As we debate whether or not the Obama Administration and the 111th Congress should work towards directly funding EHRs, one of the key questions seems to be whether or not EHRs and interoperability standards are mature enough.
My colleague, John Halamka, Chair of the Healthcare Information Technology Standards Panel (HITSP), made an rational and impassioned plea last week that we have reached a state of interoperability that is at least good enough not to delay allocating Federal funds for investments in EHRs. Dr. Halamka had earlier in December advocated direct grants from the Federal government of $50,000 per U.S. clinician to states to fund the purchase of CCHIT compliant commercial EHR products.
In the ideal world, I agree with John’s position, but have spent perhaps too much time in the real EHR world and in health care standards to truly believe we are where we think we are. We have been here before and our best intentions were subverted.
On that note, in December the Healthcare Information and Management Systems Society (HIMSS) published its Recommendations for the Obama Administration and 111th Congress. HIMSS also advocates that the Federal government directly fund the purchase of EHRs. In addition, HIMSS would require that, ‘that federal funding to assist providers and payers within these programs adopt health IT only (my emphasis) be used for the purchase or upgrade of new health IT products that apply Healthcare Information Technology Standards Panel (HITSP) interoperability specifications and have Certification Commission for Health Information Technology (CCHIT) certification.’
John Halamka has always been very open about disclosing his affiliations, his own biases, and any conflicts of interest, but nowhere in the HIMSS document is there any disclosure of HIMSS’s close affiliation with HITSP and CCHIT – the very organizations they advocate be the de facto gatekeepers on what systems qualify for Federal funding.
HIMSS is the lead sponsor of HITSP and Mark Leavitt, the Chairman of CCHIT, is on leave of absence as Chief Medical Officer of HIMSS. HIMSS does not disclose the economic benefit that will directly accrue to Dr. Leavitt, HIMSS, or HIMSS members if Congress follows HIMSS recommendations. HIMSS also does not disclose that they are the
sponsors of the Electronic Health Record Vendor Association (EHRA/EHRVA) whose membership will be the direct recipients of the $25 billion HIMSS recommends to be allocated to purchase commercial EHRs. In addition, the EHRVA holds a seat on the HITSP Board and its members co-chair and effectively control the agenda and work of all the core standards workgroups within HITSP.
I think that not disclosing conflicts of interest is unconscionable and unethical. Regardless of this, the key issue with the HIMSS recommendations, and without the ethical overtones, those of Dr. Halamka, is the question of whether we really are ready to state that the standards HITSP has mandated support ‘adequate’ interoperability between existing EHRs.
As I mentioned, we’ve been here before and the simplest analogy is to review the health care industry’s experience with HIPAA.
Unfortunately, The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is now primarily thought of as a bill passed by Congress to deal with patient privacy rights. Patient privacy, however, is a nominal part of the original HIPAA legislation. The key legislative aims under HIPAA were insurance portability and administrative simplification. Insurance portability under HIPAA was to allow individuals to retain their health plan when then went from one employer to another – fabulous idea but completely subverted in practice.
Administrative simplification under HIPAA was intended to decrease the complexity of insurance administrative and claim transactions and therefore decrease overall health care overhead and expenditures. The legislation called for the definition of standards for each type of health care insurance claim and associated transactions, which all health care insurers as well as Medicare and all Medicaid programs would then be required to comply with. In addition, all claims after a predefined date, with some exceptions, would be required to be electronic, reducing errors, improving efficiency, and speeding up health care payments.
From the insurance industry’s perspective this involved two standards – ASC X12 and NCPDP. ASC X12 was the broader electronic data interchange (EDI) industry’s ANSI accredited standards development organization (SDO). The health care group within ASC X12 had already developed the 837 standard to replace the paper HCFA-1500 and UB-92 claim forms, and the 835 standard to replace paper explanation of benefit (EOB) forms. NCPDP was the pharmacy and PBM industry trade group, and while at the time not an ANSI accredited SDO, had developed the NCPDP pharmacy claim. It all seemed pretty easy – adopt the 837, 835, and NCPDP pharmacy claim and let’s go.
