A Troubling Strategy at Health IT Week

Health IT Week demonstrated a double barrel strategy to segregate patient information from provider information. Providers already have the power to set prices and health IT plays the central role.

By rebranding HIPAA as “Meaningful Consent” and making patients second-class citizens in Meaningful Use Stage 2 interoperability, providers and regulators are working together to keep it that way.

Essential consumer protections such as price transparency or independent decision support are scarce in the US healthcare system. The journalists are shouting from the rooftops.

There’s  $1 Trillion (yes, $3,000 per person per year) of unwarranted and overpriced health services steering the Federal health IT bus with an information asymmetry strategy. Those of us that want to see universal coverage succeed need the information transparency tools to drive for changes.

Here’s how it works: The department of Health and Human Services (HHS) controls the health IT incentives and regulations. HIPAA applies to most licensed health services providers. Laboratories and devices are regulated by Medicare and the FDA.

Unlicensed services offered directly to patients, such as personal health records, web info sites and apps are regulated by the FTC. Separate regulatory domains facilitate the segregation of information and contribute to the lack of transparency by making patient-directed services use delayed and degraded information. This keeps independent advice from FTC-regulated service providers from illuminating the specific abuses.

The segregation of patient information from “provider” information is the current federal regulatory strategy. It’s even more so in the states. By making patients into second-class citizens, the providers can avoid open scrutiny, transparent pricing, and independent decision support.

Federal regulators then create a parallel system where information is delayed, diluted, and depreciated by lack of “authenticity”. This is promoted as “patient engagement”. For regulators, it’s a win-win solution: the providers support the regulation that enables their price fixing and many patient advocates get to swoon over patient engagement efforts.

The proof of this strategy became clear on the first day of Health IT Week – the Consumer Health IT Summit.

In the morning, OCR Director Leon Rodriguez announced the Model Notice of Privacy Practices. In the afternoon, ONC CTO Doug Fridsma declared, out of the blue, that Direct messaging was intended for organization-to-organization messages.

The Model Notice of Privacy Practices legitimizes the practice of provider-to-provider health information exchange under the HIPAA Treatment, Payment and Operations (TPO) exemption. TPO is used by providers and health information exchanges to avoid patient authorization for sharing of private information.

For all health information exchanges, operation under TPO means that patients don’t even have the right to see their own information. Adding to the PR blitz, ONC Chief Privacy Officer Joy Pritts wrote in Health Affairs about “Meaningful Consent”. She cites the new Model Notice of Privacy Practices even though the new document offers the patient absolutely no choice. For the specifics, see the article and my comment.

The casting of Direct as an organization-to-organization system is even more damaging to transparency. The patient-accessible Blue Button Plus includes Direct as the so-called “Push” option. Direct is mandated for Meaningful Use Stage 2 certification. This should mean that every patient can do secure messaging with every MU2 certified provider using Blue Button Plus.

If Fridsma’s pronouncement is implemented, a key feature of Blue Button Plus becomes optional.

ONC guidance can replace the Direct design for patients as first-class citizens and encourage discrimination between organization, physician and patient secure email addresses. This means that patients and physicians will lose a key independent communication channel. For example, by allowing organization-to-organization only implementation of Direct, organizations can avoid giving the patient a critical independent decision support hook.

Without transparency and independent decision support, the tools for reducing health care cost are limited. The market-based (as opposed to Medicare for all) foundation of ObamaCare cannot highlight unwarranted and overpriced services as long as the providers of those services maintain control of our personal information. This seems merely politically expedient in these dog days of HITECH. If we accept an impotent Blue Button Plus and HIE exclusion via TPO we may be headed for a regulatory failure even larger than the sub-prime mortgage crisis.

Adrian Gropper, MD is Chief Technical Officer of Patient Privacy Rights and participates in Blue Button+, Direct secure messaging governance efforts and the evolution of patient-directed health information exchange.

