It’s Doctors versus Hospitals Over Meaningful Use

The Massachusetts Medical Society may be the first to notice that Meaningful Use EHR mandates favor large providers and technology vendors. Control over the Nationwide Health Information Network sets the stage for how physicians refer, receive decision support, report quality, and interact with patients. State health information exchanges and policy makers are caught in the cross-fire over health records interoperability. Are the federal regulations over Stage 2 being manipulated to put physicians and the public at a disadvantage?

On Dec. 7, the Massachusetts Medical Society took what might be the first formal action in the nation. A resolution stating:

“That the Massachusetts Medical Society advocate for a more open, affordable process to meet technology mandates imposed by regulations and mandates; e.g., that all Direct secure email systems, mandated by Meaningful Use stage 2, including health information exchanges and electronic health record systems, allow a licensed physician to designate any specified Direct recipient or sender without interference from any institution, electronic health record vendor, or intermediary transport agent.”

Scott Mace’s column Direct Protocol May Favor Large Providers and Vendors is the first to report on this unusual move by a professional society. Full disclosure: I’m a member of the MMS and the initiator of what became this resolution.

Meaningful Use is intended to support health reform by promoting interoperability and innovation in health service delivery. The Affordable Care Act, Obamacare, is fundamentally a free-enterprise model without single payer or even a public option. Obamacare depends on the market for eventual cost controls and sustainability. Meaningful Use is regulation designed to enable market-driven health reform by reducing interoperability barriers.

Although Meaningful Use regulations have already handed out $17 Billion to drive “voluntary” adoption of interoperable electronic health records, meaningful interoperability is still elusive. Meanwhile, the doctors are chafing about Meaningful Use intrusions and policymakers worry that the regulations will actually increase costs.

Earlier, Farzad Mostashari provided his perspective on the strategic importance of technology in this excellent interview about his new role.

The vendors and their institutional customers are interpreting Meaningful Use in a way that allows them to censor and tax physician-physician and physician-patient communications. Control over the Nationwide Health Information Network sets the stage for manipulating all of the key elements of health reform including quality, cost and population health. This is Net Neutrality on steroids.

The MMS resolution will open an important debate over the Meaningful Use regulations:

  • Are physicians, institutions, and patients all first-class citizens in the Direct-based NwHIN?

  • Can EHR vendors price messages and documents that come in via Direct differently depending on where they come from?

  • Is health care trust governed through civil federations like our credit cards or based on criminal penalties like mail fraud?

The answers to these questions will have huge consequences for all of us, way beyond the money scramble between hospitals, physicians, and global corporations. Medicine can be regulated as a profession or as a branded proprietary device. As medicine is increasingly mediated by EHRs and integrated over the Internet, the choices we make around the governance of “trust” on the NwHIN and EHR regulation will dictate the rate of medical progress itself.

With this resolution, my medical society has come down clearly in favor of physician-based trust on the NwHIN. What should the federal regulators do?

Adrian Gropper, MD is Chief Technical Officer of Patient Privacy Rights and participates in Blue Button+, Direct secure messaging governance efforts and the evolution of patient-directed health information exchange.

23 replies »

  1. This is a great write up and even better discussion. I hear loud and clear how one can think these mandates favor technology vendors. And I’m speaking from a technology vendor perspective, being employed by simplifyMD ehr/pm company. From our standpoint, the same amount of effort and money is put forth keeping our clinical charting software compliant to government regulations. So it is not like we get any sort of favorable treatment. For simplifyMD , we have to differentiate ourselves from large hospital based systems to earn the business of private practices. The drop down heavy, point and click decision tree emr systems of hospitals do not work for most private practices. We offer a certified alternative by recreating your forms (ie registration documents, encounter forms, notes etc) into the system like a word / pdf template. So the providers can maintain the same level of patient interaction and work flow without compromising on meaningful use. I’m only writing this to spread the word that a suitable system is out there.

  2. Trust begins and ends at the patient-care giver (clinician) encounter. Anything that gets in the way of establishing trust, i.e, destroying patient informed consent, privacy and security of PHI is wrong headed. Any HISP that does not allow conduit, adds complexity, destroys PHI security and integrity, and opens the whole system of PHI transfer to identify theft.

