Friday, July 3, 2015

A Declaration of Data Independence Through the Lens of the Patient

Data LiberaciĆ³n is our battle cry...


Six years ago I wrote a blog on Independence Day. In 1776 the 56 citizens of the 13 British colonies signed their names to a document declaring that the King was abusing the colonies and violating the basic principles of human decency bestowed by God. So they declared independence from Great Britain and birthed the United States of America.

Abraham Lincoln said in a speech during his Senate race against Stephen A. Douglas of the Declaration of Independence, "This was their majestic interpretation of the economy of the Universe. This was their lofty, and wise, and noble understanding of the justice of the Creator to His creatures."



We are blessed to live in the greatest country in the world. We have had many struggles and challenges and have had to to overcome the sins of the past, but the Founders wisely put in place a constitutional framework that allows for transformational changes to occur, generally without bloodshed. The Republic is alive and well and actually improves every generation. I wish all of you a peaceful, safe, and joyous Fourth of July celebrating with family, friends, and neighbors. I also hope that you will participate in the first Data Independence Day.

Tomorrow we need to declare our right to access our own health data. For far too long health information has been locked up in paper tombs and sharing has been difficult. A long time policy goal has been interoperability and patient engagement. Todd Park (at the time the CTO of HHS, who then went on to serve as CTO of the USA) rallied the troops at Health 2.0 over five years ago, and Data LiberaciĆ³n is our battle cry...

Patients have been denied access to their electronic medical record. Previously HIPAA was fairly weak in this area. The HIPAA omnibus rule expanded the right to patient access now into the digital realm.  It also updated the notice of privacy practices healthcare organization are required to provide to patients notifying them of their rights under HIPAA.

Among one of the perhaps lesser-known changes to HIPAA are that, if asked, providers must send a patient’s medical record to whatever email address said patient offers. The provider is allowed to warn them of the risks and have them sign a form, however, they are not allowed to deny that request. This actually lays a foundation to go beyond the requirements of the HITECH Act, but a patient access HIPAA violation can be a serious offense. One of the largest fines ever for a HIPAA violation, $4.3 million, was levied for not providing patients access to their own data.

This year the perfect storm arose with the announcement just prior to the annual HIMSS event of a proposal for a significant lowering of the bar for patient engagement in Stage 2 Meaningful Use in 2015, and the fierce opposition from many stakeholders. I was the ring leader for the Blog Carnival during HIMSS and was fortunate to have the topic of patient engagement. Farzad Mostashari, Former National Coordinator at ONC, called for a day of action. That day has come!


I've written before that Stage 2 Meaningful Use contains a Core Objective that all providers must use secure electronic messaging to communicate with patients on relevant health information. Another Stage 2 Core Objective is that all providers must give patients the ability to view online, download and transmit their health information within four business days of the information being available. The specifics require that 50% of all unique patients are given access to information, and that five percent (down from 10% in the proposed rule) are able to view, download or transmit to a third party relevant health information. These measures require patients to take action in order for a provider to achieve meaningful use and receive an EHR incentive payment. This year as CMS backed off on many of the requirements in a proposed rule, especially around patient engagement it created quite a stir.

At the Health Datapalooza conference it was announced that July 4, 2015 would be Data Independence Day. Generous donors and tireless advocates combined to create http://getmyhealthdata.org. Farzad Mostashari along with former White House CTO Aneesh Chopra and several open-data and consumer health advocates spurred us into a new phase in the health data access movement. Now a coalition of patient advocates has launched the Get My Health Data Campaign just in time for Data INdependence Day to support patients in asking for, getting and effectively using their digital health data.


This is all backdrop for where this gets deeply personal for me. A couple weeks ago I was in Boston for an invitation-only meeting on developing a national Health Information Technology Platform supporting Substitutable Apps known loosely as an “App Store for Health." The meeting brought together key stakeholders from industry, government, academia and the public sector to follow up the work begun six years ago at the ITdotHealth meeting. The meeting was moderated by one of my healthcare heroes Atul Gawande. I was scheduled to present on FHIR and talk about how the technical architecture of the future will support clinicians and patients have granular data level access to their health information. Unfortunately, on my way to the meeting I suffered a heart attack, fell and hit my head, and spent a week in the hospital. Fortunately, I was at an excellent world class academic medical center which is also one of the top cardiac centers on the planet. I received excellent care.

