Empowering Patients through Decentralized Information Governance

Seema Verma is right, US health care will be transformed if we empower patients and physicians through access to information. Don Rucker is right to focus attention on APIs to enable the transformation. A year and a half into the new administration and the massively bipartisan 21st Century Cures Act, the Department of Health and Human Services (HHS) is having to navigate between the shoals of highly unpopular Meaningful Use regulations and the apparent need for regulation to undo the damage of market consolidation that they caused. From my perspective, it looks like HHS is doing a good job.

Prediction is a dangerous game but it’s necessary for investments that depend on health information technology. Nowadays, pretty much everything in healthcare depends on information technology, particularly if we need effective quality measures to enable transition to value-based healthcare.

Based on Verma’s most recent remarks, it’s safe to predict that HHS will use the power of the $900 Billion purse as a way of avoiding regulation as it tries to break down the oligopoly of the consolidated “integrated delivery networks” and their even more consolidated EHR vendors. What’s more interesting is to anticipate how Rucker’s recent remarks about Persistent Access will be translated into decision support information for patients and physicians that will actually drive the practice innovation Verma is talking about.

Today, the information available to physicians and patients at the point of care is centrally governed by hospitals and by EHR vendors. A service seeking to present a piece of information such as therapeutic alternatives, quality ratings, out-of-pocket expenses, and research or clinical trials opportunities, must run a gauntlet of censorship by both the hospital and the EHR vendor. A thoughtful paper on how preemptive genomic testing has significant impact on subsequent treatment decisions shows the evolving connection between medical science and information governance.

The barriers to providing independent decision support when it matters most, during the physician-patient encounter, are immense. Let’s list some of them.

An independent information service

  • Must be “certified” by the hospital even if a particular physician wants to get it
  • Must be “certified” by the EHR vendor before it’s even accessible to the hospital certifiers
  • Involves up-front certification costs that are incompatible with open source or other non-profit information sources
  • Can’t access the complete patient’s record in the EHR
  • Requires the physician to sign-in to a separate system with a separate password
  • Is not covered by insurance, or, if covered, is subject to pre-certification delays that the physician won’t put up with
  • Is unaffordable because each EHR and each hospital presents a different integration challengecan’t get investors because the EHR vendors will demand unspecified rent on access to the physician-patie t relationship or, in many cases, actually demand access to the intellectual property itself.

The task ahead for HHS is formidable. Regulation that drives patient empowerment at the point of care (when the physician is about to sign that order that drives $3.5 Trillion of healthcare costs) is inconceivable under the US healthcare system and out of reach for even the nationalized health systems in other rich countries. The proprietary EHR vendor business model means EHRs must control the “app store” as the driver of future growth. Separately, the Accountable Care Organization business model for hospitals drives them to control their physicians and restrict access to “out-of-network” providers regardless of what’s best for a particular patient.

But there is hope, particularly if CMS, ONC, and maybe even the VA orchestrate their actions. The hope lies in the upcoming definition of “information blocking” as mandated by 21stC Cures.

HHS can and should define information blocking in terms of independent decision support at the point of care.

Access to independent decision support at the point of care is an outcome rather than a process. It’s easy to tell if it’s blocked without resort to heavy-handed regulation of the API technology. No new legislation is required because HIPAA, HITECH, and 21stC Cures already enable patient-directed information sharing via API at no significant cost. Patient-directed APIs are also directly accessible to the physician, subject to patient consent.

Technically, what’s required is that *every* API of an EHR be supported as a patient-directed API. That’s not much to ask since the EHR vendors are already building the APIs to use in the app stores they need to stay competitive. What’s also required is what Rucker calls Persistent Access which is what FHIR calls Refresh Tokens and is already widely implemented in the Apple Health APIs. Finally, what’s needed is the ability for a patient to direct information anywhere we choose, without censorship or delay, via the API. (Note that patient-directed exchange is different from patient access rights that require information to flow through personal health records. PHRs have largely failed in the marketplace.) Under HIPAA, patients have this right to patient-directed use for in-person requests to send patient records using paper forms, but this right to uncensored patient-directed exchange needs to be made accessible via the patient portal and linked to the FHIR API. The technical term for this is Dynamic Client Registration and it’s a unimplemented security capability of the FHIR API.

Patient-directed APIs can impact the physician-patient encounter in real time when one or both parties have a smartphone, although ideally the independent decision support will also be available in the EHR as long as the physician and the patient approve.

I’m calling this prescription for empowering patients Decentralized Information Governance. It’s completely consistent with both Verma’s and Rucker’s vision. Because it’s also consistent with current law, it can be implemented by Medicare, Medicaid, VA, and All of US immediately by joining the Health Relationship Trust (HEART) workgroup and implementing our profiles in the VA BlueButton 2.0 and CMS MyHealthEData projects.

