In a few days, a new regulation goes into effect that will give patients unprecedented access to their healthcare information in much the same way they already manage their finances or travel information.
The rule from the Office of the National Coordinator for Health IT (ONC) requires health IT vendors, providers and health information exchanges to enable patients to access and download their health records with third-party apps. Under the rule, providers can't inhibit the access, exchange or use of health information unless the data fall within eight exceptions.
Here are three key issues to keep an eye on as the information blocking rule goes into effect:
1. Enforcement: The information blocking ban lacks teeth, for now.
A year ago, the Office of Inspector General (OIG) within the Department of Health and Human Services (HHS) released a proposed rule outlining civil monetary penalties related to information blocking. In the rule, OIG proposes a maximum fine of $1 million per violation. A final rule from OIG is expected soon.
Those civil monetary penalties apply to health IT companies, HIEs and health information networks, not providers. Healthcare providers are treated differently under the law and may be subject to “appropriate disincentives” as set forth by the HHS secretary. Those regulations have not yet been issued.
“OIG and ONC could work with CMS on a payment disincentive. A percentage off of a provider’s Medicare reimbursement is one of the likely candidates at the moment,” said Jeff Coughlin, senior director of federal and state affairs at the Health Information and Management Systems Society (HIMSS).
Until there is enforcement in place, providers will likely err on the side of caution and hold back if there is a question about whether information should be shared, said Deven McGraw, a health privacy expert and co-founder and chief regulatory officer at Ciitzen, a consumer health technology company.
2. Privacy and third-party apps: Many stakeholders believe the interoperability rules will be a boon for Silicon Valley technology companies, which are already making inroads in healthcare, as well as digital health companies.
But third-party apps will not be required to follow data blocking policies under ONC's rule and are not covered under HIPAA. This raises serious privacy concerns about patients' medical data and the potential misuse of data.
HHS has clarified that healthcare providers will not be held responsible for any misuse of patient data by an outside third-party app, as long as the app developer is not a business associate.
But mandating that providers have to share data with digital health apps can still put providers in a tough spot, said Jean Tichy, director of clinical solutions at Marshfield Clinic in Wisconsin during a recent virtual event on the ONC rules.
“What happens when that data leaves our door? If an app developer hasn’t taken steps to make that data secure, we’re very concerned about being associated with a ‘bad actor,'” she said.
Dick Flanigan, senior vice president of regulatory affairs at health IT giant Cerner, agreed there is a potential risk for a hospital’s brand reputation to be tarnished by being connected to a third-party app that has a security breach or misuses data.
McGraw acknowledged that privacy issues are a big concern but not a "show-stopper" to get into compliance with the information blocking rule.
“We can’t wait for conditions to be ideal, from a privacy standpoint,” McGraw said. "We work with cancer patients and patients with rare neurological conditions who need their data to get second opinions."
3. Trust questions ahead as Big Tech and healthcare work out details: As patients get access to their digital health information, there will be opportunities to build longitudinal health records.
"Will companies like Cerner host those longitudinal records, or new actors? Will you trust Big Tech to host your record? You’ve seen the moves with Amazon and many others. I don’t think that script is completely written," Flanigan said.
This also presents opportunities for health systems to jump into the broader consumerism trend as technology companies increasingly push into the healthcare market.
"This could be the dawn of a major strategic shift where health systems could reach out and be that data aggregator for patients and work with consumers to empower them into effectively using their information," he said. "But, payers want to be that entity too, as well as tech companies, EHR vendors and digital health companies."
Rather than just checking the box on compliance with the rule, health systems should incorporate the evolving app economy in healthcare as part of their broader business strategy, Flanigan said.