New Strategy on Patient Health Data Targets Consumers

Published April 14, 2020

On February 21, 2020, the Department of Health and Human Services (HHS), in partnership with the Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Medicare and Medicaid Services (CMS), released its Strategy on Reducing Regulatory and Administrative Burden Relating to the Use of Health Information Technology (IT) and Electronic Health Records (EHR).

The strategy recognizes the burdens health IT can place on health care professionals and offers three goals to ease difficulties: reduce the amount of work required to record health information, ease the effort required to meet reporting regulations, and improve ways EHRs can be used by consumers.

Companies such as Aledade, Apple, IBM, and Microsoft have been urging federal regulators to finalize data-sharing regulations. On January 30, 2020, a group of nearly 30 industry groups and companies sent a letter to HHS Secretary Alex Azar and Office of Management and Budget Acting Director Russell Vought advocating support for ONC and CMS’ regulations.

Potential Benefits for Patients

Changes in policy could bring more functional accessibility for patients, says Sunny C. Lin, an assistant professor of health systems management and policy at Oregon Health and Science University.  

“HHS has a vision of creating an interoperable health information infrastructure, where information can follow patients freely as they see providers across different organizations,” Lin said.

A key to the HHS rule is mandating a standard application program interface (API) across EHRs. The API is what enables third parties to access data and can be a powerful tool to help patients access their medical records, Lin says.

“For example, Facebook and Apple both allow third party developers access to their API, which is what has led to the boom of different apps that people enjoy today,” Lin said. “Imagine if your EHR could interface with apps that directly connect to your mobile device. As a patient, you might be able to exchange your health care data in real time as you visit the doctor’s office using something like AirDrop, or develop apps that help you monitor chronic diseases like diabetes, or symptoms for Alzheimer’s, or connect to social media data on asthma triggers to warn you about days that are likely to exacerbate an acute asthmatic event. The possibilities are endless.”

Federal policy over the past two decades regarding the sharing of data has created confusion, Lin says.

“Misconceptions about HIPAA (Health Insurance Portability and Accountability Act) have created a culture in the U.S. where it is difficult and scary to share data,” Lin said. “In actuality, HIPAA was designed to promote patient movement across organizations (the P stands for portability). However, there is so much concern about patient privacy, which is rooted in a deep mistrust of institutions, that many—both patients and health care workers alike—have misconstrued HIPAA to be primarily about protecting patient privacy.”

As a result, there has been a proliferation of third parties managing EHRs for large health care organizations who have viewed their data collection as proprietary and defensible in the interest of patient privacy, Lin says.

“I think EHR vendors have emerged as the main winners,” Lin said.

Data Privacy Concerns

Giving large technology companies access to personal health data raises serious privacy concerns, says Michael Ciampi, a physician and policy advisor to The Heartland Institute, which publishes Health Care News.

“Companies such as Microsoft and Apple are innovators and have developed technologies of which we could not have dreamed 20 years ago,” Ciampi said. “Unfortunately, we have seen recently that ‘Big Tech’ is relentless at gathering data on all of us.”

Tech companies such as Apple, Google, and Microsoft are not covered under HIPAA as health care entities but can get access to patient health information under a business “associate” agreement with a health care provider. One such deal came to light in 2019 when The Wall Street Journal revealed an arrangement by Ascension Health to share millions of patient medical records with Google.

HIPAA allows outside entities access to a person’s most personal information, Ciampi says.

“I don’t think most people understand this aspect of HIPAA,” Ciampi said. “In many ways, it can compromise a patient’s right to privacy more than it protects it. This is not a good thing.”

Ciampi says his concerns extend to EHRs.

“As EHRs came into existence, all systems were proprietary and did not talk to one another,” Ciampi said. “As they evolved, it was suggested by the industry, then mandated by the government, that they should have interoperability, so that information could be shared between doctors in different offices, hospitals, and health care systems across the country to maximize efficiency, eliminate duplication, and improve safety. Unfortunately, this goal remains quite far from reach.”

Interoperability and Consumer Control

Interoperability can increase competition, which in turn can benefit consumers, but it requires a new paradigm, says Lin.

“Historically, it’s been hard to share data between vendors, for multiple reasons,” Lin said. “I think the biggest reason is the way our culture views health care data. Health care providers value their medical data, and for good reason: one could argue that in terms of economics, data production is the primary service of the medical system.

“When you go to the doctor, you are seeking an expert opinion on the diagnosis and treatment, which is essentially data,” Lin said. “If health care organizations were to easily give that data up, there’s nothing to stop patients from seeking a diagnosis from one doctor and then giving their insurance dollars to another for treatment.

“Health care organizations profit by recruiting experts in medical care, and if the expertise were freely given away, they would lose their competitive edge and potentially a lot of patient revenue,” Lin said.

There is evidence for that conclusion, says Ciampi.

“New research supports the idea that sharing data does lead to more patient movement across organizations,” Ciampi said.

“It would encourage health care systems and individual physician practices to shop around for newer, better, and less expensive systems rather than stay married to the legacy system in which they are trapped,” Ciampi said. “That would be bad for their bottom line.”

Kelsey E. Hackem ([email protected]) writes from the state of Washington.