Not so easy. HIPAA stated that the standards had to come from an accredited SDO. The NCPDP pharmacy claim had been built by industry and NCPDP was not an accredited SDO so HL7, an accredited SDO that had their own pharmacy claim standard, cried foul. The problem was that 98% of pharmacies and over 99% of pharmacy claims were already standardized under NCPDP, already 100% electronic, and extremely efficient and cheap. Pharmacy claims adjudication costs, then and now, are insignificant in the overall cost of prescriptions drugs – between $0.05 and $0.20 per claim. Medicare (CMS) and the Federal government, which at that time did not pay for prescription drugs, were unaware of this and HL7 lobbied for NCPDP to be excluded from consideration.
Fortunately reason prevailed, NCPDP applied for and was granted ANSI accreditation, and the NCPDP pharmacy claim was defined as the HIPAA standard for pharmacy claims.
The X12 837 and 835 also had some opposition from HL7 which had also developed a health care claims standard, but that was short lived due to strong support for ASC X12 within the payor community. Electronic claims submission in 1996 was not yet widely deployed, and the problem with the 837 was that where it had been implemented, it had been
modified to meet each specific payor’s needs. This meant that two 837s defined by two different payors were not the same, even if the claim information was identical. If this were the case under HIPAA each physician practice or hospital needing to support electronic claims would have to support hundreds of different ‘standardized’ formats just to get their claims out.
The health care insurance industry lobbied for a single, standardized implementation guide for the X12 837 standard under HIPAA (as well as the 835). Under electronic data interchange (EDI) in health care, both the providers (physician practices and hospitals) and the payors were beholden to the claims clearinghouses who ran proprietary closed EDI networks and charged a transaction fee on every claim. The feeling at the time (1997-1998) was that secure transactions over the Internet would be the ideal way to manage health care claims, eliminating the clearinghouses, decreasing costs, and improving efficiency.
Enter AFEC/AFEHCT, the Association For Electronic Health Care Transactions, which is the trade and lobbying association for all of the EDI claims clearinghouses. AFEHCT and its members, particularly the market leading clearinghouse, Envoy-NEIC, knew that if a uniform 837 implementation guide were established and secure Internet transactions approved under HIPAA the clearinghouses would be out of business. Tom Gilligan, contract Washington DC lobbyist and Executive Direct of AFEHCT and Kepa Zubeldia MD, AFEHCT Board Member and VP of Technology for Envoy-NEIC, lead the charge. Exerting relentless pressure, AFECHT and the EDI vendors established two principles that prevailed. First, AFECHT established that clearinghouses played a critical role in making health care transactions efficient – claiming they saved the practices, hospitals, and insurers from managing the incompatible standards formats and from connecting to each other directly. The primary ploy was that they would be more cost effective than everyone having to implement a ‘new’ standard – despite the fact that there was limited electronic claim submission at that time anyway. Second, AFECHT claimed that Internet security standards, particularly digital signatures, were too expensive and complicated to implement so that private secure, read ‘EDI,’ networks were a safer way to transmit ‘sensitive’ patient information, i.e. claims (www.ncvhs.hhs.gov/970805tb.htm).
In the end when the HIPAA administrative simplification regulations were released, pharmacy claims already standardized under NCPDP were sanctioned, and while physician and hospital claims standards was specified (X12 837 and 835), a uniform implementation guide and standards for secure claims transactions were explicitly not defined. This preserved the status quo of the clearinghouses and their proprietary EDI networks for claims. In addition, the insurers, including each Medicare third party intermediary, were free to implement the 837 and 835 in any way they saw fit. To this day, each payor and third party intermediary uses a different variation on the 837-claim format and the vast majority of physicians, hospitals, and payors pay fees for their claims to flow through the clearinghouses.