16 replies »

  1. He’s not desperately trying to look like a big shot. ‘The teams,
    the broadcast contract and our showcase games this year are
    going to generate tremendous excitement about this League and the great seasons to
    come. Fan evaluations of the seat ranges will give you a great
    idea if the tickets you are bearing in mind are worth what you will splurge.

  2. @Anon

    I’m not sure why you jumped from my “conflict-of-interest” to conspiracy. As I made clear early-on, I don’t assume malfeasance or conspiracy in what the public servants are doing and I wish you well.

    Be that as it may, the “guardrails” argument falls flat with me. $13 Billion of taxpayer money to EHR vendors has not produced a sense of interoperability among the doctors or a sense of transparency among the citizens. What you see as guardrails I see as blinders. How else can I explain that none of the $13 B has gone to create a viable and interoperable open source EHR implementation to drive physician competition for MU?

  3. @Peter:

    I think Fred Trotter is our best example of a bridge burner. Who else would you point to that is going beyond angry blog posts and meetings and functionally doing something about it? I’d love to reach out to them.

    While I find your missive inspiring, I also think make the mistake of assuming that there aren’t many of us working within the system who are constantly trying to burn small bridges and move this ball forward within the limits of the law. For example there are many of us that love what Trotter is doing and we do our best to support him in whatever way possible without violating the significant limits placed on us as government employees. Limits that most Americans are grateful for when you get down to a specific issue that they don’t agree with.

    Similar to my request of Adrian, I’d like to know what the specific things are that you would like to see changed. I share similar frustrations as you do as to the incentive structures in the US vs other countries, and in my case what I also believe are significant guilds still holding most of the power that prevent others from entering the industry to solve problems on behalf of patients.


    I’m unfortunately going to have to sign off from this thread to the extent that you’ve taken it to the level of conspiracy theory. The fact that I engaged with you at all is flirting with the line of what is allowed as a government employee, and I have no interest in making the situation worse for the millions of us who are at significant risk of going on an extended vacation without pay and significant limitations as to how we can support our families while the government is not functioning. Not to mention all of the people living in DC who are about to have their city shut down.

    The final thing that I will say is that I assume your accusations here are about the device tax and the fact that its needed to partially fund Obamacare, since the Republican party refuses to outright fund it.

    The fact that you think a conspiracy that cuts across two massive branches of government, 3 agencies made up of tens of thousands of people, and two major issues that have hardly evolved in lock step with each other is more likely than the 1. lack of SME consensus on the issues you bring up, though I realize every man believes himself right in his own eyes, and 2. the rules you well understand limiting how we can and can’t regulate based upon this mixed SME input, is precisely why I suggested that all Americans should have to spend a few years in public service. And while I agree that you are in public service of sorts, I refer to the public service that puts you in the belly of the US government to understand how maddening it can be to try and create the changes you seek from within, and what goes into each small win.

    If you have an issue with the fundamental structure of our government and how different agencies are made to act as both regulatory and collector of things like device fees, you need to take it up with a very different body than those that put on Health IT week. To create the specific changes as quickly as you would like, I suggest going to the branch of government that creates the policy guardrails that allow us to make such aggressive changes. There are many in the legislature that feel passionate about privacy.

  4. The need to fund Obamacare rollout through health industry contributions would explain a go-slow attitude toward introducing either transparency or competition into the health services market.

    AnonforObviousReason, is this the explanation for my insensitivity to HITECH regulators?

    This morning, as I was scanning the quarterly news summary sent by Physicians for a National Health Program, I came across this little story http://www.kaiserhealthnews.org/daily-reports/2013/may/13/sebelius-and-fund-raising.aspx Kaiser health news assembled reports that HHS Secretary Sebelius is asking health industry executives to help fund implementation of the ACA because Congress is not providing enough funding.

    There seems to be a link between the federal shutdown on Oct 1 and the patient privacy rights. If so, it’s a bi-partisan link with Republicans calling for repeal the ACA’s medical device tax (hated by industry) and Democrats protecting payer and provider pricing mechanisms form disruption.