The key is for all of us to reject calls for centralized governance of information services by government, academic hospitals, or global corporations (Facebook, Google, etc…) that have all proved resistant to regulation in the digital age. We must also reject the idea that new information governance bureaucracies like DirectTrust, or CARIN Alliance, or some government-controlled Recognized Coordinating Entity can be invented to ensure that our incredibly valuable health information drives open medical science. Decentralized information governance explicitly gives each patient the power to choose which patient interest groups, community organizations, or congregations one trusts to control access to his or her health records for both clinical and research uses.

Categories: Uncategorized

12 replies »

  1. True that US health care will be transformed if we empower patients and physicians through access to information. Solutions like Patient Referral Management, Chronic Care Management, and Care Management will be of great use to get patient history and access patient information on a secure platform. There is a need for the industry to adapt to new solutions that are HIPAA compliant and more automated for convenience.

  2. I can at least see the possibility of having transparency PLUS something else, probably multiple something elses, leading to decreased costs. Maybe DPC can do that. The combination of a physician AND a patient motivated to control costs sounds like it might work better than just having cost and quality data available to patients. This could have a lot of potential. However, it looks like it depend upon virtuous behavior on the part of the physician. I would feel better if the system enforces the correct behavior.

    1) We already do that in our hospital setting.

    2) Why don’t we just do what France does? They figured this out long ago.

    3) Doesn’t describe most of my patients. Not counting on AI to be helpful for a long time.

    4) We have a lot of informal groups for this already. How would you motivate them to have costs become a more central issue?


  3. Being that I see it both from a technological perspective as well as a family physician that had been practicing in both micro practice and Direct Primary Care environments, the one major impact by allowing patients to have control over their health records combined with an integrated clinical documentation system is effectively dissociating the concept that a patient’s health data are in silos organized and controlled by hospitals, clinics, EHR vendors – any centralized entity. From a personal standpoint, I cannot overstate enough how much that would be a huge relief for primary care physicians who are getting the squeeze financially through a payment system that rewards quantity over quality coupled with EHRs that are expensive, cumbersome, and poorly designed and are non-integrated (so we’re chasing down health data like it’s from the 20th century). It also allows non-traditional practices such as DPC the kind of innovative tools necessary to carry out and pursue the idea that spending quality time with their patient and timely access to care in physical and non-physical forms of encounters can improve health care costs in collaboration with their patients. Additional potential cost savings with this decentralized governance framework:

    1) Reduced redundancy of lab/radiology testing (even though it’s may be a smaller percentage for the healthcare system as a whole, it is huge savings to the patient especially for those with high deductible plans.

    2) Elimination or reduction in cost of maintenance for costly EHR systems that break the overhead of most smaller, independent practices.

    3) Integrated clinical decision support tools by opening up an entirely new Health API ecosystem that is not bound by a pay-to-play framework, but works entirely on open standards using refresh tokens and dynamic client registration that can provide more patient-relevant feedback using AI/machine learning that is more meaningful to the patient regarding positive health behavior change.

    4) Increased flexibility in a decentralized model where governance revolves around groups with a common cause, whether it be a group of patients with Multiple Sclerosis, or a small community or township where they have socio-economic challenges that affect the health of their residents are some that come to mind.

    Of course, these are potential opportunities for cost reduction that involve patient interaction (both passive and active) and it remains to be seen how much of an impact it can be, but we can also assume that our current trajectory and system of walled gardens, pay-to-play is untenable and unsustainable no matter how much tinkering goes on with the current framework.

  4. To be clear, I favor transparency in pricing. I simply point out that just having the information available is not sufficient. In many of the examples cited by the articles I referenced, there was no real pressure on the part of the employer or insurer, or at least none that I could easily detect. The patients had many option, in one case the whole state was available. They simply had to look at the prices and choose. What is concerning is that huge majorities of patients never even looked.

    Quality is another issue. That is also opaque. I would fully support this being available also. I would note that at least in our local market, neither advertising quality nor cost has produced very significant changes. Maybe patients just don’t trust the quality measures. I don’t know. What I do know is that no one on any significant scale has figured out how to get patients to use the information available to cut costs/spending. I don’t see anything really different in what you propose that would make that change. Hope i am wrong.


  5. Thanks for linking that article. The whole point of Decentralized Information Governance is to enable communities of patients to organize, analyze, and advise their particular constituents. Trying to influence patient behavior is a very very difficult game, to which the would-be advisors are significantly handicapped for multiple reasons by a system designed very strategically.

