Wednesday, May 20, 2015

21st Century Cures Act

I’m in Washington today for the HIT Standards Committee and I will post the usual summary of the meeting this evening.  However, I wanted to post a morning preview of the opening comments I’ll make a the meeting.

We are in a time of great turmoil in healthcare IT policy making.   We have the CMS and ONC Notices of Proposed Rulemaking for Meaningful Use Stage 3, both of which need to be radically pared down.   We have the Burgess Bill which attempts to fix interoperability with the blunt instrument of legislation.  Most importantly we have the 21st Century Cures Act, which few want to publicly criticize.   I’m happy to serve as the lightening rod for this discussion, pointing out the assumptions that are unlikely to be helpful and most likely to be hurtful.

The interoperability language to be included in the 21st Century Cures Act would sunset the Health IT Standards Committee while a new “charter organization” would help define the standards of interoperability.

Under the latest language, which was revised over the weekend and yesterday, electronic records must meet those interoperability standards by Jan. 1, 2018 and face being decertified by Jan. 1, 2019 if they don’t.

The bill would also require EHR vendors to publish their application program interfaces. Vendors must also publish fees to “purchase, license, implement, maintain, upgrade, use or otherwise enable and support” their products.

There is no provision mentioning the sharing of substance abuse treatment records, which Rep. Tim Murphy said last week he was working to include. Congressional staffers said the version the House Energy and Commerce Committee marks up Wednesday may still be changed before a floor vote, which is expected sometime next month.

It does not make sense to officially sanction a “charter organization” and seed it with $10 million, creating yet another player in an already crowded field of groups working on interoperability.  I agree that coordinating the standards development organizations makes a lot of sense -- why not just direct ONC to create a permanent Task Force that reports to the HIT Standards Committee, and let ONC support it out of existing resources?

The drafts have other significant issues

“standards to measure interoperability” –  I have no idea what that means.  I suggest that ONC create and report outcome measures that require interoperability rather than trying to measure the process of interoperability.  With Meaningful Use Stage 2 we experienced the failure of process measures to truly measure interoperability - transitions of care sent from and to the same organizations, transitions of care sent to an outside organization then thrown away.

“information blocking” - I believe this concept is like the Loch Ness Monster, often described but rarely seen.   As written, the information blocking language will result in some vendors lobbying in new political forums (Federal Trade Commission and Inspector General) to investigate every instance where they are getting beaten in the market by other vendors.  The criteria are not objective and will be unenforceable except in the most egregious cases, which none of us have ever experienced.

“De-certification” makes no sense.  Every provider would have to be granted a hardship exemption, so what is the point of the decertification?

So, how do we accelerate interoperability?

1.  Make Meaningful Use and certification more manageable by narrowing its scope but tightening its enforcement.  Encourage and expand value-based purchasing initiatives and sunset Meaningful Use as quickly as possible. Meaningful Use/certification should be used to lay the foundation ecosystem, but value-based purchasing is what will transform health care.

2.  ONC should  focus/narrow the number of projects it is executing simultaneously

3.  The Role of ONC should be  certification, safety, alignment of Federal agencies, making available data to support nationwide interoperability (such as NPPES/PECOS data for provider directories), and creating transparency by disseminating market information.

4.   Aggressively clean up privacy/security heterogeneity.   We need to get alignment of state laws.  We need to remove barriers to patient identity management.  We need to get rid of arcane Federal laws such as CFR 42 Part 2.  This will require bold leadership and a significant effort.  It won’t lead to political career advancement, but interoperability will be enabled and it will improve outcomes for patients over the medium- to long-term.

5.    We need a full time leader at ONC once Karen DeSalvo is confirmed as Assistant Secretary of Health

Throughout my life, I have tried to be a neutral convener without an agenda.   I hope the industry realizes that my observations above are not meant to be emotional or dogmatic.   My only self-interest is to make a difference and prevent poor legislation and regulation from doing harm.


Anonymous said...

Well put, John. Sensible, doable, focused.
Alas, the ONC is still focused on promoting sales of HIT and, most recently, on promoting itself. Yesterday it issued a set of "comments" on its interoperability proposals. But they were NOT comments. Rather they were a compendium of puff pieces saying how wise and great was the ONC. Period. In fact, on the actual document (if one clicked to see them) they were called something like "letters of support." Nothing wrong with that but how do we make progress if we confine ourselves to "yes" men and sycophants? Where are the thousands of comments the ONC says its received? Comments that would perhaps mirror some of what you (John) are saying.

Adrian Gropper said...

The failure of HITECH Meaningful Use to produce interoperability justifies additional legislation but we need need to be careful to diagnose appropriately before treating. Over-regulation of technology is what got us here. Certification has proved to be a race to the bottom for innovation and an incentive for vendor and provider consolidation. The problem we have today is due to a strategy that makes certified EHR vendors and their customers responsible for both the control of personal data and its value-added processing. Control of personal data needs to be with the patient and data processing needs to be valued and paid-for.

Legislation needs to treat patients as first-class citizens in health information exchange with the ability to direct access to private health data to anyone anywhere without redaction or delay. Security issues are important, but they are not to be used as an excuse for lack of transparency, lack of access, and the patient's inability to delegate access. Legislation can build trust and scalability by shutting off the hidden data flows under "HIPAA Treatment, Payment, and Operations" because they have not worked. It's time to take the spirit of the JASON reports to heart and legislate interoperability based on a patient-controlled Public API.

Medical Quack said...

When I read about the Lock Ness Monster of Information Blocking I had to laugh as I too have called it "bunk" and just another perception from someone who is not a technologist and made it up to marketing something. We all know who's marketing what but geez how embarrassing for DeSalvo that has spoken about it, she got duped and taken in and she's not alone.

De-certification another good point too as we are obsessed with "scoring" people everywhere today as it makes money selling these scores, and de-certification, well one step closer to a caste system if you will. The problem is that government folks and consumers don't seem to have a clue on how complex everything is today and how insurers built it that way as it means money.

Again you wonder what's going on over there as we don't have people in the government who are in healthcare but rather one leading HHS that's a former admin for former Citi Exect/US Treasuury Head Robert Rubin and the head of Medicare is a former Goldman Sachs banker, not to mention a Untied Healthcare executive. I don't think they really are capable of being the correct folks in charge.

Great job on nailing the Aesop's Fable on "Information Blocking". Time to be a skeptic when you need to be. I feel better now not being a lone data logician.

Dixie Baker said...

Great post, John!

Responding to #4, regarding security, I don’t think we’re at all likely to be successful in “clean[ing] up privacy/security heterogeneity.” Healthcare privacy and security law is Constitutionally the purview of the states, and likely to remain that way. What we need are solutions for dealing with that heterogeneity so that critical health information can be shared efficiently across state and jurisdictional boundaries. The cloud services providers have somehow managed to offer their services worldwide, despite jurisdictional laws restricting where bits may be deposited. Technology providers are equally capable of developing solutions for dealing with the heterogeneity of state privacy laws. In fact, I know of solutions that already exist, one of which was mentioned in Adrian Gropper’s comment – turning over control to consumers.

Re patient identity, I agree with you that we need to remove barriers to patient identity management. Not only that, we need to remove barriers to publicly funded research efforts aimed at developing solutions to patient identity management. I continually marvel at the schizophrenic nature of privacy these days – half of the time I spend worrying about the fact that today’s “big data” technologies make it impossible for an individual to be “anonymous,” and the other half worrying about how providers can possibly figure out an individual’s identity.