Federal policy leaders continue to take shots at industry giant Epic and its opposition to proposed data-sharing regulations.
Speaking publicly Wednesday morning, CMS Administrator Seema Verma alluded to the electronic health record vendor's public campaign against proposed federal regulations that would expand patients' access to their health data and enable them to share health information with third-party apps.
"The disingenuous efforts by certain private actors to use privacy as a pretext for holding patient data hostage is an embarrassment to the industry," Verma said while speaking at the Centers for Consumer Information and Insurance Oversight’s (CCIIO’s) Industry Day.
The comments appeared to refer to electronic health records company Epic's vocal opposition to interoperability rules proposed by the Office of the National Coordinator for Health IT(ONC) and the Centers for Medicare and Medicaid Services (CMS). Last week, Epic CEO Judy Faulkner emailed hospital chief executives urging them to speak out against the ONC rule.
"We will not waiver in ensuring that patients enjoy full ownership of their data," Verma said.
She added, "I'd like to extend that point to the entire industry. The sort of consumer-oriented revolution that will make the health care system more affordable and accessible is undermined by those bad actors throughout the system that continue to guard the status quo because it’s in the interest of their short-term profits. The short-sightedness of such efforts is deeply troubling. This self-serving mentality must be immediately and permanently retired."
The CMS proposed interoperability rule (PDF) in question, currently under review at the Office of Management and Budget, would require insurers participating in CMS-run programs like Medicare, Medicaid, and the federal Affordable Care Act exchange to have the capability to give 125 million patients electronic access to their personal health information at no cost to patients.
The regulation is aimed at stopping information blocking and expanding how patients can access their healthcare information stored in EHRs.
Verma said Wednesday that patient privacy and security were foundational to CMS proposed rule. But that through its MyHealtheData initiative, the agency was supporting patient access to health data. "Providers don’t own a patent’s data and must give it to their patents," she said.
Meanwhile Epic is not slowing down its lobbying efforts against the rule.
On Monday, the U.S. Department of Health and Human Services Secretary Alex Azar blasted what he referred to as "scare tactics" by private sector players to oppose and stall the regulations. "Unfortunately, some industry stakeholders are defending the balkanized, outdated status quo," Azar said, noting that it was a "highly unpopular position to take."
In turn, Epic posted its concerns about the interoperability rule on the front page of its website on Tuesday. Epic also is calling for ONC to add transparency requirements and privacy protections for apps gathering patient data before the rule is finalized.
"Epic strongly agrees with the goal of the Office of the National Coordinator for Health IT (ONC) to support patients' ability to access their data," the company wrote. "We recommend necessary solutions before the ONC rule is finalized to prevent serious risks to patient privacy."
As currently written, the ONC rule creates inadvertent privacy risks, such as potentially sharing family members' health data, without the patient realizing it and without the family members' knowledge or permission, Epic wrote.
Epic executives drew a parallel to the Facebook-Cambridge Analytica scandal, using the example of "Facebook friends who did not give their approval for their information to be harvested by Cambridge Analytica."
"Epic does not typically comment publicly on national policy issues. However, our goal is to keep the patients at the heart of everything we do, and we must speak out to avoid a situation like Cambridge Analytica," the company said.
During the Forbes Healthcare Summit in New York City in December, Faulkner said publicly that she had concerns the ONC rule would threaten patient privacy as well as vendors' intellectual property protections.