While steady progress has been made in adoption of certified electronic health records (EHRs) and the commonality of health information exchange, the Office of the National Coordinator’s road to interoperability has hit a few bumps and unexpected turns.
In part one, we spoke with Genevieve Morris, Principal Deputy National Coordinator at the Office of the National Coordinator for Health IT, to take a look at where we are on the original Shared Nationwide Interoperability Roadmap. But what about where we’re going, what it’s going to take to get there and whether the ONC has the support it needs to get interoperability over the finish line?
For that last part, Morris feels pretty good about what the agency can do with resources provided by the 21st Century Cures Act.
“Congress did an excellent job in crafting 21st Century Cures, because they laid out a lot of tools for us at ONC to collaboratively move interoperability forward,” Morris said. “Over the last year, we’ve been working and conversing with the industry to make sure that we understand what is happening in the real world, so that we can make sure policies reflect reality.”
That reality, however, is that times are quickly changing. The wave of innovative healthcare technology in recent years has created new obstacles to tackle as well as new opportunities.
One of the goals of Cures is for people to be able to access their health information without special effort. That depends, at least partially, on development of new Application Programming Interfaces (APIs) that can keep up with modern technology, such as devices connected to the internet of things.
“We’ve been working on how we define and set up open APIs that can be used without special effort,” Morris said. “In Cures, Congress recognized that most other industries have a concept of open APIs. You think of Google Maps, Facebook, and all the apps that feed into them. That’s the world that exists outside of the healthcare industry and if we could bring those modern APIs into healthcare we could see a lot more innovation, which would give providers more usable systems and patients more access to their information on their own devices.”
Part of the work around open APIs is simply understanding what open APIs without special effort really means, according to Morris. The ONC has been talking to stakeholders, researching other industries and taking a good amount of comment letters, something it opened itself up to in the last year during the development of the draft version of the Trusted Exchange Framework.
One area of concern that Cures has turned to the ONC and the Office of the Inspector General (OIG) to address is information blocking, which can be done by a provider to control referrals and enhance the market dominance over another hospital or healthcare provider. But whether a specific case represents information blocking can be debatable. It’s up to the investigative parties to determine and enforce regulations.
“We currently have a mailbox where people can report information blocking and we investigate their cases,” Morris said. “We’re working to define what the exceptions are to information blocking. Cures lays out what information blocking is, and then asks Health and Human Services (HHS) and the ONC to determine what it isn’t. We’ve been working to craft the regulations on information blocking and that is going to come out in Spring of 2018.”
Information blocking can occur for a number of reasons, such as security issues that stem from varying types of protocol from one healthcare entity to another. Given the volume of data breaches around healthcare providers in recent years, it’s not hard to see why a lack of trust was noted on the roadmap as one of the “speedbumps” to interoperability.
“At the end of the day, health systems and providers take seriously the data stewardship role they’ve been given,” Morris said. “I’ve yet to meet a health system or provider that didn’t feel it was their responsibility to protect patient data. I think where the concern comes in and trust starts to play a role is that if I don’t know that the provider I’m sharing the data with is following secure policies, [say] none of their laptops are encrypted, I’m not going to want to share information with them. I’m not going to trust that they’re not going to have a breach of their system. As we start to share data in larger numbers, it’s a concern.”
It’s not just the security issues, however. The lack of trust also stems from what’s being done with health information and how it’s being handled by providers outside of a network. There are concerns that health information may be used for things that patients aren’t comfortable with, such as marketing.
“Those kinds of trust issues are just inherent when you’re exchanging data,” Morris said. “In the paper world, those issues existed as well, but it’s compounded a little bit in the electronic world because it’s so easy to get access to larger amounts of data. When you’re sharing data for the fourth time, it can be very difficult for the provider at the front end to feel comfortable with that. What we have to do is make sure that we have some principles and guardrails in place that can engender that trust, so that they feel comfortable sharing that data even though it’s going to be shared broadly.”
While the concerns about security and use are valid, Morris also feels that security concerns surrounding health information exchange are used to justify information blocking.
“I think some of those trust concerns are used as a red herring to try to limit the sharing of data for competitive purposes,” Morris said. “We’ve seen this with HIPAA where we’ve been told ‘we can’t give that to you because of HIPAA.’ That’s totally misinterpreting HIPAA and these trust issues become a scapegoat for not wanting to share data for competitive reasons. Trying to figure out where that is happening versus real issues with sharing health information is part of the job that we take on.”
Part of what the roadmap targets is an increase in users of mobile health and wearable technology. But those devices create a wealth of data in addition to the reams of health data that already exists. And it isn’t always reliable, as patients have to use it properly in order for it to have any effect.
There are a variety of technical hurdles to overcome to make the best use of that data, such as getting that data out of the systems it’s in now and into patient records. That requires a higher adoption of modern APIs by provider systems, a shift that Morris believes is beginning to occur. But there are other issues that need to be addressed as well:
“One of them is provenance tagging, or tagging data with where it came from and who created it,” Morris said. “No provider wants to get data into their system from an unknown source where they just have no idea where it came from. That doesn’t allow them to figure out how to best use that data. Having the right tagging of data that comes from wearables so that you know it came from a patient or specific device is an important technology piece that needs to be there.”
There’s also concern over which data is appropriate for providers to share. Honing in on what data is actually needed requires coordination between providers, thus preventing a data overload. For example, if all of the data from someone’s Fitbit is shared, such as sleep and step data, it could create a trove of data too big for one person to make sense of, particularly for providers with hundreds of patients.
“Not every patient needs to share their step counts for a day, but if you’re a patient going through rehab for a hip replacement, it might be really helpful to share a step count with your provider so that they can monitor your progress and make sure you’re doing the right things to ensure you get better,” Morris said.
““I think there’s a lot of places where we can start with that. If you have diabetes and you’re doing your blood level readings or you have cardiac issues and you have a pacemaker, figuring out how to integrate those types of data points, starting small scale, I think will start to get us toward that place of sharing data with wearables and the internet of things. We have to figure out how best to make that work for both physicians and patients and some of that work has yet to be done because we’re at really early days of this.”
Wearables are just one piece of the technology puzzle that health IT regulators have to consider. With new developments in machine learning and artificial intelligence, having providers plug into a Common Clinical Data Architecture (CCDA) in a uniform manner to speak the same language is going to play a big part in use cases for these technologies.
“Semantic and syntactic issues are legitimate issues that we have to solve,” Morris said. “The other piece is that we have to start figuring out how we apply machine learning to unstructured data, recognizing that because of the complexity of biomedical data, it’s not all ever going to be structured. That’s not a world we can get to. So figuring out how we apply some of this new technology and computing power we didn’t have 5-10 years ago, that’s where we want to start seeing innovation and that means we have to get data to be liquid so that it’s flowing.”
Morris recognizes the need for speed to keep up with innovation, but also that it can’t come at a cost to the quality of care.
“We need to push really hard to move faster, but we have to be really careful to make sure we do this in the safest, securest way possible so that we’re doing what’s right for patients.”