While primarily billed as a much-needed influx of funding for precision medicine, the 21st Century Cures Act is poised to do much more for healthcare than it appears on the surface.
In addition to adjusting drug development rules for pharmaceutical companies, tweaking Medicare reimbursement regulations, opening up new opportunities for telehealth, and strengthening EHR certification protocols, the sprawling legislation starts to give shape to one of the most infamous specters in the industry: information blocking.
The new law, which easily passed through the House and Senate in the dying days of 2016, provides the industry with stronger definitions of “information blocking” and “interoperability” while sketching the first outlines of a financially-driven penalty system for those who fail to ensure the free flow of data.
While hints of eventual repercussions for information blocking surfaced in the ONC report that shook up the industry in 2015, debate over the true scope of the problem, followed by a flurry of interoperability pledges and partnership announcements, appeared to indicate that the industry was making progress on its own.
But lawmakers have decided not to take any chances, especially with an industry that is largely motivated by finances. In order to ensure that health IT vendors – and healthcare providers – stick to their interoperability commitments, they have laid out up to $1 million in penalties for vendors found guilty of data hoarding, and as-yet-unspecified ramifications for providers caught doing the same.
“The information blocking provisions in the 21st Century Cures Act really amount to a new policy consensus for the United States,” said Arien Malec, Vice President of Data Platform and Acquisition Tools at RelayHealth and co-chair of the ONC Health IT Standards Committee.
“Under HIPAA, information sharing for treatment and quality improvement were allowed, but they weren’t mandated. This is a new approach that changes the landscape significantly.”
The Office of Inspector General (OIG) will be responsible for developing the details of the penalties through future rulemaking, Malec explained to HealthITAnalytics.com.
But first, OIG and the Office of the National Coordinator will need to work on understanding exactly what causes information blocking and how to fairly divvy up the responsibilities of data exchange.
Are vendors unfairly blamed for the bulk of the interoperability problem?
“In my experience, I have yet to see a health IT vendor who explicitly says they are not going to share data,” said Malec. “There are a lot of critiques about vendors and their competence at interoperability. There’s this idea that we would already have seamless interoperability if it wasn’t for those darn vendors.”
In the wake of the ONC brief, the health IT vendor community has had to endure sustained fire from unhappy stakeholders, with large companies like Epic Systems taking the brunt of the assault from providers, peers, and even Senate committees.
Providers slammed vendors for leaving them without the data exchange tools required to succeed with regulatory programs like meaningful use, or to start undertaking the population health management and care coordination tasks that will pave the way towards shouldering financial risk.
But vendors weren’t about to roll over and take the criticism without making their reply.
“Any assessment of potential information blocking must be fact-based, given a specific situation, and include the perspectives of all stakeholders before declaring that information blocking has, in fact, occurred,” argued the HIMSS EHR Association (EHRA) in a letter to the ONC, hitting back against what they saw as the agency’s vague and anecdotal accusations.
“The EHRA recognizes the perception that information blocking exists, but submits that, in many cases, there is no intent to interfere, but rather a series of events that result in less data exchange than desired by some parties (e.g., conflicting provider business models, misalignment of objectives/priorities, lack of funding, limited infrastructure, etc.).”
As pressure mounted, many of the major electronic health record vendors banded together to promote their interoperability initiatives, including the Commonwell Health Alliance, Carequality, the Argonaut Project, and The Sequoia Project.
Epic, Cerner Corporation, Allscripts, athenahealth, McKesson, and a slew of their competitors made it their mission to embrace emerging standards like FHIR and sent their top executives on a goodwill mission to promote their core values of transparency, cooperation, and innovation.
At the HIMSS Conference and Exhibition in March of 2016, “interoperability” was the word on everyone’s lips as HHS Secretary Sylvia Burwell announced that more than a dozen EHR vendors representing 90 percent of the market had signed a pledge to share data and denounce information blocking.
“These commitments are a major step forward in our efforts to support a healthcare system that is better, smarter, and results in healthier people,” Burwell said. “Technology isn’t just one leg of our strategy to build a better healthcare system for our nation – it supports the entire effort.”
“We are working to unlock healthcare data and information so that providers are better informed and patients and families can access their healthcare information, making them empowered, active participants in their own care.”
During the conference, even the most habitually reticent vendors were eager to publicly defend their progress and declare their commitment to redrawing the data exchange landscape and erasing competition based on data ownership.
“At Cerner, we think interoperability is not just the right thing to do. We are bold enough to say that we think it’s immoral not to,” stated Brian Carter, Executive Strategist for the corporation.
