Right now, I am writing a very long-winded submission to improving the interoperability of health information. This is regulation coming from Health and Human Services (HHS), specifically the Office of the National Coordinator of Health IT (ONC) and it will be the anchor of the way patient data flows in this country (or doesn’t) for years to come. Generally, this is good legislation. The HHS/ONC people who are doing this have learned from the mistakes made in the Obama administration and are taking a very patient-centric approach to getting the right data flowing for patient care.
While there is a lot to like already, we need patients to get involved and submit comments for this which are due tomorrow. All of the hospitals and vendors and others who are going to submit comments are all going to say that the patient-centric nature of this regulation is a bad thing and too expensive and “patients do not know how to take care of themselves. While the regulation itself is pretty good, you can expect the comments on the regulation to have the standard “parentalism” bullshit from the healthcare system that patient fight against every day. The regulators MUST react to the comments and if all the comments say being patient-friendly, patient-directed and patient-empowering is too hard then HHS will have to water down the regulation. We need people saying these are pillars that cannot be removed.
I am sorry that I am not giving you more notice, and I am sorry that we do not have time for a more subtle writing effort. If you are already doing something smart, ignore me and carry on. But if this is the first you are hearing about this, then know that we need to have the patient voice rise up and comment here to make some of all of the following points. There are only a few thousand comments in total and many of them are from organizations like the Patient Privacy Rights organization and the Open Source Project that is powering the interoperability model that we can rely on to say reasonable things. Which means that a dozen or so patients who are piling on can really make a difference here. Especially if you have personal stories which would serve to echo any of the principles listed below. For instance, we are suggesting that the government de-emphasize fax based health information exchange. If you have been screwed by that (and so many of us have) then you saying that means so much more than someone else saying that. Given that:
We need you to read the following points, choose which ones you can agree with, add your own story to the end and then submit comments for the ones you agree with to ONC.
- WhiGenerally, this is good regulation. It takes a protocol approach, rather than a walled garden approach and it empowers patients to force digital health information to happen when other efforts fail. Allowing patients to force providers and vendors to move their data around is a very positive approach and needs to be kept, no matter who complains about it.
- Fax is not OK anymore. Currently, the government data dissemination system that tells providers how to communicate (NPPES) continues to promote fax based information. HHS needs to use this database to promote health information exchange instead. NPPES needs to have a wind-down process for publishing Fax numbers. NPPES needs to get better at publishing HIE data. There needs to be a way to handle Secure Messaging doctor-doctor and patient-doctor other than Fax. So do not loosen Secure Messaging requirements.
- Toll road HIE has failed us and is unacceptable. People whose business plan is to throttle the secure flow of patient data between the providers who treat those patients need to find other work.
- “Information Blocking” hurts patients. Exceptions that allow for Information Blocking to occur should be minimal and measured. If someone is claiming to be protecting patients by preventing their data to flow in a manner that a patient has directed, then this is something that they should have to justify to the patient, to the public and to HHS in a transparent way. We have seen these double speak about patient privacy and security being used to mask data hoarding in a way that hurts patients for too many years. No more double speak, information should be either something that is so justified that it can be shared publicly or it should be completely prevented. Organizations that shut down the flow of patient data, and then claim that they are doing so to protect patients, who fail to meet reporting requirements should be fined.
- OCR is betting on Smart on FHIR in a massive way. That is a mature Open Source project with good leadership. Comments from the maintainers of that project should be heeded as though from Moses on Mt. Sinai.
- While HHS efforts to make this regulation are clear, jargon is still a massive problem. Adrian Gropper and the Patient Privacy Rights organization have submitted suggestions for simplifying jargon substantially, those should be considered by ONC carefully. A more general effort to reduce jargon and improve the readability should be undertaken. Specifically, patients need to be informed of what they can expect from the software that they are paying (through taxes and private health insurance) for their doctors and hospitals to use.
- ONC is being very prescriptive about what data is going to be transmitted and what is not going to be transmitted. As we binge watch the last season of Game of Thrones on our 4k TVs over fiber or our 5G phone, we are confused about why it is so hard to share MRI image data digitally, which takes up much less space. ONC should allow patients to formally report when they need access to data types that are not included in the API access provided by those who hold data.
- We are are smarter than you think. We might not all be able to process raw DICOM files, parse HL7 v2 lab results, read EOB documents or expand X12 medical claims… but we have friends who can help us. The OpenNotes project has proven that we can handle complex clinical content, now it is time to prove that our community can also handle the technical task of working on raw files. If there is raw data at a clinic, office or hospital that is already attached to our patient record, we want that raw data too. This especially includes pricing data. If there is already a digital log of who paid how much for what.. then we want that data. We know it is not that hard to break apart X12 files so that they are one-patient-at-a-time.
- Patients need to ability to choose one master Health IT system that they trust and designate it as the primary home of their data, forcing all other systems to push data to that central location. Authorization, security and privacy controls need to be adjusted to make that possible. Any portion of the regulation that allows healthcare providers or Health IT vendors to force their own system to be the “center” of the patient record for given patient must be reconsidered. A patients preferred system (represented by a FHIR API destination url) must be a part of a patients electronic record and honored.
- Open Source has been a powerful source for good in the world. It should be possible for people to run Health IT Open Source software and still meet regulations. Personal Health Records especially should be transparent, but if doctors are willing to have Open Source EHR systems that should be allowed too. Having models, required codesets, required licenses for documentation that are incompatible with Open Source licenses is a problem. With notable exceptions, proprietary Health IT software vendors have generally ignored our requirements and our requests and failed to move out data between hospitals even when those hospitals use the same software as an EHR. As a patient, the notion that the proprietary business model that has so clearly failed me is calcified into this regulations is problematic.
- As a patient, I am in favor of improved patient data sharing in order to make better coordinate care. I want the providers who treat me to have access to the information they need to provide me with the best care. But the patient community is full of horror stories about what happens when incorrect, outdated or biased information is added to one institutions health record and then spread automatically to others. ONC needs to consider how to ensure that the record corrections that I can request at one location are disseminated to another location. You asked for specific comments on how to use Health Information Exchange to help prevent Opioid Use Disorder, but right now, there are very few safe guards that protect patients from being incorrectly labeled as drug seekers, and almost no mechanisms for a patient to correct such a label when it is incorrectly applied. Deploying HIE systems that can penalize patients with incorrect labels serves to make the Opioid problem worse. What percentage of Opioid deaths last year were due to were due to an patient who was using opioids as prescribed, but then incorrectly labeled as a drug-seeker and cut off from pain medication entirely, which forced them into the black-market for dangerously over-powered opioids? Guess what. You don’t know. No one does. Any system that can label a patient a drug-seeker must have technology to unlabel them just as fast. I see very little to address this problem in your current regulation.
- These regulations need to operate and change at Internet speed. While we like the direction that ONC and HHS are going, any part of this system can fail for reasons no one would have thought of in advance. ONC needs to ensure that it is in a position to change regulations and technology requirements as fast as they break. ONC should look at every standard or practice or system being described in this regulation and ask “do we have the reporting we need so that we can we know within a month, if thing X starts to fail?” and “After knowing that this is failing for a month, do we have the authority we need to change the plan within another month”.
Now you might not understand or agree with all of these points. Feel free to leave out points that you disagree with. Feel free to reword this information in your own voice.
Most importantly, please document every time you have had your attempts to get your own health data frustrated. Your personal experiences here are much more important than anything I have said here!!
You can submit your comments on this here.