Electronic health records (EHRs) are a polarizing issue in health reform. In their current form, they are frustrating to many physicians and have failed to support cost improvements. The current round of federal intervention is proposed rulemaking pursuant to the 21st Century Cures Act calls for penalties for “information blocking” and for technology that physicians and patients could use “without special effort.”
The proposed rules are over one thousand pages of technical jargon that aims to govern how one machine communicates with another when the content of the communication is personal and very valuable information about an individual. Healthcare is a challenging and unique industry when it comes to interoperability. Hospitals spend lavishly on EHRs and pursue information blocking as a means to manipulate the physicians and patients who might otherwise bypass the hospital on the way to health reform. The result is a broken market where physicians and patients directly control trillions of dollars in spending but have virtually zero market power over the technology that hospitals and payers operate as information brokers.
What follows below are comments by Patient Privacy Rights on the proposed rule. The common thread of our comments is the need to treat patients and physicians, not the data brokers, as the real stakeholders.
Comments to the ONC Rule
Overview: 21st Century health care innovation, policy, and practice is increasingly dependent on personal information. This is obvious with respect to machine learning and risk adjustment, but personal information is now central to the competitive strategy for most of the health care economy, clinical as well as research. ONC’s drafting of this rule reflects the importance of competition to innovation and cost containment.
Office of the National Coordinator (ONC) and the Centers for Medicare and
Medicaid (CMS) have proposed final rules on
interoperability, data blocking, and other activities as part of implementing
the 21st Century Cures Act. In this series, we will explore ideas
behind the rules, why they are necessary and the expected impact. Given that
these are complex and controversial topics are open to interpretation, we
invite readers to respond
with their own ideas, corrections and opinions.
Interventions to Address Market Failures
Many of the rules proposed
by CMS and ONC are evidence-based interventions aimed at critical problems that
market forces have failed to address. One example of market failure is the long-standing inability for health care
providers and insurance companies to find a way to exchange patient data. Each
has critical data the other needs and would benefit from sharing. And, as CMS
noted, health plans are in a “unique position to provide enrollees a complete
picture of their clams and encounter data.” Despite that, technical and
financial issues, as well as a general air of distrust from decades of haggling
over reimbursement, have prevented robust data exchange. Remarkably, this happens
in integrated delivery systems which, in theory, provide tight alignment between
payers and providers in a unified organization.
With so much attention
focused on requirements for health IT companies like EHR vendors and providers,
it is easy to miss the huge impact that the new rules is likely to have for
payers. But make no mistake, if implemented as proposed, these rules will have
a profound impact on the patient’s ability to gather and direct the use of
their personal health information (PHI). They will also lead to reduced
fragmentation and more complete data sets for payers and providers alike.
Overview of Proposed CMS Rules on Information
Sharing and Interoperability
The proposed CMS rules
affect payers, providers, and patients stating that they:
Require payers to make
patient health information available electronically through a standardized,
open application programming interface (API)
Promote data exchange
between payers and participation in health information exchange networks
Require payers to provide
additional resources on EHR, privacy, and security
Require providers to comply
with new electronic notification requirements
Require states to better
coordinate care for Medicare-Medicaid dually eligible beneficiaries by
submitting buy-in data to CMS daily
Publicly disclose when
providers inappropriately restrict the flow of information to other health care providers and payers
Today, THCB is spotlighting Lygeia Ricciardi. As the former Director of Consumer e-Health at the ONC, Lygeia tells us about patient access to health data and the ONC and CMS’s new rules on interoperability. But now, she’s the CTO of Carium Health, going from a “consumer activist consultant-type” to actually working with a startup. Carium provides a platform for consumer empowerment and engagement, helping to guide individuals through their health care and wellness journeys.
The Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid (CMS) have proposed final rules on interoperability, data blocking, and other activities as part of implementing the 21st Century Cures Act. In this series, we will explore the ideas behind the rules, why they are necessary and the expected impact. Given that these are complex and controversial topics open to interpretation, we invite readers to respond with their own ideas, corrections, and opinions. In part five of this series, we look at how competition unlocks innovation, and how the proposed rules may disrupt the balance between innovation, intellectual property (IP), and supporting business models.