Epic CEO Judy Faulkner used similar phrasing to discuss the pledge and her company’s attitude towards interoperability.
“It’s not a new thing at all,” she said. “They got a bunch of the CEOs together in a meeting, and we pretty much all knew that we had already committed to these things already."
"It’s nice to have officially unveiled it, but it’s what everyone is already planning to do, which is the right thing to do: sending the data wherever the patient goes.”
The public vows and media rounds seemed to seal the deal: interoperability was no longer a nice-to-have market differentiator. It had become a foundational requirement and business imperative for anyone who wanted to retain a shred of good opinion among potential provider customers.
Ensuring providers understand the opportunities of data exchange
Unsurprisingly, however, that has not been the end of the information blocking conversation – and now, the 21st Century Cures Act is shifting the dialogue back towards providers.
“The provider responsibility is just as important as what the vendors are doing,” Malec stressed. “The law has an equivalent mandate on both the provider and the vendor side, and that is going to be useful for changing behavior for both parties.”
“Ultimately, the provider mandate to share data will be at least as impactful, if not more so, than the vendor requirement.”
For one thing, it may clear up persistent confusion about what aspects of information sharing are and aren’t allowed under HIPAA. The privacy law, which is intended to protect patients from unauthorized access to sensitive information, occasionally produces more problems than it solves due to misunderstandings about its scope and purpose.
“I hear confusion about HIPAA almost everywhere I go in this job,” said National Coordinator for Health IT Dr. Vindell Washington in October of 2016.
“People insist that HIPAA makes it difficult, if not impossible, to move electronic health data when and where it is needed for patient care and health. I wish I could talk to every doc and patient in the country to tell them, ‘This just isn’t true.’ But unfortunately, this misconception is widespread.”
A recent survey by the eHealth Initiative found that sixty percent of respondents believe that providers do not adequately understand which clinical information can be shared with provider partners and payers, despite the fact that 95 percent agree that interoperability and data exchange are essential for value-based care coordination.
HIPAA doesn’t just restrict access to unapproved parties, Washington stressed. It actually guarantees that patients can receive copies of their personal health information and are allowed to authorize sharing with their chosen partners, including members of their care team who need to view the data for informed decision-making.
“Misunderstandings of HIPAA and other business practices are inhibiting us from realizing the true potential for technology in supporting patients and clinicians,” he said, citing an ONC survey that found more than 80 percent of consumers believe online access to their personal records is useful for managing their health.
“Providing an individual with easy access to their health information empowers them, it helps put them in control of decisions regarding their health and well-being, and it helps them actively partner with their care teams as well.”
HIPAA provides the necessary privacy and security protections to enable and facilitate information sharing, Malec added. The rule ensures that the right people can access important data at the right time while paying close attention to the patient’s wishes.
“It should never be used as an excuse not to share information,” he said.
“In general, HIPAA just makes a ton of sense. It says you can share information for treatment purposes. You can combine information across covered entities for quality improvement and for measuring physician performance, as long as you have a shared common patient set. So many of the common-sense reasons to share data in the context of the value-based ecosystem are permissible and allowed under HIPAA.”
Treating regulatory programs as interoperability makers, not budget breakers
HIPAA may not be the regulatory blockade that many providers think it is, but healthcare organizations are still staring down a number of other mandates and performance measurement frameworks that seem to many like heavy-handed attempts to force providers into frustrating and impractical cookie-cutter uniformity.
“There is a tendency to view meaningful use, MACRA, and now 21st Century Cures interoperability provisions as compliance-oriented,” Malec said. “And it’s true that they represent a pretty weighty set of compliance-oriented activities that are driving meaningful changes to the healthcare system.”
After years of struggling together through the EHR adoption, health information exchange, and patient engagement requirements of Stage 1 and Stage 2 of meaningful use, eligible professionals and hospitals will be parting ways as physicians move into the Quality Payment Program and hospitals continue into Stage 3 of meaningful use.
Uncertainty and trepidation are likely to continue to stalk participants in both programs as interoperability requirements force additional changes in technology adoption and daily care processes.
Criticism directed at meaningful use has come thick and fast since the early days of the program, and while the Quality Payment Program does attempt address some of the biggest concerns voiced by industry stakeholders, no federal framework is ever going to please all comers.
But Malec believes that providers could possibly work a little harder to see the opportunities of regulation-driven data exchange instead of just the burdens.
