CMS and the ONC dropped a moderate bombshell on the healthcare industry this week by releasing their information blocking and interoperability proposals on the eve of HIMSS19.
A conference that typically focuses on forward-thinking innovation suddenly became a time to revisit past mistakes, forcing vendors and providers to reexamine their role in creating and maintaining the walled gardens and data siloes that still feature prominently across the health IT landscape.
While many of the provisions in the proposed regulations were not wholly unexpected – CMS has been pushing strongly for more interoperability and enhanced patient data access for quite some time – the new regulations comprise a more concrete framework for putting the mandates of the 21st Century Cures Act into action.
“By outlining specific requirements about electronic health information, we will be able to help patients, their caregivers, and providers securely access and share health information,” HHS Secretary Alex Azar said in a press release issued along with the proposed rules.
“These steps forward for health IT are essential to building a healthcare system that pays for value rather than procedures, especially through empowering patients as consumers.”
The proposals include the definitions of information blocking, the threat of monetary penalties and public shaming for engaging in information blocking actions, and a rundown of new or enhanced technical requirements that will enable the interoperability that foundational for patient-centered care.
“Simply put, we’re going to expose the bad actors who are purposefully trying to keep patients from their own information,” CMS Administrator Seema Verma said in a press call following the release of the documents. “Patient data doesn’t belong to the doctor, hospital, or electronic health record. It belongs to the patient.”
A self-attestation to information blocking will be included in the Merit-Based Incentive Programs (MIPS), and hospitals will be required to send admission, discharge, and transfer (ADT) alerts to other providers as a condition of participation in Medicare.
Verma called the requirements the “strongest lever” CMS has to ensure that free-flowing data supports better patient safety, improved outcomes, and lower overall costs.
At the 2019 HIMSS Conference and Exhibition in Orlando, reactions to the rule were positive, on the whole – or at least guardedly optimistic.
Organizations that have spent tens of billions of dollars in health IT tools thanks to a prior Medicare-based mandate generally believe it’s high time that their investments bore tangible fruit, and opening up the health data exchange ecosystem is widely agreed to be an important part of securing ROI from EHRs and analytics systems.
The patient empowerment component was also well-received. It’s hard to argue, in an era of rising out-of-pocket costs and turmoil in the insurance world, that consumers should not have the tools they need to make more informed, cost-effective decisions about their care.
The goals may be laudable, but this is the healthcare industry, after all.
Complexity is a core component of delivering and paying for care, enshrined in convoluted administrative and clinical processes since time immemorial. And while everyone may agree on the general direction of governmental action, no two organizations think alike about how to actually get there.
HealthITAnalytics.com spoke to numerous stakeholders at HIMSS19, including vendors, providers, and industry conveners, to better understand how the proposed interoperability mandate will affect a sector that is still coming to terms with being digital in the first place.
Tag, you’re it!
HL7 International, the standards organization responsible for nurturing and accelerating FHIR, didn’t get much notice that FHIR would be required as the standard for supporting all application programming interfaces (APIs) under the ONC’s proposal.
“I’ve been working with CMS for months, but it was only on Friday evening that I got a letter from CMS,” said Dr. Charles Jaffe, CEO of HL7 International. “It said, ‘Congratulations for developing such a groundbreaking technology which we will deploy in at least these six important areas. Best wishes, Seema Verma.'”
“Well, I was up all night after that, let me tell you. We are elated – the commitment to HL7 is unprecedented. But it’s also a little bit of being careful what you wish for.”
“If someone said your organization would represent all medical information published from this point on in the country, your immediate reaction would be that there aren’t enough people to staff it.”
“Your organization isn’t big enough, and the mandate is out of proportion to the resources at your command.”
“We can’t bear the intense commitment this entails or the financial burden it brings. It’s just not possible to do it on our own.”
The FHIR community is relatively small and tight-knit, added Wayne Kubick, CTO of HL7 International.
And while there is strong enthusiasm and boundless commitment among the experts that have been developing, testing, and deploying the standard, Kubick agrees with Jaffe that there simply aren’t enough FHIR gurus right now to meet the enormous challenge of using FHIR to enable the majority of health information exchange transactions in the country.
“We need to scale up to capture the momentum and capitalize on the energy, but it’s going to be quite an undertaking,” Kubick said.
“We can’t bear the intense commitment this entails or the financial burden it brings. It’s just not possible to do it on our own.”
“Establishing new communities of novices is good for the evangelization, but we really need to build a community of experts to make FHIR work better. We need to engage and involve many, many more people to begin to make progress in achieving the vision.”