The recent publication of proposed rules by ONC and CMS set off a flurry of activity. In anticipation of their implementation, the health care industry is wrestling with many questions around business models. What practices inhibit competition and innovation? How do we balance the need for competition while protecting legitimate intellectual property rights? How can vendors ensure profit growth when pricing is heavily regulated? In this article, we will examine how competition unlocks innovation and the possible disruptions the proposed rules may bring for innovation, intellectual property (IP) and supporting business models.
In most markets, innovation is driven forward by competition. Businesses compete on equal footing, and their investment in R&D drives innovation forward. Innovation in health care has been dramatically outpaced by other markets, leading to an urgent need for both disruptive and evolutionary innovation.
What is inhibiting health care innovation? The rules identify a combination of tactics employed in health care that restrict the free flow of clinical data, such as:
These tactics slow innovation by contributing to an
environment where stakeholders resist pushing the boundaries — often because
they are contractually obligated not
to. The legislation and proposed rules are designed to address the ongoing
failure of the market to resolve these conflicts.
As the rules are finalized, we will continue to monitor whether
the ONC defines these practices as innovation stifling and how they will
implement regulations — both carrot and stick — to move the industry forward.
The Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid (CMS) have proposed final rules on interoperability, data blocking and other activities as part of implementing the 21st Century Cures Act. In this series, we will explore ideas behind the rules, why they are necessary and the expected impact. Given that these are complex and controversial topics open to interpretation, we invite readers to respond with their own ideas, corrections and opinions.
When it comes to sharing health data, the intent of the 21st Century Cures Act is clear: patients and clinicians should have access to data without special effort or excessive cost. To make this a reality, the act addresses three major areas: technical architecture, data sets and behaviors. Part two of our series looked at how APIs address technical issues while part three covered the new data requirements. In this article, we delve into information blocking. A companion podcast interview with ONC expert Michael Lipinski provides an even deeper dive into this complex topic.
Blocking Comes in Many Forms
The Public Health Services Act (PHSA) broadly defines information blocking as a practice that is “likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.” The overarching assumption is information will be shared though the Act does authorize the Secretary to identify reasonable and necessary exceptions.
The proposed rules focus on “technical requirements as well as the actions and practices of health IT developers in implementing the certified API.” Information blocking can come in a variety of forms. It can be direct and obvious (“No you can’t have this data ever!”) or indirect and subtle (“Sure, you can have the data, but it will cost you $$$ and we won’t be able to get to your request for at least 12 months.”). The proposed rules are designed to address both. This passage illustrates some of the concerns:
“Health IT developers are in a
unique position to block the export and portability of data for use in
competing systems or applications, or to charge rents for access to the basic
technical information needed to facilitate the conversion or migration of data
for these purposes.”
The Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid (CMS) have proposed final rules on interoperability, data blocking and other activities as part of implementing the 21st Century Cures Act. In this series, we will explore the ideas behind the rules, why they are necessary and the expected impact. Given that these are complex and controversial topics open to interpretation, we invite readers to respond with their own ideas, corrections and opinions. In part three of this series, we look at how the new USCDI draft helps foster innovation.
The U.S. Core Data for Interoperability
(USCDI) draft is a step forward toward expanding the 21st Century
Cures Act. The Cures Act was helpful in moving the needle for interoperability
and defining data blocking. The latest draft of the USCDI is meant to further specify
what data should be shared freely.
In this article, we’ll look at the data added
to the Common Clinical Data Set (CCDS) used for ONC certification. We’ll walk
through the proposed plan to add more data over time. And we’ll explore why
this is a step in the right direction toward increased data sharing.
The bulk of the datasets in the USCDI comes
from the Common Clinical Data Set (CCDS), which was last updated in 2015. The
new USCDI draft adds two types of data:
Clinical notes: both structured
and unstructured. EHRs store these notes differently, but both are important
and helpful in data analysis.
Provenance: an audit trail of the data, showing where it
came from. It is metadata, or information about the data, that shows who
created it and when.