Not a red cent was saved and the various players made out like bandits. Envoy consolidated with the clearinghouse NEIC then sold to Healtheon/WebMD in January 2000 for $2.1 billion (eventually $439 million after the dot com crash); Dr. Zubeldia founded Claredy, a company that made money certifying X12 claims compliance with HIPAA, which was sold to UnitedHealthcare/Ingenix in 2005 for an undisclosed sum; and AFECHT merged with, you guessed it, HIMSS, in 2006. All in all this is a pretty darn good outcome for an industry that under Congress’ original intent under HIPAA would have gone the way of the dinosaurs. In a nutshell what happened under HIPAA is as follows:
1. Congress passed with its best intentions a comprehensive bill (HIPAA) to support insurance portability, decrease the overall cost of health care by targeting administrative overhead, and provide protections for patient privacy.
2. The concept would have worked but at the expense of the EDI claims clearinghouses.
3. The status quo, the clearinghouses, prevailed by changing the argument and claiming that they were actually the solution and that effective security technologies over the Internet were too expensive to
4. The blowback was that a uniform set of claims standards, except in pharmacy, was subverted and effective security, confidentiality, and privacy standards were blocked.
5. In the end, HIPAA did not really result in insurance portability (another story), it did not simplify or decrease administrative overhead in claims (the clearinghouses prevailed), and it requires compliance with patient privacy but without mandating effective technologies to protect confidentiality (there is no reason we do not have strong authentication, full transaction auditing, and digital signatures across all health care IT systems – no, yes there is, it would cost the vendors money and time).
In the end Congress’ best intentions were subverted by the health care information technology (HIT) industry. Now we are about to repeat that all over again with EHRs.
What are the issues and lessons?
A) In all of our discussions and decisions we have to be very careful and diligent about safeguarding the public, patients’, and our health care system from the economic self-interest of the health care industry itself and its vendors and providers. If we haven’t learned this in spades in every aspect of health care by now it’s hopeless to consider real reforms. Conflicts of interest need to be spelled out right under the author or organization’s name on the first page of any document of any kind in health care – period.
B) Congressional legislation needs to avoid mandates, such as requiring standards come only from accredited SDOs, that standards be established by fiat or government or vendor dominated entities like
HITSP, and that only ‘certified’ products be eligible for funding – such as the CCHIT certification requirement for EHRs.
C) Federal funding should go to fund research and innovation in health care IT along the lines of the NIH, NSF, and DARPA, not the status quo. Direct purchase of products and their subsidy should be avoided. There is a market (finally) for EHRs after all these years and the market should figure itself out without artificial influence.
D) If vendors or institutions seek funding from the Federal government they should have to compete openly with academic institutions, independent contractors, start-ups, and all their competitors, without unfair and anti-competitive artificial constraints.
E) My own opinion is that watching what has happened in every other industry, in particular supply chain and financial services, we would be much farther along in health care EDI using the Internet, with markedly lower transaction costs, and with better patient data security, confidentiality, and privacy without HIPAA. I was a strong supporter of HIPAA and I think Congress had excellent intentions; it’s just that special interests prevailed.
I also believe that regardless of the excellent work that has been done by HITSP that the current health care standards on the table are not adequate or ready for prime time. The core issue revolves around what health care data interoperability really means. Under HITSP to date it has essentially meant messaging – sending a block of data from one system or entity to another. Data interoperability has to be defined in a much broader sense if we are going to truly coordinate patient care, provide for real clinical decision support, and lower overall health care costs. Microsoft HealthVault and Google Health are two key drivers in this. The issue, to paraphrase Peter Neupert from Microsoft, is ‘data liquidity’ – movement of data between patients and providers not just between systems. Microsoft HealthVault and Google Health are not CCHIT certified, but you could build an EHR on top of them using their APIs. Would that type of solution be excluded from Federal funding?
Let’s not confuse standards with interoperability or artificially bias or influence a technology sector that is already in the midst of a transformation. HIPAA preserved the status quo in direct opposition to Congressional intent. Transformations and innovation in technology involve innovators that tilt against and then topple the status quo – that is where government, research, and investor funding ought to go. And, yes I’m biased…
Rick Peters, who has blogged on health care information technology issues, is the also the former CEO of the pharmacy benefit management company PTRX.