At its core, the expanded Information Blocking rule under the 21st Century Cures Act is rather simple. It prohibits practices that interfere with access to, exchange of, or use of electronic health information (EHI), with the goal of improving patient access to data.
“Patients want to see as much information as they can, and we want to provide it,” according to Tony Ambrozie, SVP and Chief Digital Officer at Baptist Health South Florida. “This legislation is great from a patient perspective.”
The simplicity, however, ends there. And although most (if not all) healthcare leaders support the overall objective, there seems to be more questions than answers as to what exactly must be provided, when, and in what format, and what are the consequences for non-compliance.
During a recent discussion, Ambrozie and co-panelists Audrius Polikaitis (CIO and AVP of Health IT, University of Illinois Hospital and Health Sciences System) and Kel Pults (Chief Clinical Officer, MediQuant) addressed this pressing issue, sharing some of the biggest barriers leaders face, and how they can be overcome.
The most important piece, according to Pults, is having a strong grasp of the requirements of the 21st Century Cures Act, which she termed as “an extension of HIPAA.” Rather than focusing on paper records, it zeroes in on electronic data, and more specifically, the transfer of ownership from provider to patient.
Data blocking implications
Below, Pults offered some key takeaways from the rule that are of interest to CIOs and other leaders:
- Included in the 21st Century Cures Act is USCDI, a standardized set of data classes and elements that must be released to patients. Version 4 is expected to be released in April, with the final set for October.
- Rather than being limited to clinical information, the designated record set (DRS) has been expanded to include financial information, claims, and “anything a patient might need for their overall record,” said Pults.
- It’s no longer just about EHRs; patients will have access to “a much broader view of their records” and will have autonomy to “pull their own records out of the system.”
- Information needs to be provided “in the manner that the patient requests,” as long as it’s available in that format, she noted There is, however, some leeway. For example, “if it’s stored in a document and they want you to break it all apart, that might not be feasible right now.”
- Timeframes are tighter. If a patient goes to the organization that wasn’t the originator of the record, and they can’t provide it, they have 30 days to meet the request. If there is no reply, patients can submit a second request. If that isn’t answered, they can (and do) file a complaint. “About 77 percent of complaints right now are against individual providers for not handing over that legal medical record,” she said. And the fines can be steep.
- Although fines vary depending on severity, they can climb to as much as $1M per instance, which means health systems “have to get really good at documenting why you did not provide a record, and don’t ignore any requests,” Pults said.
It’s a lot to process — thousands of pages, in fact — and it adds quite a lot to the already heavy workloads of healthcare IT leaders. But it also marks a significant step in the right direction, said Ambrozie. “The ultimate desire is to help patients manage their health — not just their healthcare. The trick is to provide information in the most convenient way, and in a format that’s consumable.”
What often happens, however, is when patients do get their hands on a record, it’s extremely difficult to understand. “As the chief digital officer, how do we make that information usable for patients in ways they can understand and act upon? And from there, what can we provide? That’s what we need to think about.”
Before that can happen, a patient’s record must be pulled together from an entire portfolio, according to Polikaitis. Even an “EHR-centric” organization like UI Health still has several other systems in the environment (142, to be exact) that fall under the EHI umbrella. “Now you’re in a position to have to work with multiple vendors to develop a strategy for how we can electronically access and release this information.”
Not an easy feat, especially when only a fraction of vendors responded to inquiries about their strategy, which was the case for his team. Of those, only a few gave a definitive answer as to how they plan to help UI Health comply with the regulations.
It’s been a source of frustration, along with the fact that non-EHR vendors aren’t required to go through a certification process as part of the 21st Century Cures Act. “They’re not held to the same standards,” said Polikaitis. Fortunately, most of the data reside on the Epic platform, which is well-supported.
Historical data, however, can be much more challenging. “We’re ultimately going to take data out of our historical systems and put it into archives, and those archives need to be accessible through FHIR,” he noted. “This is where MediQuant and other archiving solutions play a huge role.”
What sets MediQuant apart, according to Pults, was the decision to obtain certification in March of 2019, even though it wasn’t required. “We said, ‘this applies to us because we have the designated record set,’” she added. “We’re part of the legal medical record.” Pults, along with two colleagues, attended a bootcamp with the Sequoia Project, formed a regulatory committee, and is now able to send FHIR transactions and, consequently, more effectively support customers. “We’re ahead of the game in that sense.”
It’s a philosophy that Polikaitis appreciates as a CIO. “They understand that they’ll be the repository of information that is part of a record that ultimately needs to be accessed through APIs. They’re a huge solution to part of the puzzle.”
“This is the patients’ data”
Another piece of the puzzle involves clinicians, many of whom have expressed serious concerns about the impact of data being released before they’ve had a chance to speak with patients — especially in the event of a cancer diagnosis, for example. “That needs to be managed,” said Polikaitis.
Ambrozie was optimistic that everyone’s concerns can be addressed. “Let’s put the power to decide back in the hands of the patient or consumer,” he said, noting that while some prefer to hear it directly from their clinician, others want to see it in an app. “I think there’s a way to map both, and not just have physicians say, ‘this is ours to deal with.’ This is the patients’ data and they’re entitled to it.”
With that power, however, comes a great deal of responsibility, said Ambrozie, who believes it’s critical that patients understand how their data can be manipulated if it falls into the wrong hands — and what can be done to avoid that. “I think some level of education is needed. But at the end of the day, it’s their data. It’s in their hands. As long as they have the right tools and education, they can do what they want with it.”
None of this, however, is going to happen overnight, according to the panelists, who stressed the importance of patience when it comes to creating a single system of record. “It’s a great goal to have for the long run. But in the short term, you have to be practical,” said Ambrozie. A more realistic ambition? To enable users to “traverse your systems in a way that you can recognize information about a patient,” even if it means utilizing translators between systems.
“We’re working on a system where patients can go in and get the data in a way that’s easy and complete. But in the meantime, we’re going to give them as much as we can, as fast as we can,” he said. Even if it means using a manual approach.
Polikaitis agreed, noting that there are alternate methods of extracting data and bringing it forth. And while it may not be the quickest or easiest method, it’s still a step in the right direction. “We’re not perfect at this point, but we are working hard to meet the spirit of the rule and show progress toward achieving the ultimate goal of interoperability. It’s taking a while,” he noted, “but we’re getting there.”
To view the archive of this webinar — Developing a Multifaceted Patient Matching Strategy to Fuel Interoperability (Sponsored by MediQuant) — please click here.