Live from the tradeshow floor of HIMSS, it’s Health in 2 Point 00! And no, I’m not fading away from coronavirus on this episode—but how many people could I have singlehandedly infected had the conference gone forward? On Episode 111, Jess and I have some fun with virtual backgrounds and talk about all of the things we’re missing at HIMSS right now. From what Trump would’ve said had he gotten the opportunity to speak, to what conversation would’ve gone on about the new ONC rules, to the big funding announcement we missed, here’s everything that succumbed to #HIMSSpocalypse2020. —Matthew Holt
Remembering the Real Stakeholders: Patient Privacy Rights Comments on the Proposed CMS Regulation Pursuant to the Cures Act
By ADRIAN GROPPER, MD and DEBORAH C. PEEL, MD
Electronic health records (EHRs) are a polarizing issue in health reform. In their current form, they are frustrating to many physicians and have failed to support cost improvements. The current round of federal intervention is proposed rulemaking pursuant to the 21st Century Cures Act calls for penalties for “information blocking” and for technology that physicians and patients could use “without special effort.”
The proposed rules are over one thousand pages of technical jargon that aims to govern how one machine communicates with another when the content of the communication is personal and very valuable information about an individual. Healthcare is a challenging and unique industry when it comes to interoperability. Hospitals spend lavishly on EHRs and pursue information blocking as a means to manipulate the physicians and patients who might otherwise bypass the hospital on the way to health reform. The result is a broken market where physicians and patients directly control trillions of dollars in spending but have virtually zero market power over the technology that hospitals and payers operate as information brokers.
What follows below are comments by Patient Privacy Rights on the proposed rule. The common thread of our comments is the need to treat patients and physicians, not the data brokers, as the real stakeholders.
Comments to the ONC Rule
Overview: 21st Century health care innovation, policy, and practice is increasingly dependent on personal information. This is obvious with respect to machine learning and risk adjustment, but personal information is now central to the competitive strategy for most of the health care economy, clinical as well as research. ONC’s drafting of this rule reflects the importance of competition to innovation and cost containment.
By DAVE LEVIN, MD and NIKKI KENT
The Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid (CMS) have proposed final rules on interoperability, data blocking, and other activities as part of implementing the 21st Century Cures Act. In this series, we will explore ideas behind the rules, why they are necessary and the expected impact. Given that these are complex and controversial topics are open to interpretation, we invite readers to respond with their own ideas, corrections and opinions.
Interventions to Address Market Failures
Many of the rules proposed by CMS and ONC are evidence-based interventions aimed at critical problems that market forces have failed to address. One example of market failure is the long-standing inability for health care providers and insurance companies to find a way to exchange patient data. Each has critical data the other needs and would benefit from sharing. And, as CMS noted, health plans are in a “unique position to provide enrollees a complete picture of their clams and encounter data.” Despite that, technical and financial issues, as well as a general air of distrust from decades of haggling over reimbursement, have prevented robust data exchange. Remarkably, this happens in integrated delivery systems which, in theory, provide tight alignment between payers and providers in a unified organization.
With so much attention focused on requirements for health IT companies like EHR vendors and providers, it is easy to miss the huge impact that the new rules is likely to have for payers. But make no mistake, if implemented as proposed, these rules will have a profound impact on the patient’s ability to gather and direct the use of their personal health information (PHI). They will also lead to reduced fragmentation and more complete data sets for payers and providers alike.
Overview of Proposed CMS Rules on Information Sharing and Interoperability
The proposed CMS rules affect payers, providers, and patients stating that they:
- Require payers to make patient health information available electronically through a standardized, open application programming interface (API)
- Promote data exchange between payers and participation in health information exchange networks
- Require payers to provide additional resources on EHR, privacy, and security
- Require providers to comply with new electronic notification requirements
- Require states to better coordinate care for Medicare-Medicaid dually eligible beneficiaries by submitting buy-in data to CMS daily
- Publicly disclose when providers inappropriately restrict the flow of information to other health care providers and payers
By ZOYA KHAN
Today, THCB is spotlighting Lygeia Ricciardi. As the former Director of Consumer e-Health at the ONC, Lygeia tells us about patient access to health data and the ONC and CMS’s new rules on interoperability. But now, she’s the CTO of Carium Health, going from a “consumer activist consultant-type” to actually working with a startup. Carium provides a platform for consumer empowerment and engagement, helping to guide individuals through their health care and wellness journeys.
