Tech

A Troubling Strategy at Health IT Week

Health IT Week demonstrated a double barrel strategy to segregate patient information from provider information. Providers already have the power to set prices and health IT plays the central role.

By rebranding HIPAA as “Meaningful Consent” and making patients second-class citizens in Meaningful Use Stage 2 interoperability, providers and regulators are working together to keep it that way.

Essential consumer protections such as price transparency or independent decision support are scarce in the US healthcare system. The journalists are shouting from the rooftops.

There’s  $1 Trillion (yes, $3,000 per person per year) of unwarranted and overpriced health services steering the Federal health IT bus with an information asymmetry strategy. Those of us that want to see universal coverage succeed need the information transparency tools to drive for changes.

Here’s how it works: The department of Health and Human Services (HHS) controls the health IT incentives and regulations. HIPAA applies to most licensed health services providers. Laboratories and devices are regulated by Medicare and the FDA.

Unlicensed services offered directly to patients, such as personal health records, web info sites and apps are regulated by the FTC. Separate regulatory domains facilitate the segregation of information and contribute to the lack of transparency by making patient-directed services use delayed and degraded information. This keeps independent advice from FTC-regulated service providers from illuminating the specific abuses.

The segregation of patient information from “provider” information is the current federal regulatory strategy. It’s even more so in the states. By making patients into second-class citizens, the providers can avoid open scrutiny, transparent pricing, and independent decision support.

Federal regulators then create a parallel system where information is delayed, diluted, and depreciated by lack of “authenticity”. This is promoted as “patient engagement”. For regulators, it’s a win-win solution: the providers support the regulation that enables their price fixing and many patient advocates get to swoon over patient engagement efforts.

The proof of this strategy became clear on the first day of Health IT Week – the Consumer Health IT Summit.

In the morning, OCR Director Leon Rodriguez announced the Model Notice of Privacy Practices. In the afternoon, ONC CTO Doug Fridsma declared, out of the blue, that Direct messaging was intended for organization-to-organization messages.

The Model Notice of Privacy Practices legitimizes the practice of provider-to-provider health information exchange under the HIPAA Treatment, Payment and Operations (TPO) exemption. TPO is used by providers and health information exchanges to avoid patient authorization for sharing of private information.

For all health information exchanges, operation under TPO means that patients don’t even have the right to see their own information. Adding to the PR blitz, ONC Chief Privacy Officer Joy Pritts wrote in Health Affairs about “Meaningful Consent”. She cites the new Model Notice of Privacy Practices even though the new document offers the patient absolutely no choice. For the specifics, see the article and my comment.

The casting of Direct as an organization-to-organization system is even more damaging to transparency. The patient-accessible Blue Button Plus includes Direct as the so-called “Push” option. Direct is mandated for Meaningful Use Stage 2 certification. This should mean that every patient can do secure messaging with every MU2 certified provider using Blue Button Plus.

If Fridsma’s pronouncement is implemented, a key feature of Blue Button Plus becomes optional.

ONC guidance can replace the Direct design for patients as first-class citizens and encourage discrimination between organization, physician and patient secure email addresses. This means that patients and physicians will lose a key independent communication channel. For example, by allowing organization-to-organization only implementation of Direct, organizations can avoid giving the patient a critical independent decision support hook.

Without transparency and independent decision support, the tools for reducing health care cost are limited. The market-based (as opposed to Medicare for all) foundation of ObamaCare cannot highlight unwarranted and overpriced services as long as the providers of those services maintain control of our personal information. This seems merely politically expedient in these dog days of HITECH. If we accept an impotent Blue Button Plus and HIE exclusion via TPO we may be headed for a regulatory failure even larger than the sub-prime mortgage crisis.

Adrian Gropper, MD is Chief Technical Officer of Patient Privacy Rights and participates in Blue Button+, Direct secure messaging governance efforts and the evolution of patient-directed health information exchange.

16
Leave a Reply

14 Comment threads
2 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
8 Comment authors
footballRobAdrian Gropper, MDDave Chase (Avado) Recent comment authors
newest oldest most voted
football
Guest

He’s not desperately trying to look like a big shot. ‘The teams,
the broadcast contract and our showcase games this year are
going to generate tremendous excitement about this League and the great seasons to
come. Fan evaluations of the seat ranges will give you a great
idea if the tickets you are bearing in mind are worth what you will splurge.

Adrian Gropper, MD
Guest

@Anon I’m not sure why you jumped from my “conflict-of-interest” to conspiracy. As I made clear early-on, I don’t assume malfeasance or conspiracy in what the public servants are doing and I wish you well. Be that as it may, the “guardrails” argument falls flat with me. $13 Billion of taxpayer money to EHR vendors has not produced a sense of interoperability among the doctors or a sense of transparency among the citizens. What you see as guardrails I see as blinders. How else can I explain that none of the $13 B has gone to create a viable and… Read more »

Guest
AnonforObviousReason

@Peter: I think Fred Trotter is our best example of a bridge burner. Who else would you point to that is going beyond angry blog posts and meetings and functionally doing something about it? I’d love to reach out to them. While I find your missive inspiring, I also think make the mistake of assuming that there aren’t many of us working within the system who are constantly trying to burn small bridges and move this ball forward within the limits of the law. For example there are many of us that love what Trotter is doing and we do… Read more »