  3. Many of the excellent points Peter makes are covered in the Federal Health Architecture Request for Comment at http://www.connectopensource.org/fha-directed-exchange-workgroup-survey

    The deadline for comments is January 14 and there’s a great deal of very detailed and thoughtful discussion in the four documents they posted.

    Although the FHA does not speak for HHS, it has the power of the purse and can do a great deal of good by implementing Blue Button Plus Push (Direct) and Pull (REST) in a way that allows end user accountability for secure messaging.

  4. Peter,

    Thank you for your thoughtful contribution.

    Your point around the provider directory should not be underestimated. Direct secure messaging need not and should not be hijacked to _prevent_ end-to-end security. This is why DirectTrust needs to be just an option rather than the basis for Directed Exchange.

    Not only can trust be established at the directory level for professionals but, in the case of patients, it can be based on in-person authentication. This preserves the primacy of the physician-patient relationship while allowing the convenience and power of on-line secure messaging.

    It’s 2014, and being able to send and receive secure messages and attachments to one’s secure Outlook or Thunderbird or mobile device needs to be table stakes for claiming either interoperability or privacy.

  5. David M,

    I’m glad that you see the provider and patient id directory with PKI for the potential it has to work off the same unique data set for the entire US. It’s just that simple. Medical data on the other hand is hard and work has to be done to fix that.

    Even matching between different code sets is possible given low cost engines to do so, and semantically moving in the right direction, converging rather than attempting to do the big thing in a waterfall approach.

    I think that is all happening, but then it gets held back by the economics. I liked the comment of “building defensive stovepipes” in Adrian’s blog. That’s exactly what happened in 9/11 and should not happen in healthcare once things become more patient centric by enabling those data flows.

    Seemed like such a good idea to integrate the Internet with Heathcare until people realized how that typically ends up.

    It doesn’t need to be that way, and one way to start is to realize the Web is not the end all be all solution for everything, thus forcing everything into the cloud.

    Provider Directory should have been supported by HHS when they had the opportunity after it was approved by S&I Framework.

    But as Hayward said, the public does not get it yet. They just feel the pain of the costs which are being passed on, without understanding where those costs are being generated.

    Patient ID is still hung up in algorithmic matching which HHS/IHE supports because Congress kept them from doing research on Patient ID. Patient ID however is simple and very doable, plus already standardized. HHS wont talk about it tho, that has to be done in the private sector right now.

    This problem is a tax added on, to sustain barriers which are only there to protect profits. while stating things are not inter-operable when they are in certain places.

    Logically things are going to be interpreted differently as one travels down a C-CDA and that is killing the major vendors..

    Creative destruction eventually takes care of that, but this time it needs to do so in a way that supports locality, not another Amazon.

    .We know how to do it, but the disintermediation lock in will be severe if we don’t get those efficiencies while still protecting the local practice, that is the “genius loci” of this approach which is the focus of localization to recognize uniqueness. Maybe the MMS gets this, and why those barriers are being enforced.

    Blue Button directly addresses part of this problem and HHS does support that but there is still inequality of use case actors in terms of Direct.

    It is the opposite of centralization and franchising. Luckily that approach is on the upswing as large systems begin to show failures for being too brittle. Properly configured they can work together quite well.

    I have a demo of an IHE HPD provider directory working on the web. You can search for a provider and download their Direct Certificate right into Outlook with a few clicks. It stops there however because if you are trying to send to a provider that certifies with Direct Trust they will drop your mail as not trusted. They require a BAA, and that’s not required for END to END. So as Dr Kibbe state unequivocally, they will drop the message because they don’t trust the source of the message as being within their “circle of trust”.

    Closed circles of trust are business related.

    I a bit frustrated in pulling it off under the c=US realm due to the economic manipulation of patient privacy security,, but progress is being made.Dots are being connected across a huge complicated machine.

    If enough of us pull together to get rid of the fragmentation and data silos, and remove the blocks that doctors have in exchanging PHI, then it will just be the new normal. That is because it really is that simple. Getting the entire nation to pull at the same time to get there, much harder, and it is going to require separating the wheat from the chaff in terms of truth.

    We have the “old crows” doing that who were technical experts right now who worked for the NSA that recently explained how this all went south.