    As the NYT article describes, the decision support cannot be delivered at the point of care when the physician and the patient are most susceptible because the physician’s employer controls all decision supports. Also, quality measures are an opaque black box controlled by institutions and often mistrusted by the physicians and maybe the patients too. Advice from insurance companies is hindered by a perceived conflict of interest and by a lack of real-time pre-authorization interfaces that frustrate both the physician and the patient. There is severe power asymmetry between the institution that pays for and governs the EHR and the physician and patient that have no market power and no actual control over the technology. This asymmetry will only grow worse as machine learning and artificial intelligence technology is linked to health records via the EHR and outside the control of both the physicians and the patients.

    Decentralized Information Governance is designed to re-balance control of technology to include communities that can bundle patient interest without censorship by the physician’s employer and their centralized information governance. Defining the OpenAPI to include Dynamic Client Registration and Refresh Tokens is essential for this re-balancing because they enable cost-effective interoperability between the EHR and free-market services that can now be sponsored or purchased by the patients and the physicians themselves. This empowers patients two ways. It gives access to technology governed by groups they can actually choose AND it gives patients access to direct primary care, telemedicine, and independent clinicians that can also have cost effective access to health records, machine learning, artificial intelligence, and technology that they have market power over.

    The point of my post is to highlight the alignment between the patient empowerment approach of the current HHS and the OpenAPI definition that will actually enable market-based healthcare services.

  6. Verma cites a couple of studies showing that price transparency reduced spending. The large majority of studies show that very few people take advantage of the availability of prices in making decisions. Clearly, just having prices available is not enough to reduce spending. At present, people have many opportunities to cut medical spending. They just don’t do it very much. Maybe it is possible to get people to shop for health care like they do other things, but until someone shows how to do this on a significant scale, it is wishful thinking. (Note the millions cited in the papers linked to below vs the thousands in Verma’s studies.)



  7. Regarding “If patients actually own their medical data, how do we prevent their fraudulent use of the data? Eg changing a BNP result? or wiping out the records of a D&C for a therapeutic abortion?”

    Our HIE of One demo demonstrates that a patient can edit an aspect of their patient-controlled medical record but it’s flagged as needing to be reconciled – meaning other physicians who see this record will note that this needs to be “authorized”; so no data is wiped or technically altered until a licensed practitioner reviews and OKs it. We view this as a collaboration tool between the patient and his/her care provider, which is the way it should be.

  8. Check out this wonderful interview between David Blumenthal and Robert Wachter: https://psnet.ahrq.gov/perspectives/perspective/248 Two thirds of the way down, you will see this quote: “or by consumers using their right of access under HIPAA to that data and then being aggregated into groups large enough to produce value,” This is exactly what I mean by the phrase Decentralized Information Governance.

    I don’t expect patients to be much more “engaged” than they are today and I don’t expect PHRs to return from the dead. I do expect the standards to enable “groups large enough to produce value” top compete for the attention and affiliation of patients that share that group’s perspective on how records should be used / monetized to further the interest of that particular group.

    Effective standards, like the ones being demonstrated in the HIE of One open source project, reduce the switching cost for a patient to shift allegiance from one group to another and thereby force the various groups to compete for patients. This replaces the patient lock-in and vendor lock-in model that HITECH has created. Blumenthal is being very clear and, to his credit, self-critical in saying they under-invested in interoperability. The current HHS has a chance to fix that.

  9. I totally support what you are trying to do–in fact I am thrilled by it–but we need more clarity…for the laity. Clarity for the Laity.

    Do you want the patient to own his own clinical data? So that he can sell it? Change it? Rent it? Remove it? If not ownership, what would be the most appropriate ownership status of a medical record?

    Would you like to see the PHR concept come back?

    Even if EHR firms are directed by the government to use open-access APIs, there are still years of effort to gain wide acceptance of a few patient-usable APIs. Just look at Distrowatch.com to see all the varieties of Linux.

    If patients actually own their medical data, how do we prevent their fraudulent use of the data? Eg changing a BNP result? or wiping out the records of a D&C for a therapeutic abortion?

    Look at how google glommed onto everything in the Net…You Tube and Google Earth and Maps et al ad infinitum. What kind of power can you get for your movement that will cause billions of dollars invested in EPIC, Allscripts, Cerner, McKesson, Athenahealth, eg, to be risked in an open software movement? The money against you is overwhelming. Depressing.

    You need to keep simplifying your presentation and write it up like Martin Luther did in his 95 points in the Reformation. I think the docs and patients will eventually be behind you if they can understand what you are saying.