[Senate Hearing 116-434]
[From the U.S. Government Publishing Office]
S. Hrg. 116-434
IMPLEMENTING THE 21ST CENTURY
CURES ACT: MAKING ELECTRONIC
HEALTH INFORMATION AVAILABLE
TO PATIENTS AND PROVIDERS, PART II
=======================================================================
HEARING
OF THE
COMMITTEE ON HEALTH, EDUCATION,
LABOR, AND PENSIONS
UNITED STATES SENATE
ONE HUNDRED SIXTEENTH CONGRESS
FIRST SESSION
ON
EXAMINING IMPLEMENTING THE 21ST CENTURY CURES ACT, FOCUSING ON MAKING
ELECTRONIC HEALTH INFORMATION AVAILABLE TO PATIENTS AND PROVIDERS
__________
MAY 7, 2019
__________
Printed for the use of the Committee on Health, Education, Labor, and
Pensions
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.govinfo.gov
__________
U.S. GOVERNMENT PUBLISHING OFFICE
41-396 PDF WASHINGTON : 2021
--------------------------------------------------------------------------------------
COMMITTEE ON HEALTH, EDUCATION, LABOR, AND PENSIONS
LAMAR ALEXANDER, Tennessee, Chairman
MICHAEL B. ENZI, Wyoming PATTY MURRAY, Washington
RICHARD BURR, North Carolina BERNARD SANDERS (I), Vermont
JOHNNY ISAKSON, Georgia ROBERT P. CASEY, JR., Pennsylvania
RAND PAUL, Kentucky TAMMY BALDWIN, Wisconsin
SUSAN M. COLLINS, Maine CHRISTOPHER S. MURPHY, Connecticut
BILL CASSIDY, M.D., Louisiana ELIZABETH WARREN, Massachusetts
PAT ROBERTS, Kansas TIM KAINE, Virginia
LISA MURKOWSKI, Alaska MARGARET WOOD HASSAN, New Hampshire
TIM SCOTT, South Carolina TINA SMITH, Minnesota
MITT ROMNEY, Utah DOUG JONES, Alabama
MIKE BRAUN, Indiana JACKY ROSEN, Nevada
David P. Cleary, Republican Staff Director
Lindsey Ward Seidman, Republican Deputy Staff Director
Evan Schatz, Minority Staff Director
John Righter, Minority Deputy Staff Director
C O N T E N T S
----------
STATEMENTS
TUESDAY, MAY 7, 2019
Page
Committee Members
Alexander, Hon. Lamar, Chairman, Committee on Health, Education,
Labor, and Pensions, Opening statement......................... 1
Murray, Hon. Patty, Ranking Member, a U.S. Senator from the State
of Washington, Opening statement............................... 4
Witnesses
Rucker, Don, M.D., National Coordinator for Health Information
Technology, Office of the National Coordinator for Health
Information Technology, United States Department of Health and
Human Services, Washington, DC................................. 6
Prepared statement........................................... 7
Summary statement............................................ 12
Goodrich, Kate, M.D., Director and Center for Medicare and
Medicaid Services Chief Medical Officer, Center for Clinical
Standards and Quality, Center for Medicare and Medicaid
Services, United States Department of Health and Human
Services, Washington, DC....................................... 13
Prepared statement........................................... 15
Summary statement............................................ 19
IMPLEMENTING THE 21ST CENTURY
CURES ACT: MAKING ELECTRONIC
HEALTH INFORMATION AVAILABLE
TO PATIENTS AND PROVIDERS, PART II
----------
Tuesday, May 7, 2019
U.S. Senate,
Committee on Health, Education, Labor, and Pensions,
Washington, DC.
The Committee met, pursuant to notice, at 10:05 a.m., in
Room SD-430, Dirksen Senate Office Building, Hon. Lamar
Alexander, Chairman of the Committee, presiding.
Present: Senators Alexander [presiding], Burr, Cassidy,
Romney, Braun, Murray, Casey, Baldwin, Murphy, Kaine, Hassan,
Jones, and Rosen.
OPENING STATEMENT OF SENATOR ALEXANDER
The Chairman. The Committee on Health, Education, Labor,
and Pensions will please come to order. Senator Murray and I
will each have an opening statement, then we will introduce the
witnesses, and after that, Senators will each have five minutes
of questions.
Let me just--let me say at the beginning, what I may repeat
both in my statement and questions, my major concern is to
remind the administration of the advice that my piano teacher
used to give me before a recital. She would say, Lamar, play it
a little slower than you can play it. You are less likely to
make a mistake. And that is pretty good advice, and as I look
back at our experience with Meaningful Use 3 and the large
amount of data that we are dealing with here, in summary my
view is that you are on a good track. Both in the Obama and the
Trump administrations, you have worked hard to try to get on
the right track here and implement the 21st Century Cures law
that we passed. That I appreciate very much, and I appreciate
the extension of time for a comment period.
But I want to say to Senator Murray and other Senators who
are here that over the next two years we may want to continue
to have, in an informal way, discussions with you about how we
are doing, and I think it is much better for you to have on
your tombstone, they got us where they wanted us to go instead
of they try to go too fast and made it difficult for us. So we
will say more about that. In 1991 the National Academies urged
the adoption of electronic health records to improve patients'
care. However, for many patients and many doctors, electronic
health records made care more complicated.
No one knows this better than Dr. Kelly Aldrich who is the
Chief Clinical Transformation Officer at the Center for Medical
Interoperability in Nashville and whose husband Eric
experienced a life-threatening emergency that could have been
prevented if his electronic health records had been
interoperable. Eric woke up one morning with a splitting
headache. He went to see his primary care doctor. He sent Eric
to the hospital for a CT scan. The results of that prompted an
MRI. Usually the hospital's electronic medical records sends
the results of the MRI directly to Eric's primary care doctor
but in this case, the results were never sent so 12 hours after
test, Eric's doctor called the hospital and learned that Eric
had a tumor so large it was causing his brain to swell and
shift, putting him at risk of seizures, permanent brain damage,
and possibly death. Eric, however, assuming no news was good
news was already 500 miles away on a fishing trip to Louisiana.
Eric went to the Tulane Medical Center, which had to do another
MRI because they could not obtain Eric's original test results
because the two hospitals use different electronic medical
record systems. Eric flew back to Nashville where he had to
have yet another MRI before entering surgery. He spent several
weeks recovering in the ICU.
At multiple points during this traumatic experience, the
lack of interoperability between electronic health care records
caused a life-threatening delay of care, redundant tests,
higher costs, and additional pain. This is the second hearing
on the proposed rules implementing the Electronic Health
Information Provisions in the 21st Century Cures Act. Improving
electronic health records is important to this Committee on
both sides of the aisle. In 2015 while working on Cures, we
realized that our electronic health record system was in a
ditch.
The Committee held six bipartisan hearings in the midst of
the 21st Century Cures discussions on how to improve
interoperability and form a working group that recommended
provisions in Cures to ban information blocking, which is when
some obstacle is in the way of a patient's information being
sent from one doctor to another. And this year the Committee is
working on legislation to lower the cost of healthcare. 50
percent of what we spend on healthcare is unnecessary,
according to Dr. Brent James of the National Academies.
Electronic health records that are interoperable can prevent
duplicative services, like Eric's repeated MRIs, and reduce
what doctors and hospitals spend on administrative tasks.
In March, the Office of the National Coordinator in the
Center for Medicare and Medicaid Services issued two rules to
implement the electronic health records provisions in the 21st
Century Cures Act. First, the rules to define information
blocking so it is more precisely clear what we mean when one
system, hospital, doctor, vendor, or insurer is purposefully
not sharing information with another. Second, the rules require
that by January 1, 2020, for the first time, insurers must
share a patient's health care data with a patient, so their
health information follows them as they see different doctors.
Third, all electronic health records, and there might be an
example of going too fast. This rule may not be final until the
end of this year, then this information must be shared by
January of next year. Fourth, all electronic health records
must adopt publicly available standards for data elements known
as application programming interfaces are APIs--we will hear a
lot about APIs today--two years after these rules are
completed. Last month, we heard from those who use electronic
health records. So here is what they had to say.
First, I ask our witnesses at that hearing if these were
good rules and all four said, yes, the intent and the goal of
the rules is correct. Mary Greeley, President of Healthcare
Leadership Council said, ``interoperability is not simply
desirable, it is absolutely necessary. These rules represent an
important and perhaps groundbreaking first step for true,
national interoperability.'' Also asked our witnesses what one
change they would make to improve the rules and Dr. Greeley
cautioned about not rushing implementation saying, ``we don't
want to prevent moving ahead or progress, but I think we also
have to be very cognizant of the challenges that providers and
others are facing trying to do this complex work.''
In 2015, I urged the Obama administration to slow down
stage 3 of Meaningful Use, which incentivize doctors and
hospitals to adopt electronic health care records. The
administration then did not slow down implementation and
looking back, the results would have been better if it had. The
best way to get where you want to go is not by going too far
too fast. I want to make sure we learned lessons from
implementing Meaning Use stage 3, which in the words of one
major hospital in Tennessee was, terrifying.
I am especially interested in getting where we want to go
with the involvement of doctors, hospitals, vendors,
insurances, with the fewest possible mistakes and the least
confusion. We do not need to set a record time to get there
with an unrealistic timeline. Because these are complex rules,
I asked CMS and ONC to extend the comment period. I am glad to
see they have done so, and I want to thank our witnesses for
allowing more time to comment. We also heard concerns about
ensuring patient privacy. If the 21st Century Cures Act is
successfully implemented, patients should be able to get their
own health data more easily and send it to their own healthcare
providers. Patients may also choose to send that data to third
parties like an exercise tracking app on their smartphones, but
this raises some new questions about privacy and questions I am
not sure have been answered.
Lucia Savage, Chief Privacy and Regulatory Officer at Omada
Health said, ``I think the Committee is rightfully concerned
about privacy and security. None of this will matter if the
consumers don't have confidence and their doctors don't have
confidence that the consumers have confidence.'' Dr.
Christopher Rehm, Chief Medical Informatics Officer at
LifePoint Health in Brentwood, Tennessee reminded us at the
hearing that these rules are, ``not about the technology, it is
about the patient, their care, and their outcomes.''
I look forward to hearing from the administration today
about how they plan to implement these rules.
Senator Murray.
OPENING STATEMENT OF SENATOR MURRAY
Senator Murray. Thank you very much, Mr. Chairman. In the
decades, as Congress passed the HITECH Act to help spread
better use of healthcare technology, we have made tremendous
progress.
Back in 2008, just one in twenty hospitals used electronic
health records and today we have seen that statistically flip
entirely, one in twenty hospitals have not adopted electronic
health records. We saw the impact of that shift nationally when
electronic health records played an important role in
understanding how the water in Flint, Michigan was putting
families in danger. And healthcare providers have seen the
impact of that shift in their work as electronic health records
have helped them identify health problems sooner so patients
can get preventive care to stay healthy, avoid duplicative
tests or medication errors, and identify treatments that might
be counterproductive based on a patient's medical history or
current prescriptions. But for all the promise of electronic
health records, we have also seen the serious danger to
patients when health IT systems failed to live up to high
standards of quality.
From the man in California who suffered brain damage after
his diagnosis was delayed when a hospital software could not
properly interface with the lab, to the women in Vermont who
died of a brain aneurysm that might have been caught if a
software problem had not stopped the order for the test that
she needed. Families' lives depend on making sure we get this
right, which is why I was glad Congress, and this Committee in
particular, was able to take action in the 21st Century Cures
Act to address some of the biggest challenges we face, and why
I am eager to hear today from our witnesses about how the
Office of the National Coordinator for Health Information
Technology is implementing the steps that we passed.
While HITECH required certified electronic health record
products to meet technical standards intended to make good
information more accessible for care providers, a 2015 ONC
report detailed how instead of making information easy to
access and share, many organizations engaged in information
blocking, intentionally setting up barriers between their
systems and other systems like exorbitant fees whenever someone
sent, received, or even searched for a patient's information,
contracts that restricted people's ability to access and share
their own health information, and systems built in ways that
made sharing information needlessly complicated.
We have also seen how too many health IT vendors include
gag causes to stop care providers from speaking out about the
problems or the issues in errors that the encountered. We
cannot afford to have bad actors who prioritize their bottom
line over patients' best interest, who block information that
is essential to patient care, and who prevent people from
speaking out when they see something that could jeopardize
someone's health because when systems cannot speak to each
other and people can't speak up about problems they see, it is
patients that get hurt. That is why in the 21st Century Cures
Act, Congress moved to end information blocking and make clear
when patients and their care providers need information, they
should not be stopped by unnecessary, unreasonable barriers.
