Why Standards Matter 2: Health IT Enters a New Era of Regulatory Control

David KibbeThe recent history of electronic medical records in ambulatory care, or what we now call EHR (electronic health record) technology, can be divided roughly into three phases. Phase I, which lasted approximately 20 years, from about 1980 to the early 2000’s, was an era of exploration and early adaptation of computers to outpatient medicine. It coincided with the availability of PCs that were cheap enough to be owned by many doctors, and with the increased capacity of off-the-shelf software programs, mainly spreadsheet and database management systems such as Lotus, Excel, Access, and Microsoft’s SQL, to lend themselves to computerized capture of health data and information. Phase II coincided roughly with the American Academy of Family Physician’s (AAFP’s) commitment to health IT as a core competency of the organization, and with its support/promotion of the early commercial vendors in the Partners for Patients program, a national educational campaign inaugurated in 2002 which involved joint venturing with vendors that included Practice Partners, MedicaLogic, eClinicalWorks, and eMDs, among others. Several other physician membership organizations joined this effort to popularize EMRs, or crafted their own education programs for their members based on the AAFP’s model. The most popular Phase II products were, and still are for the most part, client-server software applications that run on local networks and PCs within the four walls of a practice, and tend to use very similar programming development tools, back-end databases, and support for peripherals such as printers. The industry grew, albeit sluggishly, from roughly 2002-present in an unregulated environment, with increasing support from quasi-official industry groups like HIMSS and CCHIT, and with the blessing of many professional organizations, including the AAFP, ACP, AOA, and the AAP. Best estimates are that the numbers of physicians using EHR technology from a commercial vendor roughly tripled during this period, from about 5% of physicians to about 15%. The Bush administration gave moral support to the industry, but did not provide funding or payment incentives, and mostly left the industry to itself to sort out the rules, including certification. The industry is now entering a new phase, one we predict will significantly depart from the previous two eras.

Phase III will be a time of government regulation of EHR technologies during which Congressional mandates — sometimes quite vague — will be interpreted by policy bodies within the government, which in turn will lead to federal rule-making and regulation as a means of carrying out policy goals and objectives. This will require significant interpretive work within the agencies delegated, mainly ONC and HHS, along with NIST and possibly the FDA and CDC, the results of which will have the potential to fundamentally alter the market for EHR technology and the products within that market, for many years to come. Because there is a great deal of money at stake, Phase III will also be a period of intense competition, new and aggressive lobbying activity, and perhaps not just a few legal challenges, as winners emerge and losers fall by the wayside.

Why the revolutionary efforts to exert regulatory control over the market for EHR technologies in the US, and why now?As we have listened to and participated in the meetings of the HIT Policy Committee and ONC staff, we have been struck by several things. First, the leadership are people who believe in principle in regulatory policy as a means of managing and improving upon the market. Secondly, they and their colleagues believe that the market for EHR technology has failed in several important respects, most notably by failing to create widespread adoption among physicians, medical practices and hospitals of even the most basic health IT tools, and by failing to institute interoperability of health data exchange, despite certifications that claim the opposite. And third, they have faith that regulations and rule-making are the means by which our nation’s providers can be incentivized, and punished if necessary, into adopting the EHR technologies and associated standards that will set the stage for long term health care reforms in the payment system. In other words, they are committed to using the regulatory tools available to them to change the course and to move the curves of IT adoption in as short a time as possible.Anyone present or listening by teleconference to the HIT Policy Committee meeting of July 14, which was devoted to the issue of EHR certification, had to have been impressed by both the directness and the force of the attack on the Commission for Certification of HIT, or CCHIT. It was relentless, and came from all quarters: from academic informaticists, from federal standards officials, from hospital CIOs, physicians in private practice, doctor membership organizations, and health care economics analysts. And, at the end of the day, CCHIT was stripped of its previously unchallenged prerogative to set certification criteria; removed of its monopoly for certification of EHRs; and left with large questions about even the validity of its role as advisor to ONC on the processes of certification. The HIT Policy Committee recommended, and ONC has accepted its recommendations, that EHR technology certification criteria are henceforward to be decided not by CCHIT, an industry body with ties to the incumbent  vendors, but by HHS and ONC directly. The term “HHS Certification” was coined and is now in use to indicate this change. Certification as a process will focus no longer on a long list of features and functions, but target Meaningful Use, interoperability, and security only.

