- Any day now, the Office of the National Coordinator (ONC) will announce its proposed rule to combat the threat of data blocking – also known as information blocking – in accordance with Congressional directives within the 21st Century Cures Act.
The Cures Act, signed into law by President Obama at the tail end of 2016, warns of steep financial penalties for electronic health record vendors caught in the act of preventing data exchange for competitive or business purposes, and hints at similar punishments for providers engaging in data hoarding behaviors.
But the legislation omitted a few crucial details.
While Congress sketched out a general definition of information blocking, using terms such as “[actions] likely to interfere with…use of electronic health information” and “unreasonable practices,” lawmakers have left it up to the ONC to define what those phrases should actually mean in the real world.
It’s a tall order for the regulatory agency, especially since officials more or less admitted in their bombshell 2015 report that anecdotes and hard-to-prove accusations comprised much of its evidence that information blocking even exists as a competitive business practice.
And in a fragmented environment where organizations are at varying stages of adopting value-based reimbursements and nearly every connection between disparate systems has been built as a one-off for specific use cases, laying out clear and enforceable rules for what constitutes a purposeful withholding of patient data seems nearly impossible.
That could be part of the reason why it has taken the ONC close to two years to publish its initial information blocking proposals.
The rule is currently in the hands of the Office of Management and Budget (OMB) for scoring, says Steven Posnack, Director of the Office of Standards and Technology at the ONC, and is expected to be released to the public for comment before the end of the year.
“The proposals that we will include in our pending proposed rule will affect the entire healthcare ecosystem,” he told HealthITAnalytics.com. “We want to look at how we can best serve the market by adding transparency.
“That will create a more competitive marketplace for health IT, and by extension, there will be more competition around the delivery of quality care, which is good for patients.”
No one outside the ONC knows exactly what the rule will look like or how regulators are planning to tell the difference between organizations that are hoarding data for nefarious purposes and those that are simply not equipped to participate in the interoperability environment.
If the new rules of the road are even the least bit hazy, the industry could be overwhelmed with finger-pointing and legally complicated accusations that could damage reputations even if they turn out to be unfounded.
But Micky Tripathi, President and CEO of the Massachusetts eHealth Collaborative, believes there is an easy way for the ONC to avoid a lawsuit free-for-all while encouraging organizations to continue collaborating around data exchange.
It starts with standardized data already available to the industry.
“We developed the Common Clinical Data Set, now called the US Core Data for Interoperability (USCDI) data set, for a good reason,” he said. “We needed to set expectations for what an entity will receive when they ask for a patient’s data, and the USCDI does that very well.”
The USCDI contains 22 structured data elements, such as demographics, laboratory data, problem lists, and current medications. While the data packet does not yet include clinical notes, the information available within the USCDI comprise the majority of what a provider needs to understand a patient and treat him or her effectively.
“Personally, I believe that you can’t really be accused of information blocking if you make the USCDI payloads available for other confirmed authorized users,” said Tripathi. “Anyone who is a participant in one of the two big, national interoperability frameworks – the CommonWell Health Alliance or Carequality – has the capability to exchange the USCDI.”
“So one simple way for the ONC to identify those who aren’t information blocking is to give safe harbor to members of those communities. That will automatically remove a large percentage of providers and vendors from the pool of potential wrongdoers, and would significantly simplify the process of identifying entities that might be operating in bad faith.”
Between the two of them, CommonWell and Carequality boast membership bases that include the vast majority of well-known electronic health record (EHR) vendors, including all ten of the EHR vendors with the largest market share.
Carequality, an initiative of The Sequoia Project, recently announced that it connects more than half of the nation’s healthcare providers. In late 2017, the network was overseeing the exchange of close to two million documents each month.
“The number of participants in these frameworks is huge. They have really become the backbone for interoperability in this country, and they are very successful at it,” Tripathi said.
The top 10 EHR vendors serve more than 80 percent of hospitals and 64 percent of clinicians, said the ONC in a recent blog post. In addition to allowing the exchange of the USCDI, the nation’s biggest vendors also include FHIR capabilities in their certified health IT products, enabling even richer data exchange.
“These networks – along with Epic Systems’ Care Everywhere community – have established that you are obligated to respond to every request for data that you receive,” explained Tripathi. “You don’t have the option not to respond at all. And you can’t say that you won’t share data even though you know the recipient is authorized to receive it.’”
“The only criteria that may prevent someone from accessing that data are around privacy, so if someone has not consented to sharing their information, or the potential recipient is not approved to receive it, that data would not be sent. But that isn’t consciously blocking access for a business reason – that is compliance with existing regulations.”