The Fast Healthcare Interoperability Resources (FHIR) have created standards around APIs used to access health care data. APIs developed under the FHIR standard aligns with the USCDI to meet the proposed certification rules. The USCDI draft recommends using a FHIR compliant API to access the data.
The Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid (CMS) have proposed final rules on interoperability, data blocking and other activities as part of implementing the 21st Century Cures Act. In this series, we will explore the ideas behind the rules, why they are necessary and the expected impact. Given that these are complex and controversial topics open to interpretation, we invite readers to respond with their own ideas, corrections and opinions. You can find Part 1 of the series here.
In 2016, Congress enacted the 21st Century Cures Act with specific goals to “advance interoperability and support the access, exchange and use of electronic health information.” The purpose was to spur innovation and competition in health IT while ensuring patients and providers have ready access to the information and applications they need.
The free flow of data and the ability for applications to connect and exchange it “without special effort” are central to and supported by a combination of rules proposed by ONC and CMS. These rules address both technical requirements and expected behaviors. In this article, we look at specific technical and behavioral requirements for interoperability. Future articles will examine data blocking and other behavioral issues.
Compatible “Plugs and Sockets”
The proposed rules explicitly mandate the adoption and use of application programming interface (API) technology (or a successor) for a simple reason: APIs have achieved powerful, scalable and efficient interoperability across much of the digital economy. Put simply, APIs provide compatible “plugs and sockets” that make it easy for different applications to connect, exchange data and collaborate. They are an essential foundation for building the next generation of health IT applications. (Note: readers who want to go deeper into APIs can do so at the API Learning Center).
APIs are versatile and flexible. This makes them powerful but can also lead to wide variations in how they work. Therefore, ONC is proposing that certified health IT applications use a specific API based on the Fast Healthcare Interoperability Resources (FHIR) specification. FHIR is a consensus standard developed and maintained by the standards development organization (SDO) Health Level–7 (HL7). Mandating the use of the FHIR standard API helps to ensure a foundational compatibility and basic interoperability. This gives API technology suppliers (like EHR vendors) a clear set of standards to follow in order to fulfill the API requirement. It also ensures “consumers” of that API (like hospitals and health IT developers), have consistency when integrating applications.
Imagine solving wicked problems of patient matching, consent, and a patient-centered longitudinal health record while also enabling a world of new healthcare services for patients and physicians to use. The long-awaited Notice of Proposed Rulemaking (NPRM) on information blocking from the Office of the National Coordinator for Health Information Technology (ONC) promises nothing less.
Having data automatically follow the patient is a laudable goal but difficult for reasons of privacy, security, and institutional workflow. The privacy issues are clear if you use surveillance as the mechanism to follow the patient. Do patients know they’re under surveillance? By whom? Is there one surveillance agency or are there dozens in real-world practice? Can a patient choose who does the surveillance and which health encounters, including behavioral health, social relationships, location, and finance are excluded from the surveillance?
The security issues are pretty obvious if one uses the National Institutes of Standards and Technology (NIST) definition of security versus privacy: Security breaches, as opposed to privacy breaches, are unintentional — typically the result of hacks or bugs in the system. Institutional workflow issues also pose a major difficulty due to the risk of taking responsibility for information coming into a practice from uncontrolled sources. Whose job is it to validate incoming information and potentially alter the workflow? Can this step be automated with acceptable risk?
It’s not hard to see how surveillance as the basis for health information sharing would be contentious and risk the trust that’s fundamental to both individual and public health. Nowhere is this more apparent than in the various legislative efforts currently underway to expand HIPAA to include behavioral health and social determinants of health, preempt state privacy laws, grant data brokers HIPAA Covered Entity status, and limit transparency of how personal data is privately used for “predictive analytics”, machine learning, and artificial intelligence.
We almost forgot to do Health in 2 Point 00 at HIMSS—but don’t worry, here it is. On Episode 70, Jess and I give you a rundown of everything that happened at HIMSS. Jess asks me about the biggest gossip at HIMSS (anyone notice Atul Gawande wasn’t there?), all the talk about ONC rules, new and exciting things at the exhibit hall, and the best and worst parties of HIMSS.—Matthew Holt