And, in the final insult to the industry and to CCHIT, ONC declared its intent to offer contracts to several entities to do the certification once criteria are set in early 2010, on a competitive bidding basis. Thus, by the end of 2009, the industry that makes and sells EHR technology and into which will flow upwards of $30 billion in subsidies between 2010 and 2015, will receive a set of regulations that will specify the rules they must play by. There will be regulations defining Meaningful Use, others that regulate the process of HHS Certification of EHR  technologies, and still others setting out the requirements physicians must fulfill to validate that they are meaningful users of certified products. Finally, the regulations will set the standards and protocols all parties must utilize in order to meet these definitions and processes, and especially with regards to computable (interoperable) data exchanges and the security of health data while in transit or stored in databases. This will be a complex new set of regulations unlike anything that the health IT industry has faced before — although, of course, there are many other industries where regulatory control has played an important role in shaping major issues in the market, such as competition, pricing, and innovation.*******What should we expect, and how might these new regulations alter the EHR technology landscape? In his most recent book, Supercapitalism,
Robert Reich provides rich detail to support his contention that
regulations rarely result in the public good being achieved, the claims
of politicians and agency officials notwithstanding. Instead, the
regulatory environment typically becomes the battleground upon which
competing firms in a sector of the economy struggle to advantage
themselves and disadvantage their competitors, whenever and however
possible, most often through lobbying and influence peddling aimed at
Congressmen and Senators, as well as at the regulators themselves.
Regulations create regulatory disputes among competitors, each side
claiming the moral high ground in whatever argument is in play, and
often spending enormous sums on advertising, marketing, and lobbying
firms, or on lawsuits intended to increase the value of their stock or
to injure the reputation of their rivals. These battles are
well known and can be fierce, but they are new to health IT as an
industry sector. A regulatory tussle that is current and attracting a
lot of attention is the “Internet neutrality” debate. Discussions in
Congress, at the FCC, and in the blogosphere revolve around the degree
to which Internet Service Providers, ISPs, should be allowed to charge,
or be prohibited from charging, different payment rates based on the
content and origins of material presented in Web browsers attached to
the Internet. The idea could be posed this way: Should local book
stores be as easily accessible on the Internet, at the same speed of
downloading, as large companies like Barnes and Nobles and Amazon.com?
Or, should ISPs be permitted to charge large corporations higher fees
to make their content arrive faster to customers’ desktops and laptop
computers? Proponents of Internet neutrality argue that the
federal government ought to regulate the industry to instill
competition and protect the smaller companies, who may not be able to
afford the higher prices easily affordable to Amazon.com, and in order
to allow customers the greatest freedom of choice. But the larger
companies argue that, by offering their bigger customers the
opportunity to offer their own customers better service, the public
interest is better served. They argue that to withhold the market’s
determination of how rates are set is inherently anti-competitive and
against the long term interests of the consuming public, which they
argue wants fast access to the most popular websites. Of course, they
fail to mention that setting higher rates might also boost their own
profits and increase the value to their own shareholders.Vonage
is an example of a company with a disruptive technology / business
model that has actively engaged with the regulatory process in an
effort to protect its business plan, while also being shaped by the
regulatory framework. Initially, they weren’t regulated like a phone
company at all, and won a landmark case against the state of Minnesota,
in which the FCC said Minnesota couldn’t regulate them as a state
telecommunications company, because their service — voice over
Internet protocol, or VoIP — is inherently interstate in nature. At
the same time, initially in response to consumer and legislative
outrage that Vonage didn’t provide 911 emergency service, the FCC has
extended many telco regulations – including 911 regulations – to VoIP
providers to ensure that Vonage and others can’t circumvent many telco
