Information Blocking–The AHA Comments & PPR Responds

The focus on the CMS rules on information blocking continues on THCB. We’ve heard from Adrian Gropper & Deborah Peel at Patients Privacy Rights, and from e-Patient Dave at SPM and Michael Millenson. Now Adrian Gropper summarizes — and in an linked article –notates on the American Hospital Association’s somewhat opposite perspective–Matthew Holt

It’s “all hands on deck” for hospitals as CMS ponders the definition and remedies for 21st Century Cures Act information blocking.

This annotated excerpt from the recent public comments on CMS–1694–P, Medicare Program; Hospital Inpatient Prospective Payment Systems…  analyzes the hospital strategy and exposes a campaign of FUD to derail HHS efforts toward a more patient-centered health records infrastructure.

Simply put, patient-directed health records sharing threatens the strategic manipulation of interoperability. When records are shared without patient consent under the HIPAA Treatment, Payment and Operations the hospital has almost total control.Patient and physician advocates like Patient Privacy Rights propose a patient-directed approach to national-scale health records sharing as a safe harbor for hospitals at risk of “information blocking”.  The consented approach, analogous to how our money is moved, avoids many privacy problems, does not require patient-matching, and avoids the hereto insurmountable problem of trust across the very diverse participants that make up a patient’s real-world care team.

The HITECH strategy of the previous Administration was markedly hospital-centered and has resulted in rising costs due to provider consolidation, a stunning lack of innovation in either technology or medical practice, and “burnout” on the part of disempowered physicians.

The bipartisan 21st Century Cures Act offers the current Administration the opportunity to change strategy in favor of a patient and physician-centered health IT architecture that regulates the interface (the Open API) rather than the software (the EHR). Needless to say, the hospitals would rather double-down on the current policies and continue to slow-walk any changes that might lead to practice innovation.

The linked document debates;

  • Conditions of Participation in Medicare as a payment-based stick instead of the hospital-centered carrots of the previous strategy;
  • The implementation of the Trusted Exchange Framework and Common Agreement (TEFCA) to fulfill 21st Century Cures mandates;
  • The definition of Information Blocking and the potential for a safe harbor when hospitals enable opt-in patient-directed sharing “without special effort”;
  • Avoiding a compromise between security and interoperability by implementing the recommendations of the API Task Force;
  • Using the new Medicare Blue Button 2.0 as a model for how institutions can share patient-level data cost-effectively, with each other;

The American Hospital Association has done all of us a great service by summarizing the laws and clearly arguing their position in a relatively succinct and readable manner. By using the comment format in a public Google document, PPR is keeping the structure of the AHA argument and offering an alternative recommendation, concisely.

ONC is hosting the 2nd Interoperability Forum on August 6th- 8th, 2018 (accessible online) and CMS is taking yet another round of public comment on some of this through September 10. Let us continue this exploration through your comments right here in THCB.

Adrian Gropper MD is CTO of Patient Privacy Rights

3 replies »

  1. Well written. Healthcare IT solutions need to be HIPAA compliant. Healthcare industry today is moving towards a completely new age of patient treatment, health monitoring, and management. Solutions like patient referral management, chronic care management, care management will be of great help to solve some of the major challenges.

  2. A good list. Allow me to stipulate all seven problems. The question then becomes:
    Who decides how much interoperability?
    – whoever has the data (the hospital these days, but often a lab or device vendor)
    – a licensed professional in the context of a patient relationship (not the hospital)
    – the patient (not the doctor or the hospital)
    – a bureaucracy or machine such as a health information exchange or TEFCA enforcer

    Are the deciders constrained by national boundary or culture?

    I find it much easier to think of interoperability in the sense of human agency (involving machines) rather than healthcare. Agency implies delegation the ability for a person to have a fiduciary, unconflicted relationship with a human or machine trustee.

    We all need doctors and lawyers to act as learned (and often licensed) intermediaries on our behalf. We trust these agents to the extent that we believe they are serving only our best interests and no other. Human dignity requires that these agents are not only accessible but substitutable. As machines, telemedicine, and AI get cheaper and more powerful some of them will seek to be our agents for certain things. Self-driving cars are leading this conversation today. Surgical robots will be semi-autonomous someday.

    Interoperability for our personal health data cannot be built on a foundation of information blocking lest it degrade fundamental human rights to self-determination. It has to be designed around giving agency to the individual first with almost fanatical scrutiny of any institutional or bureaucratic barriers such as we see in the proposed CMS Blue Button 2.0 implementation https://docs.google.com/document/d/1ayXdY5N8H_cK4HSNAozUKStHAhWFRgjfLqvlR28zTUE/edit#bookmark=id.mfbnvb5k358w

  3. One COULD make the case that too much interoperability is BAD:
    1. Because illnesses are often acute, evanescent and one-time events, the patients deserve a fresh look-see at their complaints without too much old group-think interference (bringing up old chronic diseases and encyclopedic records thereof.)
    2. Diagnoses may be made more accurate by new provider approaches, repeat lab work or new lab work, new images, etc. We all know that, signs and symptoms and lab findings and X-ray images constantly change, often week by week. It is often good to repeat lab work.
    3. The new provider may be highly distracted and made inefficient by having to review dozens of pages of history many of which may be no longer relevant to the new current illness.
    4. Each exchange of interoperable information to a new provider offers another exposure to computer hacking and loss of info security…increasing the total chances that loss of privacy will occur.
    5. Each provider possessing our health data is another potential seller of our information to third party advertisers and other commercial users.
    6. It is a tautology that providers handling all this old data as well as their own new data are going to spend more on data storage and data management. Hence, administrative health care costs will surely increase.
    7. Forced referrals to hospitals or other providers, i.e., market manipulation, may occur if certain providers can receive patient information and others cannot. I may not send my patient to hospital x if hospital y is connected to the information pipeline and x is not. The patient must direct this flow.

    Actually, I’m in favor of some interoperability–i.e. information exchange–just the right amount, directed precisely by the patient as Adrain outlines. The problem is: it is not now a big problem. The government has believed in a shibboleth–“it is wasteful to have to repeat lab work, blah blah”–but we are wasting gobs of energy trying to do something that is of minor importance and could have major bad effects…as above.