HL7 has received grants from the ONC for some time in support of its work, but both Jaffe and Kubick are concerned about the financial aspects of scaling up FHIR exponentially.
“But more than that, we’re concerned about the human support,” Kubick said. “None of us have ever seen something moving as fast as a comet like this. It’s not just putting people together to write a standard.”
“It’s about involvement in peer review, testing, and strengthening the standard on an ongoing basis. In order to do that at the scale we’re talking about, we need to vastly expand the community.”
The new FHIR Accelerator program, launched during the conference, aims to accomplish that goal. The program is based on the successful model of the Argonaut Project, the original collaboration that brought FHIR to prominence for provider-to-provider and provider-to-patient exchange.
“None of us have ever seen something moving as fast as a comet like this.”
Participants in the new program will leverage lessons learned from Argonaut and the payer-focused Da Vinci Project to develop implementation guides and continue to mature the FHIR standards.
HL7 is making manpower commitment part of the membership criteria, Jaffe said.
“One of the business requirements of the Accelerator Program is financial support, of course. But it also includes the domain experts to contribute to development,” he said. “We expect that new members will go above and beyond the minimum requirements – we need them to do so in order to succeed.”
Despite a little bit of shell-shock, Kubick and Jaffe were exceedingly optimistic about the future of FHIR, and proud of how far the standard has come in such a short time.
The ONC recently released data indicating that 87 percent of hospitals and 69 percent of MIPS-eligible clinicians are using EHRs with FHIR capabilities.
Thirty-two percent of EHR vendors, who together represent that large proportion of providers, have embraced FHIR as their API solution of choice.
Two of the major players in the space, Epic and Cerner, have reiterated their support of the standard in light of the new proposed rules, Jaffe said.
“Epic and Cerner both gave me permission to say that they support the ambitious goal of writing an implementation guide,” he shared. “When they see the implementation guide, they’ll be prepared to support the implementation within their environments.”
“How that will influence other communities, I don’t know. But since they represent 75 or 80 percent of US patients, I think that makes a strong statement about what the rest of the industry will do.”
Will such a broad goal consume too many resources?
As far as CMS is concerned, everything comes back to patient access to data. Empowering patients with pricing information, clinical information, and quality data will drive healthcare closer to achieving the entirety of the elusive Triple Aim: better quality, better population health, and lower costs.
The objective is very simple – give patients their data – but extraordinarily complex at the same time. Data is locked up in siloes, still on paper in some cases, and the tangled tapestry of misconceptions about privacy rules, competing business incentives, and bizarre administrative workflows can leave both patients and providers with their heads spinning.
That’s why a fundamentally simple directive takes more than 1000 pages to explain, says Jitin Asnaani, Executive Director of the CommonWell Health Alliance. And that could be a problem.
“I have to make it clear that I haven’t read through all one thousand pages yet – it just came out on Monday, and today is Tuesday,” Asnaani said.
“But the fact that there are a thousand pages to get through is sort of concerning. It means that this issue is going to be occupying the health IT industry for the coming year at the least. And as a result, EHR developers are not going to be able to focus on anything else that might be good for patients, such as solving for usability issues or enhancing analytics.”
Developers have experienced similar whiplash before, he added.
“I was talking to one of our EHR vendor members who has been around for 30-plus years, and they were saying that about ten years ago, they lost ownership of their product roadmaps,” Asnaani recounted.
“They used to be able to chart their own course, but then their roadmap turned into meaningful use. Stage 1 came out, and that was it for the year. Then a little while later, Stage 2 happened, and that was it.”
“Everything else they wanted to do had to be squeezed into that framework, and there wasn’t time to make a lot of the changes and improvements they envisioned. That’s what I’m worried about with this rule. As well-intentioned as it is, it’s going to absorb everyone’s resources.”
Judy Faulkner, CEO of Epic Systems, agreed that there’s a possibility such as a complex rule could divert attention from other projects.
“I think that could be an issue,” she said. “We don’t know the timing of what we’re being asked to do or how it might impact existing contractual obligations. It could be a big issue once we learn about that timing.”
“As well-intentioned as it is, it’s going to absorb everyone’s resources.”
Like almost everyone else, Faulkner had not had time to comb through the lengthy document, but expressed concern that the vendor role in preventing information blocking might not be fully fleshed out in the rule.
“What I don’t know yet, since I haven’t had a chance to get into the rule yet, how much we are being relied on to figure out if there are any bad actors that will, on purpose or not, do things that shouldn’t be done,” she said.
“Are there protections if, in fact, something bad happens? Even if you’re as careful as you can possibly be, there’s a chance that something goes wrong or someone acts incorrectly. Where does the responsibility lie if you believe you’ve done your due diligence?”
