Senate hearing digs into interoperability, information blocking rules

The HELP Committee on Tuesday heard feedback from stakeholders about how the proposed rules from CMS and ONC should be fine-tuned for optimal effect.
By Mike Miliard
04:45 PM

On Capitol Hill on Tuesday, the Senate Committee on Health, Education, Labor and Pensions weighed the opportunities and challenges ahead as the interoperability provisions of the 21st Century Cures Act take shape.

Speaking of the proposed rules published by the Centers for Medicare & Medicaid Services and the Office of the National Coordinator for Health IT on February 11, Sen. Lamar Alexander, R-Tennessee, noted that, properly drafted, they'll help "give more than 125 million patients easier access to their own records in electronic format."

Moreover, he said, they'll enable clinicians – some of whom make "up to 4,000 mouse clicks per shift" – to spend less time on administrative chores and will improve efficiency to the tune of $3.3 billion a year.

But Alexander had concerns too. "Are we moving too fast? I urged the Obama administration to slow down the meaningful use program which they did not do," he said. "And looking back the results would've been better if it had."

He also wondered whether the proposed data management standards might be too rigid. He sought assurances that the regs would help "ensure patient privacy as patients gain more access and control over their personal health information."

And he wanted to make sure the rules, despite their prohibition on the hoarding of data, didn't leave the door open for "bad actors to game the system and continue to information block," said Alexander.

Alexander's colleague, Sen. Patty Murray, D-Washington, raised a similar point. Too many providers and payers set up barriers to free exchange of data, such as "exorbitant fees whenever someone sent received or even searched for a patient's information; contracts that restricted people's ability to access and share their own health information and systems built in ways that made sharing information needlessly complicated."

Maybe those organizations "missed the day in kindergarten about sharing," said Murray.

"Because putting something where only you can reach or charging excessive fees for it is absolutely not how it should be done, and it is absolutely not acceptable when it comes to people's health," she said. "We cannot afford to have bad actors who prioritize their bottom line over a patient's best interests."

That goes for the EHR makers themselves too. "We also cannot expect health IT systems to get better when some vendors include gag clauses that prevent care providers from speaking out about the problems or issues or errors they encounter," she said. "It should be easy for medical professionals to hear about a problem with a system they use and it should be easy for anyone to speak out when they see something that would jeopardize people's health."

ONC should take a broader view, says former official

Former ONC Chief Privacy Officer Lucia Savage, now chief privacy and regulatory officer at Omada Health, testified before the HELP Committee.

Info blocking isn't just bad for patients, she said. It's bad for business, and for innovation. She pointed to a recent article she'd co-written in the American Bar Association Antitrust Law Journal, exploring the anti-competitive effects of hoarding data.

As ONC works in earnest help patients wrest control of their own information, Savage said there were some areas where the agency could "push its vision more aggressively" – and some where it might want to "consider unintended consequences" of its rules.

For instance, the proposed rule "does strike a good balance on privacy and security," said Savage. "It has appropriate exceptions for privacy promises made to individuals, for state or federal laws, for securing one's own system, for system maintenance and for safety."

Still, it proposes "ongoing deference to organizational policies" that might be at odds with grassroots data sharing efforts or other "democratically developed privacy laws," she said, suggesting that ONC "consider a transition or sunset period, during which institutions have time to adapt to app-enabled health information exchange and to eliminate organizational policies that block appropriate flow of health facts."

Savage also suggested that the ONC proposal focuses its info blocking rules too narrowly, on a "subset of certified health information technology, primarily certified EHRs."

That view "leaves out many types of health information technology where individual's health facts are collected," she said. "For example, the proposed rule does not reach to health information technology in the emerging world of connected devices or software as a medical device. And it seems to omit any non-certified EHR such as a lab or pharmacy electronic records system that is not certified."

'I love my work,' said one physician. 'But this is hard.'

From the clinical perspective, Dr. Christopher Rehm, CMIO at Brentwood, Tennessee-based Lifepoint Health, said the changes set to be ushered in by the new rules aren't coming a moment too soon.

"Our clinical technology environment consists of over 20 distinct inpatient and ambulatory EHRs and countless vendor partners providing departmental and point solutions," Rehm explained. "It takes a tremendous amount of effort for our team to build, configure and tie together these systems so our medical teams are set up for success to provide safe efficient high quality care to every patient we see in the communities that we serve."

Despite those efforts, "our providers and patients are impacted by the lack of internal interoperability" on a daily basis, he said.

"I love my work and my colleagues love our work," said Rehm. "But this is hard. The lack of interoperability associated with our medical technology – some of it related to the technology itself, some it related to the regulations that apply to this technology, make it harder to do our job. Electronic medical records medical devices and patient monitors are supposed to help us be better caregivers. Instead, these technologies frequently add to the complexity and burden that we feel."

The HITECH Act and meaningful use did a great job catalyzing the move from paper to digital records, he said, but "unfortunately it did not address or create the underlying infrastructure of interoperability: to enable data liquidity across technologies."

As a result, "provider organizations have been left to bridge the gap with interface engines, workarounds and manual processes with varying degrees of success and reliability."

For that reason, Rehm took issue with the fact that the proposal puts some onus on already overburdened provider organizations.

"The CMS proposed rule would require hospitals to send electronic notifications when a patient is admitted, discharged or transferred as part of the conditions of participation," he said.

Rather than subject hospitals to further penalties for failing to comply with the rule, he asked that the administration continue to focus on existing interoperability priorities, such as advancing the goals of the Trusted Exchange Framework and Common Agreement and holding vendors accountable for the products that they develop.

And as for the notion of privacy and security, Rehm urged caution with a central concept of both CMS and ONC's proposed rules: patient-mediated interoperability, using smartphones and apps as key vectors for data exchange.

"The proposals both envision that unvetted third party applications will be accessing patient electronic health data via open APIs," he said.

"Personally, I like the idea of controlling my own data, but the truth is the vast majority of us, me included, do not read the entire terms of use agreement on every app or website that we enroll in," Rehm explained. "We believe our data is more private and secure than it actually is. The entrance of non-health care actors into the healthcare market – particularly those that fall outside of HIPAA requirements – necessitates strong principles of trust and security."

He suggested an "industry-backed process to independently vet these applications, to ensure they meet all relevant security standards, use data appropriately and in line with consumer expectations and, for those applications that offer medical advice, (ensure) the advice is clinically sound."

Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com

Healthcare IT News is a HIMSS Media publication.