It’s time to give you the 411 on information blocking.
(for anyone born after 1985: 411 was a number you dialed in order to get information about a business or person whose contact details you didn’t have. And it still works! Try it some time).
At the beginning of February 2019, the Centers for Medicare & Medicaid Services released their long-awaited rules regarding patient access to their own health records, and they’re an absolute doozy. I was at HIMSS 2019 when this rule came out, and I watched CMS Administrator Seema Verma declare in no uncertain terms that patient health data belongs to the patient.
You could see, as you looked around the space, the range of reactions this declaration elicited, even if it shouldn’t have been a surprise to anyone who had been paying attention to CMS’s moves in recent years. There was simultaneously a wave of applause mixed with sidelong, worried glances from healthcare professionals who, while they certainly appreciate what CMS is going for, were necessarily concerned about their capabilities to meet the stringent requirements laid forth by the too-close-for-comfort date of 2020.
To call for patient data to belong to the patient sounds good in principle, but the truth is most healthcare organizations are still a long way from being able to approach this benchmark. The will is certainly there, but our own conversations with hospitals point to widespread trepidation. Institutions are still struggling with interoperability, consumer-friendly patient portals and the transmission of data between internal parties and outside providers. That’s why throwing this rule on top of all that is enough to give some of the smartest minds in health IT intense anxiety.
Nevertheless, this is where we’re headed as an industry, and it’s certainly worth a closer look. I want to explain a little bit about what this rule actually entails, the challenges that remain in getting there and how healthcare organizations can prepare themselves to enter this brave new world.
Moving Toward “No-Cost Health Data Exchange”
The proposed rule can be found in its entirety at this link. I want to call out a couple things directly from that page.
At its heart, the rule strives to empower patients by giving them access to all their health data so that, when they experience a care encounter, their providers will be able to tap into the full array of health data surrounding the patient. In an ideal world, imagine a person having their entire record on their phone and, with the tap of a button (think Airdrop on iPhones), all of these details can be shared securely with the provider. At the conclusion of the care episode, their health record is updated accordingly and the patient’s information remains in that state until the next care episode, when the situation will repeat itself.
We’re still a long way from that perfect world, but CMS has ideas about how to get us there, and they’re going to pull healthcare organizations kicking and screaming if they have to. Here are the main ways the proposal suggests doing that:
- Health information and medical claims must be readily accessible to patients, in an electronic format, by 2020 for those persons enrolled in “Medicaid, the Children’s Health Insurance Program, Medicare Advantage plans and Qualified Health Plans in the Federally-facilitated Exchanges.”
- The creation of “open data sharing technologies” that will allow more successful patient handoffs.
- Reporting providers and insurers engaged in the practice of blocking patient health information.
- The adoption of APIs, or application programming interfaces, which essentially allow disparate platforms and technologies to communicate with one another in a secure fashion.
Those are the main takeaways, and it’s a lot to contend with. On the one side, you have hospital systems and other kinds of providers who will need to bring their systems up to date in order to comply. There’s no word yet on what kinds of penalties may be instituted for those that aren’t yet at that level, but providers are waiting with bated breath to see what the penalties might entail. Then, on the other side, you have insurers, who may not be thrilled at the prospect of just giving away the data they’ve collected about their clients over the course of years but who nevertheless will need to change their business model if it relied upon limiting and/or selling access to these details.
All of this is a lot to take in, and it’s still in the early days of the rulemaking process. But to position yourself quickly for success in the evolving healthcare climate, there are a few things you’ll want to do sooner rather than later:
- Review Your Current Policies – Get together with your IT teams, administrators, C-suite executives, managers and anyone else who has a stake in the processes affected by these rules. The time is now to review all your policies and procedures in order to determine if you’re engaged in any form of information blocking or if a given policy could be construed as such. If so, you’ll want to take steps to remedy this at once.
- Keep Up to Date with FHIR – The FHIR standards are an absolute must for healthcare organizations and the creators of health apps to work toward. Apps simply should not be built without HL7’s Fast Healthcare Interoperability Resources taken to heart.
Toward the beginning of this year, FHIR 4 was released, and its big focus was the piecemeal distribution of points of data and the promise of backwards compatibility. But the fifth iteration of these standards is around the corner as well, with health IT companies already given a tantalizing preview of what’s to come.
Even if you’re not developing apps yourself, if you’re in any way connected with health IT at your organization, be it a hospital, a clinic or anywhere else, it’s important to stay up to date with these standards so you can ask the right questions when it comes time to choose vendors and resources.
- Beyond EHR – Simply having an EHR isn’t enough anymore. The modern healthcare institution that wants to stay on the good side of CMS has to provide dedicated patient portals with readily exportable PHI the patient can access at any time.
Clearly, this is where things get tricky, as doing this is no small task. You must work across departments to identify EHR vendors who have these capabilities now or will be able to do so in the future. That requires APIs and myriad software tools that adhere to FHIR standards. You then have to train staff to adapt to the changing times. And you need to communicate these changes to patients, who, for all their tech sensibilities, aren’t necessarily taught to expect this level of openness from their healthcare providers.
CMS’s recent proposal is perhaps their boldest declaration yet about where they foresee healthcare going in the future. It’s up to providers to get on this wavelength and start asking hard questions about the best way to implement the technologies that get us to the destination.
And all the while, remember that a new proposal could come out a couple months from now that turns everything on its head. It’s simultaneously exciting and a little bit frightening, but it comes with the territory of forward-thinking health IT applications.