“That’s something that needs to be clarified, and I’m sure it will be. We want to do the right thing - what we all want is good quality outcomes for the patient. As much guidance as we can get, we would appreciate.”
Faulkner stressed that Epic Systems has always had a strong focus on interoperability, and has the reach and resources to develop capabilities like Share Everywhere, which allows any provider with an internet connection to access data from Epic users.
But Asnaani pointed out that not every EHR vendor has the capacity to develop such tools, and might not have the chance to do so if they are focused too tightly on CMS’s new edicts.
“We want to do the right thing. As much guidance as we can get, we would appreciate.”
“The EHR vendors for whom this rule is no big deal – the ones who were doing interoperability and patient data access anyway – are going to be the biggest and most sophisticated companies with the largest client bases,” he explained.
“But the long tail of EHR vendors, the ones that provide specialty services, for example, are going to be entirely focused on satisfying the parameters of this rule, and they won’t be able to develop other features that serve their market segments.”
“That puts them at risk of being unable to compete, and we’re likely to see some consolidation. That might be good for interoperability in the long run – it certainly makes it easier to have fewer points of connection to make – but it’s not great for the providers who suddenly don’t have an EHR company anymore.”
Building data faucets, not fire hoses
Ensuring the liberation of data from business-driven data siloes is only the first step towards truly effective and meaningful interoperability.
Generally free flowing data is important, but perhaps not quite as important as moving the right data in the right way to the right person when and where they need it.
For health IT developers, that has always been the tricky part. Without a comprehensive strategy in place, having more data available might make it even harder.
“There’s no question that getting access to data through an API is essential,” said Mark Morsch, Vice President of Technology at Optum. “With APIs, patients and providers will be able to access data in ways that are much more usable, no matter where it’s going.”
“But the volume of data that we’re able to move around these days is enormous. Very few patients can digest everything that’s in their record – even providers struggle to run through it quickly enough to use it for decision making. As we increase that volume even further, we need the right analytics tools to process it.”
Morsch is an expert in natural language processing (NLP), which he believes will play an increasingly significant role in helping to control the torrents of data that would otherwise be flooding the workflow.
“We have been focusing a lot on NLP to extract the most important data and present it in a useful format for providers,” he explained.
“FHIR enables the ability to get that record so we can boil it down and make it applicable to specific use cases, so it’s great to see that the standard is going to see broader adoption.”
In order to make the data similarly useful for patients, Morsch envisions an emerging market for NLP and AI-driven products to summarize information and create value from the data for end-users.
“FHIR enables the ability to get that record so we can boil it down…it’s great to see that the standard is going to see broader adoption.”
“That’s an area I’m excited to watch, because we do a lot of work in the same area on the provider side to ensure that the right information is being presented in the right way,” he said.
“It’ll be very interesting to see what types of companies step into that space for patients once access to their personal data is truly universal.”
For David Dimond, Chief Technology Officer and Distinguished Engineer at Dell Technologies, getting data to patients is only half the battle.
Getting it back again so patient-generated health data can inform analytics models is equally challenging.
“APIs are great, but there’s the danger of moving from data sprawl into application sprawl,” he said. “None of the apps, Internet of Things (IoT) devices, or datasets we have are going to be very useful if we can’t build a comprehensive health record from them.”
“We’re entering the decade of detection – everyone has a fitness tracker, a smart phone, and some kind of device in their home. Everyone is going to have access to their personal data. There is a huge opportunity to use that data and the relationships it builds to get very proactive about early detection, prediction, and interventions. But we need all the data to come together in order to accomplish that.”
Read-only apps for patients that focus on displaying data generated in the clinical environment simply won’t cut it, he continued.
“The big challenge isn’t getting data out of the EHR. It’s writing data back to the EHR so all of that patient-generated data can support more informed decision making. That’s where the value is going to be. We need to create the pipelines and analytics tools to integrate IoT data without overwhelming providers with this massive new dataset they’re not used to seeing.”
Epic’s Judy Faulkner also sees an opportunity for innovation when it comes to patient-facing tools, but wonders about the privacy implications of opening up massive new superhighways for data.
“It’s all going to come down to the details of how CMS is going to implement these data exchange ideas,” she said. “It could be horrible, it could be wonderful – it could be anywhere in the middle.”
“If Cambridge Analytica happens all over the place because we’re exchanging detailed data that has hidden connections to a patient’s mother or brother or uncle or children, and that data is acquired by a third-party app that now has information on someone who hasn’t directly consented to it…that could be pretty bad.”