We then tasked ONC with clarifying what concerns, like
privacy, safety, and security, would be grounds for reasonable
exceptions. We also took steps to help ONC strengthen its
certification program so they can require vendors seeking the
Government seal of approval to swear off information blocking
and gag clauses. The new conditions also call for open
application programming interfaces, APIs, another step that
will help make sure systems, developed by different vendors and
used by different doctors, are able to speak to each other and
patients have an easier time getting access to their medical
records. These are important steps. I am looking forward to
hearing today about how ONC is working to carry them out.
I am also eager to hear about how the Centers for Medicare
and Medicaid Services is working on a parallel track to make
claims data more accessible and prompt care providers to be
better about sharing information. I hope during today's hearing
we can also focus on how to make sure health information
technology doesn't just work for providers, but for patients
and that means tackling patient engagement and usability so
patients who are looking for clear information about their
health can find more than massive binders and unreadable PDFs
and stacks of CDs.
We also need to make sure we are discussing what is
required for all parties to be good stewards of the data people
entrust them with and supporting the development of technology
and best practices to keep people's personal information
private and secure. This is only going to become more important
as tech companies and others introduce new products, mobile
applications, that empower people with their healthcare data,
that are not covered by existing HIPAA protections. Patients
should be able to expect tech companies are going to use their
most sensitive information responsibly and give them the tools
they need to be able to control how and when their information
is disclosed.
Our objective should be to make sure tech companies are
putting patients in the driver seat, not the other way around.
So, I hope our witnesses will be able to speak to the
importance of that as well. I look forward to continuing our
bipartisan, Mr. Chairman, to help make sure health technology
is informing and empowering patients and providers in a way
that leads to better care and helps people live happier,
healthier lives.
Thank you.
The Chairman. Thank you, Senator Murray. I think the
witnesses can see by the attendance already today that this is
of interest to a large number of Democrat and Republican
Senators because we spent so much time with it in the 21st
Century Cures Act. I am pleased to welcome our two witnesses
today. I would like to ask you each to summarize your remarks
in five minutes. The first witness, Dr. Don Rucker. He is the
National Coordinator for Health Information Technology for the
Office of the National Coordinator for Health IT within the
Department of Health and Human Services. That is a big, long
title. He has extensive experience with health information
technology both in public service and the private sector, most
recently serving as Clinical Professor of Emergency Medicine
and Biomedical Informatics at the Ohio State University.
Next, we will hear from Dr. Kate Goodrich who testified
before the HELP Committee in 2017 on the implementation of
health information technology provisions in the 21st Century
Cures Act. Dr. Goodrich is the Director of the Center for
Clinical Standards and Quality and the Chief Medical Officer
for the Centers for Medicare and Medicaid Services. Dr.
Goodrich has over 20 years of clinical and quality standards
experience both as a practicing physician and in several roles
with the Center for Clinical Standards and Quality.
Dr. Rucker let us begin with you.
STATEMENT OF DON RUCKER, M.D., NATIONAL COORDINATOR FOR HEALTH
INFORMATION TECHNOLOGY, OFFICE OF THE NATIONAL COORDINATOR FOR
HEALTH INFORMATION TECHNOLOGY, UNITED STATES DEPARTMENT OF
HEALTH AND HUMAN SERVICES, WASHINGTON, DC
Dr. Rucker. Thank you. Chairman Alexander, Ranking Member
Murray, distinguished Members of the Committee, thank you for
the opportunity to testify. As an ER physician and electronic
health records software developer for the last 30 years, I am
deeply appreciative to Congress for the 21st Century Cures Act
and the work to improve interoperability and reduce provider
burden.
ONC's proposed Cures Act rule will help achieve Congress's
vision for a patient's health information to be available to
the patient and their clinicians whenever and wherever they
need it. This rule can also unleash a wave of innovation that
will make healthcare more efficient and affordable. The rule
requires secure standards-based application programming
interfaces that will allow patients to download their records
to their phone and to do so at no cost. Moving patient charts
to smart phone platforms will enable third-party app developers
to build new business models of healthcare. Specifically, the
proposed rule will require physician and hospital electronic
record systems to allow patients to download their medical data
to apps of the patient's choosing. App ecosystems have
transformed many industries, including travel, entertainment,
and shopping. An app ecosystem can do the same for healthcare.
However, the promise of standards-based APIs can only be
realized if providers and their business partners actually
share the clinical data. The practice of information blocking
not only undermines investments in the nation's health IT
infrastructure but also frustrates efforts to use technology to
improve care. The Cures Act directed ONC to identify activities
that would not be treated as information blocking and the
proposed rule outlines seven exceptions. At the same time, the
Cures Act authorizes the HHS Office of the Inspector General to
investigate information blocking allegations against healthcare
providers, developers of certified health IT, health
information exchanges, and health information networks.
ONC's proposed rule makes it clear that data should move
seamlessly in a private and secure manner without special
effort on the part of the end-user. In addition, we have heard
the concerns from stakeholders about security of APIs and
secondary uses of health data. When it comes to security, this
proposed rule requires the same API standards used by other
industries which have to protect valuable assets such as
banking and brokerage. Secondary use of data creates privacy
challenges that extend beyond the healthcare industry. Today,
deeply sensitive health facts can be inferred from online
searches, credit card purchases, and social media postings.
For example, location services can show which clinical a
patient visited. While ONC's proposed rule empowers patients to
take control of their data and their health, we are actively
engaged with the Office of Civil Rights to inform patients
about both their HIPAA rights and potential risks. Our proposed
rule also recognizes the importance of price data. Today,
payment data is retrospective and largely disconnected from
clinical data. However, without price data, it is difficult for
patients to either assess value or shop for care. Recent
advances and standards may allow improved integration between
clinical financial data streams.
As defined in the Cures Act, ONC recently issued an updated
draft of the Trusted Exchange Framework and Common Agreement,
known as TEFCA, for public comment. TEFCA is designed to
provide a single on-ramp to nationwide connectivity for health
information exchanges and to include all providers. It includes
a common set of principles that will facilitate trust and
sharing between health information exchanges.
Today, much of American healthcare remains complex and
opaque. Congress's Cures Act and advances in computing allow us
to revisit many assumptions about what medical care can be.
ONC's proposed rule and TEFCA service major steps to make care
more accessible, transparent, and affordable. We believe these
policies place the Nation on the path to achieving the long-
term benefits of interoperability.
Mr. Chairman, Ranking Member, Members of the Committee,
thank you for the opportunity to testify.
[The prepared statement of Dr. Rucker follows:]
prepared statement of don rucker
Chairman Alexander, Ranking Member Murray, distinguished Members of
the Committee, thank you for the opportunity to testify in support of
the Department of Health and Human Services (HHS), Office of the
National Coordinator for Health Information Technology's (ONC) efforts
to implement provisions of title IV of the 21st Century Cures Act
(Cures Act). I want to thank Congress and this Committee for your
shared commitment to stimulate a modern and connected health care
system. The bipartisan Cures Act accelerates our efforts to ensure that
patients' records follow them when and where they need them.
The Cures Act directs the HHS Secretary to adopt standards and
policies that advance the seamless and secure flow of electronic health
information (EHI) across the health system. On March 4, 2019, ONC
issued a proposed rule to implement key provisions in title IV of the
Cures Act. This proposed rule aims to drive the electronic access,
exchange, and use of health information. It seeks to inject competition
into the health care delivery system by addressing both technical
barriers and business practices that impede the secure and appropriate
sharing of data. A central purpose of the proposed rule is to
facilitate patient access to their EHI on their smartphone, growing a
nascent patient- and provider-facing app economy.
I would like to begin by discussing the current health care and
health information technology (health IT environments. In an
extraordinary shift from a decade ago, most hospitals and providers now
use electronic health records (EHR). \1\ However, information captured
in these systems often remains inaccessible to patients and to their
providers across different settings.
---------------------------------------------------------------------------
\1\ Office of the National Coordinator for Health Information
Technology (2018). Report to Congress: Annual Update on the Adoption of
a Nationwide System for Electronic Use and Exchange of Health
Information [online] Washington, DC. Available at: https://
www.healthit.gov/sites/default/files/page/2018--12/2018--HITECH--
report--to--Congress.pdf [Accessed 25 Apr. 2019.
---------------------------------------------------------------------------
Fragmented care can lead to hospital readmissions, medical errors,
and poor health outcomes, especially among patients with multiple
chronic conditions who rely on coordinated care to help manage their
health. \2\, \3\, \4\ Today, only half of hospitals report having the
necessary information electronically available from outside providers
or sources at the point of care. Notably, hospitals with advanced
interoperability capabilities are significantly more likely to have
information available from outside sources compared with hospitals
lacking those capabilities. \5\ A health system where information flows
appropriately and securely to patients and their providers can improve
care coordination, reduce adverse events, and lower costs. ONC designed
this proposed rule to help stimulate a more connected health system
that leverages health information to better serve patients.
---------------------------------------------------------------------------
\2\ Moore, Carlton et al. ``Medical Errors Related To
Discontinuity of Care From An Inpatient To An Outpatient Setting.''
Journal Of General Internal Medicine, vol 18, no. 8, 2003, pp. 646-651.
Springer Nature, doi:10.1046/j.1525-1497.2003.20722.x. Accessed 25 Apr
2019.
\3\ Tsai TC., Orav EJ., & Jha AK. ``Care Fragmentation in the
Postdischarge Period: Surgical Readmissions, Distance of Travel, and
Postoperative Mortality.'' JAMA Surg. 2015 Jan;150(1):59-64. Accessed
25 Apr 2019.
\4\ Robert Wood Johnson Foundation (U.S.) The Revolving Door: A
Report on U.S. Hospital Readmissions. The Dartmouth Institute for
Health Policy and Clinical Practice, 2013.
\5\ Pylypchuk Y., Johnson C., Henry J. & Ciricean D. (November
2018). ``Variation in Interoperability among U.S. Non-Federal Acute
Care Hospitals in 2017.'' ONC Data Brief, no.42. Office of the National
Coordinator for Health Information Technology: Washington DC.
---------------------------------------------------------------------------
To develop this proposed rule, ONC coordinated extensively with
relevant Federal agencies. We also met with more than 150 external
stakeholders from across the health system to improve our understanding
of the on-the-ground needs and barriers related to the flow of EHI.
While the proposed rule covers many provisions within title IV of the
Cures Act, today, I am going to highlight how the proposed rule
addresses the Conditions of Certification and Information Blocking
provisions.
The conditions and maintenance of certification proposals include
requirements for health IT developers under the ONC Health IT
Certification Program and cover a range of business practices and
behaviors that impede the access, exchange, and use of EHI. The first
condition I will highlight focuses on the Cures Act requirement for
health IT developers to publish application programming interfaces
(APIs) that allow health information to be securely accessed,
exchanged, and used ``without special effort.'' Requiring health IT
developers to publish an API is not enough. Without common standards,
third-party app developers need to learn and use different requirements
and data base structures for each health IT system. This hampers
competition by binding patients and app developers to particular
clinicians or products.
The proposed rule includes a suite of proposals that focus on
certified health IT developers making available secure, standards-based
APIs that facilitate patients' use of their smartphones (or other
mobile devices) for accessing EHI at no cost. It also supports
clinicians' ability to partner with third-party software developers
offering unique and competitive services that support patient care.
Specifically, ONC proposes to adopt a new standards-based API
certification criterion that would require that a health IT product
support ``read'' access to health information for both a single patient
and for a group of patients. The proposed rule addresses the Cures Act
phrase ``without special effort'' through a number of proposals that
promote standardized, transparent, and pro-competitive market
practices. Once finalized, health care providers would have two years
from the final rule's publication date to offer patients' access to
their EHI through secure, standards-based APIs.
While developing the proposed rule, stakeholders shared two
overarching security concerns. The first concern has to do with the
overall security of APIs. The second concern touches upon the secondary
use of data. When it comes to security, it is important to note that
the health IT developers and health care providers using certified
health IT would deploy APIs with the same security measures used by
other industries, such as banking (through the OAuth 2 standard). In
fact, health care providers already offer the same security measures to
protect patient portals. Third-party health care apps who wish to
connect to a health IT developer's certified API would need to
establish secure connections, prompt patients to authenticate
themselves to their health care provider, and obtain a patient's
approval on the scope of data that the app may access.
How data is secured and used once in third-party apps illustrates a
pressing issue that is currently part of a national discussion a
discussion that extends beyond health care and into data privacy,
stewardship, and regulatory interventions. How APIs secure their
connections and follow patients' individual preferences in health care
is no exception. Many third-party apps are not required to implement
the privacy protections and patient rights of the Health Insurance
Portability and Accountability Act (HIPAA) Privacy and Security Rules,
but they may be subject to the Federal Trade Commission (FTC)
jurisdiction, including the Health Breach Notification Rule.