Unfortunately, I was never advised of my rights under HIPAA nor provided a copy of their notice of privacy practices (I actually never saw or signed any forms or documents at all during my stay). I have asked for but have not received an electronic copy of my medical record and am still waiting to receive all of the paper records. Remember that HIPAA requires them to provide an electronic copy of my medical record if they are capable of producing it. But the only way to request a copy of my medical record is by downloading a form from their website, printing it, signing it, and sending it by fax (you know that new-fangled health data transport mechanism). Then it will take up to 60 days to be sent.

When asking for an electronic copy I was told they did not have this capability. They do have a patient portal, where you can easily pay your bill, but health data access is extremely limited. They state that "The only way to export this information from the portal is to use the print option. There is no option to save this information to another document/system. Also, your complete medical record is not available on the portal." After being stabilized and able to travel home to Oregon, I followed up immediately with my PCP, cardiologist, and therapists; however, I had to piece together and incomplete medical record which could scanned into the EHR.

This is truly a call to arms. Every patient in this country should demand their rights under HIPAA and obtain a copy of their medical record, electronically if at all possible. Like the brave patriots from the Boston Tea Party it is time to take a stand...

Thursday, April 16, 2015

Health IT Implications of the Doc Fix - SGR and MIPS

UPDATE: The Senate has voted overwhelmingly on Tuesday April 14, 2015 to permanently repeal Medicare's sustainable growth-rate (SGR) formula for paying doctors. The House House had easily passed the legislation on Thursday March 26, 2015. The President signed the legislation on April 16, 2015.

The legislation was introduced by bipartisan committee leaders in the House and Senate to permanently replace the sustainable growth rate. The bipartisan, bicameral bill seeks to end the cycle of annual ‘Doc Fix’ crises that have created uncertainty for millions of Medicare providers and beneficiaries for over a decade and also create a system that promotes higher quality care for America’s seniors, according to the announcement on the Energy and Commerce website.


There are some significant health IT implications of the legislation, and although the negotiations are not complete there is fairly strong bipartisan support for the bill. It includes many of the exact provisions proposed a year ago in the SGR fix that was being spearheaded by the Senate Finance Committee. You can read the legislation HERE, but I have peeled off section 2 from the Section by Section analysis created for the Energy and Commerce Committee (very similar to what Senator Wyden used last year :). Read below and learn how Congress plans to roll up meaningful use, value-based payments, and other programs into the Merit-Based Incentive Payment System (MIPS)...

Wednesday, April 1, 2015

Stage 3 Meaningful Use and 2015 Edition Certification

CMS has released the proposed rules for Stage 3 of Meaningful Use. The ONC also released a companion proposed rule outlining the 2015 Edition health IT certification criteria that modifies the ONC Health IT Certification Program. The rules were published in the Federal Register on March 30, and public comments will be due by May 29th. HHS states that these proposed rules "will give providers additional flexibility, make the program simpler, and drive interoperability among electronic health records, and increase the focus on patient outcomes to improve care.”



"The flow of information is fundamental to achieving a health system that delivers better care, smarter spending, and healthier people," said HHS Secretary Sylvia M. Burwell in a statement. "The steps we are taking today will help to create more transparency on cost and quality information, bring electronic health information to inform care and decision making, and support population health.”

Experience has shown that over 90% of the rules will stay in the final version and we have some good insight already into certain aspects that are likely to be required. Basically the CMS rule on Stage 3 Meaningful Use is what providers and hospitals will need to do get an incentive payment and avoid a penalty, and the ONC rule on 2015 Edition Certification is what vendors must produce to enable providers to succeed. Below are some highlights of the proposed rules.

Stage 3 Meaningful Use

The meaningful use proposed rule from CMS defines what measures and objectives providers and hospitals must meet to receive an incentive payment or to avoid a penalty. The proposed rule changes the meaningful use reporting period to a full calendar year for both physicians and hospitals from 2017 onward. The only exceptions will be Medicaid EPs and hospitals that are attesting to meaningful use for the first time. These providers will still have a 90-day period.