    This kind of regulatory conflict-of-interest around consumer protections by isn’t new. The FDA is accused of bias because of a reliance on drug and device industry fees. FTC practices have been repeatedly called out for similar issues. This EPIC report http://epic.org/privacy/ftc/EPIC_Comments_FTC_Internet_Privacy_Report.pdf lists many of the specifics and concludes: “To safeguard the interests of American consumers and Internet users, it is necessary to create a new agency with the technical competence and political will to protect privacy.”

    Never-mind the ACA, the next government shutdown will be over funding for the healthcare equivalent of the Consumer Finance Protection Bureau. Elizabeth Warren, are you listening?

  5. Anon, you know the word game that is played where you say something, and then add “in bed” after what you say. That’s how I reacted to your statement.

    “but creating a massive cultural shift of this nature in medicine”

    But what should be added is “in the U.S”

    Yes it is incredibly hard as you noted. “In the U.S” not elsewhere.

    Because it is a money machine (in the U.S.) which can break the economy and has already broken the middle class with far less take home pay according to Robert Reich.

    That simply means we need to use all the tools we have at our disposal to turn the ship around. “In the U.S.” and not for all of medicine, which other than here, has already figured this out, but we can do that too in time. We can be a model of what works and has high quality. Which means patients have to have leverage more than being consumers.

    HHS has had since 2004 to get this job done for HIT, not for the Internet, not for all of medicine, but ….here in the U.S. and they have used the usual tools at their disposal.

    The HIT reform was supposed to be done by 2014

    Back in 2004 the customers said, “put it on the Internet” because that’s the single most disruptive thing that has happened in the last 10 years. That’s global, not just the U.S., but it can tailored to a specific solution here in the U.S.

    It’s information, it can go over the Internet, but my patient portal, happily lies that “standard Internet mail is insecure”, by playing word games. “in the U.S.” due to a restraint of trade encouraged by HHS which could not be accomplished via rule making.

    It’s the same as the NSA, they get private companies to do the work for them instead of doing it themselves.

    Then one company , Lavabit, said no.

    Then Silent Circle.

    All encrypted email providers then realized the current model was broken and that was hidden.

    The same realization is bringing down the house of cards in terms of healthcare privacy. Suddenly it becomes a bigger problem.

    Those that do need help will not get it with predictable results due to a lack of trust, and coordination or money.

    But in France where they already use S/MIME and SMTP and it is no big deal.

    Yes, It’s no big deal, unless you are the NSA and are wiling to support back doors into mail systems through deals instead of using HIPAA and going to providers.

    No accountability or data integrity.

    So encrypted email to a Direct Address is a perfectly legitimate way to send mail between doctor and patient, and round trip.

    But not according to my portal which traps the messages from my doctor and holds them ransom because “email is insecure”.

    So in other parts of the world where the citizens do not allow 18% of GDP to be spent on Healthcare, along with worse outcomes they see how we game it to be a money machine. And this has nothing to do with individuals, anymore than war has to do with soldiers.

    Where that pool of money that Adrian cites was not made available, they had to attack the problem pragmatically like the Dutch kept out the North sea, but in New Orleans let people die in the hospitals during Katrina while people sorted out who would make money on the disaster.

    Heck of a job, Brownie said the man in charge as he flew over the people trapped in the sports stadium. The police shot people trying to get out of town on the bridge.

    We talk about patient engagement? that’s not the same as landing the copter from the overhead view.

    It’s not the same as John Lewis crossing the Pettus bridge and getting his skull cracked.. Then with the support of the Federal Government, a bridge was crossed at great risk.

    Now who will stand to defend the rights of freedom and equality on that bridge, to hold it for the citizens? It’s more than giving up a nice job in the private sector, it is change that has to happen in the U.S. to not be held back for what is ours.

    So will you hold yourself up to that standard, or has that all forgotten so quickly?