The HHS Office for Civil Rights (OCR) has regulatory authority to
ensure the privacy and security of data applies only to HIPAA covered
entities (e.g., many health care providers, health plans) and their
business associates (e.g., EHR developers). In April 2019, OCR released
new frequently asked questions (FAQs) about the HIPAA right of access
related to patient-designated apps and APIs. The FAQs clarify that once
protected health information has been shared to a third-party app, as
directed by the individual, the HIPAA-covered entity (or its business
associate that fulfills the access request on behalf of the covered
entity) will not be liable under HIPAA for subsequent use or disclosure
of that particular electronic protected health information. This is
provided that, with respect to the app, the app developer is not itself
a business associate of a covered entity, directly or through another
business associate.
Across all business sectors, individuals often have little say with
respect to the secondary use and disclosure of their personal data.
However, the misuse of health information can have lifelong
consequences for the patient. Individuals should balance their
selection and use of a health app with the potential risk of having
negative implications. These risks are similar to when they enter
sensitive health data into an online search, contribute their DNA to
learn about their ancestral heritage, share their credit card
information when making an online purchase, or consent to location
services on their phones. It is important to note that deeply sensitive
health facts about patients can be inferred from consumer data
``exhaust'' such as accelerometers, location services, and a wide
variety of app and social media usage patterns.
Individuals should have the ability to decide whether the potential
benefit of an app to manage their health care information and medical
conditions outweighs potential risks. This should be the patient's
choice. Interestingly, some entities advocating to protect the patient
from inappropriate secondary uses and disclosures of the patient's data
have business models at risk from patients accessing their EHI. ONC's
proposed rule empowers individuals to electronically access and share
their EHI, enabling an individual's HIPAA right of access, and
affording the patient agency over their own health information that is
often absent in health care.
Today's fragmented health system forces individuals or caregivers
to navigate a byzantine system to manage their care. Emerging
technologies and the use of mobile apps will provide individuals with
access to their own EHI that can follow them across providers and
health plans, and advance an app marketplace that addresses unique
patient needs. \6\ For instance, an app may empower patients with
multiple chronic conditions to consolidate and share their care journey
with each clinician they visit, potentially preventing adverse and
life-threatening events due to missing clinical information. A robust
health app ecosystem can also lead to the development of disease-
specific apps that allow patients to choose whether to share their
health information with researchers working on clinical trials to test
a drug or treatment's efficacy like those in the National Institutes of
Health's All of Us Research Program. Apps could also help address
barriers related to access by presenting complex information in easy to
understand ways.
---------------------------------------------------------------------------
\6\ Mandl, Kenneth D., Mandel Joshua C., & Kohane Isaac S.
``Driving Innovation in Health Systems through an Apps-Based
Information Economy.'' Cell Systems. 2015 Jul;1(1):8-13. Accessed 25
Apr 2019.
---------------------------------------------------------------------------
We have seen promising signs of this occurring in the private
sector. Last year, Apple introduced their Health Records on the iPhone
using the same modern computing standards included in our proposed
rule. A little over a year later, over 200 health institutions use the
Health app to offer their patients access to their health records. Many
other entrepreneurs are developing novel health apps as well, and our
proposed rule is designed to lower the barriers to their entry into the
health app industry. Later, I will discuss how we can envision this
same approach taking shape when it comes to price transparency and
providing patients with the ability to shop for care based on the price
and quality of care.
In addition to addressing the flow of EHI, this proposed rule seeks
to enhance the safety of health IT. In 1999, when most clinicians were
still using paper records, the former Institute of Medicine (now the
National Academy of Medicine) published a seminal report, to Err is
Human, where they estimated that between 44,000 to 98,000 people die in
hospitals each year due to preventable medical errors. \7\ There is
ample evidence that well-designed health IT systems can make care
safer. \8\ However, due to the innate complexity of medicine and
radical changes to established clinical workflows, health IT has
introduced new safety issues and also exacerbated others.
---------------------------------------------------------------------------
\7\ Institute of Medicine. 2000. To Err Is Human: Building a Safer
Health System. Washington, DC: The National Academies Press. https://
doi.org/10.17226/9728.
\8\ Office of the National Coordinator for Health Information
Technology. ``Effects of Meaningful Use Functionalities On Health Care
Quality, Safety, And Efficiency.'' Dashboard.Healthit.Gov, 2014,
https://dashboard.healthit.gov/quickstats/pages/FIG-Health-IT-
Literature-Review-Infographic.php.
---------------------------------------------------------------------------
One resounding complaint we heard from the patient safety community
is that health IT developers use gag clauses to inhibit the flow of
essential information that could improve safety across systems. A 2012
National Academy of Medicine report found that such clauses discourage
users from sharing information about patient safety risks,
significantly limiting the ability of users to understand how health IT
products impact patient safety. The report stressed the need for health
IT developers to enable the exchange of information regarding user
experiences, including the sharing of screenshots. \9\ As part of ONC's
patient safety efforts that are paramount to its mission, programs, and
policies, this proposed rule would prevent certified health IT
developers from prohibiting or restricting communications regarding
usability, interoperability, security, user experiences, business
practices, and technology use. We also included provisions to respect
health IT developers' intellectual property in the software.
---------------------------------------------------------------------------
\9\ Institute of Medicine (U. S.). Health IT and Patient Safety:
Building Safer Systems For Better Care (Health Information Technology
And Patient Safety). National Academies Press, 2012.
---------------------------------------------------------------------------
The promise of standards-based API technology can only be
successful if current business practices that enable information
blocking to occur are dismantled. For that reason, I thank Congress for
establishing consequences for information blocking in the Cures Act.
The information blocking provisions were enacted in response to
concerns that some individuals and entities engage in practices that
unreasonably limit the availability and use of EHI for authorized and
permitted purposes. These practices undermine public and private sector
investments in the Nation's health IT infrastructure. They also
frustrate efforts to use modern technologies to improve health care
quality and efficiency, accelerate research and innovation, and provide
greater value and choice to health care consumers.
The information blocking provisions apply to health care providers,
developers of certified health IT, health information exchanges, and
health information networks. Under the Cures Act, the HHS Office of the
Inspector General (OIG) has authority to investigate information
blocking claims against these entities. Health care providers can be
subject to disincentives determined by the HHS Secretary if the OIG
finds that the provider has knowingly and unreasonably engaged in
information blocking. Developers of certified health IT, health
information exchanges, and health information networks can be subject
to civil monetary penalties determined by OIG of up to $1 million per
violation.
The proposed rule establishes seven exceptions that identify
certain reasonable and necessary activities that do not constitute
information blocking. To develop the proposed exceptions, we were
guided by three overarching policy considerations. First, the
exceptions would be limited to certain activities that clearly advance
the aims of the information blocking provision. Second, each exception
is intended to address a significant risk that regulated actors (i.e.,
health care providers, health IT developers of certified health IT,
health information networks, and health information exchanges) would
not engage in certain reasonable and necessary activities because of
potential uncertainty regarding whether those activities would be
considered information blocking. Third, each exception would be
tailored, through appropriate conditions, so that it is limited to
those reasonable and necessary activities that it is designed to
exempt. These exceptions also would be subject to strict conditions to
ensure that they do not extend protections to practices that should be
considered information blocking.
An action would not be treated as information blocking if it
satisfies one or more of these seven exceptions. The first three
exceptions extend to certain activities that are reasonable and
necessary to prevent harm to patients and others; promote the privacy
of EHI; and promote the security of EHI. We believe that without these
exceptions, it would erode trust and undermine efforts to provide
access and facilitate the exchange and use of EHI for important
purposes.
The next three exceptions promote competition and innovation.
First, we propose to permit the recovery of certain types of reasonable
costs incurred to provide technology and services that enable access to
EHI and facilitate the exchange and use of that information. For
example, this exception enables the recovery of costs reasonably
incurred to develop technologies and provide services that enhance
interoperability, while not protecting rent-seeking, opportunistic
fees, and exclusionary practices that interfere with access, exchange,
and use of EHI. Second, the proposed rule would permit an entity to
decline infeasible requests to exchange EHI but would still require the
actor to find a reasonable alternative for providing the EHI. Third, we
propose an exception that would permit the licensing of
interoperability elements on reasonable and non-discriminatory terms.
Contractual and intellectual property rights are frequently used to
extract rents for access to EHI or to prevent competition from
developers of interoperable technologies and services. Such practices
frustrate interoperability and stifle competition and innovation. In
many scenarios, however, it is generally appropriate to license
intellectual property on reasonable and non-discriminatory terms to
support access, exchange, and use of EHI. This exception would further
the goals of the information blocking provision by allowing for the
protection of the value of their innovations and earn returns on the
investments made to develop, maintain, and update those innovations.
For health IT to perform properly and efficiently, it must be
maintained, and in some instances improved. This may require that
health IT be taken offline temporarily. The final exception would allow
EHI to be temporarily unavailable during health IT implementation
upgrades, repairs, and other changes.
ONC's proposed rule primarily focuses on clinical data. However,
advances in computer science and the maturity of data standards are
accelerating the convergence of medical data with billing and price
data. As such, the rule proposes to include such information as part of
a patient's EHI that should be available for access, exchange, and use.
The idiosyncratic and complex nature of pricing within the health care
system has decreased efficiency and negatively impacted patients,
clinicians, health systems, plans, plan sponsors, and other
stakeholders.
In our current health system, there is an asymmetry of information
for patients. They have few ways if any to anticipate or plan for
costs, lower or compare costs, and, importantly, measure their quality
of care or coverage relative to the price they pay. Transparency in the
price and cost of health care could help address some of those concerns
by empowering patients with information they need to make informed
decisions. Further, the wide availability of price information for
health care services could engender competition and accountability
based on the quality and value of those services in health care.
Increased consumer demand, aligned incentives, more accessible and
digestible information, and the evolution of price transparency tools
are critical components to move from a delivery system that rewards
volume of services to one that recognizes and rewards the value of
health care services.
Unfortunately, the complex and decentralized nature of how payment
information for health care services is currently created, structured,
and stored presents many challenges to achieving price transparency.
This entire information chain is geared to retrospective payments
rather than prices. The public has little idea what the CPT billing
codes mean, or how they might be combined if at all to determine a
prospective price. As noted in my discussion of APIs, we can see a
future where, for example, platforms use raw data to provide consumers
with digestible price information through their preferred medium such
as an online tool or smartphone app. As such, the proposed rule seeks
public input on both how we can scope and capture price information as
part of EHI as well as what steps HHS can take, using all its available
resources, to provide price transparency.
I also want to note that, as part of ONC's implementation of
congressional direction articulated through the Cures Act, we recently
issued an updated draft of the Trusted Exchange Framework and Common
Agreement (TEFCA) for public comment, which includes a common set of
principles that facilitate trust between health information networks.
The TEFCA is designed to provide a single ``on-ramp'' to nationwide
connectivity and advance a landscape where information securely follows
the patient where and when it is needed. We also issued a funding
opportunity announcement for the selection of a private sector non-
profit organization that will serve as the Recognized Coordinating
Entity responsible for developing, updating, implementing, and
maintaining the Common Agreement with ONC. This Common Agreement will
create the baseline technical and legal requirements for networks to
share EHI across the Nation. Nationwide interoperability is not a
simple undertaking, and something as expansive as a final TEFCA
requires thoughtful consideration of the issues and challenges. ONC's
intention with releasing the draft for a second round of public comment
is to ensure we get it right.
I also wanted to note that a significant unmet need in the health
care system is for patients with behavioral health conditions. These
patients may transition between emergency rooms, primary care, mental
and behavioral health specialists, shelters, group homes, and various
treatment centers. When these patients present at a new setting, a
provider may know where they transferred from, but lack the necessary
insight about their care journey. ONC previously funded various
programs to accelerate health information exchange at the state,
regional, and local level. These community information exchanges have
demonstrated reductions in care utilization, such as through reduced
duplicate testing and imaging for patients. 1A\10\, \11\ Community
information exchanges are positioned to connect patients with clinical
services and social supports. ONC remains committed to advancing
community information exchange to support care coordination and improve
health, especially for patients with behavioral health conditions.
---------------------------------------------------------------------------
\10\ Ayer, Turgay et al. ``The Impact of Health Information
Exchanges on Emergency Department Length Of Stay.'' Production and
Operations Management, vol 28, no. 3, 2018, pp. 740-758. Wiley,
doi:10.1111/poms.12953. Accessed 25 Apr 2019.
\11\ Lammers, Eric J. et al. ``Does Health Information Exchange
Reduce Redundant Imaging? Evidence from Emergency Departments.''
Medical Care, vol 52, no. 3, 2014, pp. 227-234. Ovid Technologies
(Wolters Kluwer Health), doi:10.1097/mlr.0000000000000067. Accessed 25
Apr 2019.
---------------------------------------------------------------------------
In addition, the provisions in our proposed rule to support the use
of secure APIs and to support the access, exchange, and use of
electronic health information can also offer promising strategies to
combat opioid use disorder (OUD). Data such as opioid prescription drug
data, prior OUD diagnosis and treatment data, and community health
information is essential for providers to be able to prevent and treat
OUD. This data continues to be siloed across systems. This makes access
to this information and to related decision making tools burdensome for
providers. We look forward to continuing to advance the adoption of
common industry standards that could help to address opioid use
disorder prevention and treatment while addressing the patients' need
for privacy.
