The second Senate HELP Committee hearing this week was about the proposed rules for the implementation of the electronic health records provisions of the 21st Century Cures Act. The Committee listened to Donald Rucker, the National Coordinator for Health IT, and Kate Goodrich, M.D., the Director and Chief Medical Officer of Center for Medicare And Medicaid Services. The goal of the hearing is to find out how to make sure that health information is accessed and shared efficiently between healthcare providers and patients.
One of the primary objectives is to prevent information blocking. By letting health data to flow unhampered between healthcare providers and be accessible to patients, it is possible to significantly lower the cost of healthcare. Dr. Brett James of the National Academies said that up to 50% of healthcare costs are unwarranted. Patients repeat lab tests because healthcare providers are not sharing their information with other healthcare providers and there is substantial duplication of administrative jobs due to information blocking.
Early this year, the CMS and ONC made new rules proposal to talk about the problem of information blocking, patient empowerment and EHR usability. Consumers should be in the driving seat deciding about their own medical care. This would happen if patients have easy access to their own healthcare information and could pass on the information to anyone they want.
The CMS and ONC believe that this objective may be accomplished by means of using open APIs. APIs were employed in other industries and have changed many businesses.
Standards-based API technology could enhance the sharing of healthcare information. Though in order to work, healthcare business practices that promote information blocking ought to be eliminated. Rules that stop information blocking should be implemented immediately.
Although there must be progress quickly, Committee Chair Sen. Lamar Alexander, R-Tennessee cautioned about moving too fast and coming across problems with Meaningful Use.
There is progress. The CMS already started two projects (Blue Button 2.0 and MyHealthEData) that will use managed care plans, Medicaid fee-for-service, Medicare Advantage Plans, etc on the Federal Exchange to protect APIs that enable people enrolled in those plans to quickly get their own health data. It is desired that developers will continue to build on what CMS/ONC already accomplished in this aspect.
Though everybody would like to achieve the goals, there are issues on using APIs introducing privacy and security risks, particularly the disclosure of health information to apps.
Apps will definitely be needed in obtaining patients’ health data and eventually sharing the data with others. This is a serious issue because health apps are not properly regulated. Some FTC regulations cover health apps, but those are not enough because HIPAA requirements do not apply to health apps.
If information is shared with apps, patient privacy is jeopardized. App developers could use patients’ health data and sell them to companies like Facebook. Patients do not know what could happen when sharing their health data with an app.
After the information disclosure to an app, healthcare companies will not be accountable for that information, and patients may be taken advantage of. What happens to data after the disclosure will depend on the contractual agreement between the app developer and the patient.
The uses and disclosures of patient information are probably hidden in the T&Cs of app privacy policies. Most patients don’t read or understand such privacy policies. There are likewise very little control on what may be done with the data and how it is protected. So, patients should choose and use health apps while considering their potential risk.
Clearly, there should be greater control over health apps, particularly with reports on the sharing of health information being with Facebook without user permission.