“I would advise organizations to look at these programs as signposts along a forward-looking quality strategy,” he said. “It’s about raising quality, expanding access, and improving the efficiency of healthcare. If you think about it like that, it’s very clear that you need technology in order to measure those improvements to care and coordinate data between organizations.”
However, providers aren’t quite sure that they have – or will have – the technology tools to succeed in an environment that is quickly leaving traditional fee-for-service reimbursements behind.
CMS and private payers have made a concerted effort to steer providers towards this positive point of view by aligning incentives, bonus payments, and shared savings with regulatory requirements – a process accelerated by the rapid proliferation of public and private accountable care arrangements, some of which qualify as Advanced Payment Models (APMs) under the Quality Payment Program.
Yet 69 percent of eHealth Initiative participants think there is a great deal more work to do when it comes to redesigning federal incentives around interoperability, and 85 percent believe that current industry interoperability offerings cannot adequately prepare them for the pressures of the value-based care transition.
Interoperability is starting to show its potential to improve outcomes, according to 63 percent of survey respondents, but it is not yet driving the sort of return on investment required to get providers excited about exchanging data – or paying extra for modules and add-on features that quickly mount up to steep bills for basic information exchange.
Source: eHealth Initiative
“At the end of the day, we still need to work on the business cases for information sharing,” Malec acknowledged. “Value-based care is the ultimate business case – the success of the 21st Century Cures mandate really depends on the continued push for pay-for-performance reimbursement.”
Washington agrees. “We need to ensure that unlocking the data is building the business case for information sharing,” he said. “In other words, we need to use Medicare and other payment programs to reward the flow of information to improve care.”
“We need to change the culture around access to information. This includes things like combating data blocking. Too often we are seeing health systems and vendors focusing competing on having access to data, not delivering better care or applications, and it is holding back progress.”
Bringing the 21st Century Cures Act provisions to life
The 21st Century Cures Act is supposed to be a significant catalyst for that interoperability culture change, building upon the work of the major EHR vendors and the growing recognition in the provider community that value-based caring means data sharing.
Vendor-centered coalitions like Carequality and the CommonWell Alliance have started to give providers the tools they need to bridge the divide between different products, and in the spirit of cooperation expressed at HIMSS, these two camps recently announced an agreement that is likely to bring the industry closer together than ever.
After several years of history marked by contentious commentary between anchor organizations Epic and Cerner, CommonWell announced that it would adopt the Carequality Interoperability Framework, allowing users to conduct directed queries across participation lines.
“Collaboration and inclusion are the keys to success in health data sharing and interoperability,” Carequality Director Dave Cassel said in a December statement accompanying the announcement.
“Our vision has always been for a patient’s health data to follow him/her regardless of where care occurs, and in turn give providers and caregivers increased access to critical health data when and where it is needed,” added CommonWell Executive Director Jitin Asnaani.
“We believe this connectivity between CommonWell and Carequality will continue to move the country forward on its path to achieving nationwide data exchange by bringing together such a sizeable majority of providers and patients that there will be no turning back for American health care.”
For Malec, this agreement opens up an interesting opportunity for codifying the information blocking provisions of the 21st Century Cures Act.
“I would hope that implementing the tools and strategies developed by one of the existing multi-stakeholder interoperability organizations, like CommonWell, Carequality, and the Argonaut Project, would count as sufficient for verifying that the provider or vendor is not blocking information,” he said.
Organizations that implement the shared trust framework should be able to exchange patient records, look up locations where the patient received care, and exchange information across those settings using tools and standards built into adopted EHR or HIE technology.
“That’s a pretty meaty set of activities, and that should be enough – assuming that I actually use them – to make sure that I avoid penalties for information blocking,” he added. “It would be a good idea to establish some degree of safe harbor that would include the ability for organizations to use their participation in private interoperability initiatives as a defense against charges of information blocking.”
For organizations that are not part of the coalition-driven ecosystem, Stage 3 meaningful use may already hold the answers to the difficult questions of defining what information blocking means and how to hold providers and vendors to a uniform standard.
“Stage 3 meaningful use already includes a definition for a common core data set,” Malec said. “There are provisions for making that common data set accessible via query-based services and API-based services. We already have all the machinery necessary for OIG to implement the provisions of this legislation.”
“For 2017 and 2018, we are likely to see the sharing requirements stay in line with existing meaningful use provisions. It’s the simplest path, and it has already been thought through.”
“To be clear, it isn’t enough just to sign up,” he pointed out. “You actually have to deploy the technology, make sure these tools are rolled out properly, and turn them on so clinicians can use these features. If providers do that successfully, we will start moving into a very good place for interoperability in the health system.”