“If it helps the patient take better care of herself and her family, then it’s going to be great. What happens if it’s both? We’re going to have to figure that out. Again, it comes down to the details.”
Can financial threats truly change behaviors?
Previous health IT initiatives from CMS have dangled billion-dollar carrots as well as shaken sticks, but these proposed rules are very much about warnings, penalties, and threats.
CMS has proposed a new “wall of shame” for entities found guilty of information blocking, and will also “issue civil money penalties” of unspecified amounts for failing to abide by the new interoperability standards.
“The Office of Inspector General (OIG) may also investigate health care providers for information blocking for which health care providers could be subject to disincentives,” the rule cautions.
“It could be horrible, it could be wonderful – it could be anywhere in the middle.”
In a relatively terse statement, the American Hospital Association balked at the idea of making ADT notifications a condition of receiving reimbursement from public payers.
“We cannot support including electronic event notification as a condition of participation for Medicare and Medicaid,” said Ashley Thompson, Senior Vice President for Public Policy Analysis and Development.
“We believe that CMS already has better levers to ensure the exchange of appropriate health information for patients. We recommend the agency focus on building this exchange infrastructure rather than layering additional requirements on hospitals.”
As of February 15, the American Medical Association has not yet made a public statement on the proposed rules.
The AHA isn’t the only one concerned that financial penalties might not have the desired effect.
For Matthew Fisher, chair of the Mirick O’Connell’s health law group, relying on negative reinforcement may not be the best approach for an industry that can already be somewhat cynical.
“If a company is making enough money, they can just view the fine as part of the cost of doing business,” Fisher said. “When it comes to information blocking, is public shaming and a fine going to be enough to change what might be viewed as a good overall business practice?”
“Clearly it depends on how much the fines will be, but I’m not sure the threat alone is enough to create behavior change.”
Behavior change is necessary, despite what some of the big vendors assert, he added.
“EHR vendors are very good about talking the talk but it’s something else to actually back it up with action,” he observed.
“I was talking to someone who is trying to launch a start-up for abstracting data for providers. He asked for a CCDA feed from one of the big EHR vendors and he’s getting the runaround. The initial response was that it would take a couple of weeks to gather it. He pinged me a couple of months later, and he still hasn’t gotten what he asked for.”
“It’s clear under current regulation that is allowed to ask for what he’s requesting. So I don’t think information blocking is an invented problem. I think there’s an issue with information not being shared as it should be.”
“If a company is making enough money, they can just view the fine as part of the cost of doing business.”
While Fisher doesn’t believe that all such roadblocks are intentional, or that any one player is completely to blame, “there is clearly an issue here,” he maintained.
“I hope regulation can help, but I think the bigger change will come as the market shifts to value and it becomes a more organic financial pressure to share data appropriately.”
Looking ahead to the interoperability era
Stakeholders have until early April to provide comments on the proposals, and there is no doubt that a flood of responses from major advocacy groups, societies, vendors, and health systems – not to mention individual members of the healthcare community – will roll in before the due date.
Evidence of support or disagreement for key provisions is crucial.
The proposals are simply that, and CMS and the ONC have been highly responsive to industry opinions in the past. Commenting on the rules is the only way for the regulatory agencies to truly understand how to best align their mandates to the realities of the health IT environment.
In addition to these highly-discussed proposals, CMS is also seeking comment on how to extend interoperability into additional areas, Administrator Verma said in a video accompanying the release of the documents.
“To help inform our next phase of policies around interoperability, our proposed rule also contains two RFIs,” she said.
“First, we want to know how we can put the weight of CMS behind patient identity and patient matching. This is a critical issue that must be solved to promote coordinated care and patient safety, and we need your help.”
“Second, we want to know how we can improve health IT adoption and data sharing in post-acute care settings. We need to make sure that every provider a patient interacts with across the healthcare system can collect and share data.”
Verma also urged providers to view the proposed interoperability regulations as just a jumping off point for future innovations in data access and transparency.
“Our work to facilitate seamless access to data is not over. Today we are proposing a major step, but those in the healthcare industry don’t have to limit themselves to our requirements,” Verma said.
“I encourage every healthcare provider to continually find new ways to empower their patients through making it easy to receive and understand their health information and by increasing price and quality transparency.
Organizations may feel like they have their hands pretty full with this new set of requirements, but it’s fairly clear that CMS is not going to be slackening its pace nor showing too much sympathy for stragglers.
As a result, organizations will need to voice their opinions and actively participate in developing the standards, technologies, strategies, and feedback mechanisms that will ultimately enable the industry to achieve its shared goal of better outcomes and lower costs for all.