    The risks are known, and the sea is always there, but the Dutch aligned themselves politically to make sure that one thing got done right. We can do this one thing right to open to competition.

    We have a mechanism, a bridge to help do that, but more than that bridge, we have a country.

    That’s the theme that every school kid learned in the 1900’s defend the bridge against the false Sextus, recreated in the future by Tom Cruise, who updated the Top Gun theme with a twist.

    Morgan Freeman plants the seed,

    Lays of Ancient Rome. Horatius knows the way is narrow but he can only find two others willing to go. They fact thousands who must get through the gate.

    And they hold the bridge against thousands until the bridge collapses, demolished from the Roman side, and Horatius plunges into the river but the city is not sacked.

    “Then out spake brave Horatius,
    The Captain of the Gate:
    “To every man upon this earth
    Death cometh soon or late.
    And how can man die better
    Than facing fearful odds,
    For the ashes of his fathers,
    And the temples of his Gods”.

    The risks of Healthcare or disasters are equally well known, the plans all make sense with massive justifications, but when it comes to the citizens, the lack of responsibility is astounding while but as individuals they might come out well. This makes it a systemic problem.

    It shouldn’t be an ongoing conversation since 2004 when the problems were made very clear by a road show and comments afterwards. Yes there have been good solutions since then. But there has also been delay on what is pragmatic.

    Since then it has gone far beyond just obvious to a crisis that risks shutting down the entire government for not attacking the root causes, and instead just adding a new pool of better quality risk to the system to continue to feed the system, where the costs of that risk are not going down.

    I’m not arguing that Obamacare is not a good idea in general, just that we can either man the pumps, or continue to stay in the casino to speculate on the risks. And the house on average is affecting the payouts. That’s the law of large numbers.

    For those who are well paid in the private sector, that’s the risk they signed up for, they can and will be creatively disrupted and either adapt, or go under, or put the country under..

    I see PPR cutting through this Gordian Knot and showing the way to an economy which is both pragmatic and values privacy in ways that Adrian is very clear about and what the country can get behind, but will in fact begin to deflate the health care IT bubble to levels comparable to other G8 countries.

    One bright spot, we are not wasting the amount of money on consultants like they do in the UK with multi billion dollar centralized project failures. We have regional mafias instead, where you have to buy your services from cousin Vinnie who runs the towel service, and maybe you even get a very good price, because Vinnie doesn’t need to charge anything for the towels, actually because he can charge $35 for Tylenol with no connection to market forces.

    HHS has attacked the problem theoretically, to the point of making some breakthroughs, but then is held back by the need to support the business model of HIE.

    I might cite a recent RWJ report on HIE where they note it is not self sustaining as a public good, and must be supported by grants.

    Then they turn around and wonder how they can support this model further without consideration of perhaps it is being simply done the wrong way

    Take a look at c=FR, they have Direct type certificates one can look up in a Directory, it’s no big deal.

  6. HITECH went wildly off-course when it originally decided to regulate EHR vendors using a lock-in business model through Certification instead of pursuing a strategy of open competition through strong interfaces and patient privacy rights. It’s been downhill ever since.

    Next, HITECH went off-course when it caved to EHR vendors in the CCR vs. CCD debate. CCR was a simpler, physician-driven approach that would have put interoperability and interface way ahead – again, enhancing competition.

    The next opportunity for interoperability and competition came last fall when instead of issuing strong privacy regulations that could have created a real NwHIN based on patient and physician authorization, ONC decided to follow the EHR-centered path with “trust bundles”.

    From my perspective, ONC has not missed a single chance to support the vendor-lock-in business model and to undercut the physician-patient relationship.

    Simple consumer-oriented principles like phone number portability or open network access on the Internet, or net neutrality have never held sway in the HITECH roadmap and the results are obvious.

