Wednesday, July 6, 2016

An Alternative Proposal for Certification

Some have suggested that my comments over the past few months about the Meaningful Use program, MACRA/MIPS, and Certification imply that we should just give up - throw out the baby with the bath water.

That’s not what I’ve written.

Here’s a clarification.

I believe MACRA/MIPS is the right trajectory - create a set of desirable policy outcomes, then enable clinicians to choose technology, quality measures, and process improvements that are relevant to their practice.

Although the current MACRA formula is overly complex, it’s the right idea and I’m confident that CMS will revise the notice of proposed rulemaking appropriately.    My metric for MACRA’s success is simple - can a clinician keep three goals in mind while seeing a patient and be rewarded if successful i.e.

Ensure care is delivered in the most appropriate location in the community (urgent care, home care, rural hospital)
Focus on wellness/prevention
Avoid redundant and unnecessary testing, medications, and procedures

My issue is that MACRA currently “inherits” the flawed 2015 Certification Rule that is a kitchen sink of immature standards and a black hole for developers.   Overly zealous regulatory ambition resulted in a Rule that has basically stopped industry innovation for 24-36 months since it has listed every use case for every purpose including those unrelated to Meaningful Use and MACRA.   For vendors, every “OR” means an “AND” - developers must implement everything in the Rule because some stakeholder will demand every transaction in the regulation.   There was little curation in the Rule and most of the HIT Standards Committee recommendations to limit scope were ignored.

Here’s my recommendation for the path forward.   When the MACRA/MIPS rule is finalized it needs to reduce or eliminate dependency on the 2015 Certification Rule.  I realize that is highly unlikely because the Obama administration is drawing to a close and as of June 2016, there was not enough time for clearance processes to consider any major changes in regulations.   However, the entire HIT ecosystem is begging CMS to realize that the 2015 Certification Rule is mostly burden without benefit  - it paralyzes the industry for years without increasing interoperability.   Maybe subregulatory guidance can help diminish the role of the 2015 Certification Rule in MACRA/MIPS if regulatory change is impossible.

I’ve said this many times before, but here it is again for clarity.    There are 3 kinds of interoperability - push, pull and view.

To push data from one place to another you need a directory of endpoints (could be a provider, patient, payer, quality registry, or clinical trial database), a means (technical or policy) to trust those endpoints, and  a transmission standard to send data to an endpoint.    The right approach is to use a FHIR-based query/response for endpoint addresses, a private industry enabler for trust (such as DirectTrust, Surescripts, Commonwell etc) and a RESTful approach to push data from point to point, although the Direct protocol will suffice, given the regulatory and political history of the past 5 years.   Remember, Direct was a political compromise.  REST was always the desired technical solution.

To pull data from one place to another you need a master patient index/record locator service, a consent registry, and a query/response transaction for the data.    The right approach is to use a FHIR query/response for the master patient index/record locator service, and a FHIR query/response to request the records.   Consent can be handled in policy, technology or both.

To view data from one EHR in another EHR you need a means to identify the patient (probabilistic matching based on name/gender/data of birth or a national healthcare identifier).   You need shared authentication and authorization of trust such as OAUTH2/OpenID and a means of calling a remote viewer using a URL (a RESTful approach)

If I were King for a day, I would require certification of only 5 things

a.  Use of OAUTH2/OpenID to demonstrate an organization is a trusted exchange partner
b.  Use of a FHIR-based query to request the electronic endpoint address for a push transaction.
c.  Use of  a RESTful approach to push data to an endpoint
d.  Use of a FHIR-based query to request an enumeration of a patient’s record locations
e.  Use of a FHIR-based query to exchange the actual record (a common data set of key elements using the best available vocabulary standards)

We should limit certification to production testing of an EHR’s ability to do those 5 things.  The result would be seamless interoperability controlled by providers and patients, empowered by the vendors.

Developers would then return their programming resources to innovation and meeting their customer needs.

If Brexit taught us anything, it’s that over regulation leads to a demand for relief.

Pythagoras' Theorem has 24 words

Archimedes’ Principle has 67 words

The Ten Commandments has 179 words

The US Declaration of Independence has 1300 words

As a comparison, the 2015 Certification Rule document has 166,733 words.

As I’ve said in an earlier post, we need to step back and ask what we’ve done to ourselves.  We can be thoughtful and incremental about addressing regulatory zeal and we should start by eliminating the concept of Certification as it exists, replacing it with only 5 criteria that are easy to understand and measure.


Michael Banks said...

Very good post. Hopefully someone will actually listen to you.
What I do like: Stop the madness, simplify completely to a max of 3 things.
Basically end just has to do a few things...then get out of the way
of providers working with vendors. I am slightly worried about the heavy FHIR dependency since
its not a mature standard, but we need to start somewhere. The rest of the certification rules are truly a
I do however believe what you said earlier about "time to get out" of the profession if the present MACRA proposal stays, as the complex regulations and habit of penalizing already burdened providers has severely damaged the medical profession.
I also feel that you have backed off due to political pressure....that you do notice that your colleagues/providers have been unfairly abused and are desperate and demoralized.

Tripp Bradd, MD said...

You go to my suggestion of:

Anonymous said...

"Dr. Halamka, Please consider a fourth goal for what a clinician needs to keep in mind at all times: Ensure patient participation in assessment of problems and treatment options. (I leave out the adjectives we all know are essential: meaningful participation, literate patient, culturally relevant assessment, comprehensive options, etc.) Everything in this blog is consistent with this goal but a nod to the endpoint of care would signify where your heart is. Lucy Johns MPH, Bd of Directors, DirectTrust"

Brian Ahier said...

Not wanting to over complicate things, but from the experience of requiring a Trust Framework to allow exchange to scale I would add a sixth thing: Use of a national trust framework to ensure security and assurance of identity.