In summary, much of today's American health care delivery system
remains complex and opaque to providers and patients. Congress's 21st
Century Cures Act and advances in modern computing allow us to revisit
many of the assumptions about what delivery of medical care could and
should be. ONC's proposed rule and advancements on the Trusted Exchange
Framework and Common Agreement serve as major steps to make health care
more transparent, accountable, and patient and provider accessible. We
believe these policies firmly place the Nation on the path to achieving
the long-term benefits of interoperability of electronic health
information connecting for the U.S. health system.
We will continue to keep Congress informed of milestones as they
occur. Mr. Chairman, Ranking Member, and Members of the Committee,
thank you for the opportunity to testify. I look forward to responding
to any questions you may have.
______
[summary statement of don rucker]
The 21st Century Cures Act directs the HHS Secretary to adopt
standards and policies that advance the seamless and secure flow of
electronic health information (EHI) across the health system. On March
4, 2019, ONC issued a proposed rule to implement key provisions in
Title IV of the Cures Act. This proposed rule aims to drive the
electronic access, exchange, and use of health information. It seeks to
inject competition into the health care delivery system by addressing
both technical barriers and business practices that impede the secure
and appropriate sharing of data.
A central purpose of the proposed rule is to facilitate patient
access to their EHI on their smartphone, growing a burgeoning patient-
and provider-facing app economy. The proposed rule includes proposals
that focus on certified health IT developers making available secure,
standards-based APIs that facilitate patients' use of their smartphones
(or other mobile devices) for accessing EHI at no cost.
The promise of standards-based API technology can only be
successful if current business practices that enable information
blocking are dismantled. The Cures Act's information blocking
provisions were enacted in response to concerns that some individuals
and entities engage in practices that unreasonably limit the
availability and use of EHI for authorized and permitted purposes.
These practices undermine public and private sector investments in the
Nation's health IT infrastructure. The proposed rule establishes seven
exceptions that identify certain reasonable and necessary activities
that do not constitute information blocking.
ONC's proposed rule primarily focuses on clinical data. However,
advances in computer science and maturing data standards are
accelerating the convergence of medical data with billing and price
data. As such, the rule proposes to include such information as part of
a patient's EHI that should be available for access, exchange, and use.
ONC also recently issued an updated draft of the Trusted Exchange
Framework and Common Agreement (TEFCA) for public comment, which
includes a common set of principles that facilitate trust between
health information networks. The TEFCA is designed to provide a single
``on-ramp'' to nationwide connectivity and advance a landscape where
information securely follows the patient. We also issued a funding
opportunity announcement for the selection of a Recognized Coordinating
Entity responsible for developing, updating, implementing, and
maintaining the Common Agreement with ONC.
In summary, much of today's American health care delivery system
remains complex and opaque to providers and patients. The Cures Act and
advances in modern computing allow us to revisit many of the
assumptions about what delivery of medical care could and should be.
ONC's proposed rule and advancements on the TEFCA serve as major steps
to make health care more transparent, accountable, and accessible for
both patients and providers. We believe these policies firmly place the
Nation on the path to achieving the long-term benefits of
interoperability of electronic health information connecting for the
U.S. health system.
______
The Chairman. Thank you Dr. Rucker, Dr. Goodrich, welcome.
STATEMENT OF KATE GOODRICH, M.D., DIRECTOR AND CENTER FOR
MEDICARE AND MEDICAID SERVICES CHIEF MEDICAL OFFICER, CENTER
FOR CLINICAL STANDARDS AND QUALITY, CENTER FOR MEDICARE AND
MEDICAID SERVICES, UNITED STATES DEPARTMENT OF HEALTH AND HUMAN
SERVICES, WASHINGTON, DC
Dr. Goodrich. Thank you. Chairman Alexander, Ranking Member
Murray, and Members of the Committee, thank you for the
invitation to testify today on behalf of the Centers for
Medicare and Medicaid Services. I appreciate this opportunity
to discuss our efforts to foster innovation that promotes
patient access to and use of their health information.
At CMS we are committed to advancing interoperability and
improving access to health information for patients in the
healthcare system. As a practicing physician, I know how
important it is to be fully informed of a patient's medical
history before making a diagnosis, or proposing a treatment
plan, or prescribing a medication. And as a patient, I value my
right to access my own health information and to use it to
better manage my care. A core policy principle underlying our
proposals is that every American should be able, without
special effort or advanced technical skills, to see, obtain,
and use all electronically available information that is
relevant to their health, care, and choices of plans,
providers, and specific treatment options.
While many consumers today can often access their own
health information through patient portals and proprietary
applications made available by various providers and health
plans, they typically must go through distinct processes,
separate processes, to obtain access to each system and often
need to manually aggregate information that is delivered in
various non-standardized formats. CMS believes that when a
patient receives care from a new provider, a complete record of
their health information should be readily available to that
provider regardless of where their care may have been
previously provided or by whom. Similarly, when an enrollee
changes health plans or ages into Medicare, the enrollee should
be able to have their claim's history and encounter data follow
them so that information is not lost.
Last year, the administration launched the My Healthy Data
Initiative, a Government wide initiative spearheaded by the
White House Office of American Innovation with participation
from CMS and other Federal agencies. A key goal of this
initiative is to empower patients by giving them the ability to
move from health plan to health plan and from provider to
provider while having both their clinical and administrative
information follow them. In support of My Healthy Data, CMS
launched Blue Button 2.0, our first developer-friendly,
standards-based application programming interface that allows
Medicare fee-for-service beneficiaries to access and share
their healthcare claims data with applications and services
that help them manage their health, as well as with their
doctors and their caregivers. Through Blue Button 2.0, the
nearly 40 million beneficiaries enrolled in traditional
Medicare now have the ability to access their claims data using
third-party applications.
On March 4th, inspired by the vision set out by Congress in
the 21st Century Cures Act, CMS issued a proposed rule that
would, for the first time, require health plans doing business
in Medicare Advantage, Medicaid, and through the Federal
exchanges to follow our lead and share health claims data and
other important information electronically with their patients.
We announced our proposal concurrently with the office of the
National Coordinator who's proposed rule updates standards for
certified electronic health records.
As we move forward through the rulemaking process, our
agencies will continue to collaborate to make sure our policies
work together in order to drive interoperability and improve
care coordination for patients. Our efforts are designed to
help patients access their health data through common
technologies and without special effort. And while patients had
a right to access their health care data and use it in any way
they deem fit, we also feel a responsibility to protect the
privacy and security of this sensitive information. That is why
our proposed rule includes a requirement for plans to educate
patients about the risks that they should consider when sharing
their health data with third-party application developers. We
also expect developers to maintain strong privacy and security
standards as they develop applications for patients.
Across the agency, CMS relies heavily on stakeholder
feedback to help us improve our programs. We extended a public
comment period on our interoperability proposed rule by 30
days, and we encourage plans, providers, Members of Congress,
and other interested parties to provide us comments for us to
consider as we move forward through the decision making
process. The deadline is June 3d, and we look forward to
hearing ideas about how we can improve upon our proposals and
implementation strategies.
Thank you again for the invitation to be here and I look
forward to answering your questions.
[The prepared statement of Dr. Goodrich follows:]
prepared statement of kate goodrich
Chairman Alexander, Ranking Member Murray, and Members of the
Committee, thank you for the opportunity to discuss Centers for
Medicare & Medicaid Services' (CMS's) efforts to foster innovation that
promotes patient access to and use of their health information. We are
committed to advancing interoperability and improving access to health
information for patients in the U.S. health care system. As evidenced
by our ongoing work, as well as our proposed rule now out for public
comment, CMS is taking an active approach to move the health care
market toward interoperability and the secure and timely exchange of
health information by proposing policies for the Medicare and Medicaid
programs, the Children's Health Insurance Program (CHIP), and issuers
of health plans sold on the Federal Exchange.
Last year, the administration launched the MyHealthEData
Initiative, which aims to break down the barriers that prevent patients
from gaining electronic access to their health information from the
device or application of their choice, empowering patients and taking a
critical step toward interoperability and patient data exchange. As
part of this initiative, we are taking a patient-centered approach to
health information access and moving to a system in which empowered
patients have immediate access to their health information
electronically. Patients will have the ability to securely share their
health information, creating a single record that will follow them as
they move throughout the health care system, giving them the data they
need to make the best decisions for themselves and their families.
Medicare Blue Button 2.0
In support of this goal, and in support of the MyHealthEData
initiative, last year, the CMS announced the launch of Blue Button 2.0,
our first secure, standards-based Application Program Interface (API)
that allows Medicare beneficiaries to access and share their health
care claims data with applications and services that help them manage
their health, in addition to sharing this information with their
doctors and caregivers. API technology allows software from different
developers to connect with one another and exchange electronic health
information in electronic formats that can be more easily compiled and
shared.
Through Blue Button 2.0, Medicare beneficiaries can select third
party applications to connect to their data to compile and use their
electronic health information. There are now 20 Blue Button apps
available, which are posted on Medicare.gov, and developers are
currently working on many more. Among other uses, these applications
can help beneficiaries find plans, organize and share medical
information and claims, or make appointments. We are also excited about
the promises of research that can be enabled through beneficiaries
choosing to share their data to help in the development of the next
generation of cures and innovative treatments.
Ensuring the privacy and security of beneficiary data has been a
priority for CMS since the beginning of this effort. We have taken a
number of steps to protect beneficiary data, including regular systems
security testing. Blue Button applications use existing CMS standards
for beneficiary authorization, and they must use clear and plain
language to alert beneficiaries to the sensitivity of the data they are
sharing. Additionally, CMS offers a user-friendly dashboard on
MyMedicare that allows beneficiaries to turn off data access for any
application at any time.
Interoperability and Patient Access Proposed Rule
Continuing to build on the MyHealthEData initiative, on March 4,
2019, CMS issued a proposed rule 1A\1\ on Interoperability and Patient
Access that is intended to move the health care market toward
interoperability. This proposed rule was inspired by, and demonstrates
our commitment to, the vision set out in the 21st Century Cures Act and
Executive Order 13813 to improve access to and the quality of
information that Americans need to make informed healthcare decisions,
including data about health care prices and outcomes while attempting
to minimize the burden associated with these changes to plans, health
care providers and payers.
---------------------------------------------------------------------------
\1\ Available at: https://www.Federalregister.gov/documents/2019/
03/04/2019-02200/medicare-and-medicaid-programs-patient-protection-and-
affordable-care-act-interoperability-and
---------------------------------------------------------------------------
The proposed rule would enable patients to access their health
information electronically by requiring the payers subject to this
proposed rule to share health claims and other information
electronically with their enrollees by 2020, much like CMS is already
doing for Medicare beneficiaries through Blue Button 2.0. This empowers
patients to take charge of and better manage their health care.
The rule also facilitates data exchange for health care providers
and suppliers, including doctors and hospitals, to have access to
health information about their patients, regardless of where the
patient may have previously received care. Our proposals aim to connect
providers through data exchange and provider directories while
preventing them from engaging in the act of information blocking, or
inappropriately restricting the flow of information to other health
care providers and payers. These proposals support interoperable
practices that may reduce the burden on health care providers.
CMS announced the rule concurrently with another proposed rule,
issued by the Department of Health and Human Services' Office of the
National Coordinator for Health Information Technology (ONC). ONC's
proposed rule updates the standards for certified EHR by identifying
certain activities that ONC has determined are reasonable and necessary
and making those activities exceptions to the original statutory
definition of information blocking. Inspired by the 21st Century Cures
Act, and in collaboration with ONC, the proposals in the CMS
Interoperability and Patient Access proposed rule drive
interoperability to promote competition and improve patient care.
Patient Access Through Application Programming Interfaces (APIs)
A core policy principle underlying our proposals is that every
American should be able, without special effort or advanced technical
skills, to see, obtain, and use all electronically available
information that is relevant to their health, care, and choices--of
plans, providers, and specific treatment options. While many consumers
today can often access their own health information through patient
portals and proprietary applications made available by various
providers and health plans, they typically must go through separate
processes to obtain access to each system, and often need to manually
aggregate information that is delivered in various, non-standardized
formats.
We are proposing to require that certain kinds of plans--Medicare
Advantage plans, Medicaid fee-for-service and managed care plans, CHIP
fee-for-service and managed care plans, and Qualified Health Plans on
the Federal Exchange--maintain secure APIs that enrollees can use to
access certain categories of their health data. This proposal would
enable enrollees to use the application of their choice to access and
use their own electronic health information. We hope that other payers
might voluntarily offer this type of data accessibility so that even
more patients across the American health care system can be empowered
through easy access to their electronic health data.