    I speak from first-hand experience. The last time we digitized something in healthcare was DICOM. Federal influence drove the standard, not through certification, but by a combination of creating an open source reference implementation anyone could use and mandating the standard for all federal procurements. I, and many others were able to build successful new PACS businesses based on DICOM. DICOM interfaces remain free to this day.

    Compare the DICOM experience with our EHR interoperability and the NwHIN. In my state, MA, EHR vendors refused state HIE interface grants because they might not be able to charge interface fees for each client; even as a physician, I’m not allowed to get a Direct address on the state HIE; and my state HIE can’t yet connect via Direct to any other state. The doctors and smaller vendors have no open source alternative. It’s 2013. The HIE is 90% funded with federal money. Oh well…

    As my original post said, what you see as evolution, I see as appeasement of a vendor lock-in business model that always puts competition (EHR competition and/or patient or physician control to drive provider services competition) off to some future stage of regulation.

    Unless you shift regulatory priorities to competition (for both EHRs and clinical services), market-based health reform cannot be expected to succeed.

  7. Thanks for the follow up comment Adrian. I would certainly agree that you are a public servant in these efforts, and given how much those of us working in this area care, and often for very personal reasons, I’m sure you can understand why it burns when people insinuate that you have dark intentions just because they don’t agree.

    This is of course an entirely PERSONAL opinion- but I actually agree with every change that you would like to see made listed in the follow up comment, (including full cost and quality transparency) which by the way was far more productive than the original article. Except perhaps point 3 – though that is more because this is not my area of expertise. I’m very interested to see what transpires with your work in Massachusetts. There is the constant tension between the opt in vs opt out but with transparency approach, especially when you have medical and public health experts screaming that HIPAA already hurts research, population health management, public health, delays records being sent for valid medical reasons, etc and we can’t make the same mistake with HIE data. Not to mention that everyone seem to forget that HIPAA is about both privacy/security AND access/portability. During clinical training I never received a scary email about the millions it would cost me if I violated the latter, but I received extensive training and emails about the former at least once a month. Which is fascinating considering that the largest fines levied have been for lack of access. http://www.hhs.gov/news/press/2011pres/02/20110222a.html

    So taken all four of the others that I do know something about, I don’t see how any of our current actions conflict with these outcomes, and in fact I would again state that the overall trajectory of all of the policies and programs are taking the entire industry much closer to the world you seek. Would you prefer that we walk away from the table, letting perfect be the enemy of good? I would be interested to hear specifically where something has gone wildly off course, vs is just moving slower than you would like in the general right direction.

    You know that there are clear laws that define what levers we have to create new regulation or start new initiatives that become a formal government opinion. We are legally obligated to go through groups such as the Federal Advisory Committees. If people think we need to move faster towards the goals you state, then they need to be on the FACAs or otherwise provide that feedback in formal ways that we can point to as the reasoning for our actions.

    I’m looking forward to the day when I no longer have to say this- but again just want to be clear that this is a personal dialogue, and I’m not here to formally represent any government entity. Thanks

  8. Dear AnonforObviousReason, let’s separate motives and methods. I too feel like a public servant in this play and I sincerely believe your motives are pure. My flavor of service as a consumer advocate means that I don’t get paid for almost 10 years of full time work. I do hope for more personal relationships with regulators to help me understand your perspective.

    As far as methods are concerned, there’s nothing “evolutionary” or “incremental” (two explanantions used by regulators this week) in dumping $13 Billion into a health software tech industry that maybe was $5 B a year at the start of HITECH. The disruption, consolidation, physician frustration and just plain misdirection of well-meaning tech entrepreneurs like me that this caused might be hard for you to imagine. I’m still hanging on to the HITECH rollercoaster by the skin of my teeth and learning to anticipate the dips and curves a bit better as I go along.

    In a healthcare system that has zero cost transparency and no meaningful quality transparency either, any regulatory move that does not fully open data to the individual patient and her physician is just plain wrong.