    But given the amount of money involved in Healthcare and the stimulus getting an ROI requires that people see the big picture and start becoming sanguine about the scale without getting hung up on the complexity.

    Literally I got a call from my pharmacy after an appointment the other day while I was driving home letting me know that my order had been filled. NwHIN can and should be that simple, and governed properly to be affordable without complexity.

  6. Obscuring the advantages of Direct encrypted end to end communications between people, and now doctor to doctor, and patient to doctor, has been a strategy of the NSA since 1994 when people rejected key escrow and the LEAF. The misinformation is deliberate and people are beginning to connect the dots following Snowden.

    However the key management for PKI is hard work, but a lot less work than exchanging private keys, and a lot more scaleable because you can look up public key certificates in a directory and import that into your mail client, thus setting up a Direct connection.

    This is done everyday and has been since the mid 1990’s but not scaled out to individual doctors and practice even though there is little national security risk in doing so. This is because identity information is send in the clear between providers in the email headers (or metadata) but patient PHI is entirely encrypted and can not be changed or read, unless there is a man in the middle. And a conventional HISP is the classic definition of a man in the middle attack, which is done willingly because they hold private keys in escrow not the end points. Therefore, they have to be trusted as Business Associates who hold PHI.

    That directory can be a corporate directory, a state directory or a national X.500 distributed directory of states and organizations, or the least desirable LDAP Federated Directory now being pushed by ONC and IHEl

    That approach endorsed by Direct is really just a web services front end to back end databases ignoring the standards set by S&I Framework, and the standards process in general (which of course violates the spirit if not the actual law that set up a process of standards optimization to lower health care costs) under the NwHIN.

    Logically few people are willing to stand up to this cartel approach for healthcare and doctors are realize they are the next targets.

    Instead the cartel approach has been re-purposed to push doctors out of their own practices, to sever relationships between doctor and patient and install middle men contracts which have successfully driven up costs so that a bag of saline that costs 50 cents ends up being $35 retail.

    So on the outset Direct seems like a logical thing, which it is, until it is re-purposed to fit that model.

    Every time a practice is sold, they move to a new EHR because the integration is not MU2 between EHRs as stated, but integration between a few large EHR vendors that is built in.

    X.500/X.509v3 is how the government already does this, and has since 1993 to keep crazy generals from launching nukes on their own accord which is why we worked with the research labs in charge of nukes and NATO to make this whole thing work. That obviously has to work first and does.

    But command and control is different from medicine so there has been an attempt to tailor PKI encryption to the medical community and make it usable.

    And it is very difficult to get the straight story, but it shows up in the accounting.

    Scaling out encryption to web sites and email requires effort which should be compensated.

    Office of Civil Rights has educate people on the proper use of crypto to protect patient data, which they are doing with the Wall of Shame and increasing fines for ignoring this problem at the executive level.

    But there is still a hidden requirement to allow back door access by the NSA and other agencies, for which they have the legal right to drive people out of business if they don’t comply which creates a Faustian bargain. HISPs that don’t encrypt don’t have this problem, they can’t be compelled to give up PHI they can’t read. That is under control of the private key holder.

    Thus you have HISPs that act as a conduit and don’t mess with encryption in between, just do the certificate and directory provisioning, and then you have HISPs that have to be trusted as Business Associates because they encrypt and decrypt data and therefore are in the middle. Each approach works but is different.

    The Direct conduit model pushes trust to the edges between already covered entities who are already required to exchange patient information under administrative simplification.

    However when those covered entities do share PHI with business associates, the picture does become complex very rapidly. It is not complex between covered entities which was the reason behind simplification already in HIPAA.

    This point has been made by PKI experts repeatedly when it comes to the business model for HISPs.

    It’s not wrong, it’s just self justification for added certification costs which may or may not add value using trust as a mantra.

    In fact sometimes HISPs can add value because they can redirect data, but the security practices are what organizations should do anyway under HIPAA security risk assessments or risk being fined, so there are already best practices and requirements.

    The military does not use a trust approach because of the MITM problem and the financial services industry for payment cards does not either since they have been burnt so many times by man in the middle attacks which exploit trust so they went end to end encryption also.

    This is a business model issue, not a security or trust issue and so the current driver is economic protectionism to construct barriers to Direct usage that is aimed right at the doctor patient relationship and being a toll road via interfaces per message sent via Direct from the EHR.