Adrian Gropper, MD
Guest

The need to fund Obamacare rollout through health industry contributions would explain a go-slow attitude toward introducing either transparency or competition into the health services market. AnonforObviousReason, is this the explanation for my insensitivity to HITECH regulators? This morning, as I was scanning the quarterly news summary sent by Physicians for a National Health Program, I came across this little story http://www.kaiserhealthnews.org/daily-reports/2013/may/13/sebelius-and-fund-raising.aspx Kaiser health news assembled reports that HHS Secretary Sebelius is asking health industry executives to help fund implementation of the ACA because Congress is not providing enough funding. There seems to be a link between the federal shutdown… Read more »

Peter Bachman
Guest

Anon, you know the word game that is played where you say something, and then add “in bed” after what you say. That’s how I reacted to your statement. “but creating a massive cultural shift of this nature in medicine” But what should be added is “in the U.S” Yes it is incredibly hard as you noted. “In the U.S” not elsewhere. Because it is a money machine (in the U.S.) which can break the economy and has already broken the middle class with far less take home pay according to Robert Reich. That simply means we need to use… Read more »

Adrian Gropper, MD
Guest

HITECH went wildly off-course when it originally decided to regulate EHR vendors using a lock-in business model through Certification instead of pursuing a strategy of open competition through strong interfaces and patient privacy rights. It’s been downhill ever since. Next, HITECH went off-course when it caved to EHR vendors in the CCR vs. CCD debate. CCR was a simpler, physician-driven approach that would have put interoperability and interface way ahead – again, enhancing competition. The next opportunity for interoperability and competition came last fall when instead of issuing strong privacy regulations that could have created a real NwHIN based on… Read more »

Guest
AnonforObviousReason

Thanks for the follow up comment Adrian. I would certainly agree that you are a public servant in these efforts, and given how much those of us working in this area care, and often for very personal reasons, I’m sure you can understand why it burns when people insinuate that you have dark intentions just because they don’t agree. This is of course an entirely PERSONAL opinion- but I actually agree with every change that you would like to see made listed in the follow up comment, (including full cost and quality transparency) which by the way was far more… Read more »

Adrian Gropper, MD
Guest

Dear AnonforObviousReason, let’s separate motives and methods. I too feel like a public servant in this play and I sincerely believe your motives are pure. My flavor of service as a consumer advocate means that I don’t get paid for almost 10 years of full time work. I do hope for more personal relationships with regulators to help me understand your perspective. As far as methods are concerned, there’s nothing “evolutionary” or “incremental” (two explanantions used by regulators this week) in dumping $13 Billion into a health software tech industry that maybe was $5 B a year at the start… Read more »

Guest
AnonforObviousReason

Wow. Adrian you know many of us “regulators”, and pretty much all of us that work on these patient data activities. What do you think is more likely: 1. We are malignant and sneaky, and want to continue treating patients as second class citizens. In fact we want this so badly, most of us working in this area left great private sector jobs and moved our families across the country to be paid less than our market value to do so, OR 2. We think the same things, but creating a massive cultural shift of this nature in medicine is… Read more »

Rob
Guest

Yikes. Those of us who have stepped away from the money of HITECH (and hence their control of our actions) still need to pay heed here. HIPAA (“meaningful choice” sounds like an ironic name if I’ve ever heard one) is an equal-opportunity hammer that could come down on any of us. I am coming to believe that I should not be sharing some of my records with my patients, I should be giving patients their records and helping them organize and prioritize them. The idea of a “portal” seems a lot like a peep-show, where we tease people with a… Read more »

Adrian Gropper, MD
Guest

Dave, I would focus on (1) CONTROL, (2) PRISTINE, (3) SEPARATE, (4) EDUCATED, and (5) LEADERSHIP: 1 – HHS provide guidance that physicians and patients must be able to CONTROL the Direct connections (using a white list or spam exclusion) based on in-person or out-of-band decisions because patients and doctors have legal and customary rights to control their communications unless prevented by policy. 2 – HHS provide guidance that makes clear if Blue Button Plus data sources are PRISTINE. Degradation such as by adding delay (even if that delay is allowed under HIPAA), or not using digital signatures to ensure… Read more »

Dave Chase (Avado)
Guest

Thanks. That helps. I’m hoping some of the key HHS/OCR people can weigh in. At a minimum, I know they listen to dialogues like this.

Dave Chase (Avado)
Guest

Adrian – Can you lay out the summary prescription for what the HHS and specific actions/asks you’d have of the constituents they serve (e.g., the readership of this article)? Thanks

Peter Bachman
Guest

Thanks for explaining this Adrian. It gives me a far better understanding of the motivations of the various system actors. The relevant standard that maintains the identity of the system actors is ISO-21091 applied to a distributed environment, secured with X.509v3 identity certificates, and authorized with attribute certificates so people can delegate members of their team members, such as family advocates who play an important role to coordinate care. Patients and provider organizations are both given equal standing in the standard, but the HHS strategy has been to create this asymmetric relationship in regards to the data by separating out… Read more »

userlogin
Editor

Adrian –

Can you explain for our readers what meaningful consent means in practical terms? Looking at this from the point of view of the authors for a moment – always a helpful exercise – how does this solve the problem?

Adrian Gropper MD
Guest

John, here’s the introductory paragraph by Joy Pritts in the Meaningful Consent article I linked above: (the links will be live in the original article) “Patients’ trust in how their health information is managed is essential to the success of emerging models for electronically sharing patient health information. Patients may be unfamiliar with, and therefore may not trust, exchanging health information through certain types of third parties such as health information exchange organizations (HIEs). Recognizing this, the Health Information Technology Policy Committee (HITPC), a federal advisory committee of the Office of the National Coordinator for Health Information Technology (ONC), recommended… Read more »