Fed rule on patient access to healthcare data gets EMR vendor pushback

Credit to Author: Lucas Mearian| Date: Thu, 30 Jan 2020 03:00:00 -0800

The largest electronic medical record (EMR) vendor in the U.S. is fighting a proposed government rule to allow patients and their physicians greater access to electronic health information – regardless of the technology platform – to promote data exchange.

According to a number of recent reports, EMR vendor Epic Systems is lookng to derail the finalization of a rule from the Department of Health and Human Services (HHS) that would implement some provisions of the 21st Century Cures Act. In particular, the rules governing information-blocking of patient healthcare information and EMR interoperability are at the heart of the fight.

For its part, Epic said in a statement it supports patient information sharing, but believes the new rules open up security issues related to sharing data with third-party applications, a position some see as a red herring.

Defining the Next Chapter for the IT Industry: On-Premises IT-as-a-Service

The “As a Service” model delivers services, not products; flexibility, not rigidity; and costs that align to business outcomes.

“Yet again, Epic is information blocking – this time trying to trick public opinion with privacy concerns,” said Cynthia Fisher, CEO of the non-profit PatientRightsAdvocate.org. “In reality, it is a smoke screen to protect their market share, control, and financial interests. It’s all about the money.”

Mike Jones, a vice president of research at Gartner, agreed, saying that by blocking information, vendors are seeking to define interoperability on their terms. “Gartner’s view is that these rules are an essential part of the solution to drive more open ecosystems.”

The proposed rule would require EMR vendors to give patients electronic access to all of their health information at no cost and to allow those data stores to connect to any third-party apps a patient chooses, such as the Health app launched by Apple two years ago.

A sample of a patient electronic medical record.

The new rule, to be administered by the Office of the National Coordinator for Health Information Technology (ONC), would additionally allow for more choice in care and treatment, according to the government agency.

Because of lack of access to health information, patients are misdiagnosed, mistreated and mischarged, Fisher said.

“These rules will invert the power and put the control into the hands of patients, giving them much-needed access and transparency,” Fisher said. “Patients having complete information wherever they get care will allow for proper diagnoses, treatment, and the ability to shop for the best quality of care at the lowest possible price.”

The Trump Administration’s implementation of the bipartisan Cures Act, through the new rules, will begin “a technological revolution in healthcare,” Fisher added. “Allowing technology innovators to disrupt the status quo is the biggest threat to Epic’s business model.”

The U.S. is not alone in its efforts to promote patient rights for better access and sharing of healthcare information. The EU’s General Data Protection Regulation (GDPR) contains a Right to Data Portability article that says industry standard data formats should be used to enable consumer data sharing, as opposed to proprietary data formats.

For example, the rules would require increased interoperability between EMRs through the United States Core Data for Interoperability (USCDI) standard, new API requirements, and data export capabilities to ease switching of health IT services or to provide patients their health information directly.

While industry standards already exist, progress on adopting them has been slow; regulation and enforcement issues so far have allowed EMR vendors to define interoperability on their own terms, according to Jones.

The ONC would oversee conditions and certification requirements for EMR providers developed under the ONC Health IT Certification Program.

Epic reportedly lobbied against the new rule set, and in an email, Epic CEO Judy Faulkner urged CEOs and presidents of hospital systems to co-sign a letter disapproving of the rules.

Epic has even threatened to sue HHS over the rule, according to one report.

This wouldn’t be the first time EMR providers have been accused of actively blocking industry measures to make patient information sharing simpler.

Industry experts have said the patient information sharing isn’t a technological problem but an issue related to vendor profits. By keeping their software proprietary and unable to exchange data, or by actively blocking the use of protocols that would otherwise allow it, EMR vendors can corner their respective markets.

In its statement this week, Epic claimed it supports the proposed ONC rule to enable simpler patient data access, and pointed to its MyChart patient portal; Epic said the portal has allowed patients to download Epic EMR data to a file or thumb drive for the past decade – something disputed by others who say that capability is no more than 18 months old.

Epic, however, argued that the new rule must be amended to ensure patient privacy.

“By requiring health systems to send patient data to any app requested by the patient, the ONC rule inadvertently creates new privacy risks,” Epic said.

There are two “highly likely patient privacy risks,” according to the company.

Epic pointed to a 2019 study that found 79% of health care apps resell or share data, and there is no regulation requiring patient approval for that downstream use.

“For patients to benefit from the ONC rule without these serious risks to their privacy, we recommend that transparency requirements and privacy protections are established for apps gathering patient data before the ONC rule is finalized,” Epic said.

Third-party apps enabling the sharing of EMR information are growing.

In 2018, Apple launched its Health Record feature on its Health app, which allows patients to pull healthcare info from multiple providers onto a single record they can share with clinicians – regardless of where they work.

Apple’s Health Record uses the Health Level Seven (HL7) application programming interface (API) and the Fast Healthcare Interoperability Resources (FHIR) industry standard; the two specifications enable all EMR platforms to upload basic patient data from a standard continuity of care document (CCDA) into a single Apple format, once the patient opts in.

“Today the EHR is a system of record. New systems of innovation and differentiation can help deliver new capabilities (e.g. virtual care, remote patient monitoring, apps and devices to help people care for themselves),” said Jones.

He went on to argue that keeping data siloed is old-school thinking.

“Vendors that block the exchange of health information to ‘protect the patients and health systems’ or seek to charge royalties or focus mostly on proprietary forms of API information exchange are an anachronism from the days of early EHR adoption,” Jones said. “Healthcare needs effective information sharing: Patients want it and many health systems want it.”

Another leading Medical IT vendor, Meditech, said it “is strongly in favor of a patient’s right to have access to their medical record data” and their right to “electronically transmit that data for use wherever they like.

“There are some troublesome aspects to the proposed rule, but we have chosen to communicate those directly to the administration and are hopeful those concerns will be addressed, if not in the rule itself, then in subsequent clarifications,” Meditech said.

Healthcare organizations and government policymakers in some regions are now collaborating to deliver and open health information exchange (HIE) and drive new market requirements.

“Lack of effective meaningful health data-sharing is a major industry challenge and is a barrier to effective joined-up healthcare for many patients and citizens today. The HHS rule, and similar attempts in other countries to open up the exchange of healthcare data are to be welcomed,” Jones said. “The more forward-thinking vendors operating in the market recognize the emergency of integrated health, and in some counties, regional health and social care ecosystems.”

http://www.computerworld.com/category/security/index.rss

Leave a Reply