2016 was a busy year for healthcare information technology in general and EHRs in particular. Electronic health records have matured—in part. Sometimes it seems like the industry takes two steps back for every step forward.
Incentive programs have evolved, but interoperability efforts have been rocky. Data analytics are more robust than ever, but on HIPAA's 20th birthday, cyberthreats are on the rise.
Let's take a look at five of the biggest EHR-related issues of the past year, how they unfolded and where we’re headed in the coming year.
The evolution of the EHR incentive programs
The Meaningful Use program, greeted with much fanfare in 2009 and then widely criticized as it stumbled, has ended up a ghost of its former self. The focus is no longer on adoption of EHRs; that appears to have been accomplished. But this year we’re seeing a refinement in how EHR use will be rewarded.
The biggest change is the Medicare Access and CHIP Reauthorization Act (MACRA), which moved physicians out of Meaningful Use and instead into MACRA’s quality payment programs, which require use of certified EHR technology and emphasize data exchange.
Enacted in 2015, this year saw HHS put meat on the bones of the program, developing the criteria for professionals to earn bonuses for, among other things, “advancing care information,” the new buzzword for Meaningful Use. MACRA also streamlines the remnants of the Meaningful Use requirements, mandating fewer objectives and jettisoning the “all or nothing” approach to earning an incentive and avoiding a penalty.
Hospitals still have to comply with the Meaningful Use program, but it’s been streamlined and softened. There’s more flexibility and a shorter reporting period in 2016 and 2017. Only one patient has to view, download or transmit his/her EHR data.
Interoperability: Two steps forward, one step back
Data exchange is the darling of 2016. Last year, critics were blasting vendors and providers for not sharing information electronically. Now, we have stakeholders pledging to work together to share information across the care continuum and ONC shifting its focus from EHR adoption to interoperability.
And it’s not just about providers being able to share lab reports and summaries of care. We’re going to whole new dimensions, with an emphasis on patients’ rights to access their data, more action against information blockers, and the desire to incorporate patient-generated information.
And yet data exchange kept on running into roadblocks in 2016, from issues as diverse as the difficulties in integrating data from different providers, the continued information blocking of EHR data by some vendors—say when competitor third party software is involved—and the struggle by public health information exchanges to stay afloat. Even with this emphasis on interoperability, only a small percentage of providers are sharing data electronically and using it in patient care.
Cyberthreats on the rise
Cybercrime in healthcare is at its highest level ever, and affecting more patients as more providers adopt EHR systems. And although hacking and stealing electronic patient records is bad enough, ransomware, which cripples the ability to provide patient care, has become both more common and more sophisticated in 2016. Some versions can now worm their way into the systems merely by exploiting a vulnerability in the network; no more need for an employee to click on an infected email attachment. Other versions can not only encrypt EHR data and hold the data hostage but also still allow the criminals to access and possibly compromise the data.
But 2016 also exposed an uncomfortable truth: Despite the cyberthreats, providers are still not complying with HIPAA and adequately protecting their electronic data.
Even though HIPAA is 20 years old this year.
A stalemate on EHRs and patient safety
Yes, research has shown that EHRs can improve patient health and safety. They improve medication reconciliation and can alert clinicians not only of patients at risk but also remind them who needs a flu shot.
But 2016 didn’t bring much improvement in other areas of patient safety. EHRs are still not designed with safety as a priority; the government is hoping that MACRA will entice vendors to improve their products, an iffy proposition. ONC’s new authority allowing direct review of EHRs has left safety gaps. And providers are still unable or afraid to report EHR-related safety issues for fear of repercussion from the vendors.
The maturation of EHRs—in part
EHRs have moved beyond the basics. In 2016, we’ve seen them harnessed with use of algorithms and other data analytics to drill down to genomic information. They have demonstrated their potential to have a great impact on research, changes in clinical practices and the like.
But they’re still not ready for prime time in certain respects. They stumble over reporting electronic clinical quality measures and lack the precision for precision medicine. The data are still too variable to be totally effective for research. And the records are rife with mistakes, which can be used against providers in court.
So where are we headed? The future of health IT is murky, especially now with a new leader in the White House. MACRA will launch in 2017, but only time will tell if it will be a success. Interpretability will continue to increase, but who knows how well or at what pace. We’ll continue to be stymied by cyberthreats and the Office for Civil Rights will penalize more providers for not fighting hard enough against them. EHRs still need work to reach their potential in 2017 and beyond.
But no question it will be an interesting, if potentially bumpy, ride.
Marla Durben Hirsch is an attorney who has specialized in health law for more than 30 years and has written about the many facets of healthcare for almost 20 years—including as a contributor to FierceHealthcare. She has won a number of awards for her coverage of healthcare news, and has been quoted in several publications, including The New York Times.