  9. Wow.

    Adrian you know many of us “regulators”, and pretty much all of us that work on these patient data activities. What do you think is more likely:
    1. We are malignant and sneaky, and want to continue treating patients as second class citizens. In fact we want this so badly, most of us working in this area left great private sector jobs and moved our families across the country to be paid less than our market value to do so,
    2. We think the same things, but creating a massive cultural shift of this nature in medicine is really frieken hard, and Blue Button and all of the policies and technologies we work on to support it are EVOLVING as we all work like crazy towards that ideal place. I think if you look at where we were five years ago, where we are today, and the part we “regulators” have played, there is no question that things are moving in the right direction when it comes to patient rights and data access.

    Rob there is not and has never been anything in HIPAA that prevents you from giving patients access to their entire digital record, it is your choice to only allow them to see a fraction of the data through a portal or otherwise make that process unnecessarily cumbersome. HIPAA in fact was recently modified to be very clear that a patient has the right to request and receive that data in the electronic format of their choice if it is readily available. While you may constantly disparage MU on these pages, its that program that is trying to make your fellow providers finally give people access to view their data, download it in a dependable format, and send it to the destination of their choice in a secure fashion outside of the EHR “walled garden”. Providers were not doing it of their own volition.

    I wish all Americans had to do a tour in public service. Its unbelievably demoralizing to be publicly castigated as a blockhead or worse by people with whom you are in fact on the same team. Can we please instead get mad at the providers and organizations that don’t want to share your data, and the companies that are setting up these proprietary relationships that leave patient’s out of the equation?

  10. Yikes.

    Those of us who have stepped away from the money of HITECH (and hence their control of our actions) still need to pay heed here. HIPAA (“meaningful choice” sounds like an ironic name if I’ve ever heard one) is an equal-opportunity hammer that could come down on any of us. I am coming to believe that I should not be sharing some of my records with my patients, I should be giving patients their records and helping them organize and prioritize them. The idea of a “portal” seems a lot like a peep-show, where we tease people with a view of parts of the record which they only can see as long as they stay in the building of our walled-garden EMR world.

    This kind of article makes me quite nervous about the intent of those in control not being inept and short-sighted, but malignant and controlling. Scary.

  11. Dave, I would focus on (1) CONTROL, (2) PRISTINE, (3) SEPARATE, (4) EDUCATED, and (5) LEADERSHIP:

    1 – HHS provide guidance that physicians and patients must be able to CONTROL the Direct connections (using a white list or spam exclusion) based on in-person or out-of-band decisions because patients and doctors have legal and customary rights to control their communications unless prevented by policy.

    2 – HHS provide guidance that makes clear if Blue Button Plus data sources are PRISTINE. Degradation such as by adding delay (even if that delay is allowed under HIPAA), or not using digital signatures to ensure provenance and maintain the chain of custody, or by making some information available through point-to-point, proprietary and batch channels but not available to the patient via BB+ must be clearly disclosed. For example, if an order is placed in an EHR and it’s transmitted to SureScripts or to a prior authorization or eligibility service that same order needs to be accessible at the same time as a triggered transmission via BB+ Push.

    3 – OCR provide guidance that Notice of Privacy Practices for health information exchange or data sharing (including HIPAA TPO) is SEPARATE from Notice of Privacy Practices for treatment (which covers most of HIPAA and the security rules). TPO under HIPAA is not a license for hidden and coercive surveillance. All data that is shared with anyone that can make downstream uses of the data (notice that a transcription service would not be included in this category but an insurance company or health information exchange or all payer claims database probably would be included) need to be accessible to the patient in the Accounting of Disclosures on line and in real time. Some might call this separation of consent “Meaningful Choice”.

    4 – People and our consumer protection advocates should be EDUCATED that Meaningful Choice means that you can receive treatment without hidden or coercive data sharing and therefore should avoid or opt-out from any provider that does not offer a Blue Button Plus portal providing an automated accessible, timely and undegraded copy of your information that MIGHT be shared with your consent or under HIPAA TPO.