By DAVE LEVIN, MD and GRANT BARRICK
The Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid (CMS) have proposed final rules on interoperability, data blocking, and other activities as part of implementing the 21st Century Cures Act. In this series, we will explore the ideas behind the rules, why they are necessary and the expected impact. Given that these are complex and controversial topics open to interpretation, we invite readers to respond with their own ideas, corrections, and opinions. In part five of this series, we look at how competition unlocks innovation, and how the proposed rules may disrupt the balance between innovation, intellectual property (IP), and supporting business models.
The recent publication of proposed rules by ONC and CMS set off a flurry of activity. In anticipation of their implementation, the health care industry is wrestling with many questions around business models. What practices inhibit competition and innovation? How do we balance the need for competition while protecting legitimate intellectual property rights? How can vendors ensure profit growth when pricing is heavily regulated? In this article, we will examine how competition unlocks innovation and the possible disruptions the proposed rules may bring for innovation, intellectual property (IP) and supporting business models.
Unlocking Innovation via Competition
In most markets, innovation is driven forward by competition. Businesses compete on equal footing, and their investment in R&D drives innovation forward. Innovation in health care has been dramatically outpaced by other markets, leading to an urgent need for both disruptive and evolutionary innovation.
What is inhibiting health care innovation? The rules identify a combination of tactics employed in health care that restrict the free flow of clinical data, such as:
- Confidentiality Clauses
- Hold-harmless Agreements
- Licensing Language
These tactics slow innovation by contributing to an environment where stakeholders resist pushing the boundaries — often because they are contractually obligated not to. The legislation and proposed rules are designed to address the ongoing failure of the market to resolve these conflicts.
As the rules are finalized, we will continue to monitor whether the ONC defines these practices as innovation stifling and how they will implement regulations — both carrot and stick — to move the industry forward.
By DAVE LEVIN MD
The Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid (CMS) have proposed final rules on interoperability, data blocking and other activities as part of implementing the 21st Century Cures Act. In this series, we will explore ideas behind the rules, why they are necessary and the expected impact. Given that these are complex and controversial topics open to interpretation, we invite readers to respond with their own ideas, corrections and opinions.
When it comes to sharing health data, the intent of the 21st Century Cures Act is clear: patients and clinicians should have access to data without special effort or excessive cost. To make this a reality, the act addresses three major areas: technical architecture, data sets and behaviors. Part two of our series looked at how APIs address technical issues while part three covered the new data requirements. In this article, we delve into information blocking. A companion podcast interview with ONC expert Michael Lipinski provides an even deeper dive into this complex topic.
Information Blocking Comes in Many Forms
The Public Health Services Act (PHSA) broadly defines information blocking as a practice that is “likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.” The overarching assumption is information will be shared though the Act does authorize the Secretary to identify reasonable and necessary exceptions.
The proposed rules focus on “technical requirements as well as the actions and practices of health IT developers in implementing the certified API.” Information blocking can come in a variety of forms. It can be direct and obvious (“No you can’t have this data ever!”) or indirect and subtle (“Sure, you can have the data, but it will cost you $$$ and we won’t be able to get to your request for at least 12 months.”). The proposed rules are designed to address both. This passage illustrates some of the concerns:
“Health IT developers are in a unique position to block the export and portability of data for use in competing systems or applications, or to charge rents for access to the basic technical information needed to facilitate the conversion or migration of data for these purposes.”
By DAVE LEVIN, MD and MATT HUMPHREY
The Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid (CMS) have proposed final rules on interoperability, data blocking and other activities as part of implementing the 21st Century Cures Act. In this series, we will explore the ideas behind the rules, why they are necessary and the expected impact. Given that these are complex and controversial topics open to interpretation, we invite readers to respond with their own ideas, corrections and opinions. In part three of this series, we look at how the new USCDI draft helps foster innovation.
The U.S. Core Data for Interoperability (USCDI) draft is a step forward toward expanding the 21st Century Cures Act. The Cures Act was helpful in moving the needle for interoperability and defining data blocking. The latest draft of the USCDI is meant to further specify what data should be shared freely.
In this article, we’ll look at the data added to the Common Clinical Data Set (CCDS) used for ONC certification. We’ll walk through the proposed plan to add more data over time. And we’ll explore why this is a step in the right direction toward increased data sharing.
New Shared Data
The bulk of the datasets in the USCDI comes from the Common Clinical Data Set (CCDS), which was last updated in 2015. The new USCDI draft adds two types of data:
- Clinical notes: both structured and unstructured. EHRs store these notes differently, but both are important and helpful in data analysis.
