Instead of empowering patients, VA and CMS are building-in rent-seeking intermediaries like NATE and DirectTrust based on obsolete security protocols and effectively legitimizing data blocking practices.
Four years ago Stage 2 was still open on the table and I wrote A Fork in the Road to Meaningful Use. It foretold pretty accurately the information blocking characterized by VP Biden recently as: “Taxpayers did not spend $30 Billion to create five data silos.” I was certainly not alone. Independent expert panels like JASON and PCAST saw it coming too. Regulatory capture might explain, but not excuse, the actions of federal regulators around Stage 2 but it does not explain why our federal health system, VA and CMS, continues to promote policies that enable information blocking today.
John Halalmka’s wish list and the Massachusetts Medical Society wish list approach health IT from different perspectives but they both imply a need for a patient-centered perspective. To get there, we need to give real market power to physicians and to patients. That power depends on unmediated control over how personal health information flows away from the current institutional EHR silos. HIPAA allows unmediated patient control. The recently concluded API Task Force endorsed unmediated control. VA and CMS need to take the correct fork this time.
VA and CMS, however, are announcing policies that put practice and technology innovators at a huge economic disadvantage. At a time when Google and Apple are giving users total control over personal information such as emails, calendars, messaging, and health information using modern web standards, VA and CMS are building around rent-seeking intermediaries like NATE and DirectTrust that effectively legitimize the information blocking practices we see today.
Patient health records are the most strategic asset in health care today because they are the Big Data of tomorrow. Patient records are the essential ingredient for machine learning systems like IBM Watson. They are also the foundation decision-support databases that predict treatment outcomes by clustering patients with similar health records. Patient records also control the ability to form and manage accountable care organizations. For all of these reasons, patient records are key to health reform, including payment reform.
A handful of large hospital systems and their even more consolidated EHR system vendors (Epic, Cerner, and hardly any others) now control the goldmine of patient health records and they are not going to give them up without a fight. That fight is currently happening in the HL7-FHIR standards group over, obviously, patient consent. The only other large-scale source of patient health records are VA and CMS. The tragedy is that although VA and CMS clearly have no strategic incentive to enhance information blocking they are effectively doing the same thing by introducing security intermediaries instead of empowering patients to direct our records as we see fit. Further damage is being done by the VA in the HL7-FHIR Consent discussions where they are favoring control of health records by the information blocking hospital networks and EHR vendors.
As we move from Meaningful Use to MACRA and from one administration to another, our federal institutions – VA, DoD, CMS, and ONC – face the same fork in the road as they did four years ago. Will they take the patient branch or the institutional branch. The patient branch gives patients and their physicians the economic power of independent decision support at the point of care. The institutional branch further consolidates the power and regulatory capture of the information blockers. ONC has done what it could with the API Task Force. It’s time for VA and CMS to step up and do their share by empowering patients and innovators instead of rent-seekers.
Adrian Gropper, MD is Chief Technology Officer of Patient Privacy Rights.
Categories: Uncategorized
VA and CMS are announcing policies that put practice technology innovators at a huge economic disadvantage…
Since I posted this, a number of people have asked privately why intermediaries are a problem for health reform and innovation. It’s complicated and jargon-filled, but here how I understand it based on doing this for about 10 years:
Three related threads are detailed a bit below:
– “regulatory capture” by the EHR vendors through the standards process,
– the administration’s really misguided strategy of “health IT certification”, and,
– ignoring the core idea of a “dumb internet” where all of the intelligence is at the edges of the network.
The intermediaries play a primary role:
– they amplify regulatory capture by allowing the standards to introduce another “generation” of delay into the innovation process. New standards take 5 years or more (think XML to JASON, for example). When the standards for intermediaries are added to the regulatory pipeline, the pipeline gets 5 years longer. 5 years into HITECH, ONC put out a 10-year plan. Meanwhile, technology does not wait for bureaucracies.
– the introduction of certification, including intermediaries like DirectTrust, into the regulations introduces a new governance challenge for the intermediaries. Witness how unsettled the governance and sustainability of HIEs has been for the past 5 years. Society does not create new governance mechanisms overnight. The folks at the edge of the network (hospitals, regulated device and pharma vendors, doctors) are subject to well established governance processes. The intermediaries, both the certification authorities and the intermediary they certify need to develop their governance mechanisms from scratch. This adds years of delay and cost to the process. Certification also costs money at a place in the value chain that puts open open source software at a huge disadvantage. This protects the incumbent interests, even as it damages the security of the whole critical infrastructure.
– last, the introduction of middlemen slows innovation on the internet, particularly when the middlemen charge money and have uncertain governance. The best example is SSL certificates. How long did it take for people to bring Let’s Encrypt to the world. How much damage did it cause to the security of the internet? The internet is designed to work without middlemen but, like it or not, there are major opportunities for services like Google, Facebook, and Twitter to break that model as a business model. The problem with pure security intermediaries like NATE and DirectTrust is that they add no wanted service to the end user. They are just a speed bump on the information highway.
The bottom line:
Why are VA and CMS are doing is that they are doing it behind closed doors and inscrutable HL-7 processes? They have no reason to develop their policies this way. They should be serving the public interest and proud to be answering questions and discussing this subject on THCB. The ONC people have figured out how to be reasonably public and use THCB, why cant the FHA folks do the same?
Adrian, what you are doing is critical to the proper path we all take in the EHR and interoperability. We appreciate your efforts. The problem is that it is difficult to tell the busy people in the trenches how important this path is, esp. with regard to costs. If we go the DirectTrust, NATE way, etc., we pay forever to achieve something that could be a public good. Thanks for your good work.