Senate HELP Committee Chairman Sen. Lamar Alexander, R-Tenn., is calling on officials at the U.S. Department of Health and Human Services (HHS) to consider delaying the implementation of two new interoperability rules.
The lawmaker also suggested taking a more phased-in approach, voicing concerns about the burden on providers and vendors and data privacy risks.
He made the comments during the Senate Health, Education, Labor and Pensions (HELP) Committee meeting Tuesday as members dug into the complexities and timelines of two separate, but intertwined, rules intended to accelerate interoperability in the healthcare industry.
The legislators seem to be at odds over the pace of progress, with Alexander urging caution to not go "too far too fast" and Senator Mike Braun, R-Ind., describing the healthcare industry as "dragging its feet."
"In 2015, I urged the Obama administration to slow down implementation of Stage 3 of the Meaningful Use program, which incentivized doctors and hospitals to adopt electronic health records. They did not slow down, and looking back, the results would have been better if they had," Alexander said during the hearing, the second one in recent months to go over the interoperability provisions of the 21st Century Cures Act.
As part of the Centers for Medicare & Medicaid Services rule (PDF), insurers participating in CMS-run programs like Medicare, Medicaid and the federal Affordable Care Act exchanges would be required by Jan. 1 to have the capability to give 125 million patients electronic access to their personal health information at no cost to patients.
The Office of the National Coordinator for Health IT released its proposed information blocking rule that outlines seven exceptions to the prohibition against information blocking and provides standardized criteria for application programming interface (API) development. Both the ONC and CMS rules call for the adoption of standardized APIs within two years after the rules are completed. Hospitals also will be required to send admission, discharge and transfer notifications as a condition of participation for Medicare and Medicaid.
Earlier this month, HHS announced it was extending the comment period deadline for the two rules by 30 days after facing pressure from industry groups that they needed more time to go over the complex proposals.
During a hearing last month, healthcare leaders questioned the timeline for complying with the rules and the cost and burden on providers. America’s Health Insurance Plans called the timelines “unrealistic” and said it would pose “significant compliance burdens” on health insurers, providers and other stakeholders.
Senators suggested HHS adopt a more phased-in approach rather than hard deadlines or decrease the size of the data sets that stakeholders are required to share. The CMS and ONC rules propose to standardize what information EHR systems are able to share through the United States Core Data for Interoperability standard. This standard includes data beyond what is in the Common Clinical Data Set.
Sen. Mitt Romney, R-Utah, questioned whether trying to achieve nationwide interoperability was a "bridge too far" at this stage. "We might need to rethink how we approach this goal of interoperability and move to a more standard-oriented process versus an implementation process."
National Coordinator for Health IT Don Rucker, M.D., pushed back on changing the timelines, noting that the majority of providers have access to health IT software that meets the interoperability standards. "The risk of delaying this is that the American public is not in charge of their healthcare, are paying more for their care and not getting as good care as they could get," Rucker said.
The information blocking rule, in particular, follows the intent of Congress to enable data sharing.
"We have heard that vendors are charging over $1 million to startups to get data and that stops innovation in its tracks," he said.
Braun, on the other hand, voiced frustration about how the industry has been allowed to block information sharing. "Blocking information is so far outside the mainstream of other industries. What I want the industry to hear is, get with it or you’re going to be changed radically based on all kinds of approaches out there."
He called the healthcare industry "dysfunctional" and not consumer-driven. "This industry is full of smart individuals and big corporations who have figured out how to take advantage of it."
CMS Chief Medical Officer Kate Goodrich, M.D., assured the senators that progress was being made toward improved interoperability due in large part to advances in technology, including progress on the FHIR standard.
"The 21st Century Cures Act is a transformative moment to be able to move forward in a way we haven’t been able to before. There is room for skepticism, but there's also room for more optimism than any of us would have had a few years ago."
Privacy concerns persist
Echoing the March hearing when industry stakeholders voiced concerns about data privacy once the interoperability rules are implemented, senators also grilled Rucker and Goodrich about how HHS will ensure patient data are protected once they can be shared with third-party apps.
When a patient downloads their medical history, they are also downloading their family medical history which poses privacy risks to the patient and the family members, noted Sen. Bill Cassidy, R-La.
"That’s a major problem," Rucker said. But he said he is optimistic that app developers will address the issue with strong privacy protections. "The consumer economy will drive this with trusted brands," he said.
The ONC and CMS rules require the same API standards used by other industries, like banking, he noted. And ONC is working with the Office for Civil Rights to better educate patients about their rights to data access and the risks of sharing it with third-party apps.
Rucker also urged Congress to consider secondary uses of data more broadly in future legislation. "Someone can infer your health data by the location of a clinic in your maps or a credit card statement," he said.
Cassidy suggested that patients should be able to request that only certain parts of their health data be shared or downloaded, allowing them to exclude family history. He also voiced concerns that healthcare providers would be on the hook for either providing too much patient data or not enough, depending on what patients request and based on the capabilities of their EHR system to segment data.
"That is a significant challenge; the data segmentation for privacy is a brittle technology from a computer science point of view. It’s a joint challenge for both physicians and the EHR vendors, and we have provisions there to help that. It’s a deeply complicated and technical issue because of how it affects the architecture of every database field," Rucker said.
He noted there are provisions in the information blocking rule defining which data can be computed, and that helps protect physicians.