    Rishel and Fridsma’s point about “Joe’s Endoscopy Shack”is pure smoke and mirrors while HHS attempts to give the NSA an easy backdoor as if the name alone did not conjure up the image sufficiently.

    Notice that secure messaging services have been shutting down recently?

    They shut down because they could not protect their customers data,

    Are HISPs shutting down also, no. Are they being subsidized like RSA/EMC was? This has the crypto community tweeting like mad and they don’t have time to think about healthcare like PPR, which actually understands it, from a legal, technical, and economic view.

    Any one can be served with a national security letter and be gagged in regards to data they decrypt and pass along. The ACLU calls this a compelled state attack.

    They also can be subsidized to do so and offer “low cost” service, like the Clipper chip scheme of 1994 for key escrow and get NIST to approve a bogus standard to facilitate that.

    HIPAA already allows access to LE and National Security to patient records at the providers, but this is about data going across networks which is very different and about non-attribution access. That means the data can be changed, and thus is an issue of patient safety if it is corrupted. Not to mention devices.

    The Directory validates the identity of the providers. Doesn’t CAQH do this? Don’t doctor networking sites like Doximity do this? Of course. They all do.

    Didn’t Halamka and Rishel propose using EV SSL certificates to do this using structured data on web sites like VCARDS because the CAs do this already for EV Certificates per the CA association rules? Validate actual business records? Sure they did. So you see the nonsense here being pushed on doctors, it is misinformation, FUD.

    This coverup is used to build in added costs into the system because they don’t want people to know that this is already built into the Direct Protocol Applicability Statement and further more it works from EHR to EHR under MU2 using Direct. Some HISPs do implement this for higher security customers.

    PKI will be used for MU2 referrals, and for patients to supply longitudinal data to doctors under MU3 THAT IS SIGNED as a legal representation of the data and can not be altered per HL7 requirements.

    The Directory validates the identity of the provider (in PA we wrote a bill to do this) and the certificates are the method that enables the encryption, already built into the mail client. This makes Direct simple, until you start with the trust bundle issue.

    There’s no “trust” involved because trust was out of scope for Direct.

    It’s been this way for over 20 years and we will be getting doctors to sign their documents with digital signatures using the same technology to validate claims to CMS to cut down on waste fraud and abuse from EHR records that are not now being properly validated according to the CMS OIG leading to estimates of 75-250 billion dollars of actual fraud.

    So now 20 years later, HHS is encouraging doctors to bring key escrow back in a different form and the HISP holds your “private” key to encrypt it to another HISP.

    This exposes patient data to unnecessary risk,not so much from a confidentiality point of view that a patient is taking statins like millions of other people for a med list in a C-CDA, but because the data loses integrity from being manipulated. So it’s no longer Joe’s Endoscopy shack that is the problem in supplying bad data

    Notwithstanding that all covered entities are required to communicate to each other without putting in roadblocks and that’s already a part of HIPAA.

    So then you have to “trust” the HISP, because you don’t control the private key, which is required for most Certificate Authority legal agreements to be enforceable.

  7. AG’s last comment above gets to the center of things. A vendor-centric health care model is not pt-centric, not financially centric, not population-centric, not community centric, not-employer centric—however, it is sustainable until the music stops. The last time we had a systemic crunch like this only began to end with the partial success of the trust-busting era a century ago. Today’s bank-centric money hustle has not been halted, and won’t end until globally leveraged derivatives are uncoupled from banks. This will help pull some of the energy out of the financing now flooding the health system vendor space and multi-regional hospital system arena. My point being that this Gordian Knot has a lot of threads and only an Alexander-style cut by public action will serve to bring the focus onto regional cross-silo pt-centric population care, which to date has never had an institutional foothold in the US — possibly with the three exceptions now enabled by active government strategy abetted by directly health-centric partnership-organized action and/or public funds: local Urgent Care Center activity, FQHC-funded Community Health Center activity, and Section 340B meds funding (by which US HRSA enables “health care organizations that care for underserved people to purchase outpatient drugs at discounted prices”). Those are concrete population health actions by government, they are very popular with the served public, and they are systemically hated by the firms embroiled in the health sector rumble-in-progress set forth above by AG and discussants.

