info@ehidc.org

 202-624-3270

EMMA’S CLIFF NOTES ON TUESDAY’S HELP HEARING – MARCH 26, 2019

Emma Valinski
March 29, 2019 - 11:45am

IMPLEMENTING THE 21ST CENTURY CURES ACT: MAKING ELECTRONIC HEALTH INFORMATION AVAILABLE TO PATIENTS AND PROVIDERS, MARCH 26, 2019, SENATE HELP COMMITTEE, 10:00 AM EST

EMMA’s CLIFF NOTES ON TUESDAY’s HELP HEARING – MARCH 26, 2019

I took notes on the testimony and questioning at Tuesday’s Senate Committee on Health, Education, Labor and Pensions (HELP) Hearing on electronic health information, interoperability and privacy. A lot of valuable information was shared. I have provided a snapshot below along with links to the testimony. Let me know what you thought of the hearing and my comments. Please note any opinions or comments are purely my own and do not reflect the viewpoints of eHealth Initiative or our membership.

“Maybe they missed the day in kindergarten about sharing.”- Senator Patty Murray (D-WA)

On March 26, 2019, the Committee on HELP met to discuss an issue that is not new by any means, in a hearing entitled: Implementing the 21st Century Cures Act (21CC act): Making Electronic Health Information Available to Patients and Providers. As a recap, the 21st Century Cures Act charged Center for Medicare and Medicaid Services (CMS) and Office of the National Coordinator for Health Information Technology (ONC) with implementing a few rules. The first being develop policies that promote interoperability for the exchange of data, and the second, prohibit information blocking. CMS and ONC must also define information blocking before they can write the laws preventing it. This has proven to be incredibly tricky as different sectors of healthcare have wildly different ideas as to who is information blocking, why they are information blocking, and when information blocking is valid or acceptable.

Interoperability isn’t as simple as it sounds. Many senators and witnesses brought up issues pertaining to privacy and security of patient data. Senator Alexander questioned the witnesses by asking how to balance patient’s right to their own data and protecting that data from outsiders. Beyond the safety of patient data, which engulfed the conversation of Tuesday’s hearing, was the topic of open APIs. Senators wondered, will pushing for publicly available application programing interfaces be a problem for developers and competition? Will this only lead to more disagreement?

Despite the importance of this topic, attendance at the hearing was scarce. Only seven of the total twenty-three senators were in attendance. They included: Sens. Alexander, Cassidy, Romney, Braun, Murray, Baldwin, and Rosen. As expected, the meeting didn’t dig too deep into the difficult topics they discuss. It does offer eHealth Initiative an insight into where senators and their staffers may need more education.

Highlights from Testimony Provided by Witnesses:

Testimony was provided by a few witnesses. I have highlighted below, some of the key points.  You can read the testimony in its entirety online. They are linked below.

Ben Moscovitch, MA, Project Director, Health Information Technology, The Pew Charitable Trusts

  • Asked Congress to support ONC’s efforts to ensure open API access to all healthcare data
  • Wished Congress would address the gap between the requirements found in 21CC act and ONC’s current proposal regarding APIs
  • Asked for advancement of device identifiers to claims
  • Encouraged ONC to address patient matching, and asks for the addition of demographic data elements to the U.S. Core Data for Interoperability (USCDI)
  • Wanted to see Congress press ONC to address the risks associated with patient safety and children’s EHRs
  • Pushed ONC to add safety measures to the EHR Reporting Program

Lucia Savage, JD, Chief Privacy and Regulatory Officer, Omada Health, Inc.

  • Encouraged ONC to set a transition period for intuitions to adapt to app-enabled sharing of health facts
  • ONC should include certified EHR developers in the prohibition of information blocking by developers
  • ONC should keep the licenses for technology developers inexpensive
  • Health data should never be licensed
  • ONC should update in a rule looking at the fact that private health information (PHI) currently includes health facts about an individual
  • Changes proposed by OCR must converge with other privacy standards of agencies including FTC, HHS, or FDA
  • HIPAA’s definition of PHI should match the regulatory standards for how health information is structured
  • An individual should have access to their own health facts
  • OCR should publish more guidance to improve speed and efficiency of permitted data
  • OCR should require covered entities to use a standard form to request disclosure from each other
  • To curb the fear many healthcare technology companies have of sharing health data with other companies, OCR should have public listening sessions to obtain the reasons behind those fears

