The Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid (CMS) have proposed final rules on interoperability, data blocking and other activities as part of implementing the 21st Century Cures Act. In this series, we will explore ideas behind the rules, why they are necessary and the expected impact. Given that these are complex and controversial topics open to interpretation, we invite readers to respond with their own ideas, corrections and opinions.
When it comes to sharing health data, the intent of the 21st Century Cures Act is clear: patients and clinicians should have access to data without special effort or excessive cost. To make this a reality, the act addresses three major areas: technical architecture, data sets and behaviors. Part two of our series looked at how APIs address technical issues while part three covered the new data requirements. In this article, we delve into information blocking. A companion podcast interview with ONC expert Michael Lipinski provides an even deeper dive into this complex topic.
Blocking Comes in Many Forms
The Public Health Services Act (PHSA) broadly defines information blocking as a practice that is “likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.” The overarching assumption is information will be shared though the Act does authorize the Secretary to identify reasonable and necessary exceptions.
The proposed rules focus on “technical requirements as well as the actions and practices of health IT developers in implementing the certified API.” Information blocking can come in a variety of forms. It can be direct and obvious (“No you can’t have this data ever!”) or indirect and subtle (“Sure, you can have the data, but it will cost you $$$ and we won’t be able to get to your request for at least 12 months.”). The proposed rules are designed to address both. This passage illustrates some of the concerns:
“Health IT developers are in a
unique position to block the export and portability of data for use in
competing systems or applications, or to charge rents for access to the basic
technical information needed to facilitate the conversion or migration of data
for these purposes.”
Among many healthcare providers, it’s been long-standing conventional wisdom (CW) that hoarding patient data is an effective business strategy to lock-in patients — “He who holds the data, wins”. However…we’ve never seen any evidence that this actually works…have you?
We’re here to challenge CW. In this article we’ll explore the rationale of “hoarding as business strategy”, review evidence suggesting it’s still prevalent, and suggest 7 reasons why we believe it’s a lousy business strategy:
Data Hoarding Doesn’t Work — It Doesn’t Lock-In Patients or Build Affinity
Convenience is King in Patient Selection of Providers
Loyalty is Declining, Shopping is Increasing
Providers Have a Decreasingly Small “Share” of Patient Data
Providers Don’t Want to Become a Lightning Rod in the “Techlash” Backlash
Hoarding Works Against Public Policy and the Law
Providers, Don’t Fly Blind with Value-Based Care
In the video below, Dr. Harlan Krumholz of Yale University School of Medicine capsulizes the rationale of hoarding as business strategy.
We encourage you to take a minute to listen to Dr. Krumholz, but if you’re in a hurry we’ve abstracted the most relevant portions of his comments:
“The leader of a very major healthcare system said this to me confidentially on the phone… ‘why would we want to make it easy for people to get their health data…we want to keep the patients with us so why wouldn’t we want to make it just a little more difficult for them to leave.’ …I couldn’t believe it a physician health care provider professional explaining to me the philosophy of that health system.”
By KENNETH D. MANDL, MD; DAN GOTTLIEB MPA; JOSH C. MANDEL, MD
The opportunity has never been greater to, at long last, develop a flourishing health information economy based on apps which have full access to health system data–for both patients and populations–and liquid data that travels to where it is needed for care, management and population and public health. A provision in the 21st Century Cures Act could transform how patients and providers use health information technology. The 2016 law requires that certified health information technology products have an application programming interface (API) that allows health information to be accessed, exchanged, and used “without special effort” and that provides “access to all data elements of a patient’s electronic health record to the extent permissible under applicable privacy laws.”
After nearly two years of regulatory work, an important rule on this issue is now pending at the Office of Management and Budget (OMB), typically a late stop before a proposed rule is issued for public comment. It is our hope that this rule will contain provisions to create capabilities for patients to obtain complete copies of their EHR data and for providers and patients to easily integrate apps (web, iOS and Android) with EHRs and other clinical systems.
Modern software systems use APIs to interact with each other and exchange data. APIs are fundamental to software made familiar to all consumers by Google, Apple, Microsoft, Facebook, and Amazon. APIs could also offer turnkey access to population health data in a standard format, and interoperable approaches to exchange and aggregate data across sites of care.
The focus on the CMS rules on information blocking continues on THCB. We’ve heard from Adrian Gropper & Deborah Peel at Patients Privacy Rights, and from e-Patient Dave at SPM and Michael Millenson. Now Adrian Gropper summarizes — and in an linked article –notates on the American Hospital Association’s somewhat opposite perspective–Matthew Holt
It’s “all hands on deck” for hospitals as CMS ponders the definition and remedies for 21st Century Cures Act information blocking.
This annotated excerpt from the recent public comments on CMS–1694–P, Medicare Program; Hospital Inpatient Prospective Payment Systems… analyzes the hospital strategy and exposes a campaign of FUD to derail HHS efforts toward a more patient-centered health records infrastructure.
Simply put, patient-directed health records sharing threatens the strategic manipulation of interoperability. When records are shared without patient consent under the HIPAA Treatment, Payment and Operations the hospital has almost total control.Continue reading…
Executive Summary of PPR Comments on Information Blocking
Information blocking is a multi-faceted problem that has proved resistant to over a decade of regulatory and market-based intervention. As Dr. Rucker said on June 19, “Health care providers and technology developers may have powerful economic incentives not to share electronic health information and to slow progress towards greater data liquidity.” Because it involves technology standards controlled by industry incumbents, solving this problem cannot be done by regulation alone. It will require the coordinated application of the “power of the purse” held by CMS, VA, and NIH.
PPR believes that the 21st Century Cures Act and HIPAA provide sufficient authority to solve interoperability on a meaningful scale as long as we avoid framing the problem in ways that have already been shown to fail such as “patient matching” and “trust federations”. These wicked problems are an institutional framing of the interoperability issue. The new, patient-centered framing is now being championed by CMS Administrator Verma and ONC Coordinator Rucker is a welcome path forward and a foundation to build upon.
To help understand the detailed comments below, consider the Application Programming Interface (API) policy and technology options according to two dimensions:
API Content and Security
Institution is Accountable
Patient is Accountable
API Security and Privacy
Broad, prior consent
Known to the practice
API Content / Data Model
Designated record set
Bulk (multi-patient) data
Designated record set
Wearables and monitors
This table highlights the features and benefits of interoperability based on institutional or individual accountability. This is not an either-or choice. The main point of our comments is that a patient-centered vision by HHS must put patient accountability on an equal footing with institutional accountability and ensure that Open APIs are accessible to patient-directed interoperability “without special effort” first, even as we continue to struggle with wicked problems of national-scale patient matching and national-scale trust federations.
Here are our detailed comments inline with the CMS questions in bold:Continue reading…