ONC’s first public event under the new administration was very well organized and run. Eight leading health information exchange incumbents were able to describe their current approaches and plans, the patient advocate position was clearly stated, and a nice synthesis of the issues raised by the trusted framework approach to interoperability was prepared by a consulting organization. Much to ONC’s credit, they went out of their way to provide access and public comment to an extent that is unprecedented in my experience. Slides and recordings will be posted soon and a 30-day comment period runs through August 24. Kudos to ONC.
The proceedings raised a lot more questions than answers and, from my perspective, call into question the whole approach to interoperability that we’ve inherited from the HITECH-era ONC.
- Algorithmic (and coercive) patient identity matching has no solution in sight
- Interoperability between HIPAA and non-HIPAA entities has no solution in sight
- Different frameworks with different governance principles can only interoperate at a lowest common denominator, frustrating both clinicians and families
- Identity proofing of patients confuses pretty much everyone
- All agree that accountability is important but nobody proposed how patients can hold anyone accountable for anything
- Incumbent systems are built around clunky document exchange instead of modern APIs and API Task Force principles
- There is no consensus on who will pay the rent the health data brokers are seeking
- Patient access is an afterthought for most of the data brokers and no solution seems to be in sight
- The 21st Century Cures goal of a Longitudinal Health Record was not mentioned by anyone at all
By contrast, in the patient perspective presentation by Cynthia Fisher, we heard a call to turn the interoperability problem on it’s head: to start with the patient and caregiver not the provider and EHR vendor. “We paid for it already…we own it and should have it”, she said.
ONC now faces an unenviable choice. Do they “stay the course” as DirectTrust is asking or do they abandon an interoperability strategy that has failed by almost any objective measure? Am I posing a false dichotomy?
As discussed in an earlier post, there are examples from law enforcement and consumer finance where intermediaries serve a valuable role in information exchange. In healthcare, these roles correspond to registries such as prescription drug monitoring programs (analogous to a “do not fly” list) and relationship locator services (analogous to the three credit bureaus), respectively. Coercive public health registries and voluntary relationship surveillance agencies are certainly needed but they are hardly a model for a broad patient-centered healthcare model that spans HIPAA, non-HIPAA, and family-caregivers principals.
An administration trying to reduce regulations while driving toward practice innovation to enable consumer choice and to reduce costs cannot afford to be bogged down in another 7 years of trying to invent new governance mechanisms to enable rent-seeking intermediaries. Health data interoperability needs to build on patient-directed exchange and plan for a longitudinal health record as an outcome. We may not even need new regulations to move in this direction. The patient right of access under HIPAA as documented by the Office for Civil Rights and API Task Force could be enough. Let’s turn away from would-be intermediaries looking to define “trust” as something they can sell you.