Health Information Exchange and Care Coordination Across Payers
As patients move throughout the healthcare system, in particular
from health plan to health plan, they should be able to maintain access
to their health information. Our proposed rule would require health
plans to support patients in coordinating their own care through plan-
to-plan health information exchange, electronic exchange of data as
patients move between plans.
This proposed policy also leverages interoperability to facilitate
care coordination among plans to reduce unnecessary care, as well as
ensure that health care providers are able to spend their time
providing care rather than performing unnecessary administrative tasks.
For instance, effective information exchange between plans could
improve care coordination by reducing the need for health care
providers to write unneeded letters of medical necessity; by reducing
instances of inappropriate step therapy; and by reducing repeated
utilization reviews, risk screenings or assessments.
Care Coordination Through Trusted Exchange Networks
We propose that Medicare Advantage organizations, Medicaid managed
care plans, CHIP managed care entities, and issuers on the Federal
Exchange be able to participate in a trusted exchange network, which
would allow them to join any health information network they choose and
be able to participate in nationwide exchange of data. Trusted exchange
networks allow for broader interoperability beyond one health system or
point-to-point connection by facilitating secure exchange of electronic
health information without special effort on the part of the user.
API Access to Published Provider Directory Data
We believe access to provider directories and network information
is critical for helping patients get the care they need. Health plan
provider directories help patients find in-network providers and allow
healthcare professionals to locate other providers for purposes of
referrals, transitions of care, and care coordination. To ensure that
patients and providers have easy access to provider directory
information, we propose to require Medicare Advantage organizations,
state Medicaid and CHIP programs, Medicaid managed care plans, and CHIP
managed care entities to make standardized information about their
provider networks available to enrollees and prospective enrollees
through API technology, much like the Qualified Health Plans on the
Federal Exchange.
Provider Digital Contact Information
Provider contact information is critical to interoperability, care
coordination and patient care. Last summer, to implement the
requirements in the 21st Century Cures Act that required the Secretary
to create a provider digital contact information index, CMS updated our
online National Plan and Provider Enumeration System (NPPES) that
maintains the National Provider Identifier (NPI) records for providers
to collect this information and to allow providers to include one or
more pieces of digital contact information that can be used to
facilitate secure sharing of health information. Digital contact
information, or electronic addresses for providers, allow them to
exchange data faster and more efficiently while improving
interoperability. Ultimately, we believe this technology could
eliminate the need for fax machines in the clinical setting, but to
make this technology effective, we need providers to make the most of
it. To promote increased use of this provider digital contact
information index, CMS is proposing to publicly report the names and
National Provider Identifiers of those providers who have not added
digital contact information to their entries in the NPPES system
beginning in the second half of 2020.
Public Reporting of Information Blocking
The Medicare Access and CHIP Reauthorization Act of 2015 (MACRA)
included a requirement that eligible clinicians and hospitals
demonstrate that they have not knowingly and willfully taken action to
limit or restrict the compatibility or interoperability of certified
EHR technology. \2\ CMS implemented these policies through attestation
requirements in our Promoting Interoperability Programs. \3\ We believe
it would benefit the public, which includes patients and caregivers, to
know if individual clinicians, hospitals, and critical access hospitals
have submitted a ``no'' response to any of the three attestation
statements regarding the prevention of information blocking. In our
proposed rule, we propose including an indicator on the Physician
Compare website for eligible clinicians participating in the Quality
Payment Program, and to post information on a CMS website available to
the public for eligible hospitals and critical access hospitals
participating in the Medicare Promoting Interoperability Program, who
submitted a ``no'' response to any of the three attestation statements
regarding the prevention of information blocking.
---------------------------------------------------------------------------
\2\ Section 106(b)(2)(A) of MACRA amended section
1848(o)(2)(A)(ii) of the Act to require that an eligible professional
must demonstrate that he or she has not knowingly and willfully taken
action (such as to disable functionality) to limit or restrict the
compatibility or interoperability of certified EHR technology, as part
of being a meaningful EHR user. Section 106(b)(2)(B) of MACRA made
corresponding amendments to section 1886(n)(3)(A)(ii) of the Act for
eligible hospitals and, by extension, under section 1814(l)(3) of the
Act for CAHs. Sections 106(b)(2)(A) and (B) of MACRA provide that the
manner of this demonstration is to be through a process specified by
the Secretary, such as the use of an attestation.
\3\ To review our discussion of these requirements, see the CY
2017 Quality Payment Program final rule (81 FR 77028 through 77035).
---------------------------------------------------------------------------
Revisions to the Conditions of Participation for Hospitals and Critical
Access Hospitals
We have helped to facilitate data sharing and notification
capabilities through our policies on provider directory information,
and we further promote this by proposing to require that hospitals send
electronic patient event notifications to other providers treating a
patient when the patient is admitted, discharged or transferred from
the hospital. Clinical event notifications are widely recognized as an
effective tool for improving care coordination across settings,
especially for patients at admission, discharge, and transfer.
We are proposing to revise the conditions of participation for
hospitals and critical access hospitals to require that these entities
send patient event notifications to other care providers or facilities
that have an established care relationship with their patient. While
deploying these notifications is low-cost and easy to achieve with any
electronic health record system, many hospitals have not developed
capabilities to send these notifications to other providers and
facilities to whom they transition patients. We propose to limit this
requirement to only those Medicare-and Medicaid-participating hospitals
and CAHs that possess EHR systems with the technical capacity to
generate information for electronic patient event notifications. This
limitation will avoid burdening hospitals wishing to participate in the
Medicare and Medicaid programs while still supporting efficient
transitions of patient care whenever feasible.
Request for Information: Advancing Interoperability Across the Care
Continuum
Transitions across care settings have been characterized as common,
complicated, costly, and potentially hazardous for individuals with
complex health needs. Yet despite the need for functionality to support
better care coordination, discharge planning, and timely transfer of
essential health information, interoperability by certain health care
providers such as long-term and post-acute care, behavioral health, and
home- and community-based services continues to lag behind acute care
providers. We are soliciting comment on several potential strategies
for advancing interoperability across care settings to inform future
rulemaking activity in this area. We are seeking solutions to more
broadly incentivize the adoption of interoperable health IT systems and
use of interoperable data across settings, such as long-term and post-
acute care, behavioral health, and settings that serve individuals
receiving home- and community-based services or who are dually eligible
for Medicare and Medicaid.
Advancing Interoperability in Innovative Models
We believe that the Center for Medicare and Medicaid Innovation
(``Innovation Center'') models offer a unique opportunity to engage
with healthcare providers in innovative ways and test new concepts and
are an important lever to advance interoperability. CMS plans to
promote interoperability across the healthcare spectrum through model
testing that focuses on using emerging standards, models leveraging
non-traditional data, and technology-enabled patient engagement
platforms. The Innovation Center is seeking public comment on promoting
interoperability among model participants and other healthcare
providers as part of the design and testing of innovative payment and
service delivery models.
Request for Information: Policies To Improve Patient Matching
Finally, because patient identification is so critical to patient
safety and information exchange, CMS is investigating ways to
facilitate private sector work on a practical and scalable patient
matching strategy. Together, CMS and ONC are requesting feedback on how
we can leverage our respective authorities to improve patient
identification, and thus patient safety, to encourage better
coordination of care across different healthcare settings while
advancing interoperability. We are also seeking comment on how we may
leverage our program authority to provide support to those working to
improve patient matching.
Promoting Interoperability
Last year CMS announced an overhaul of the Medicare and Medicaid
Electronic Health Record Incentive Programs (often known as the
``meaningful use programs'') for hospitals after the Bipartisan Budget
Act of 2018 increased our flexibility in implementing these programs.
\4\ We renamed these programs the ``Promoting Interoperability
Programs'' to promote interoperability, help to maintain a focus on
patients and reduce burden. With these changes, hospitals and critical
access hospitals are subject to a new performance-based scoring
methodology with fewer measures beginning in 2019, which moves away
from the threshold-based methodology that was in place. \5\ For
clinicians, we changed the Merit-Based Incentive Payment System
``Advancing Care Information'' category to the ``Promoting
Interoperability'' category by generally aligning with the revised
requirements for hospitals by moving clinicians to a single, smaller
set of objectives and measures. \6\ We think these changes provide a
less burdensome structure, allowing eligible hospitals, critical access
hospitals, and clinicians to put their focus back on patients while
still moving forward toward interoperability.
---------------------------------------------------------------------------
\4\ Bipartisan Budget Act of 2018 (Pub. L. 115-123), Section
50413, Reducing the Volume of Future EHR-Related Significant Hardship
Requests, and section 51003, Technical Amendments to Public Law 114-10.
\5\ 83 FR 41150.
\6\ 83 FR 59785.
---------------------------------------------------------------------------
Moving Forward
CMS is committed to creating a patient-centered health care system
in which empowered patients have immediate access to their health
information so they can better engage in and make decisions about their
care. From our work with Blue Button 2.0 to the policies in the
proposed rule, we want every stakeholder focused on the need for
seamless data sharing so patients and providers can make decisions with
complete, accurate sets of information and deliver the best health
outcomes. Ultimately, we all need to work together to drive the
seamless flow of information across the health care system. We are
working toward a healthcare future when patients are able to obtain and
share their health data securely and privately, with just a few clicks,
and can ensure their care team is comprehensively informed of their
specific care needs.
______
[summary statement of kate goodrich]
At the Centers for Medicare & Medicaid Services (CMS), we are
committed to advancing interoperability and improving access to health
information for patients in the U.S. health care system. As evidenced
by our ongoing work, as well as our proposed rule now out for public
comment, CMS is taking an active approach to move the health care
market toward interoperability and the secure and timely exchange of
health information by proposing policies for the Medicare and Medicaid
programs, the Children's Health Insurance Program (CHIP), and issuers
of health plans sold on the Federal Exchange.
Last year, the administration launched the MyHealthEData
Initiative, which aims to break down the barriers that prevent patients
from gaining electronic access to their health information from the
device or application of their choice, empowering patients and taking a
critical step toward interoperability and patient data exchange.
In support of this goal, and in support of the MyHealthEData
Initiative, last year, the CMS announced the launch of Blue Button 2.0,
our first secure, standards-based Application Program Interface (API)
that allows Medicare beneficiaries to access and share their health
care claims data with applications and services that help them manage
their health, in addition to sharing this information with their
doctors and caregivers.
Continuing to build on the MyHealthEData Initiative, on March 4,
2019, CMS issued a proposed rule on Interoperability and Patient Access
that is intended to move the health care market toward
interoperability. The proposed rule would enable patients to access
their health information electronically by requiring the payers subject
to this proposed rule to share health claims and other information
electronically with their enrollees by 2020, much like CMS is already
doing for Medicare beneficiaries through Blue Button 2.0.
A core policy principle underlying our proposals is that every
American should be able, without special effort or advanced technical
skills, to see, obtain, and use all electronically available
information that is relevant to their health, care, and choices--of
plans, providers, and specific treatment options. While many consumers
today can often access their own health information through patient
portals and proprietary applications made available by various
providers and health plans, they typically must go through separate
processes to obtain access to each system, and often need to manually
aggregate information that is delivered in various, non-standardized
formats.
From our work with Blue Button 2.0 to the policies in the proposed
rule, we want every stakeholder focused on the need for seamless data
sharing so patients and providers can make decisions with complete,
accurate sets of information and deliver the best health outcomes.
Ultimately, we all need to work together to drive the seamless flow of
information across the healthcare system. We are working toward a
health care future when patients are able to obtain and share their
health data securely and privately, with just a few clicks, and can
ensure their care team is comprehensively informed of their specific
care needs.
______
The Chairman. Thank you, Dr. Goodrich. We will now go to
five minute round of questions.
During the 21st Century Cures, when we had six bipartisan
hearings on electronic health care records, we formed a working
group of interested Senators and I am going to discuss it with
Senator Murray. We might do that again, and keep, for those
Senators who are interested in this, every 90 days or so as Dr.
Rucker and Dr. Goodrich come up, spend an hour with us, give us
an update on whether they are running into unexpected things.
We know you are going to run into unexpected things. We want to
create an environment in which you can succeed. So that would
be what we may ask you to do.
I mentioned earlier that my music teacher, and I will just
repeat that, who said play it a little slower than you can play
it and you will make fewer mistakes, and hopefully we will
learn lessons from Meaningful Use 3. I do not mind saying it
was Vanderbilt University who was pretty far ahead in
electronic records and they said Meaningful Use 1 was very
helpful, 2 was Okay, 3 was terrifying, and I think it would
have been better if we had taken time and work with doctors and
hospitals and others and incorporated them into the process.
But that is a lesson to learn.
It is true as Dr. Goodrich said and Dr. Rucker said, if you
go to many hospitals or doctor's offices today, you can obtain
your own personal medical information very rapidly and in an
easy way. Our goal is to make it as easy to get your medical
information, your own medical information, than it is to make
an Airline reservation, and in some cases, that is already the
case at an institution. But if you want to go from one
institution to another, as Dr. Goodrich said, basically you
crawl down to the basement of some hospital, find your
information, put it in a wheelbarrow, and take it over to the
next place. So that is what we are talking about with
interoperability.