Tripathi isn’t the only one who believes that a safe harbor built around membership in a national interoperability initiative is a good idea.
“I attended a meeting last year where the ONC was presenting, and there were two representatives from healthcare organizations sitting across the table from each other,” Tripathi recalled.
“One of them asked the ONC, ‘If I’m Hospital A and the person across from me is Hospital B, and she wants a CCD interface but we’re both using vendors that are members of Carequality or Commonwell, do I have to build a separate point-to-point interface with Hospital B just to avoid an accusation of information blocking?’”
The provider pointed out that the money and time involved in building unique connections with each potential business partner would be prohibitive, Tripathi said.
“Interestingly, the representative from the ONC didn’t answer the question,” he said. “Instead, they turned to the whole room – there were maybe 150 providers at the event – and asked everyone what they thought.”
“Every single person in the room raised their hand and said that yes, being a member of one of those organizations should shield a provider from accusations of information blocking. That’s the problem that those interoperability coalitions set out to solve, after all.”
“No one wants to get into a situation where everyone has to manually connect to everyone amidst the fear that they could get sued at any time for not duplicating their efforts a thousand times over.”
But not everyone is convinced that an interoperability community membership should serve as a get-out-of-jail-free card, Tripathi acknowledged.
“There are people who say that the USCDI is only a fraction of the record, and that’s true,” he said. “It is limited in scope. That was done by design, but it does leave recipients with some gaps in data.”
If the USCDI was really all that providers need to inform individual care, large-scale analytics, and population health management initiatives, Tripathi likely wouldn’t be working with the Argonaut Project on extending FHIR-based interoperability to include clinical notes and the ability to collect and share previously-unstructured data through patient-facing questionnaires.
However, expanding the definition of data blocking to include every scrap of data ever collected on an individual could send the industry back down the lawsuit rabbit hole, he asserted.
“Some people have records that go back twenty years and have 150 scanned documents that go with it,” he pointed out. “How are we going to expect an organization to make all those PDFs or images available when our networks don’t even support that yet?”
“If that was a requirement, you’d be adjudicating until the end of time. Anyone could accuse anyone of information blocking if they didn’t include that one PDF of a radiology report from 25 years ago. The industry would just grind to a halt.”
Using the USCDI as the basis for defining information blocking, or the lack thereof, would be perfectly sufficient to address a problem that may already be more or less solved, Tripathi said.
With the majority of EHR vendors and their customers actively participating in interoperability collaborations, the industry might have already passed the tipping point.
“I personally think that information blocking the way Congress defined it isn’t as prevalent of an issue as they thought it was at the time,” he said. “There are a lot of things preventing the rapid acceleration of interoperability, but I wouldn’t put deliberate, malicious information blocking into my top five.”
The ONC’s upcoming regulations may not be too little, but they could be too late, he continued.
“I don’t think the regulation is pointless,” Tripathi said. “Industries will always be inspired to move faster than otherwise if there’s regulation on the line.”
“But in this particular case, it seems like these networks have already established and engaged in what Congress wants to see. To me, that suggests that the issue Congress wanted to address is pretty much taken care of.”
That’s a very good problem for Congress and the ONC to have, Tripathi stressed.
And there’s nothing wrong with keeping vendors and providers on the straight and narrow by ensuring there are sufficiently painful financial penalties in store for anyone who fails to meet their interoperability obligations.
“A million dollars per incident isn’t nothing, even for the big vendors,” he observed. “That’s real money to them, especially if these rules are going to be enforced at scale.”
“The penalties for providers have not been specified in terms of dollar amounts, but there are suggestions that it could be some sort of a percentage-based reduction of reimbursement or incentive from CMS. That might not seem like as big of a threat, but if you combine those reductions with what you might get in some of the quality performance programs, it also starts to add up.”
Vendors may find themselves especially concerned about the reputation repercussions of being accused of information blocking as the market for new customers continues to narrow and organizations get choosier about aligning with partners that will support their big data analytics and value-based care goals.
“No matter what your role in the industry, there are definitely reasons to care about this,” Tripathi said. “There are good reasons for regulation around it. But I do believe that the industry is not quite as much at risk of falling foul of what Congress wants as maybe the 21st Century Cures Act envisioned at the time.”
“We’re in a good place for interoperability, and we’re getting better. That’s encouraging, and it will be fascinating to see what’s in the ONC’s proposed rule when it comes out later this year.”