Seema Verma is right, US health care will be transformed if we empower patients and physicians through access to information. Don Rucker is right to focus attention on APIs to enable the transformation. A year and a half into the new administration and the massively bipartisan 21st Century Cures Act, the Department of Health and Human Services (HHS) is having to navigate between the shoals of highly unpopular Meaningful Use regulations and the apparent need for regulation to undo the damage of market consolidation that they caused. From my perspective, it looks like HHS is doing a good job.
Prediction is a dangerous game but it’s necessary for investments that depend on health information technology. Nowadays, pretty much everything in healthcare depends on information technology, particularly if we need effective quality measures to enable transition to value-based healthcare.
Based on Verma’s most recent remarks, it’s safe to predict that HHS will use the power of the $900 Billion purse as a way of avoiding regulation as it tries to break down the oligopoly of the consolidated “integrated delivery networks” and their even more consolidated EHR vendors. What’s more interesting is to anticipate how Rucker’s recent remarks about Persistent Access will be translated into decision support information for patients and physicians that will actually drive the practice innovation Verma is talking about.
Today, the information available to physicians and patients at the point of care is centrally governed by hospitals and by EHR vendors. A service seeking to present a piece of information such as therapeutic alternatives, quality ratings, out-of-pocket expenses, and research or clinical trials opportunities, must run a gauntlet of censorship by both the hospital and the EHR vendor. A thoughtful paper on how preemptive genomic testing has significant impact on subsequent treatment decisions shows the evolving connection between medical science and information governance.
The barriers to providing independent decision support when it matters most, during the physician-patient encounter, are immense. Let’s list some of them.
An independent information service
- Must be “certified” by the hospital even if a particular physician wants to get it
- Must be “certified” by the EHR vendor before it’s even accessible to the hospital certifiers
- Involves up-front certification costs that are incompatible with open source or other non-profit information sources
- Can’t access the complete patient’s record in the EHR
- Requires the physician to sign-in to a separate system with a separate password
- Is not covered by insurance, or, if covered, is subject to pre-certification delays that the physician won’t put up with
- Is unaffordable because each EHR and each hospital presents a different integration challengecan’t get investors because the EHR vendors will demand unspecified rent on access to the physician-patie t relationship or, in many cases, actually demand access to the intellectual property itself.
The task ahead for HHS is formidable. Regulation that drives patient empowerment at the point of care (when the physician is about to sign that order that drives $3.5 Trillion of healthcare costs) is inconceivable under the US healthcare system and out of reach for even the nationalized health systems in other rich countries. The proprietary EHR vendor business model means EHRs must control the “app store” as the driver of future growth. Separately, the Accountable Care Organization business model for hospitals drives them to control their physicians and restrict access to “out-of-network” providers regardless of what’s best for a particular patient.
But there is hope, particularly if CMS, ONC, and maybe even the VA orchestrate their actions. The hope lies in the upcoming definition of “information blocking” as mandated by 21stC Cures.
HHS can and should define information blocking in terms of independent decision support at the point of care.
Access to independent decision support at the point of care is an outcome rather than a process. It’s easy to tell if it’s blocked without resort to heavy-handed regulation of the API technology. No new legislation is required because HIPAA, HITECH, and 21stC Cures already enable patient-directed information sharing via API at no significant cost. Patient-directed APIs are also directly accessible to the physician, subject to patient consent.
Technically, what’s required is that *every* API of an EHR be supported as a patient-directed API. That’s not much to ask since the EHR vendors are already building the APIs to use in the app stores they need to stay competitive. What’s also required is what Rucker calls Persistent Access which is what FHIR calls Refresh Tokens and is already widely implemented in the Apple Health APIs. Finally, what’s needed is the ability for a patient to direct information anywhere we choose, without censorship or delay, via the API. (Note that patient-directed exchange is different from patient access rights that require information to flow through personal health records. PHRs have largely failed in the marketplace.) Under HIPAA, patients have this right to patient-directed use for in-person requests to send patient records using paper forms, but this right to uncensored patient-directed exchange needs to be made accessible via the patient portal and linked to the FHIR API. The technical term for this is Dynamic Client Registration and it’s a unimplemented security capability of the FHIR API.
Patient-directed APIs can impact the physician-patient encounter in real time when one or both parties have a smartphone, although ideally the independent decision support will also be available in the EHR as long as the physician and the patient approve.
I’m calling this prescription for empowering patients Decentralized Information Governance. It’s completely consistent with both Verma’s and Rucker’s vision. Because it’s also consistent with current law, it can be implemented by Medicare, Medicaid, VA, and All of US immediately by joining the Health Relationship Trust (HEART) workgroup and implementing our profiles in the VA BlueButton 2.0 and CMS MyHealthEData projects.
The key is for all of us to reject calls for centralized governance of information services by government, academic hospitals, or global corporations (Facebook, Google, etc…) that have all proved resistant to regulation in the digital age. We must also reject the idea that new information governance bureaucracies like DirectTrust, or CARIN Alliance, or some government-controlled Recognized Coordinating Entity can be invented to ensure that our incredibly valuable health information drives open medical science. Decentralized information governance explicitly gives each patient the power to choose which patient interest groups, community organizations, or congregations one trusts to control access to his or her health records for both clinical and research uses.