Let me take an example of what I mean by making sure we do
not go too fast. We deliberately left it up to you, with your
expertise, to make a judgment about how to do this practically,
and you have said that you want to have most of this data in
two years after this rule is final. The rule will be final
toward the end of this year. So that leaves two years.
Why not have a more phased approach for that? For example,
starting with the U.S. Core Data for Interoperability and do
that well within those first two years, and then take a second
step. You had a common clinical data set that was set in 2015,
and many people still have not been able to comply with that.
Now you are having to update the data set and you are not
only asking for that information, but you are asking for all of
the other information within a two-year period of time. In
other words, why not phase in starting with the U.S. Core Data
for Interoperability, Dr. Goodrich?
Dr. Goodrich. Certainly. So, we did propose in our proposed
rule that plans make available an API to be able to make data
accessible to third-party application developers as designated
by a patient, January 1st of 2020. We also, and most of these
data are administrative claims data, encounter data that
already exist, but we do reference also the USCDI.
The Chairman. But wait a minute, is it not true though that
you get to do this kind of thing in 2015? You have set some
standards and most providers and doctors haven't yet mastered
that, is that correct?
Dr. Goodrich. Are you referencing the 2015 edition of
certified technology?
The Chairman. Of the Common Clinical Data set. That has
been out there for four years----
Dr. Goodrich. Correct.
The Chairman. Has everybody mastered that in that four year
period of time? Or would that be for Dr. Rucker?
Dr. Goodrich. I might defer to Dr. Rucker to answer that as
well. I think we do require that clinicians and hospitals that
participate in our programs use the edition of certified
technology that contains that Core Data set. We have seen
fairly good adoption, but I will if Dr. Rucker wants to add
anything.
The Chairman. Well, what does fairly good mean, Dr. Rucker?
Have they all--is that in really good shape? Because they have
had four years to do it and what you are proposing to do, would
be an even greater gathering of information than that.
Dr. Rucker. Right. So, the Common Clinical Data set
includes things like problem lists, medications, allergies. The
difference between the U.S. Core Data for Interoperability and
the Common Data set is we are adding in clinical notes and
some, what is called metadata, so people know who did the note.
The Chairman. But I am running out of time. I guess my
question is, if you could not get it--if four years wouldn't do
it for what you tried to do in 2015, why do you think you can
do it in two years all of this other data collection? Why not
start with a more modest start like the U.S. Core Data for
Interoperability?
Dr. Rucker. Well, that is actually what we are doing. So,
what we have, all the core technical provisions and the testing
are really about the Core Data for Interoperability because
that is the part that is computable. That is the part, once the
final rule and then two years after, that is where the testing
is and that is an increment over the 2015 rule, which for the
first time is being required in 2019. We have evidence that the
vast majority of providers both physicians and hospitals have
access to that software today.
The Chairman. Okay. Thank you.
Senator Murray.
Senator Murray. Thank you, Mr. Chairman. Dr. Rucker, as you
know prohibiting information blocking was one of the
Committee's top health IT priorities in the 21st Century Cures
Act. We want to make sure the Department of Health and Human
Services takes the time to implement the Cures the right way
but if health or care organizations or technology vendors are
hoarding data in order to gain a competitive advantage for
themselves, there are real consequences for the health and
safety of patients if the Department takes too long to
implement these policies. What are the risks of delaying the
prohibition on information blocking?
Dr. Rucker. Well, I think the risks are, as you have
outlined them, I think the main risk fundamentally is, to the
extent that this is delayed or prevented, the American public
is not in charge of their healthcare and they are paying more
for their care, they are not getting as good a care as they
could get, and fundamentally they are not in control of their
care.
With the information blocking rule to make that to follow
the intent of Congress we have, in our proposed rule, have
seven specific exceptions based on literally over a hundred
stakeholder meetings were this almost invariably came up as a
topic for discussion to narrow the scope and make that
enforceable for the Office of the Inspector General and to
provide clarity for the public. We think that they are very
common sense types of things. The one area where there has to
be sort of a definition, if you will, is on allowable costs.
We have heard vendors are charging over $1 million to a
start up to, just get that data that obviously stops innovation
in its tracks. So, we have language allowing reasonable
recovery of costs and profit but that it is not used as a
strategy to prevent competitors from entering potentially
reserved spaces.
Senator Murray. Okay, thank you. Dr. Goodrich, as I talked
about in my opening statement, Congress aimed to prevent
information blocking in all its forms in the bill. We asked HHS
to decide what the appropriate consequence for providers and
hospitals that block flow of information should be. In the CMS
rule, your agency proposes creating a public list of the
physicians and hospitals that respond yes when they are asked
if they participate in this behavior. What was the thought
process behind a public list as the proposed mechanism of
enforcement?
Dr. Goodrich. Certainly. And I will first say that the
Department is still considering other ways to address that
particular provision of the 21st Century Cures Act. What this
does in our proposed rule is it builds upon what we finalized
through actually the MACRA legislation related to requiring
that providers attest that they did not willfully or knowingly
block the flow of information. That is part of the MIPS program
as well as what hospitals have to do for the Promoting
Interoperability program.
What we are doing in the Proposed Interoperability rule is
merely saying, for people who do not attest that they did not
block information flow essentially, that we would make that
list of hospitals or clinicians public, but we are still
considering other mechanisms.
Senator Murray. Okay. What if a provider says they don't
information block, but they are found guilty of that conduct?
Dr. Goodrich. Anytime that we have any concern about
information blocking that we discover through any of our usual
mechanisms, that is something that we would certainly refer to
the OIG to look into as well.
Senator Murray. Okay. And open APIs which allow for data
exchange between products developed by different companies.
They are an essential feature for an interoperable healthcare
system and allow patients actually to get more control over
their own healthcare data. Last year, CMS allowed beneficiaries
and traditional Medicare to access their healthcare claims and
information through an API, and I was glad to see in your
proposed rule CMS is expanding that initiative to beneficiaries
and programs like Medicare Advantage, Medicaid Managed Care,
CHIP, marketplace plans. Talk to us why that is so important.
Dr. Goodrich. Yes. We have--again a core principle that it
is critical for patients to have access to their data. They
currently do have access to their data through individual
patient portals or their various doctors' offices or
proprietary applications their providers may have. And what our
proposed rule does is it intends to lower the burden on
patients by requiring that plans who do business with CMS
aggregate that information and make it a bit available through
an API. We have seen a lot of interest in this technology and
Medicare beneficiaries wanting to access their data through our
Blue Button 2.0, and we really hope that health plans would
take our lead and build upon that while maintaining the highest
standards of privacy and security.
Senator Murray. Okay. Thank you very much.
The Chairman. Thank you, Senator Murray.
Senator Braun.
Senator Braun. Thank you, Chairman Alexander. I think it is
interesting that we are here talking about stuff like this, and
that I think back to the 38 years I have had a logistics and
distribution business. I remember taking handwritten orders
back in the early 80's and remember being on a RadioShack
information system in the late 80's. I remember going on the
Great Plains in the 90's, and all I can tell you is that most
industries would not be having hearings because there is
transparency, and there is competition, and there is embracing
of technology. Hated to hear that within the medical sector, it
is the only place where we see neutral to may be negative
annual gains in productivity or the use of technology.
I think it begs the question, what is wrong with the
industry itself? And as a conservative, a Main Street
entrepreneur, I lay the burden not here in the Senate, on the
shoulders of the industry itself. I mean when you are cloaking
and making things so difficult to get simple things like
interoperability and when you are dealing with talking about
blocking information, that is so far out of the mainstream of
all other industries and I want the industry to hear what I
have been preaching all along get with it or you are going to
be changed radically with all kinds of approaches that are out
there based upon frustration.
We have got a dysfunctional industry that is not consumer
driven. The consumer needs to be responsible. There is no other
industry sector where the people that buy stuff are not engaged
in it. It is due to the paternalistic evolution of healthcare.
It has got the change. And we have got an industry that is full
of smart individuals and big corporations that have figured out
how to take advantage of it. That is why we are talking about
some of the stuff, nudging through Committee hearings and
possibly legislation. It is frustrating to me because it
evolves naturally everywhere else.
My question is, do you think there is any chance that among
consumers of healthcare, through some of the efforts I see to
make it more consumer-driven--I have done it in my own business
and all I can tell you is when you embrace it, you cut costs
and you got to change your behavior because you are doing
things you are not used to but like we evolved from taking
handwritten orders and having the most high-tech system in the
logistics and distribution business, and that is why we do
well, we embraced it. And an industry that obviously is
dragging its feet, does not see the handwriting on the wall, do
you think there is any chance that the consumers that use it,
the industry that provide it, will get to where they need to be
without our nudging legislation and Committee hearings? And I
would like each to comment on that kind of broad topic a little
bit.
Dr. Goodrich. Thank you. I would say that at CMS, we feel
as a core principle for everything that we do at CMS, that
consumers need to be in driver's seat. And I would say that
many of our policies, including what we have proposed through
this interoperability rule, are intended to do exactly that,
whether it be through fostering transparency, nudging providers
because our jurisdiction is of course over providers, to ensure
that data flows to the patient and it is shared with the
patient in a usable format, and of course through our
interoperability efforts. And that is what we have been doing
very closely in partnership with ONC. So, I think we absolutely
believe that a consumer-driven system is necessary.
Dr. Rucker. The rule I think, the proposed rule absolutely
puts healthcare I think into a competitive place. It has not
been literally in 50 years. Modern technology, these RESTful
Json, those computer science terms, those APIs have transformed
business after business after business. Logistics would be a
perfect example of that. We think that they are going to
transform healthcare by bringing other parties and new parties
into the game who are not incumbents, who are not part of the
current sort of system of consolidated delivery system and
raise provider guilds. It has opened up markets throughout the
world in other industries. We are quite optimistic that this
will do it in healthcare.
Senator Braun. Thank you. And I would encourage the
industry, publicly, to get with it because I think if I am not
happy about the speed we are moving, and I respect the
Chairman's advice to make sure we do not move too quickly. But
it is a sad state of affairs that where we are at now and the
industry needs to get with it because they is so much they know
they could do to make it better. Thank you.
The Chairman. Thank you, Senator Braun.
Senator Kaine.
Senator Kaine. Thank you to the witnesses. Important topic.
My staff members suggested that I read an Atul Gawande's New
Yorker piece from November on ``Why Doctors Hate Their
Computers,'' and what a great article. It is hard to really
summarize it because there is a lot of nuances to it but two
observations from the article were that the increasing use of
EHRs and computers generally may be increasing job
dissatisfaction among physicians, but it is also giving
patients all kinds of access to the notes of their meetings and
tests results and ability to schedule appointments that they
did not have before. I am just curious as to your reaction to
that piece and whether in proposing this rule you are trying
to, figure out a way to make the advance of EHR continue to be
a great thing for patients but also let more of a value add and
a pleasurable value add for physicians.
Dr. Goodrich. Certainly, yes. This is a topic that I
personally care deeply about as a practicing physician. I have
been around long enough to have practiced when I had,
handwritten notes and then transitioning into a variety of
different EMR systems over time. And I would say there is no
question that the implementation of EMRs in many ways has
actually been a positive improvement. Now nurses do not have to
read my chicken scratch to take an order off. The computerized
provider order entry has, I think really made some significant
gains in improving patients' safety but there are real concerns
that still remain that were highlighted in Dr. Gawande's
article. We have done a number of things at CMS to try to
address that related to what was passed in 21st Century Cures
but also related to, for example, reducing the burden of
documentation, which is a big pain point for clinicians.
In our physician fee schedule rule last year, we sort of
overhauled the requirements related to documentation and we
intend to further build those out through rule-making this
year. That will make using EMRs easier. That is so much an EMR
specific issue, but it is manifested through the EMR. So, there
are things like that we are continuing to explore. The patient
access issue to data though is critical. I take care of my
mother's Medicare beneficiary and her having access to her
information has been transformative.
Senator Kaine. Dr. Rucker, do you want to add anything to
that?
Dr. Rucker. Yes. I think the article makes a number of good
points. I think the challenge is we have bundled all kinds of
payment and policy things into the EMR. It is a lot easier for
somebody to put that, oh, let the EMR sort it out so the EMR
becomes a little bit of a waste basket for various things.
Jointly with CMS under Cures, a physician-provider burden
report was required. We have a draft out of that, and we have
identified, in addition to the documentation that Kate
mentioned another area, is prior authorization, a vast time
sink for people, and so we are doing early work to try to
figure out how to make that actually electronic. Right again,
this is logistics, if you will, in healthcare as a lot of
transaction cause opacity and delay.