Christopher R. Rehm, MD, Chief Medical Informatics Officer, Lifepoint Health

  • Suggested ONC take time to weigh the potential consequences of these new interoperability rules
  • Technology, including EMRs, medical devices and monitors, add to the burden doctors’ workflow
  • The CMS rule that hospitals must send electronic notifications when a patient is admitted, discharged or transferred is a good idea in theory, but there are many steps that must be taken before the rule can be placed
  • Encouraged the administration to focus on the current movements to improve interoperability
  • Would like to see an industry supported platform to independently assess the third-party apps to ensure that they are appropriately secured
  • New policies must allow health data to be exchanged, but also must protect the interests of the individual
    • This must not interfere with innovation in the marketplace

Mary Grealy, JD, President, Healthcare Leadership Council

  • Wanted to ensure that patient data is protected when HIPAA covered entities share the data with non-covered entities
  • Future rulemaking about electronic interoperability should have the same level of trust as HIPAA
  • Asked ONC and CMS for a 30-day expansion of the comment period for the interoperability rule

Opening statements:

Senator Alexander (Chair of the Committee)

  • Wanted to work toward a system in which electronic record keeping is not burdensome to providers
  • Worried that progress on the interoperability and information blocking rule are moving too quickly
  • Believed that if ONC had slowed down the momentum when developing Meaningful Use, the program would have been more successful
  • Wanted to discuss ways congress can protect patient data as patients are given more access to it

Senator Murray (Ranking Member of the Committee)

  • Believed EHRs have many benefits including helping providers know problems sooner
    • Provided example of doctors finding Flint, Michigan’s leaded water problem because they watched their patient’s medical records
  • Believed ONC report gives substantial evidence that some systems deliberately information block
    • Provided example of exorbitant fees demanded when another system asks to look at a patient’s health record
  • HIT systems need accountability
    • Suggested doctors should not be given gag orders and should be allowed to talk about issues with their system’s information technology
  • Wanted to see the encouragement of open APIs
  • Wanted to see development of best practices for combatting the cybersecurity threats

Highlights from Q&A

HIPAA & Patient’s Data:

Senator Cassidy started the committee’s hearing by pointing out some major flaws he sees. Sen. Cassidy asked witnesses who owned the data. He opened a discussion with Savage about who owns the patent’s data; is it the patient or the HIPAA covered entity? Savage pointed out that patient do not own the data, but they do have a right to have a copy of their data and a right to ask for a correction of their record. Sen. Cassidy continued on the path of security by asking witnesses if data collected through medical devices not covered by HIPAA is protected. Again, Savage answered. When data flows into a covered entity, like from the Smart Watch to the hospital, then it is covered. However, if a consumer just uses a smart watch app on their own- it is not a covered entity, then the data is not protected.

Third-Party Apps:

Senator Murray brought up a question whose answer is very important for consumers to know. She wanted to know if patients who share their data with third party apps have their data protected under HIPAA. Lucia Savage answered: it goes back to the entity that created the apps. If they are covered by HIPAA then, yes, the patient has their data protected. Under third party apps, many of which are non-covered entities, the data is not protected. Senator Murray continued questions directed to Savage. Can the data collected through third party apps be sold to drug advertisers? Savage respond with a somber yes, outside HIPAA the data can be sold. Inside HIPAA, all data that is used with outside entities must be de-identifiable.

Interoperability & information Blocking:

Senator Murray asked the witnesses what could happen if there were a prohibition on information blocking. The advantages that come with quick work to remove information blocking may outweigh Senator Alexander and Dr. Chris Rehm’s worries about moving too quickly to form a rule. Lucia Savage again answered Sen. Murray. There are great monetary advantages to stopping the blockage of patient data; she mentioned that many surveys show that little changes in interoperability lead to savings. She asked the Senators to imagine what the savings would look like if patients were not chasing down their information and files. 

APIs:

Senator Murray called the API the foundation of the modern internet. ONC proposed that EHR developers publish their business and technical documentation associated with the APIs. Why is this so important, Sen. Murray ask Ben Moscovitch. Moscovitch explained that the documentation that comes from an API is much like an instruction manual, without it you don’t know how the technology works. In many industries this documentation is being published as a standard; this also helps spur innovation in the industry. Sen. Murray asked Moscovitch if ONC were to publish this rule, would EHR developers find this burdensome? Moscovitch doesn’t believe so as many other industries are already using open APIs as a standard. Many app developers would already be a part of this movement.

Emma Valinski (emma@ehidc.org) is a staff member at eHealth Initiative & Foundation. eHealth Initiative and Foundation (eHI) convenes executives from every stakeholder group in healthcare to discuss, identify and share best practices to transform the delivery of healthcare using technology and innovation. eHI, and its coalition of members, focus on education, research, and advocacy to promote the use of sharing data to improve health care.  @ehealthdc www.ehidc.org

Meta Image: