Regulatory Capture Tests the New Administration

from THCB at on July 17, 2017 at 07:38PM


The bipartisan 21st Century Cures Act charges HHS / ONC to deal with two issues that previous laws (HIPAA and HITECH) and the Obama HHS left in-progress: information blocking and longitudinal health records. ONC needs to deal with these two issues at a time when there are calls to delay or rescind some Meaningful Use regulations, in an administration that does not favor regulations, with some vendors already starting to ship Meaningful Use Stage 3 EHR products, and while the budget for ONC is still undetermined. ONC can’t be too careful.

Judging by the agenda, the July 24 21st Century Cures Act Trusted Exchange and Common Agreement (TFCA) Kick-Off Meeting is a step in the wrong direction. Listening to the “health IT stakeholders” is a prescription for advancing the interests of the health IT stakeholders instead of dealing with patients and physicians as the stakeholders. Framing the issue as “National Trust Frameworks and Network-to-Network Connectivity” is a recipe for continued ineffective interoperability as the “stakeholders” line up for another round of regulations that promote rent-seeking middlemen with catchy names like Direct Trust, and CommonWell.

National trust frameworks work when the institutions being trusted are fairly uniform, like the banks participating in money transfers or police searching law-enforcement databases. But healthcare institutions are way more diverse than banks or police departments. Some, like a psychiatrist’s practice or a small group are hardly institutions at all. Patient-centered care means networking institutions as diverse as a mom-and-pop long-term-care facility and the massive VA hospital and Medicare bureaucracy. Patient-centered care must support family caregivers like me, trying to keep my 91-year-old mom from becoming somebody’s procedure. Patient-centered care means we have a plan for longitudinal health records as an outcome rather than attempting to regulate technological process like “network-to-network connectivity”.

“National Trust Frameworks and Network-to-Network Connectivity” for the first high-profile ONC meeting is a framing that continues the failed policies that brought us state health information exchanges, DirectTrust, and other uninvited middlemen to the physician-patient relationship.

Interoperability and longitudinal health records are an outcome sought by physicians and patients. When a patient says to a provider: “Please allow X to access all or part of my record via the Meaningful Use API until I say otherwise”, the patient is exercising a fundamental right regardless of who or what X is. (API =Application Programming Interface) There is no role for a trust framework in patient-directed exchange. There is no need for coercive patient identity matching in patient-directed exchange. There is effectively no cost to the patient in patient-directed exchange via API. There is no legal basis for information blocking in patient-directed exchange via API. Just like a patient giving a provider a postal address to send records to, it just works, and the provider doesn’t get to say: “I don’t trust that address, so I’m blocking this request.”

Longitudinal health records are enabled by patient-directed exchange because the patient is able to tell any of her providers: “Let X access my health record.”, where X is a longitudinal health record service that the patient has chosen. X could be a primary care doctor, a web service, or even an artificial intelligence like IBM Watson. Various doctors, service providers, and institutions could decide for themselves whether to access a longitudinal health record at X and if they decided that they don’t want to use X the patient might go elsewhere. This is no different than a merchant deciding to accept American Express or ApplePay. They have a right to decline the customer’s choice but they risk the customer going to another provider if they do.

But is there a need for interoperability that is not directed by the patient? Surely it’s convenient if a doctor can just ask around for who might have records about a patient without bothering the patient to remember them all. This is similar to what police do when they stop your car. They ask you for some identifying information and go poke around various databases to see who might have some information about you. Police access the various databases on the basis of their role whether you like it or not. The police don’t tell you where they are accessing your information and they don’t need your permission to access it. The police and the databases they are allowed to access are part of a trust framework. It’s more or less a national trust framework. It’s definitely useful. It’s also coercive. It also means that people might not trust the police, a problem that police often cite with regard to serving undocumented people. There’s that patient ID thing again.

Medicine is not law enforcement and caregivers are not the police. Assembling large databases of patient records and then managing access on the basis of trust frameworks creates an illusion of interoperability, as nationalized health systems like the UK NHS have shown. It may seem more efficient than asking the patient: “Where can I find your health records?” but it’s bound to fail because the participants in medical interoperability are much more diverse than police.

If not a police analogy, then maybe the trusted intermediaries are like the three credit bureaus that help merchants figure out where a person has credit relationships without asking the person to list their current relationships. That’s a good model for driving interoperability toward a valued outcome (credit) and a good consumer experience (don’t ask me for a list of all my relevant accounts). Merchants are supposed to ask for permission before requesting your credit report from a very limited number, three, of regulated intermediaries. But there’s no trust framework like the mythical one in healthcare because the merchants don’t get to take that credit report and ask the various banks and other merchants listed for more details about you without explicit and separate authorization, for example, auto-pay. So yes, there are reasons to introduce trusted and regulated intermediaries into the interoperability solution but they need to be in the service of a specified outcome, like credit, and the person still gets to decide if the merchant-to-merchant link is authorized, like auto-pay, on a case-by case basis regardless of any trust framework.

It’s time for ONC to treat patients and their caregivers as the primary stakeholders in health information interoperability. Let’s focus the new ONC on patient experience and outcome. Trust frameworks are not a solution to either information blocking or longitudinal health records. The July 24 meeting could be a good place to start but I don’t see either patients or physician advocates on the agenda – just would-be middlemen looking for regulatory capture.