I think there are things--I went into this business to
actually automate things. It is a source of personal
embarrassment that after thirty odd years in the field that
computers generate more work for me when I practice than
anything else. I would not have guessed it if you had asked me
in 1988, when I graduated from Computer Science school after
residency, what was going to happen, but we have a lot of
incentives that are maybe not in the right place.
Senator Kaine. Let me move to a particular area. Health IT
has a great potential to improve treatment pain management,
especially help us deal with addiction issues. Everybody on
this Committee has been very focused on opioid and other
addictions. But IT can help us prevent prescription shopping,
reduce inappropriate prescriptions, and facilitating
interdisciplinary care. And the ONC proposed rule discusses
these important issues and acknowledges the importance of
patient privacy. Talk a little bit about the promise that
increased standardization might offer to us as we are grappling
continually with addiction issues, especially with respect to
opioids.
Dr. Rucker. Yes. I mean, the various state PDMPs which are
now pretty much universal throughout the United States, have
been very helpful. As an ER doc believe me, I have had every
story of shopping for opioids in 30 years pitched at me, I
think. So, I mean I have lived this for decades and decades,
the challenges of these group of patients. So, the PDMPs, I
think, are good for what they do.
I think each state has a different approach to this. This
makes it very complicated on a National basis to do this. It
makes integration into workflows. You just talked about burden
in the Atul Gawande article, and obviously having every state
have different implementation is a type of impediment that I
think we want to think about as we move forward and really
harness the true power of this.
Also, we want to look at some of the surround, such as
health information exchanges, that can help these patients, in
a more positive way rather than--it is one thing to say, do not
give somebody opioids but when you look at mental health and
behavioral health, we also have great opportunities in
computerization to help the patients. So, we want to look at
both sides of them.
Senator Kaine. Great. Thank you. Thank you, Mr. Chairman.
The Chairman. Thank you, Senator Kaine.
Dr. Cassidy.
Senator Cassidy. Thank you all for being here. I often take
the position as a physician but today I will take the position
of the patient. Are apps going to be covered entities?
Dr. Rucker. Apps will not be covered entities unless they
are part of a covered entity or business associate. Unless they
are currently part. So, for example, if a provider----
Senator Cassidy. I get that. I just have a limited time.
Can they resell the data?
Dr. Rucker. That, at the moment, is a contractual thing to
be negotiated between the patient and the app----
Senator Cassidy. No that is not, again I----
Dr. Rucker. Subject to Federal Trade Commission----
Senator Cassidy. I do not mean to be rude, we have just got
limited time--he is going to wrap on me. And so, if I read down
it says, will you agree, after ten-page legalese. I mean I
realize that I have just given permission to an app to combine
my data with location data and, or to resale it to Facebook--
God knows what happens then. So is there any protection for the
patient from, because she is not going to, he is not going to
do that. I do not do it until finally now I do it. And now I do
not sign up for stuff. What do we do to protect that patient
from legalese dulling their mind to the fact that they just
gave away their family history?
Dr. Rucker. I think you raise a very real and major issue
here. And this is true of every app and everything on our
smartphone, right. I mean the data about us is constant. Every
browser you use uniquely identifies you on the entire planet as
we speak today. Under the rule, the OUF-2 provides security.
That is the authentication. So, the patient has to make a very
conscious decision to download the data to the app. That offers
an opportunity certainly for providers to give those warnings.
Once it is under the HIPAA right of access, then the broader
legal protections, we have a model consent notice that we
suggest using, but I think it is still an open area.
Senator Cassidy. Perhaps something for us to consider, what
would we require of the app in order to protect the patient.
Next, we are docs. You take a family history. It is not just
doctor and Mr. Braun whom I am taking history on, but I
actually end up knowing whether his mama had diabetes. You see
where I am going with that. Whether the brother had--I don't
know anything about him by the way. I could go into all sorts
of terrible things.
[Laughter.]
Senator Cassidy. When I give my permission for that medical
record to be downloaded, I am not sure patients understand how
much I have just gotten, even before talking about genetic
data, about somebody's family history. Do we have protections
on that, number one, and number two, can I say I want you to
download everything but not my medical--but not my family
history?
Dr. Rucker. That is a major problem. I have seen all of the
DNA sites, all the DNA testing sites. That is extremely
specific and extremely broad. The privacy issue you ranged
right now, there is some data segmentation for privacy
opportunities. We are optimistic that the market will provide
clarity here the same way that consumer branding helps with
things like banking, right. We do not just put our money
anywhere, we go to brands. We hope that a consumer economy will
drive this with trusted brands but at the moment the
prohibitions against secondary use of data are exactly as you
describe.
Senator Cassidy. Yes, that is I think we need to consider
that, because this is going to be a mess. And some people get a
loan charge right? So not everybody will have the kind of
ability to sort out.
Dr. Rucker. The one caveat I would put for you on that is,
right now you can infer health data from many non-health
records, right. You can infer from location of a clinic. You
can infer it from your credit card statements. You can infer
very specific health data from a lot of things. So, I think as
Congress thinks about secondary use of data, it really should
be a fairly broad consideration of that.
Senator Cassidy. Let me flip back to being a physician or
being an EHR vendor. If somebody requests--I got 10 data
elements including the family history and maybe including HIV
status. And I want to share all of this, but I do not want to
share my HIV status or my family history. I think that is going
to--I am assuming that is going to cost me, the provider, to
figure out how to send some but not all. Am I going to be
busted if I send too much or am I going to be busted if say, do
see where I am going with that? How is that going to be handled
and what would be the penalties if my EHR does not allow me to
do it, but I am a doc and I have been requested to not give the
family history?
Dr. Rucker. That is a significant challenge with data
segmentation for privacy. It is a brittle technology from a
computer science point of view. We have in our information
blocking provisions, provisions around what can actually be
computed, so there is a protection in there for the physicians
with those clauses.
Senator Cassidy. The physician would not be busted for
either not giving enough or giving too little if the EHR is
inadequate? Does the EHR get busted?
Dr. Rucker. Well, I think it is a joint challenge for both
the physician and for the EHR, and we believe in the
information blocking provisions that are up for public comment
now, that we have provisions there to help that. But as it is a
deeply complicated technical issue because of the way it
impacts the architecture of every data base field.
Senator Cassidy. I thank the Chairman and the Ranking
Member, and I look forward to those further hearings. And we
will have some more QFRs, questions for the record.
Thank you.
The Chairman. Thank you, Senator Cassidy. I think a good
subject for an early working group discussion would be, what
are the rules and who is in charge when a patient gives his or
her information to third party.
Senator Baldwin.
Senator Baldwin. Thank you, and I want to thank the
Chairman and Ranking Member for our continuing work on
implementation of the 21st Century Cures Act. I want to thank
both Dr. Rucker and Dr. Goodrich for your hard work to advance
this law with the recent proposed rules. The proposed rule from
ONC seeks to improve electronic health record quality by
allowing providers or patient safety organizations to share
screenshots for usability or safety reviews. I believe that
certainly basic transparency is essential to improving data
exchange on the quality and safety of patient care. However,
these screens do demonstrate how information is organized
within an electronic health record system, which could open up
opportunities for bad actors.
We have to figure out a way to guarantee that the effort to
improve safety and usability also protects information that
could be used to reverse engineer the system, reverse-engineer
the software or create malware frankly that could cause harm.
So, Dr. Rucker how do we strike that balance of permitting, if
necessary, screen sharing for legitimate purposes while also
protecting the IP, the Innovation, and the cyber security in
this arena?
Dr. Rucker. In the 21st Century Cures Act, there is a list
of very specific allowed uses of those screenshots that I think
goes back to a history of complaints about ``gag'' clauses. So,
in our proposed rule we enumerate through the specific list
that is in 21st Century Cures and do not allow sort of other
broader uses and actually call out the requirement to respect
intellectual property. So, if you are not using it for those
specific purposes, those are copyrighted, trade-mark owned
screens by the software developers.
You have to have a very specific purpose in mind to do
that, and broad reengineering of product as it has happened, as
would not be allowed under those provisions. The cyber security
we hope to have taken care of in large with some of the APIs by
using industry-standard, cyber security thing so that we are
not coming up with healthcare specific one-offs but actually
using the broad industry thing that would be used by any
industry protecting valuable information.
Senator Baldwin. I may have some follow-up on that. I want
to second move to an area explored by our Chairman in his
questioning relating to moving from the 2015 U.S. Core Data for
Interoperability to what appears to be a larger collection of
information EHI, electronic health information. The Chairman
was asking about where various health systems are with regard
to the 2015 U.S. Court Data for Interoperability and then the
impact of adding additional information.
My question for you Dr. Rucker is how do you reconcile the
ongoing industry work that is being done on this U.S. Core Data
set with these new requirements to comply with more expansive
standard for exporting EHI and if you could give a little bit
more descriptive information on what is a part of the expanded
EHI versus what was a part of the Core. And then, as you work
to finalize a rule that requires compliance with these
additional standards, how do you make sure that it is
manageable for interoperability?
Dr. Rucker. Yes. So, the U.S. Core Data for
Interoperability again, the change from the prior common
clinical data set is in getting the notes to patients and
identifying better who actually generated the note, which
believe it or not is sometimes very hard to know who put the
note into the chart as this gets to the Gawande type of issue.
There is a provision in Cures for all data download and that
provision was placed because I believe Congress heard
complaints that when folks switch from one EHR to another,
their data is locked into the old EHR and can't get to the new
one.
There are no current extant standards to allow that data to
be transmitted in any, I believe, really fundamentally usable
format as structured data, so the rules says other than just
giving the dictionary name of the term, it is just a simple
download without structure. It can be done idiosyncratically to
every system because there is no broader way of doing that.
That data, I think, will be very challenging to put into a
new system. I am guessing the folks who might be able to use
that are people who are using machine learning and natural
language processing to get at that data but that is a simple
right and does not have an enforceable data structure unlike
the U.S. Core Data for Interoperability. That is a very nuanced
technical issue but hopefully I have explained it. And it is a
complicated history.
The Chairman. Well that clears that up.
[Laughter.]
The Chairman. Thank you, Senator Baldwin.
Senator Burr.
Senator Burr. Thank you, Mr. Chairman. Dr. Rucker, Dr.
Goodrich thank you for being here. In 2016 my question to a
panel like this was how the hell you going to do this. I think
what you have heard is different variations of that going
around the room, difference is we are in 2019 and this is a
discussion that we started in 2013 about how do we get systems
to talk to other systems. 2015, there was a rule and one of you
said today, in 2019 the rule is being required.
Here is my problem, over the 2013 to 2019 timeframe, Dr.
Rucker, you know better than I do that technology innovation
has exploded. It runs at an unbelievable pace, and here we are
trying to set standards and set architecture of software, what
technology can offer us whether it is a doctor's office, a
hospitals, a provider that 12 months from now is going to be
obsolete because that is how fast technology is changing. A
good provider is going to constantly upgrade their technology
to match the capabilities, not all, and there becomes the
horror stories. That is not even getting into with Dr. Cassidy
is talking about which is data control.
Here is my question as it relates to apps. Are the apps
that you are talking about, are they holistic apps or do they
target on one disease, I have got diabetes, I have got an app
to help me manage my diabetes. Two, is there a holistic app,
one that manages my health care based upon all the data that
goes into it? And Dr. Goodrich, a third piece of that would be
has CMS looked through, my understanding then and now is
Meaningful Use, can you create an incentive for somebody to
utilize this. Have we looked at an incentive for that third-
party entity to create a platform that can manage an
individual's health care?
I think one of the problems that I keep running up against
is, I think the answer to the question I was asking, if
Government can get the hell out of the way, we will find a
solution to this. I think that gets to what Senator Braun said.
I think the private sector, the private sector sees a problem
and funds a solution to do it. Their business model makes some
change based upon technology.
Our problem is that we can't get rules through when the
technology that we are applying it to is in existence, and by
the time we get a rule through, technology has changed, it may
or may not apply. So, I know I have thrown a lot at you. I will
get both of you to comment on it.
Dr. Rucker. Yes. So, I think--so, I have been in the
computer science business for 30 years and I have seen these
things. I think for the first time we have API technology that
is pretty technically stable and broadly doable. That was not
the case in prior versions. Again, a long history there. So,
this is what is fueling the app economy broadly. Right now, to
your point, medical data is not accessible to most health apps,
to several hundred thousand apps out there who have not,
believe it or not, no access to medical data.
The entire point of what we are doing jointly is to allow
these apps in the market economy to incorporate the patient's
medical data into that. Some of them will incorporate a
holistic view. There are companies, Apple most notably largely,
there are small startups, my PatientLink, Humetrix, that are
taking a broad view. There are going to be other companies that
are going to be very disease-specific and focus on potentially
life-threatening or lethal diseases.
