Health IT companies remain divided over a proposed rule by the department of Health and Human Services to make it easier for patients to share health information. The rule is currently in front of the Office of Management and Budget (OMB) and is expected to be finalized in February.
Epic Systems, one of the largest electronic health record vendors by market share, has remained a prominent holdout since HHS rolled out the proposed rule a year ago. The company’s concerns are centered around health apps’ access to patient data, highlighting fears that apps might share family data or collect more health data than patients originally intended.
“By requiring health systems to send patient data to any app requested by the patient, the ONC rule inadvertently creates new privacy risks,” the company wrote in a statement on Monday. “For patients to benefit from the ONC rule without these serious risks to their privacy, we recommend that transparency requirements and privacy protections are established for apps gathering patient data before the ONC rule is finalized.”
Epic’s CEO, Judi Faulkner, circulated an email to hospital executives urging them to voice their disapproval for the proposed rules in their current form, according to a report by CNBC. She also reportedly told Politico that her company might sue HHS if the final version of the data blocking rules “are as objectionable as she found in their draft versions.”
In an emailed statement, Epic wrote that the company had “no interest in pursuing a lawsuit.”
“Our goal is to work with HHS and the Administration to fix the proposed rule and make sure it is a good one,” the company stated.
Notably, Epic’s heavyweight competitor, Cerner, appears to be in favor of the proposed rule. The company is part of a group of stakeholders called the Carin Alliance that met with the OMB on Monday, asking that the agency finalize the proposed rules “without further delay” and with the assumption that the public and private sectors “can work together to improve and build upon the rules after they are released.”
Two representatives from Cerner were expected to attend on Monday, as well as members from Blue Shield of California, Humana, Walgreens, Google, Apple, Microsoft and several hospital systems and digital health companies.
Further solidifying the company’s position, Cerner CEO Brent Shafer tweeted on Monday, “Let me be abundantly clear: Cerner embraces interoperability and the flow of information across disparate systems and health care entities. We fully support the proposed rule and the rulemaking process.”
Azar defends against ‘scare tactics’
HHS Secretary Alex Azar defended the proposed rule at the Office of the National Coordinator for Health Information Technology’s 2020 meeting.
“At this point, we could practically turn HHS senior staff meetings into a roundtable about frustrating health IT experiences,” he said in prepared remarks. “I would suggest that means we have a serious problem—and that scare tactics are not going to stop the reforms we need.”
He pointed to recent experiences of his own as evidence that the current system isn’t working.
Last year, Azar said he visited three different providers that were all part of the same health system. Yet they still didn’t have interoperable records. At one point, the hospital planned to switch his medication to a more powerful statin.
“I told them I didn’t want to do that—but sure enough, somehow that information wasn’t incorporated into my record and, that night, I got a cup of pills with the drug I’d said I didn’t consent to taking,” Azar said. “Health records today are stored in a segmented, balkanized system, and it’s not just affecting the patient and provider experience — it’s affecting care.”
It’s also worth noting that healthcare providers already have a legal requirement to make patient records accessible; first, under HIPAA, and later reinforced by the 21st Century Cures Act, which was signed into law in 2016. The proposed rule adds teeth to those requirements: Health networks and information exchanges that do not comply would be subject to penalties of up to $1 million for lack of interoperability.
“The implications of noncompliance are pretty significant with the penalties,” said Mariann Yeager, CEO of the Sequoia Project, a nonprofit created to advance interoperability. “I think it will uncover trying to get to the bottom of more nuanced cases of information sharing.”
The Sequoia Project released guidance for the proposed rule on Monday. In it, the organization stated it will take years for take years for the specifics of enforcement to become clear. The guide also noted that smaller clinician practices may have a harder time obtaining the needed expertise and resources to follow the law, and that some organizations may have high volumes of requests for information.
As for privacy concerns around apps, the Sequoia Project noted that physicians and other providers will “continue to view themselves as stewards of patient information and have concerns about vetting apps and API access,” despite recent guidance that patients alone are liable for their health data once they download it.
Yeager acknowledged that for healthcare organizations to become compliant with the proposed rule, it’s not a one-size-fits-all process.
“There’s not really a single checklist,” she said in a phone interview. “I think it’s going to take time. It’s complex. It’s not just a compliance lens. Workflow, business practices, those all take careful consideration.”
Photo credit: ipopba, Getty Images