Among the components of the proposed Meaningful Use Stage 3 rules are:

  • Starting in 2018, all providers will report on the same definition of Meaningful Use at the Stage 3 level, regardless of their prior participation.
  • All providers can use 2014 edition certified EHRs through 2017, but they must adopt 2015 edition technology by 2018. According to the proposed rule, stage 3 has a "simplified reporting structure," in which its objectives and measures will replace all stage 1 and stage 2 criteria.
  • While Stage 3 will be the final Meaningful Use stage, ONC and CMS will continue to modify the program's requirements in subsequent years to achieve further aims of the program.
  • In 2017, providers can remain in stage 1 or stage 2 or can attest in stage 3. But in 2018, all Medicare and Medicaid EPs and eligible hospitals will have to attest in stage 3, regardless of what stage they were in previously.
  • Starting in 2017, hospitals and providers will attest on a calendar year reporting period. Currently, hospitals attest on a fiscal year reporting period. The agencies may still require hospitals to report in the October 1–December 31, 2016 period "depending on future rulemaking.”
  • Starting with Stage 3, providers are being required to implement five clinical decision support interventions related to four or more quality measures and report that as part of their Meaningful Use attestations. Such reporting is consistent with the intent of Stage 3 to move beyond process compliance toward improving clinical outcomes, using the care coordination and health information exchange technology made possible in Meaningful Use certified products.
  • The proposed rule will further align Meaningful Use with other CMS quality reporting programs that use certified technology, such as Hospital Inpatient Quality Reporting (IQR) and the Physician quality Reporting System (PQRS).
  • Medicaid providers demonstrating Meaningful Use for the first time will be able to report in any continuous 90-day period, instead of reporting in a calendar quarter.
  • Providers may remain on 2014-Edition certified technology through 2017. If they wish, they may opt to move to 2015-Edition certified EHRs for the 2017 calendar year in order to begin attesting for Stage 3 a year early, while others opt to remain at Stage 2 in 2017. In 2018, Stage 3 attestation would be mandatory for all.
  • While many menu options in Stage 2 become mandatory in the proposed Stage 3, numerous recommendations in the proposal provide various circumstances where providers may skip or fail certain objectives and still avoid certain downward payment adjustments.

Despite the many complaints of physicians around the difficulty of meeting the stage 2 requirements for care summary exchange at transitions of care and patient record sharing, CMS is significantly increasing the thresholds for those criteria in stage 3. For health information exchange there are three measures proposed:

  1. Send electronic summary for 50 percent of Transitions of Care (TOC) and referrals;
  2. Get electronic summary for 40 percent of TOCs and referrals; and
  3. Perform medication, allergy, and problem list reconciliation for 80 percent of TOCs and referrals

Some additional highlights of the proposed stage 3 requirements include:

  • More than 25% of patients seen by an EP or discharged from a hospital or emergency department (ED) must "actively engage" with their electronic records.
  • For more than 35% of patients seen by an EP or discharged from a hospital or ED, a secure message must be sent using the EHR's secure messaging function or in response to a secure message sent by the patient.
  • Patient-generated data from a nonclinical setting must be incorporated into the EHR for more than 15% of patients seen by the EP or discharged from a hospital or ED.
  • EPs and hospitals must use their EHR to create a summary of care and electronically exchange it with other providers for more than 50% of transitions of care and referrals.
  • In more than 40% of these transitions of care, the provider has to incorporate in its EHR a summary of care from an EHR used by a different provider.
  • In more than 80% of transitions of care, the provider has to perform a "clinical information reconciliation" that includes not only medications and allergies, but also problem lists.

2015 Edition Standards and Certification

The Stage 3 Meaningful Use objectives and measure are tightly intertwined with the 2015 Edition Standards and Certification Criteria companion rules published by the ONC. The ONC rule decouples certification from meaningful use and eliminates the concept of a Complete EHR. The rule also no longer uses the term Certified EHR Technology but now uses the term Certification Health IT, expanding the types of technology for which certification applies. Going forward vendors of laboratory information systems, other ancillary systems, health information service providers and health information exchanges through certification would receive appropriate recognition of their abilities to support interoperability. In particular, vendors would be assessed on the ability of their products demonstrate application programming interface (API) functionality to support the exchange of a standard summary of care (C-CDA version 1.1 and 2.0.), using a new Common Clinical Data Set.