In an app economy, we see both of those happening and that
is the way we are designing it. We also have a number of
provisions to try to have standards evolve. All of the
standards we use actually are from the private sector so ONC is
not generating any standards whatsoever in this and we actually
maintain and curate the current private sector standards on an
ongoing basis. And we work a lot and we actually, some of our
budget, we actually used to fund key parts of the standards
organization to do this and to have the broadest public input
into the development of these standards.
Dr. Goodrich. Just quickly, I would absolutely agree with
Don that the timing is really right for this because of where
the state of play is with the standards, and I think it is a
good time to sort of take advantage of that and move the field
forward. You asked about the types of applications. I can tell
you through our Blue Button 2.0 experience, we now have 1,800
developers who are working in our sandbox which has synthetic
data to develop apps and we have twenty that are actually out
in production that Medicare beneficiaries are currently using.
And they kind of run the gamut, so everything from essentially
a personal health record and app that can function as a
personal health record for a Medicare beneficiary, to apps that
help beneficiaries find health plans or get them connected to
research studies, and as well as disease-specific apps.
It really does run the gamut and we have 7,000 Medicare
beneficiaries using these right now and have gotten very, very
positive feedback.
Senator Burr. Well, let me--if the Chairman will give me 30
more seconds to editorialize. Let me thank you for the work
that you have done. I am probably no less convinced that we are
going to get to the finish line today than I was in 2016,
though the tools that we have are much better. I saw providers,
insurers when they wanted to have a different outcome on
diabetes, they took the responsibility, internally with their
patients, their covered lives, to drastically change what they
provided to them.
It seems to me that is the most appropriate first place to
go is to create an incentive for the providers, those
individuals that are covered in lives, to do a holistic
approach to not just diabetes or a particular disease but to
manage their health care. And it is to their financial benefit
to do that and they are the ones that can certify the benefits
to the patients' overall health condition.
I want to ask you to clarify what you said but Dr. Rucker I
just wrote down a comment that you said, we have a lot of
incentives that are in the wrong places. Now, if I understood
it the way you said, for God's sakes, will you guys share with
us where it takes a legislative remedy to move the incentives
to the appropriate place? It is no longer good enough to have
them but have them in the wrong place where they cannot be
fully utilized. Thank you, Mr. Chairman.
The Chairman. Thank you, Senator Burr.
Senator Rosen.
Senator Rosen. Thank you. Well as a former software
developer and systems analyst, my head is spinning. I have some
questions I want to get to but what I want to say is this, is
absolutely nothing is more important or is more private or
precious than your personal medical data and history. Its
accuracy, its privacy and security must be part of any design,
and the monetization of your personal data may be not in your
best interest.
We have to be careful when we allow apps to design what
helps you or helps your family and what might hurt you through
the monetization or data brokerage. There are many things the
private sector can do that are so fantastic and there are also
ways that they can take this most private and precious
information and use it against you. So, what you are doing in
taking this approach is very important. But what I really
wanted to talk about today is a little bit about administrative
costs in your implementation timeline. And so, we know that we
have to improve our interoperability standards.
Maybe we have to create some--you talk about the data sets
to cannot be parsed. There are ways to fix that and that is for
a different conversation, but it is really important that
providers do have a complete and accurate background on their
patients. And so, we have to be careful though and consider the
full picture of the resulting administrative costs and the
practicality of the implementation, and what the benefits are,
how to mitigate the challenges.
Does the ability for the patients to access records,
schedule appointments, and contact their medical providers save
time and costs overall for physicians, medical office
personnel, and patients? Do you have data supporting how that
is helping when they are integrated and how you think they can
move to it in a particular way?
Dr. Rucker. We think that making all of this be with
relatively straightforward application programming interfaces
actually takes the burden off providers, right. The burden at
that point is to provide a secure end-point, right, rather than
having ongoing conversations, right. This is self-service,
right. It is literally like buying the airline ticket, right.
You do not need a gate agent to buy your ticket online, right.
So, we think that is very fundamental.
Totally agree with the privacy issues that we have
discussed but we do think that the application programming
interfaces will allow that to simplify. Most, we have
calculated that roughly 80 percent of American providers, their
EHR vendors already have these, what are called FHIR healthcare
interoperability interfaces up and running. Apple's version,
which uses the design standards that ONC has funded over the
years with the standards group, I believe has over a thousand,
several thousand providers who are on it as we speak.
Senator Rosen. It seems as if people are moving toward it.
It is helping the independent practice and our practices become
more integrated, but I do have a concern on the other hand,
that we must always be mindful about people who have barriers
to accessing their health information be it due to a lack of
internet access, technology, a disability, a disease. I talk
about my beloved father-in-law, his birthday, his 97th birthday
would have been this week, and he was a civil engineer for 50
years. Beautiful handwriting and drew bridges and all these
wonderful things, and when he got in his 80's, he had a tremor
and he couldn't see, and he could not use a computer.
His brain was fine, but he did not have the skills to do
that anymore. So, in your long-term planning, what are you
doing to help people who either do not have internet access, a
computer, physical barriers, emotional, mental, whatever those
are, dementia, etc. and may not have an advocate for them to be
on the computer. So, what are you doing to help those folks?
Dr. Rucker. Well we think that having industry standard
APIs will lead to the broader democratization of access here.
It is very interesting that in countries like India,
smartphones, right, are very--countries with vast limitations
in resources, they are actually using a smartphone technology
first.
Senator Rosen. Would that have helped--your Medicare
population is an older population.
Dr. Rucker. Obviously, for some disabilities unfortunately
the nature of the illness is that it is just part of the
illness, but we think in general the affordability and the
markets making access easier. There are all kinds of assistive
devices built into modern smartphones. Are probably going to be
better than trying to get on a bus or a cab or ride-sharing
service to go to the hospital and try to dig out your patient
record, which is the current.
Senator Rosen. Thank you. I appreciate it. I yield back my
time. Thank you.
The Chairman. Thank you, Senator Rosen.
Senator Romney.
Senator Romney. Thank you, Mr. Chairman and Ranking Member
for having this hearing and I appreciate also Dr. Rucker and
Dr. Goodrich for your testimony and the work that you are
doing. I would like--Senator Burr, I am somewhat skeptical and
have been somewhat skeptical but am more optimistic in
listening to you today. Skeptical in part because it struck me
that when Congress said, interoperability is a good thing, make
it so, it would be like saying to the Department of Energy, we
got to reduce greenhouse gas emissions, please do so. It is
like, well, how do you go about doing that? How big of a task
is that?
My background is in the private sector. I have seen
settings were two companies will come together, they had
different computer systems, and they wanted to make them talk
to each other and share data across the systems. It usually
takes years for that to happen, and even within two relatively
small companies, relative to the Government of the United
States, it takes hundreds of millions of dollars. So, the idea
of achieving interoperability through Government oversight
would be massively expensive, if not impossible, and would take
a long period of time.
I am drawn to the comments of the Chairman which is should
we do this out of phase basis. Senator Burr suggested perhaps
let the private sector deal with this over a longer period of
time, but you seem to have optimism that we can make progress
here. And I wonder exactly whether that is conceivable for us
to achieve standards that will allow systems to talk to each
other from one hospital system, for instance, to another
provider or whether that is frankly a bridge too far at this
stage.
I participated in the healthcare system called
Intermountain. It includes physicians in the group. It includes
the hospitals and so forth. It is interoperable. It works
extremely well, but to get it to communicate with let us say a
system in Detroit, would strike me as being a very intensive,
long-term process. Are we barking up the wrong tree here? Do we
have a shot of actually making this work? Should we make it a
more phase process? Is it a pitch too far? I am using a lot of
metaphors here. I am just suggesting how distant the goal may
be, but I am interested in your thoughts about whether we need
to rethink how we approach this goal of interoperability.
Whether we should, if you will, begin by restricting our sites
a little bit and by looking within current healthcare systems
as opposed to trying to reaching across systems across the
country and across different types of practices, and whether
instead we should move on a more, I guess standard-oriented
process as opposed to implementation process.
Interested in both of your comments in that regard.
Dr. Rucker. Yes, there is plenty of room for skepticism.
So, I started my computer science career building an EMR in
Windows 2.1, right. So, if anybody remembers what a serial port
is. So, the thought of sharing data was totally in the future.
The internet did not actually, I think, the first stack didn't
come until Windows '95. There are now hundreds of thousands of
apps out there, hundreds of thousands, using the RESTful Json
and the internet stacked share information. So, we know broadly
in the economy, this is absolutely doable. It is done, more
times than you can count in, many, many apps today.
The healthcare part is customizing this to healthcare so
the fast healthcare interoperability resource, which is
ultimately vocabulary exercise, there has been very rapid
progress on this FHIR protocol. ONC has supported that. CMS has
supported that. That gives, I think, us vast grounds for
optimism that we did not have the HL7 version 2 and its various
iterations and parts of version 3. So, I think the technology
has fundamentally changed and so we are moving. The U.S. Core
Data for Interoperability is a very limited set of data and I
know it is sometimes portrayed as an expansive set of data but
is actually a very limited set of data that we are starting out
with.
Dr. Goodrich. I would agree with everything Don has said,
and I will also reiterate that we have seen significant changes
over time. I mean, I started practicing medicine in the late
1990's, did not have an EMR, and increasingly, incrementally I
have seen the ability to get more and more information from
systems outside of my own, not necessarily complete information
but I can get information through my regional healthcare
exchange, is a great example of that.
I think based upon what Don said related to the standards
plus the health information exchanges that we are seeing around
the country where you are seeing the opening up of exchange
even in distant places. There is reason for optimism. I do
think the 21st Century Cures also is sort of a transformative
moment to be able to move forward in a way that we just haven't
been able to before. So yes, plenty of room for skepticism but
also more optimism than probably any of us would have had a
couple of years ago.
Senator Romney. Thank you.
The Chairman. Thank you, Senator Romney.
Senator Murray, do you have any further comments?
Senator Murray. I do not at the time. I want to thank both
of you. This is extremely complex and obviously we have seen a
lot of good things happen as a result of technology for patient
health. We have a lot challenges in front of us, whether it is
interoperability, blocking information gag clause, and we have
to talk about the developing issues that we are facing in the
ever-changing world of cyber security, and privacy, and data
stewardship. So, I look forward to continuing to work with you,
Mr. Chairman.
The Chairman. Thank you, Senator Murray. One thing that
occurs to me, is reassuring to me is to hear again how
important the 21st Century Cures Act has become in so many
different ways, and I think the Senators on this Committee and
staff should take a good deal of pride in that. And this is one
area for that. We did find before that sometimes having working
groups that would meet maybe every 90 days with an agenda, the
staff could let you know what the Senators are interested in,
Senators can come if they wished, and it would give us a way to
continue to keep up with you, to give you our suggestions, to
decide if we need to make any further legislative adjustments.
And really to create an environment in which you can succeed
which is what we want to do.
The issues, I hope you will keep in mind from this, are the
concern I have and others have balanced by what Senator Murray
said about, there is a need, we need to get on with information
blocking for the benefit of people but it is more important
that we end up where we want to go, not that we try to get
there faster than we can go. And so, taking lessons from
Meaningful Use 3 and just the general laws of human nature as
expressed by Senator Romney there, I think we would be wise to
keep our eyes open as we go along. And the other reason for
that, of course, is to work with providers, doctors, hospitals,
nurse practitioners or others, incorporate them into this so
they can buy into it and absorb it and make suggestions about
it.
There is concern about the what happens, who makes the
rules, and who is in charge when a patient gives information,
personal information to a third party. We need to talk more
about that. We were careful in the 21st Century Cures Act not
to be too prescriptive, wanting to leave with you many
decisions about how to go ahead, and I was hopeful that you
would not be too prescriptive, figuring that the reason we can
make airline flights on our phone is not because the Government
figured it out, but because we left room for somebody the
private sector to figure it out. And that is beginning to
happen. And as you solve problems, continuing to leave room for
the private sector to solve them for us, is a part of the art
of Government that I hope you continue to use.
Then finally, the physician burden and the burden on
providers is something I hope we keep in mind. I mean the whole
idea of this is to make it easier and less expensive not more
complicated and more expensive. And you have talked about your
own 30 years of experience with computers creating work and I
think about the effect of that. I was in South Dakota on Friday
and talking about how in rural areas, the electronic health
records and other requirements make it very difficult for a
smaller rural hospital to manage that, so it is easier for them
just to sell out to a big outfit, and that encourages
consolidation. And then we have the larger question of whether
consolidation of doctors and hospitals, all working for some
big outfit, increases competition and increases costs, or
simplifies things and lowers costs.
Keeping in mind ways to actually reduce the burden on
physicians, especially, is an important part of this. The
hearing record will remain open for 10 days. Members may submit
additional information for the record within that time if they
would like.
The Chairman. Thank you for being here. It has been a very
useful hearing. Thank you for your work on behalf of the
country, and the Committee will stand adjourned.
[Whereupon, at 11:28 a.m., the hearing was adjourned.]
[all]