ standard – despite the fact that there was limited electronic claim submission at that time anyway. Second, AFECHT claimed that Internet security standards, particularly digital signatures, were too expensive and complicated to implement so that private secure, read ‘EDI,’ networks were a safer way to transmit ‘sensitive’ patient information, i.e. claims (www.ncvhs.hhs.gov/970805tb.htm).

In the end when the HIPAA administrative simplification regulations were released, pharmacy claims already standardized under NCPDP were sanctioned, and while physician and hospital claims standards was specified (X12 837 and 835), a uniform implementation guide and standards for secure claims transactions were explicitly not defined. This preserved the status quo of the clearinghouses and their proprietary EDI networks for claims. In addition, the insurers, including each Medicare third party intermediary, were free to implement the 837 and 835 in any way they saw fit. To this day, each payor and third party intermediary uses a different variation on the 837-claim format and the vast majority of physicians, hospitals, and payors pay fees for their claims to flow through the clearinghouses.

Not a red cent was saved and the various players made out like bandits. Envoy consolidated with the clearinghouse NEIC then sold to Healtheon/WebMD in January 2000 for $2.1 billion (eventually $439 million after the dot com crash); Dr. Zubeldia founded Claredy, a company that made money certifying X12 claims compliance with HIPAA, which was sold to UnitedHealthcare/Ingenix in 2005 for an undisclosed sum; and AFECHT merged with, you guessed it, HIMSS, in 2006. All in all this is a pretty darn good outcome for an industry that under Congress’ original intent under HIPAA would have gone the way of the dinosaurs. In a nutshell what happened under HIPAA is as follows:

1. Congress passed with its best intentions a comprehensive bill (HIPAA) to support insurance portability, decrease the overall cost of health care by targeting administrative overhead, and provide protections for patient privacy.

2. The concept would have worked but at the expense of the EDI claims clearinghouses.

3. The status quo, the clearinghouses, prevailed by changing the argument and claiming that they were actually the solution and that effective security technologies over the Internet were too expensive to
implement.

4. The blowback was that a uniform set of claims standards, except in pharmacy, was subverted and effective security, confidentiality, and privacy standards were blocked.

5. In the end, HIPAA did not really result in insurance portability (another story), it did not simplify or decrease administrative overhead in claims (the clearinghouses prevailed), and it requires compliance with patient privacy but without mandating effective technologies to protect confidentiality (there is no reason we do not have strong authentication, full transaction auditing, and digital signatures across all health care IT systems – no, yes there is, it would cost the vendors money and time).

In the end Congress’ best intentions were subverted by the health care information technology (HIT) industry.  Now we are about to repeat that all over again with EHRs.

What are the issues and lessons?

A) In all of our discussions and decisions we have to be very careful and diligent about safeguarding the public, patients’, and our health care system from the economic self-interest of the health care industry itself and its vendors and providers.  If we haven’t learned this in spades in every aspect of health care by now it’s hopeless to consider real reforms. Conflicts of interest need to be spelled out right under the author or organization’s name on the first page of any document of any kind in health care – period.

B) Congressional legislation needs to avoid mandates, such as requiring standards come only from accredited SDOs, that standards be established by fiat or government or vendor dominated entities like
HITSP, and that only ‘certified’ products be eligible for funding – such as the CCHIT certification requirement for EHRs.

C) Federal funding should go to fund research and innovation in health care IT along the lines of the NIH, NSF, and DARPA, not the status quo.  Direct purchase of products and their subsidy should be avoided.  There is a market (finally) for EHRs after all these years and the market should figure itself out without artificial influence.

D) If vendors or institutions seek funding from the Federal government they should have to compete openly with academic institutions, independent contractors, start-ups, and all their competitors, without unfair and anti-competitive artificial constraints.

E) My own opinion is that watching what has happened in every other industry, in particular supply chain and financial services, we would be much farther along in health care EDI using the Internet, with markedly lower transaction costs, and with better patient data security, confidentiality, and privacy without HIPAA.  I was a strong supporter of HIPAA and I think Congress had excellent intentions; it’s just that special interests prevailed.

I also believe that regardless of the excellent work that has been done by HITSP that the current health care standards on the table are not adequate or ready for prime time.  The core issue revolves around what health care data interoperability really means.  Under HITSP to date it has essentially meant messaging – sending a block of data from one system or entity to another. Data interoperability has to be defined in a much broader sense if we are going to truly coordinate patient care, provide for real clinical decision support, and lower overall health care costs. Microsoft HealthVault and Google Health are two key drivers in this. The issue, to paraphrase Peter Neupert from Microsoft, is ‘data liquidity’ – movement of data between patients and providers not just between systems. Microsoft HealthVault and Google Health are not CCHIT certified, but you could build an EHR on top of them using their APIs. Would that type of solution be excluded from Federal funding?

Let’s not confuse standards with interoperability or artificially bias or influence a technology sector that is already in the midst of a transformation. HIPAA preserved the status quo in direct opposition to Congressional intent. Transformations and innovation in technology involve innovators that tilt against and then topple the status quo – that is where government, research, and investor funding ought to go. And, yes I’m biased…

Rick Peters, who has blogged on health care information technology issues, is the also the former CEO of the pharmacy benefit management company PTRX.

Livongo’s Post Ad Banner 728*90

12
Leave a Reply

12 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
10 Comment authors
What is your Financial IQ?? this is the difference between the rich and the poor.john kellyBonnieRick PetersNate Recent comment authors
newest oldest most voted
What is your Financial IQ?? this is the difference between the rich and the poor.
Guest

Wealthy investors with a high Financial IQ, understand to be truly diversified you need to invest across all four primary Asset Classes which are: Real Estate, Paper Assets (stocks bonds and mutual funds) Commodities And Businesses by way of Joint Ventures or owning preferred shares. Investing in the four primary asset classes is the secret of accumulating enormous Wealth.. This is why Investing in a Syndicate Mortgage should be a key component of your wealth creation strategy. The fundamental investment principles of Banks and Pension funds are Security, good returns and cash flow. A Syndicate Mortgage allows you to invest… Read more »

Nate
Guest
Nate

Rick who or how do you feel this should be paid for? As a payor, and a small one at that, I’ll admit to being bitter about all the cost dictated down on us and never once a check to pay for any of it. With EDI, which in theory had great promise but ended up costing us far more then it saved, we where told you accept them by X date or we fine you out of existence. When I hear providers cry they can’t afford to implement any of this or that without subsidies and support I’m short… Read more »

Rick Peters
Guest
Rick Peters

John Kelly – I appreciate your perspective and apologize that you think I am some crazy nut ranting about health care. You and I have different definitions of disintermediation. You work with Harvard Pilgrim Health Care (HPHC), the most progressive payor in the country. I sincerely congratulate HPHC on being selected (for the 4th year in a row) as the #1 commercial health plan by U.S. News & World Report/NCQA – it reflects the quality of work all of you do. HPHC has taken the lead at disintermediation, but there are still lingering questions. 1) What year did your web… Read more »

john kelly
Guest
john kelly

I’m sorry but this is the biggest crock of reinvented history I’ve ever seen on a serious health care blog. The standards mandated under HIPAA have significantly disintermediated the clearinghouses in this country and saved billions of dollars in transaction fees that have been avoided by the direct submission of claims, claims status and eligibility transactions by providers to payers. In addition, the successful disintermediation of clearinghouses on the revenue cycle side has prepared the market for the exchange of clinical information using the same network channels established to exchange HIPAA transactions. In addition, the fact that many of the… Read more »

Bonnie
Guest
Bonnie

Wow, this is a fascinating history. I am a software developer working
directly on HIPAA implementations (mainly 270/271 eligibility
transactions but I see the 835/837 mess too). I came to this from
outside healthcare (from a more high tech company, in fact) and I am
absolutely appalled at the lack of regard for interoperability.

Rick Peters
Guest
Rick Peters

My sincere apologies to John Moore, whose excellent blog on the HIMSS report I intended to link in my blog. Please read John’s analysis “HIMSS Joins Auto Industry to Hold Out the Hat” at (http://chilmarkresearch.com/2008/12/18/himss-joins-auto-industry-to-hold-out-the-hat/). John was nice enough to forgive me for this, my greater regret is that it is not in the main body of this blog!

Nate
Guest
Nate

Are providers really paying for EDI? Most clearing houses we come across admit they give it to providers for free and then rip off us payors. We are finally seeing cost come down but for years we didn’t imbrace EDI becuase at $0.40 cents a claim and being liable for Dups and claims that aren’t ours it wasn’t economical, we could key it in cheaper. Oddly the worst rip off was Medicare Secondary payor. I beleive it started at $1.00 and when we stopped had only dropped to $0.75 per claim. Complete rip off but the market wouldn’t accept a… Read more »

jd
Guest
jd

Wow, this is a fantastic history and presenting it is a great service. I do have confusion on one point (or is it that I disagree?) and I hope Rick or someone else can clear up or confirm my difficulty. I was with you entirely, mostly getting schooled, until your recommendation (B) to avoid mandates. I know that your point is that these will be subverted by industry to oppose the very goals they were intended by politicians to achieve. However, I still don’t see how we can escape mandates, or quasi-mandates in the form of financial penalties for non-compliance… Read more »

Dr. Pandey
Guest

With all due respect to my IT friends, they oversell the maturity as well as the usefulness of the product. That is the reason, I hear stories from healthcare providers how their implementation did not deliver the benefit promised. Make no mistake. I support EMR/EHR. What I do not want people to do is misrepresent. As of now, the products in general have following oppouritnities 1) Interfacing with other systems 2) Standardization of language 3) Process standardadization 4) Security 5) Discreteness in sharing 6) Patient control (here my business partner has, as I had mentioned in one of my earlier… Read more »

JAsplund
Guest
JAsplund

Perhaps there is a third model? One that avoids the use of “gate-keepers” and follows the same model that the internet itself followed? The collaborative W3C model http://www.w3.org/Consortium/ where “standards” are vendor neutral and presented as recommendations. A network of networks is already being developed via the NHIN and that is where I expect the bulk of the funds will flow. Clearly the federal government is the largest purchaser of health care and has a vested interest in a cost effective system so it makes sense that they would drive this process and ask that everyone has the same standards… Read more »

Jason Lyle
Guest
Jason Lyle

Rick, this is an excellent post. I applaud your eloquence in providing analysis on a topic to which I have had very little exposure.
You mention how ‘HIPAA did not really result in insurance portability (another story)’. I am relatively new to the health care field, and I am curious if you or others could point me toward some good reading on this particular topic.
Thanks in advance.

Eric
Guest
Eric

Rick, I’d be interested connecting with you more concretely on an implementation approach to disintermediate the clearinghouses. We couldn’t agree with you more on this point, and we have a working group right now of major health plans and providers working towards this end. I’d be very interested in speaking with you directly (ewallace@gnyha.org).