    5 – Federally subsidized projects including CMS, VA and DoD, as well as all state health information exchanges should take the opportunity for LEADERSHIP by implementing pristine Blue Button Plus and educating the rest of the citizens about it.

    These five “prescriptions” would, in effect create an open standard API to our federally subsidized HITECH patient data. This will enable a whole industry of independent patient advocates and apps that would give us a fighting chance to get market-based reforms under the Obamacare model.

  12. Adrian – Can you lay out the summary prescription for what the HHS and specific actions/asks you’d have of the constituents they serve (e.g., the readership of this article)? Thanks

  13. Thanks for explaining this Adrian. It gives me a far better understanding of the motivations of the various system actors.

    The relevant standard that maintains the identity of the system actors is ISO-21091 applied to a distributed environment, secured with X.509v3 identity certificates, and authorized with attribute certificates so people can delegate members of their team members, such as family advocates who play an important role to coordinate care.

    Patients and provider organizations are both given equal standing in the standard, but the HHS strategy has been to create this asymmetric relationship in regards to the data by separating out providers. This has puzzled me, but you made it clear why.

    Patients spend one hour a week researching healthcare on the web, and one hour a year with their doctors.

    This argues for far more than “patient engagement” through proprietary web portals but incentives for secure meaningful communication between doctor and patient, on an equal footing as one would expect for exactly the reasons you detailed.

    So we already have established that the patient and her care team engage in clinical decision support using the best tools they have available which is research. How does she plug this contradictory information into a decision making model in which many factors are likely to intersect? A PHR is inadequate to the task.

    Why should this cooperative modeling be constrained in any way to a specific format when tools are already available on the desktop? Every good industry now includes the end user as part of the process, not just a consumer.

    Providers advertise on television that they have various types of technology, we don’t limit that to web sites. Patients have self organized for years to combine knowledge.

    What is missing is the effective modeling of that complex information that a few graphs on a web site don’t match in which the patient and physician can both participate as team members, and sadly not as “consumers”, which is a false distinction.

    These models contain complex relationships between multiple factors in which providers can collaborate with patients that go beyond ranges of test scores to build what if scenarios that go far beyond traditional medicine.

    Furthermore these models can be populated by patient data flowing securely in the other direction to create big data, that will then create a feedback loop to improve those models.

    Since Direct is bi-directional in this sense it can be used this way, where consumers are unlikely to read IHE specifications to send HL7 FHIR messages to a web services server.

    The relationship between doctor and patient is the traditional gold standard for trust because of thousands of years of development of trust and cannot be effectively handled by intermediaries who want to be trusted simply on the basis they implement HTTP, REST and TLS to machines and back end systems.

    A failure to extend that gold standard for trust through secure S/MIME by limiting Direct to only Providers and their Business Associates makes Direct much less useful to reinforce that patient-doctor relationship, to promote modeling on the patient side and limits Direct to be simply one step above flax, a long line in, while the trillion dollars of spun gold is piled up elsewhere.

  14. John, here’s the introductory paragraph by Joy Pritts in the Meaningful Consent article I linked above: (the links will be live in the original article)

    “Patients’ trust in how their health information is managed is essential to the success of emerging models for electronically sharing patient health information. Patients may be unfamiliar with, and therefore may not trust, exchanging health information through certain types of third parties such as health information exchange organizations (HIEs). Recognizing this, the Health Information Technology Policy Committee (HITPC), a federal advisory committee of the Office of the National Coordinator for Health Information Technology (ONC), recommended that patients be given a “meaningful choice” as to whether their health information is exchanged through certain types of HIEs.”

    My point is that it’s misleading to imply that Meaningful Consent can exist without Meaningful Choice. The segregation of information away from the patient-directed domain is what makes consent without choice a misleading association.

  15. Adrian –

    Can you explain for our readers what meaningful consent means in practical terms? Looking at this from the point of view of the authors for a moment – always a helpful exercise – how does this solve the problem?