  8. Hospitals used to be run by professional doctors. They are now run by professional managers, a few of which might be doctors too. Their success at making money is undeniable. Their success at PR and politics is unchallenged. Their success at manipulating the software industry to serve their business is apparent. Their success at improving outcomes is modest at best.

    I’m eager to see the first institution to adopt Blue Button Plus as a pure patient-centered and transparency move. Any takers? Any leaders?

  9. Currently the trend is toward hospital employment for doctors. That shifts the dynamics of how much influence doctors may have. I agree that clinicians and patients need to make sure that the process works to enhance the therapeutic relationship and outcomes rather than enhancing market share or reimbursement.

  10. The HIT complexity is a vendor shell game. The HIT challenge is the legacy software built around the coding structure for single-morbidity FFS billing control, rather than built around the multi-morbidity pt. The clear center is the pt. All functional data including docs, labs, vitals, morbidities and care sites across walk-in centers, primary, specialist, hospital, recovery, home care all logically connect to the pt. Call up the pt, get cross-section or longitudinal data. Call up the provider or the facility, get the pt data array. Therefore look at VistA with the largest single online repository of pt data in the country and perhaps the world—specified by front-line personnel, amenable to multi-morbidity analytics, the leader in telemedicine. It’s big, but it’s built around the pt, then expands from there across more pts on the pt ID directory dimension, and across more medical, meds, and morbidity data on the pt info depth dimension. The provider directory defines provider info and is cross-indexed with the pt directory. The design scales with the capacity of the system to hold the data sets because the symbolic design logic at the core is not complex, simply very large across data arrays. The application base runs on MUMPS, created by Mass General to support core health applications, but which also has been applied in the core transaction processing for high-speed securities market trading due to its highly reliable, very high process rate. Software houses provide for VistA’s non-VA installation support, the largest firm being Medsphere. Therefore a core software cadre exists to support a VistA build-out. The cadre can be expanded further by hiring people expert in software rather than first requiring software experts to be health system people. That resource constraint simply hikes cost, delays implementation, and builds market barriers to health system supplier entry. Under the guise of unctuous concern, the resulting functional restraint of trade strangles movement toward an interoperable US HIT rollout. The ICD-10 train wreck and the meaningful-use quagmire reinforce the cash cow functional restraint of trade by adding the hugely expensive effort to transform a billing-based financial system core into a pt-based health system core. That is backwards design and a nightmare to code, implement, and maintain. And it is unnecessary. But it means very big bucks to the specialist tech firms inside the artificially complex healthcare software circle.

  11. I think we’re seeing the limits of a mixed regulation and free market system. The economic incentives of the current health IT system customers do not favor interoperability AND, in a third-party paid industry, the physicians and patients are not the customers.

    HITECH made a valiant effort over the past 4 years to regulate and pay off the vendors and their institutional customers to achieve transparency and interoperability. But $20 Billion of incentives are subject to manipulation and unintended consequences when the institutions are scrambling for market share in a complex $2.8 Trillion market.

    As the payment reform part of Obamacare becomes obvious to the doctors, (the institutions figured it out many years ago and started investing in information silos), the limitations of Meaningful Use have become clear.

    The point of this post is simply that we must empower physicians and patients to control the data if we hope to control health care costs. That will create a market for health IT that physicians and patients can buy.

    This is the medical industry version of ‘Net Neutrality’ and ‘Phone number portability’ and that’s the only kind of regulation that can make a meaningful difference.

  12. I am not nearly as informed on this topic as some of the above posters but …

    It seems to me like “the fix” is still in. Whatever payments the EMR vendors made to be allowed to use proprietary formats have continued to pay dividends for them.