obligations and thereby gain a competitive advantage over traditional
telcos. VoIP is now subject to 911 rules, Universal Service Fund
obligations, many reporting requirements. So, in this case the
regulatory framework initially favored competition and innovation, but
was then changed to favor the incumbents. Many hundreds of millions of
dollars have been spent by both sides in this long dispute.Regardless
of whose side you take in these kinds of debates, there are always
going to be “winners” and “losers” when state or federal regulatory
control is put into operation. And though we may like to think that the
debates themselves are objective, free of undue influence by either
side, in fact this is almost never the case. Large corporations have
the money and other resources to lobby both Congress and regulatory
bodies like the FCC, whereas consumers’ interests or those of smaller
and less well-heeled constituents are often unable to match the larger
players’ coffers. This is not to say that the side with the most money
always wins. But as economist Robert Reich reminds us, the incumbents
most often have and keep the upper hand. ******* Although
it is still early in the game, with the first issuance of regulations
expected as a Notice of Proposed Rule Making (NPRM) in late December
2009, followed by a 60-day public comment period, the broad outlines of
battles to come are now discernible. The incumbent health IT firms,
mostly those such as Cerner and Epic whose growth and financial
successes have been tied to large enterprise implementations, largely
in hospital systems and large group medical practices, have vigorously
put forward and defended a set of legacy standards that are complex,
referential to other complex standards, not-well-suited to
inter-organizational or personal data exchanges, and expensive to put
into operation. They benefit from the promulgation and extension of
these standards as regulatory mandates because, they say, this is the
way to create stability in the industry. However, they fail to mention
that these standards also advantage the older companies, as new
entrants will have to expend significant time, energy, and money to
acquire the expertise that these enterprise-friendly standards and
protocols require, but which the incumbent vendors already possess. But
new entrants in the health IT economy, some very large and powerful,
including both Microsoft and Google, along with a host of medium and
small companies that gravitate around them like satellites circling
large planets, have started to fight back. For example, Google’s CEO,
Eric Schmidt, has publicly criticized the Obama administration’s
current plans for subsidizing health IT and EHR technology use among
physicians and hospitals. As a member of the prestigious President’s
Council on Science and Technology, he was quoted as warning that the
ONC’s plans threaten to lock the nation’s health care system into the
technological past, rather than launch it into the future. Google is
not alone in wanting to see more of the nation’s health IT
infrastructure — including physicians’ practices and hospital systems
— move to Web services and so-called “cloud computing,” in part
because this is Google’s strength as a company and where it hopes to
make its profits in the coming years. It’s important that we
end this piece on a positive note.  The Blumenthal team at ONC, along
with IT specialists at the White House and HHS, are in a listening
mode, and the regulations are not yet finalized.  Aneesh Chopra, White
House CTO, has taken steps to open the discussion to include testimony
for innovators, and to make innovation an explicit goal over at the HIT
Standards Committee, of which he is a member.   He and Todd Park, CIO
for HHS, have recently announced that the direction of the Health
Internet (formerly the NHIN) and its massive CONNECT gateway project
will be re-focused to make secure access to and transfer of health data
easier and under greater consumer control, using off-the-shelf
standards and protocols wherever possible.  When asked recently if
these plans were endorsed by David Blumenthal, the response was an
emphatic “yes,” that the team in charge of health IT within the
administration was working collaboratively under Dr. Blumenthal’s
express supervision.   Perhaps even more importantly, these two and
others are signaling that they want input from the experts, from the
public, and from those who will be affected by the ARRA/HITECH
programs.   If you have an opinion about EHRs, PHRs, standards for
health IT, or any other aspect of this new regulatory framework, now is
the time to stand up and speak your mind.

David C. Kibbe MD MBA is a Family Physician and Senior Advisor to
the American Academy of Family Physicians. Brian Klepper PhD is a
health care analyst.