At HIMSS, I listened carefully to payers, providers, patients, developers, and researchers. Below is a distillation of what I heard from thousands of stakeholders.
It is not partisan and does not criticize the work of any person in industry, government, or academia. It reflects the lessons learned from the past 20 years of healthcare IT implementation and policymaking. Knowing where we are now and where we want to be, here are 10 guiding principles.
- Stop designing health IT by regulation. Through its certification program, ONC directs the specific features, functionality, and design of EHRs. As a result, technology developers devote the majority of their development resources to fulfilling government requirements instead of innovating to meet market and clinician demands. The certification program has established a culture of compliance in an industry ready for data-driven innovations. ONC’s role in the health IT industry made sense eight years ago when IT adoption in healthcare lagged considerably behind all other sectors, but today the certification program impedes a functioning market and must be reformed.
- Align certification with Meaningful Use (MU) and MACRA/MIPS requirements. ONC’s certification program is increasingly disconnected from CMS’s work to streamline pay-for-performance programs. For the first several years of the MU program, certification criteria were tied to MU measures. Though burdensome, certification was directly related to clinicians’ successfully meeting MU requirements. CMS has made progress toward simplifying MU and now the ACI category of MIPS, but unfortunately ONC has not followed suit in the certification program. As a result, the certification program is filled with outdated requirements and is a significant drain on health IT developer resources, with no incremental gain to patient care. The certification program needs to be limited to verification of functionality necessary for success in Medicare and Medicaid payment programs.
- Recognize that information flows best when there is a business case for doing so, not a government mandate. Well-intended government attempts to mandate interoperability have led to unintended consequences that stifle innovation. In other sectors like finance or travel, market dynamics serve as a sufficient driver for information fluidity; policy frequently impedes such a reality in healthcare. ONC should set the conditions for private sector-led interoperation efforts — the private sector has and will continue to make tremendous progress to bring seamless information exchange to healthcare. When interoperability is essential to the success of health systems and medical practices, market forces will deliver robust solutions that increase the utility and value of information exchange.
- Improve access to CMS claims data to drive care coordination. The government does not share its own cost and quality data associated with the millions of taxpayer dollars spent through Medicare and Medicaid. If clinicians had access to the complete claims data for their patients, it would enhance interoperability, driving improvements from increased price transparency for patients to better informed decision-making and communication by clinical teams. There is no legal barrier to CMS sharing its claims data with HIPAA covered entities for the purposes of treatment, payment, and healthcare operations.
- Eliminate the Enhanced Oversight Rule. ONC’s Enhanced Oversight and Accountability final rule augments ONC’s regulatory authority over health IT products at a time when efforts should be exclusively focused on reducing the burden of the certification program. The rule further increases the administrative burden and cost associated with certification for both health IT developers and government bodies alike. Vendors will have to devote continued attention to proving ongoing compliance with the rule, further limiting the resources that they can devote to responding directly to consumer needs. Program add-ons, such as this increased oversight, will not improve the certification program or the usability of health IT products. Additionally, the authority laid out in the rule is beyond the scope that Congress envisioned when it established a certification program, and it paves the way for future overreaches that will inhibit the entire industry.
- Avoid a heavy-handed approach to patient safety. Patient Safety Organizations (PSOs) play an important role in improving care quality by providing a space for the healthcare community to confidentially share and learn from patient safety issues. It is essential that ONC leverages this existing framework as it thinks about how to ensure patient safety in health IT, as opposed to a framework centered on government investigation and oversight. A government-led approach has been demonstrated to lead to a “shame and blame” culture where the penalties and government intervention associated with safety issues lead stakeholders to keep issues confidential, rather than ensuring that the entire health IT community can learn from issues experienced by one provider or vendor. Safety is a priority for every health IT vendor. ONC should ensure that it is not unnecessarily inserting itself between vendors and providers when it comes to learning about and swiftly resolving issues.
- Establish a national patient identifier. HIPAA called for the creation of a national patient identifier to improve efficiency and safety. While patient-matching technology and processes have improved tremendously since HIPAA was enacted, a national patient identifier would still offer considerable efficiency and safety benefits and would remove a barrier to seamless interoperability.
- Improve access to CMS data on providers to spur the creation of market-based provider directories.CMS has the most comprehensive nationwide information on providers in the country. By making this information available as a “shared service” through industry-standard APIs or formats, innovative developers will be able to create a wide variety of value-added applications for providers and patients. The same might also apply to record location leveraging CMS’s knowledge of provider-patient relationships. While this information is admittedly more complex due to privacy issues, there are already market-based record location services available through CommonWell and Surescripts that CMS could either supplement or learn from.
- ONC should focus on “coordination” of government entities.Federal government provider organizations (DoD, VA, INS, etc) are an important part of the health care delivery in virtually every market of the country. Yet in most markets, these organizations do not participate in the interoperability landscape. These organizations can drive standards-based interoperability not through regulations but through market action. Deploying industry-standard interfaces and APIs and actively participating in “retail” commercial exchange such as CommonWell and Carequality will do more to advance interoperability than any amount of ONC “enhanced oversight.”
- Drive alignment of uniform patient privacy laws across the country.It’s obviously not practical to try to battle each of the 56 states and territories one-by-one, or to try to statutorily enact Federal pre-emption of state privacy laws. However, there are many examples in other industries where the Federal government has motivated alignment of state laws without formally trying to preempt those laws (speed limits, for example). Active participation by Federal agencies in nationwide health information exchanges (#9) that adhere to nationwide HIPAA provisions would be one way to drive this. Tying use of Medicaid funds for local HIE initiatives to alignment with nationwide practices might be another.