  13. As I’ve written on my REC Blog:


    One. Then stand back and watch the Market Work Its Magic in terms of features, functionality, and usability. Let a Thousand RDBMS Schema and Workflow Logic Paths Bloom. Let a Thousand Certified Health IT Systems compete to survive. You need not specify by federal regulation any additional substantive “regulation” of the “means” for achieving the ends that we all agree are desirable and necessary. There are, after all, only three fundamental data types at issue: text (structured, e.g., ICD9, and unstructured, e,g., open-ended SOAP note narrative), numbers (integer and floating-point decimal), and images. All things above that are mere “representations” of the basic data (e.g., text lengths, datetime formats, logical, .tiffs, .jpegs etc). You can’t tell me that a world that can live with, e.g., 10,000 ICD-9 codes (going up soon by a factor of 5 or so with the migration to ICD-10) would melt into a puddle on the floor at the prospect of a standard data dictionary comprised of perhaps a similar number of metadata-standardized data elements spanning the gamut of administrative and clinical data definitions cutting across ambulatory and inpatient settings and the numerous medical specialties. We’re probably already a good bit of the way there given the certain overlap across systems, just not in any organized fashion.

    Think about it.

    Why don’t we do this? Well, no one wants to have to “re-map” their myriad proprietary RDBMS schema to link back to a single data hub dictionary standard. And, apparently the IT industry doesn’t come equipped with any lessons-learned rear view mirrors.

    That’s pretty understandable, I have to admit. In the parlance, it goes to opaque data silos, “vendor lock,” etc. But, such is fundamentally anathema to efficient and accurate data interchange (the “interoperability” misnomer).

    Yet, the alternative to a data dictionary standard is our old-news, frustratingly entrenched, Clunkitude-on-Steroids Nibble-Endlessly-Around-the-Edges Outside-In workaround — albeit one that keeps armies of Health IT geeks employed starting and putting out fires.

    Money better spent on actual clinical care.

    I’m still awaiting substantive pushback. There are conceptually really only two alternatives: [1] n-dimensional point-to-point data mapping, from EHR 1 to EHRs 2-n, or [2] a central data mapping/routing “hub,” into which EHRs 1-n send their data for translation for the receiving EHR.

    The complications arising from these two alternative scenarios ought to be obvious.

  14. Opacity + Barriers to Entry = Margin

    Some things are simple and clear. Efficient Markets Hypothesis 101: Transparency and profitability are directly inversely proportional.

    If maximizing profit is the sine qua non, then opacity must rule.

  15. We are where we are. Most of the MU money has been spent. The interoperability we were promised is both lame and expensive. The EHR vendors that have locked in the institutions are now working to torpedo health information exchanges that they see as competition. We’ve replaced paper silos with vendor silos.

    Where do we, the doctors, go from here?

  16. Meaningful use is a meaningful ruse, to control and regulate the doctors using devices that themselves have not been vetted for safety. The line by the HIT vendors repeated by the members of Congress like parrots is that regulation will stifle innovation of the HIT vendors.

    Hello?? What do you think the meaningfully unusable HIT devices and the meaningful ruse 1 and 2 does to doctors’ creativity and their innovation of caring for patients?

    The HIT programme is a sham…an international scandal that is sucking funds from care and patients and depositing them into the pockets of the vendors and their consultants.

  17. “Medicine can be regulated as a profession or as a branded proprietary device. As medicine is increasingly mediated by EHRs and integrated over the Internet, the choices we make around the governance of “trust” on the NwHIN and EHR regulation will dictate the rate of medical progress itself.”

    IIRC, you pointed out elsewhere that regulation of Health IT was tantamount to regulation of medicine. This post follows up on that nicely.

    Great stuff.

  18. “With this resolution, my medical society has come down clearly in favor of physician-based trust on the NwHIN. What should the federal regulators do?” says Dr Gropper

    My answer is “the same”

    Congratulations on asking the tough right questions

  19. I am concerned that physicians and the general public are not going to understand the importance of the “trust” issue, the control of the NwHIN and the ramifications this will have to the practice of medicine and public health. Because of the technical complexity of the issue, I anticipate (unfortunately) that there will be little/no response to your blog.

    I remain concerned that the Mass Med Society resolution by itself will not effect any policy changes, either at the state or federal level, for the same reason. I fear that if there is a hint of movement at the policy maker level, vested interests will be able to protect the status quo without leaving any public fingerprints.

    Physicians and patients need to alter the HIT trajectory so that the small medical practice, which is where the bulk of medical care is delivered, from being controlled by larger EMR vendors and institutional medical entities. One solution might be to recruit an unimpeachable high profile individual who can explain this issue to the public in a way that leads to some movement of public or professional opinion. Another option would be to convince a politician to champion the cause.