On July 24, the new administration kicked off their version of interoperability work with a public meeting of the incumbent trust brokers. They invited the usual suspects Carequality, CARIN Alliance, CommonWell, Digital Bridge, DirectTrust, eHealth Exchange, NATE, and SHIEC with the goal of driving for an understanding of how these groups will work with each other to solve information blocking and longitudinal health records as mandated by the 21st Century Cures Act.
Of the 8 would-be trust brokers, some go back to 2008 but only one is contemporary to the 21stCC act: The CARIN Alliance. The growing list of trust brokers over our decade of digital health tracks with the growing frustration of physicians, patients, and Congress over information blocking, but is there causation beyond just correlation?
One way to get data to move is open APIs, which the 21st Century Cures Act mandates by tasking EHR vendors to open up patient data “without special effort, through the use of application programming interfaces.”
Rucker emphasized the distinction—without quite naming what it is—between open APIs for vendors and open APIs for providers. “We’re hard at work at defining those,” he said. One difference is how the APIs are implemented: Vendors must allow for the APIs technologically, in their products, and providers must actually take advantage of the APIs.
Trust brokers on the health information highway are like the checkpoints of militias in a war zone. What gets through is limited in scope to the lowest common denominator and limited in distance to the path that crosses the fewest boundaries.
The 8 trust brokers did not arise by popular demand of the physicians and patients. Before the era of big EHR vendors for big hospitals, information flowed among physicians and patients over mail, fax, and phone using open and public interfaces and without the “added value” of trust brokers. Faxes are free, universal, and there’s no blocking on the basis of “trust”. When faxes fail, it’s typically obvious, and coupled with a phone call, reliability is high. The current situation is worse for patients as the new digital alternatives add confusion because they vary greatly from provider to provider and add frustration by being unpredictable and unreliable.
It’s hard to put a toll booth in a forest. But as the health information highway became paved (with massive taxpayer subsidy), a growing list of rent-seeking intermediaries have seized the opportunity to put a checkpoint and associated toll booth where none existed before. Hindsight is always 20/20 but the massively bipartisan 21stCC (the Act passed with 392 votes in the House and 95 votes in the Senate) gives the new administration’s ONC the opportunity to begin to take down the checkpoints.
One way to take down the trust broker’s checkpoints is called patient-directed exchange. (The word patient is preferable to consumer because patients have significant legal rights beyond mere consumers and because clinicians have a relationship with us as patients, not as consumers.) Under HIPAA, Meaningful Use Stage 3, and ONC’s API Task Force recommendations, patients get a free pass down the paved health information highway. The pass is literally free in that patients, unlike providers, cannot be charged for sending information down the new digital highway to anyone they specify. It’s as if the toll booths apply only to trucks and private cars are free. Could patient-directed exchange spell doom for trust brokers by giving patients a pass on the highway we already paid-for with taxes?
Here’s where CARIN comes in. An unaccountable and unpublished list of members gets together as an “alliance” to develop yet another set of trust rules as new potholes in the information highway. These rules don’t directly create a checkpoint but they damage the road enough to add costly maintenance to patient-directed exchange. Part of this maintenance cost is to have alliance process closed to non-members. This practice distinguishes CARIN from standards groups and other private industry collaborations that are allowed to coordinate without running afoul of antitrust law.
As the API Task Force concluded, the law is clear that “trust” and “trust framework” do not apply to patient-directed exchange. Epic, holder of medical records for 54% of the US population, provides a leading example of this under their Open.Epic API initiative. More than 30 hospitals using their most recent software are already listed on the Open.Epic website. One of them happens to have records for my 91 y/o mom and, as her proxy, I had a password to that major hospital’s patient portal for many years. After a 30-second online verification of my own name, I was able to use that portal password to access the hospital’s FHIR API and send live EHR information to a new app without any trust framework or other information blocking interference. This is not a fluke. I checked with the hospital’s CIO after the fact.
CARIN’s claim to “Consumer-Directed Exchange” is just the latest attempt to slow-walk and confuse interoperability. Trust frameworks do not apply to patient-directed exchange. Elimination of the trust framework by Open.Epic is only the critical first step in implementing the “without special effort” clause in 21stCC. The HEART workgroup, co-chaired by ONC, recently issued the first specifications for how to improve the patient experience of interoperability, including standards for automated app registration and a refresh capability to allow the patient to determine how long it is before they are asked for their portal password again. ONC should hail the Open.Epic demonstration as an example of making patients first-class citizens in control of our own data and a first step toward a new approach to interoperability based on patient rights.
The public comment period for the Trusted Exchange Framework and Common Agreement will end on August 25, 2017. A version of this post will introduce the specific comments of Patient Privacy Rights. If you care about the promise of digital health and would like make longitudinal health records a reality, please consider submitting your comments as well.