By ADRIAN GROPPER, MD
The original sin of health records interoperability was the loss of consent in HIPAA. In 2000, when HIPAA (Health Insurance Portability and Accountability Act) first became law, the Internet was hardly a thing in healthcare. The Nationwide Health Information Network (NHIN) was not a thing until 2004. 2009 brought us the HITECH Act and Meaningful Use and 2016 brought the 21st Century Cures Act with “information blocking” as clear evidence of bipartisan frustration. Cures, in 2018, begat TEFCA, the draft Trusted Exchange Framework and Common Agreement. The next update to the draft TEFCA is expected before 2019 which is also the year that Meaningful Use Stage 3 goes into effect.
Over nearly two decades of intense computing growth, the one thing that has remained constant in healthcare interoperability is a strategy built on keeping patient consent out of the solution space. The 2018 TEFCA draft is still designed around HIPAA and ongoing legislative activity in Washington seeks further erosion of patient consent through the elimination of the 42CFR Part 2 protections that currently apply to sensitive health data like behavioral health.
The futility of patient matching without consent parallels the futility of large-scale interoperability without consent. The lack of progress in patient matching was most recently chronicled by Pew through a survey and a Pew-funded RAND report. The Pew survey was extensive and the references cite the significant prior efforts including a 100-expert review by ONC in 2014 and the $1 million CHIME challenge in 2017 that was suspended – clear evidence of futility.