The proposed rule establishes new and voluntary 2015 Edition certification criteria for other health information systems, called Health IT Modules. A proposed Base EHR definition specific to the 2015 Edition includes fewer measures to report and targets care settings beyond the ambulatory and inpatient environments, such as long-term post-acute care, behavioral health and pediatrics. There is also a great deal of attention given to APIs as well as mention of FHIR. The expectation is that if the FHIR standards are available to be widely deployed by 2017 as expected then interim rule making will be published that will allow developers to incorporate this into certified products.

"ONC's proposed rule will be an integral component in the shared nationwide effort to achieve an interoperable health system," said Karen DeSalvo, MD, national coordinator for health IT in a statement. "The certification criteria we have proposed in the 2015 Edition will help achieve that vision through provisions that consider the range of health IT users and uses across the care continuum, including those focused on interoperable standards, data portability, improved transparency, privacy and security capabilities, and increased oversight through ONC's Health IT Certification Program."

At a high level the proposed rule for the 2015 edition of Health IT certification program requirements include:

  • Working toward a flexible certification program that supports developer innovation and focuses on interoperability
  • Adopting language and standards that allow for recording and exchange of electronic health information, including a well-defined Common Clinical Data Set
  • Enhancing data portability, transitions of care, and application programming interface capabilities in the 2015 Edition Base EHR definition
  • Adopting standards to help users address health disparities
  • Continuing to focus on the privacy and security of data by ensuring that health IT in line for certification meets privacy and security standards and addressing the exchange of information through the Data Segmentation for Privacy standard
  • Improving patient safety through user-center design principles, patient matching, the exchange of relevant electronic health information, certified health IT surveillance, and increased public availability of certified product information
  • Ensuring certified health IT is reliable and transparent by way of surveillance and disclosure requirements

The proposed health IT certification rules also seeks to clarify certain aspects of healthcare privacy and security. Specifically, ONC said that each Health IT Module presented for certification should be certified through one or more of the following three paths:

  1. Demonstrate, through system documentation and certification testing, that the Health IT Module includes functionality that meets at least the “minimal set” of privacy and security certification criterion.
  2. Demonstrate, through system documentation sufficiently detailed to enable integration, that the Health IT Module has implemented service interfaces that enable it to access external services necessary to conform to the minimal set of privacy and security certification criterion.
  3. Demonstrate through documentation that the privacy and security certification criterion is inapplicable or would be technically infeasible for the Health IT Module to meet.

A major focus of the proposed rule is broadening the scope of certification to include new practice settings beyond the meaningful use program. There are 68 individual certification requirements described by the ONC which are spelled in Appendix A of the proposed rule. Only 36 of the 68 requirements are required for meaningful use, so clearly there is going to be a continued effort to leverage certification for other programs and purposes.

Monday, February 2, 2015

ONC Annual Meeting


The ONC Annual Meeting is February 2-3, 2015. It is being broadcast live HERE.

















National Coordinator and Acting Assistant Secretary for Health Dr. Karen DeSalvo's opening remarks and HHS Secretary Burwell's comments are below:

Dr. DeSalvo:
Last year, when I stood before this ONC Annual Meeting I was just a few days into my tenure as National Coordinator, I was literally fresh off the farm. I shared with you my perspectives as a daughter, as a doctor being as a public health leader and what we had done in post Katrina New Orleans learning how health IT would make a difference in care and public health. I had just purchased an EHR for a hospital we were constructing and have been through three implementations of a health record in the clinical care environment in the outpatient setting and still using EHR's in the practice of medicine. That day I said we would look at how health IT would be a key ingredient in reforming our nation's healthcare system, including focusing on how it would support payment reform and how payment reform would support health IT, I said we would break down barriers and silos that were holding in data and focus on interoperability and save lives to improve the public health. I told you we would risen to everyone's ideas about how to rairpz the floor for health and health information in this nation. I want to remind you all of what we've accomplished in this last year at ONC and HHS with our federal partners, with our private sector collaborators, and with many of you in this room. It's truly been an all hands on deck effort and the work is just beginning.