Epic's Judy Faulkner: ONC data blocking rule undermines privacy, intellectual property protections

Judy Faulkner, CEO of electronic health record (EHR) giant Epic, has big concerns that an upcoming federal interoperability rule will undermine patient privacy.

The Office of the National Coordinator for Health IT's (ONC's) interoperability and information blocking rule, which is now under federal review, will have the unintended consequence of sharing family members' health data without their consent, Faulkner said during the Forbes Healthcare Summit in New York City last week.

ONC's information blocking rule defines the demands on healthcare providers and EHR vendors for data sharing, outlines exceptions to the prohibition against information blocking and provides standardized criteria for application programming interface development.

The rule, along with another interoperability rule from the Centers for Medicare & Medicaid Services, focuses on opening up EHR and claims data for IT developers so patients can access their data through third-party mobile apps.

"When patient data goes to an app from a health system, family members' data will go over too. There is no way to get that out," Faulkner said.

The solution, according to Faulkner, is for ONC to delay putting the rule into effect until more stringent privacy protections can be put in place to safeguard health data shared with mobile apps.

RELATED: Health IT stakeholders calling for ONC, CMS to 'go back to the drawing board' on interoperability rules

Congress should pass legislation requiring mobile apps that collect or use health data to comply with Health Insurance Portability and Accountability Act (HIPAA) regulations, she said.

The ONC rule is also too broad in scope and will require sharing information that is not standardized, which will be burdensome to EHR vendors, she said.

RELATED: Epic, Cerner growing EHR market share with increased hospital consolidation: KLAS

Under the rule, EHR companies will be required to release screenshots or other information that could help detect potential patient harm. Faulkner contends that some of these requirements remove intellectual property protections for technology vendors.

"We work hard on our screen design to figure out how the information flow should work. The rule removes IP protection of screens and algorithms. That allows reverse engineering in the U.S. and overseas," she said.

"There are some good things to [the rule], but there are also bad things that need to be fixed," she said. 

Faulkner's personal take on interoperability

Faulkner, who is typically elusive when it comes to press interviews and public speaking outside of private Epic events, opened up a bit about her herself and the privately held company.

Faulkner, a mathematician, wrote the original software code for Epic's technology and started the company in 1979 in the basement of an apartment house in Madison, Wisconsin. Funded with $70,000, the company only had "one and a half employees," she said.

RELATED: Editor’s Corner—Why the Biden-Faulkner exchange over EHR access touched a nerve

One of her daughters was born around the same time: "So really I had twins," she said.

The company now employs close to 10,000 people with an annual revenue of $2.9 billion, according to Forbes. 

Epic has faced criticism for its closed platform, which some stakeholders see as a hindrance to interoperability. And Faulkner has taken heat for remarks about access to health data. During an exchange in 2017 with then-Vice President Joe Biden, Faulkner reportedly insinuated that the length and complexity of a medical record somehow rendered it useless to patients. 

But Faulkner said she felt personally motivated to build Epic's interoperability platform, Care Everywhere, based on her husband's challenges with data sharing. Epic has built other interoperability tools like the Share Everywhere platform.

A decade ago, Faulkner's husband, Gordon Faulkner, a pediatrician, found out one of his patients died at a hospital in another city.

"He said, 'If that hospital had just had her medical record, the outcome might have been different.'" Faulkner said. "So I went to HIMSS (the Healthcare Information and Management Systems Society) and asked, 'When is the data going to be standardized so we can exchange records?' They said, 'Don’t hold your breath.'"

Faulkner decided to do it anyway, she said. "We wrote the interoperability software that no one else would," she said of the Care Everywhere platform, which launched in 2008.

More than 1,700 hospitals and 34,000 clinics using Epic EHRs are now live on Care Everywhere, according to the company.