- Provenance: an audit trail of the data, showing where it came from. It is metadata, or information about the data, that shows who created it and when.
The Fast Healthcare Interoperability Resources (FHIR) have created standards around APIs used to access health care data. APIs developed under the FHIR standard aligns with the USCDI to meet the proposed certification rules. The USCDI draft recommends using a FHIR compliant API to access the data.
By DAVE LEVIN MD
The Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid (CMS) have proposed final rules on interoperability, data blocking and other activities as part of implementing the 21st Century Cures Act. In this series, we will explore the ideas behind the rules, why they are necessary and the expected impact. Given that these are complex and controversial topics open to interpretation, we invite readers to respond with their own ideas, corrections and opinions. You can find Part 1 of the series here.
In 2016, Congress enacted the 21st Century Cures Act with specific goals to “advance interoperability and support the access, exchange and use of electronic health information.” The purpose was to spur innovation and competition in health IT while ensuring patients and providers have ready access to the information and applications they need.
The free flow of data and the ability for applications to connect and exchange it “without special effort” are central to and supported by a combination of rules proposed by ONC and CMS. These rules address both technical requirements and expected behaviors. In this article, we look at specific technical and behavioral requirements for interoperability. Future articles will examine data blocking and other behavioral issues.
Compatible “Plugs and Sockets”
The proposed rules explicitly mandate the adoption and use of application programming interface (API) technology (or a successor) for a simple reason: APIs have achieved powerful, scalable and efficient interoperability across much of the digital economy. Put simply, APIs provide compatible “plugs and sockets” that make it easy for different applications to connect, exchange data and collaborate. They are an essential foundation for building the next generation of health IT applications. (Note: readers who want to go deeper into APIs can do so at the API Learning Center).
APIs are versatile and flexible. This makes them powerful but can also lead to wide variations in how they work. Therefore, ONC is proposing that certified health IT applications use a specific API based on the Fast Healthcare Interoperability Resources (FHIR) specification. FHIR is a consensus standard developed and maintained by the standards development organization (SDO) Health Level–7 (HL7). Mandating the use of the FHIR standard API helps to ensure a foundational compatibility and basic interoperability. This gives API technology suppliers (like EHR vendors) a clear set of standards to follow in order to fulfill the API requirement. It also ensures “consumers” of that API (like hospitals and health IT developers), have consistency when integrating applications.
By ADRIAN GROPPER
Imagine solving wicked problems of patient matching, consent, and a patient-centered longitudinal health record while also enabling a world of new healthcare services for patients and physicians to use. The long-awaited Notice of Proposed Rulemaking (NPRM) on information blocking from the Office of the National Coordinator for Health Information Technology (ONC) promises nothing less.
Having data automatically follow the patient is a laudable goal but difficult for reasons of privacy, security, and institutional workflow. The privacy issues are clear if you use surveillance as the mechanism to follow the patient. Do patients know they’re under surveillance? By whom? Is there one surveillance agency or are there dozens in real-world practice? Can a patient choose who does the surveillance and which health encounters, including behavioral health, social relationships, location, and finance are excluded from the surveillance?
The security issues are pretty obvious if one uses the National Institutes of Standards and Technology (NIST) definition of security versus privacy: Security breaches, as opposed to privacy breaches, are unintentional — typically the result of hacks or bugs in the system. Institutional workflow issues also pose a major difficulty due to the risk of taking responsibility for information coming into a practice from uncontrolled sources. Whose job is it to validate incoming information and potentially alter the workflow? Can this step be automated with acceptable risk?
It’s not hard to see how surveillance as the basis for health information sharing would be contentious and risk the trust that’s fundamental to both individual and public health. Nowhere is this more apparent than in the various legislative efforts currently underway to expand HIPAA to include behavioral health and social determinants of health, preempt state privacy laws, grant data brokers HIPAA Covered Entity status, and limit transparency of how personal data is privately used for “predictive analytics”, machine learning, and artificial intelligence.
We almost forgot to do Health in 2 Point 00 at HIMSS—but don’t worry, here it is. On Episode 70, Jess and I give you a rundown of everything that happened at HIMSS. Jess asks me about the biggest gossip at HIMSS (anyone notice Atul Gawande wasn’t there?), all the talk about ONC rules, new and exciting things at the exhibit hall, and the best and worst parties of HIMSS.—Matthew Holt