HIMSS19: Private sector catch-up, patient matching and standard APIs dominate first full day

ORLANDO, Florida — Attending HIMSS without discussing interoperability would be like swimming without getting wet.

The packed Orange County Convention Center was buzzing Tuesday over the nearly 1,000 pages of proposed rules meant to foster interoperability and improve care coordination that HHS dropped a day earlier.

The sweeping and long-awaited proposals would require some health plans to provide patients with free electronic access to their medical records and makes hospitals responsible for electronic notification when a patient is admitted or discharged. They also push the industry to adopt standard application programming interfaces and define what constitutes information blocking.

Below are highlights of reaction from the meeting of more than 45,000 tech executives, policy wonks and government staffers as the country's largest health IT conference kicked off.

Private sector needs to step up its game

Current and former regulators from across the political spectrum agreed the industry is woefully behind in meeting health IT requirements after the federal government poured billions of dollars into incentivizing the Meaningful Use regulation for certified EHR technology.

Karen DeSalvo, a former National Coordinator for Health Information Technology under President Barack Obama, came to Washington during the implementation of HITECH and Meaningful Use Stage 2. The government "put the consumer right at the center very deliberately" in those plans, DeSalvo said, shifting away from a focus on Meaningful Use as a technology and toward the "person we're meant to serve."

But the industry hasn't following the fed's lead, attendees argued.

"The private sector's now behind the government," Mike Leavitt, former HHS secretary under President George W. Bush and founder of Leavitt Partners, said.

Aneesh Chopra, who served as the country's first Chief Technology Officer under Obama, said the presumption was that Meaningful Use and HITECH would be a catalyst for industry action. "The government would do the initial work but we'd have private sector collaboration and creativity," Chopra said before providing what he called some sobering context: health IT providers haven't added a "single bit of clinical, additional information than what [the government] minimally required in 2010."

The new rules are critical, Chopra (now the president of analytics company CareJourney) said, to build off the foundations he and DeSalvo finessed in the early 2000s.

CMS administrator Seema Verma agreed. "In this particular instance, the industry was not doing what was important, what was needed, for patients and for the healthcare system," she said.

The CMS chief seemed to take a thinly veiled shot at Epic during her keynote address late Tuesday afternoon. "Let me be clear — the idea that patient data belongs to providers or vendors, is an epic misunderstanding. Patient data belongs to patients, period," she said.

Some think that however the interoperability push began, there's still hope for collaboration.

"I often love the public-private partnership here," Greg Moore, VP of healthcare for Google Cloud, told Healthcare Dive. "I love that we have rulemaking bodies that really nudge this ecosystem forward on behalf of patients and I also love the brashness of tech, large and small, saying, 'Hey, we're going to provide tech to make this a lot easier.'"

Hospitals push back

Verma said CMS is using the strongest incentive it has to push hospitals to electronically notify provider care teams every time a patient is admitted, discharged or transferred to another care setting: the threat of not being able to participate in Medicare and Medicaid.

"This is a small step in improving the discharge process for patients and their care teams, but it's a significant first phase of the policies we are proposing," Verma said.

Verma signaled in her keynote she wants CMS to go even further to require an entire medical record set to follow the patient when they leave a hospital.

But AHA says the electronic event notification requirement is not something it can support as a condition of participating in federal government health programs.

"We believe that CMS already has better levers to ensure the exchange of appropriate health information for patients. We recommend the agency focus on building this exchange infrastructure rather than layering additional requirements on hospitals," Ashley Thompson, AHA SVP for public policy analysis and development, said in a statement.

Another provider concern is that ONC's stipulations around information blocking will lead to a slew of legal challenges, but ONC contends its standards group worked to tread the fine line between privacy and security, and accessibility.

"Under HIPAA, when patients access their data and download it into an app, it is true that that they then control the data and that data is not in HIPAA, right," ONC National Coordinator Don Rucker said Tuesday. "First of all, it's a very paternalistic approach to the world [thinking the apps won't be secure]. I don't personally believe the providers have a legal risk when they provide patients their HIPAA rights."

Standardized APIs are crucial

APIs that are FHIR (Fast Healthcare Interoperability Resources) compliant provide a technical architecture for interoperability to build from, so it's good ONC is proposing all APIs become standardized as soon as possible, multiple HIMSS attendees said.

"APIs and their use and the cleverness that they afford has transformed almost every major industry in the United States," ONC National Coordinator Don Rucker told media in a closed briefing Tuesday. "While healthcare is a heavily regulated, densely regulated industry, the arbitrage opportunities in healthcare are arguably vastly larger than any other sector of the economy."

A lot happens in a doctor's visit, involving multiple parties, so an agreed-upon interface is necessary, said Graham Gardner, CEO of provider management company Kyruus.

"In healthcare, in order to schedule [an appointment], you need prior authorization, you need that real-time capability, you need to understand what a clinician's practice is," Gardner told Healthcare Dive, stressing interoperable APIs are key to streamlining these processes.

And it's not hard to become FHIR compliant, according to Chopra, as it's just a matter of agreeing "how XYZ vendor can share a common language." Once the language is standardized, transmitting data between all sorts of disparate systems could be quite easy. "These things can be done in months — weeks if we’re lucky," he said.

Concerns over interoperability before patient identification, matching

CMS, in its proposed regulation, said it would defer to ONC when it comes to patient identification and matching people with the correct records.

But old ways of identifying patients are, well, old, experts say. "People who believe passwords are secure are deluded," Rucker joked Tuesday, listing smartphone usage, referential matching and biometrics as potential identification options providers could implement.

More concern at HIMSS and in industry groups, though, was reserved for patient matching.

"In other industries if you mistakenly merge two records, patients and people may not get hurt by it," Ben Moscovitch of the Pew Charitable Trust said. In healthcare, a mistake could "actually cause direct patient harm."

Verato CEO Mark LaRow said rushing toward connecting systems without addressing the underlying patient challenges means a lot of data will exist without any way to structure or verify whom it belongs to.

But that'll remain a concern no matter what, Rucker said, adding that "patient matching at its heart is a probabilistic activity… it's fundamentally a math play."

But, Rucker continued, "there are a number of vendors we are hearing about and have had talks with who are in a position to provide patient matching solutions on a national scale and are already identifying Americans on well over the order of 100 million in their systems." Such companies include Experian and LexisNexis.

Patient matching is a focus for Congress, which asked the Government Accountability Office to study the issue and provide recommendations last year.

"Our research has indicated federal action to take steps on standardizing demographic data can help match records" such as linking address to U.S. Postal Service codes, Moscovitch said.

"We've already identified certain pieces of data that are important in patient matching and we specified that in the 2015 edition transition of care criteria," Michael Lipinski, division director for federal policy and regulatory affairs at ONC, told Healthcare Dive. But the agency is clearly interested in outside feedback, including an RFI on the subject in its rule.

David Lim contributed reporting.