Promised health records exchange faces rough road to reality

The third time may not be the charm. For years now, we’ve been hearing about federal ambitions to have health care providers share patient records, and we’re currently on the third federal effort to create a network of health records exchange system. In truth, a fax is still the only reliable way organizations can share records. There are a lot of reasons — some not technical — for this inability, but the two most prominent are lack of a common data format and lack of common transports to get the data in and out.

Now that deadlines are fast approaching for health providers to stand up electronic health records (EHR) systems and say good-bye to paper record-keeping, the critical mass of health data to be shared will soon be here — but not the ways to accomplish it. The good news is that several approaches have been proposed, all piloted and even implemented in scattershot deployments. The bad news is that the sorting-out period could take years, if not a decade to complete itself.

[ Also on InfoWorld: Patient engagement will be tough task for health tech. | The iPad revolution is coming to a hospital near you | iPads have won the hospitals, but Android may win the patients | 6 innovations that will change health care | Subscribe to InfoWorld’s Consumerization of IT newsletter today. ]

And for a variety of political reasons, the federal government is unlikely to dictate a standard to cut short this prolonged wait. Because the feds aren’t likely to mandate EHR interchange standards, the best hope is a set of requirements that comes from an industry association such as the massive Healthcare Information and Management Systems Society (HIMSS), says Justin Steinman, vice president of marketing at GE Health.

You’ve no doubt heard about the promise of digital health records: If you go to the ER, the staff can access your health records from your primary care provider and discover any allergies or medical conditions while you’re unconscious or incoherent — or plain unaware. After you’ve been treated, that new medical data is sent back to your primary care provider so that there’s a complete database of your medical information. Likewise, if you’re sent to a specialist, that specialist has access to your whole record to help prevent conflicting treatments or understand issues that may contribute to your ailment that aren’t otherwise obvious. Again, any treatment provided there is fed back to your master health record. Today, this data exchange is handled by fax, if relayed at all.

What stands in the way of health data exchange But that promise is not the reality, even at providers that have implemented EHRs. There are several reasons:

• There are standards for medical billing — the prime reason the feds pushed EHRs was to streamline billing and to detect Medicare fraud, which insurers were happy to tap in to reduce their own payouts — but not for the medical records themselves. Thus, one EHR typically can’t export to or import from another EHR, even if from the same EHR vendor. “There’s no real reconciliation model yet for the data,” says Justin Barnes, vice president of government affairs at EHR vendor Greenway and past chairman of the EHR vendors’ association.
• There’s no standard API for the file transfer itself, either.
• There is no universal medical ID that lets EHRs match up patients even when they can share data. Federal law prohibits such a national ID, so providers have to manually match and confirm the records. If you have a name like mine, that’s easy. But if you’re named Henry Collins or Maria Gonzalez, good luck.
• Providers have to verify that the patient has given consent for the use of that medical data (the HIPAA rules) by others in non-emergency situations, and the so-called consent management process is even more fractured than the system around medical records.
• State laws and requirements differ on medical records (especially around areas such as drug and alcohol treatment, pregnancy, and HIV) and what can be shared, so cross-state sharing is further complicated.
• The organizations that have been set up to facilitate EHR data exchange across providers — known originally as regional health information organizations (RHIOs), then as health information organizations (HIOs), and now as health information exchanges (HIEs) — are a motley lot, with highly variable data mapping capabilities that make reliance on them a crap shoot. Worse, many refuse to take legal responsibility for the data they map and transmit — they tend to be small companies operating on thin margins — which means many providers refuse to use them.
• That trust issue extends to providers, notes Mac McMillan, CEO of health care security consultancy Cynergistek. EHRs have a standard for information management that includes security, but other medical systems — inside hospitals, at insurers, and at HIEs — do not. There’s no trusted environment for the data that providers keep, yet they’re held responsible if the information is used outside of patient consent rules. McMillan notes that 30 percent of hospitals have no information security officer and overall security spend at hospitals is less than half that of other regulated industries such as finance.
• There’s no consensus on how to handle patient-generated data, such as from at-home blood pressure monitoring or from fitness tools like the Fitbit. Including this data in the formal medical record carries legal risks for providers: Is it accurate? Should they monitor it closely? How should they act on it, if at all? Because formal medical records can never be deleted per law, what happens to dubious or bad data? But not having access to it deprives providers of context that could be useful. In any event, such personal health records (PHR) are today outside any EHR data-sharing plans.
• There’s no strong business case for health data interchange. “Hospitals don’t want to lose patients or share care — and thus revenue,” says Dr. Wayne Guerra, marketing chief at mobile health app maker iTriage and contributor to the Mobile HIMSS Roadmap, which is meant to help hospitals deliver on patient engagement via wireless and mobile devices. Benefits today mainly accrue to patients. A change to pay-for-performance will shift the balance so that providers benefit too.

Where technology can help today Some of these barriers are political issues that technology can’t solve; at best it can work around them, such as through pattern matching to narrow down potential patient ID matches. But there are technology efforts under way to help.

The two largest medical providers in the United States (the Defense Department and the Veterans Administration) now have a common backbone, EHR interchange format, and connectivity APIs, based on a software-oriented architecture (SOA) services approach — a once-hot notion well suited for dealing with federated systems. Their populations have a lot of overlap, so the integration makes sense. Dealing with just two providers means the name-matching is easier than in a multiprovider system, such as across a state or across the country.

The company that built it, Harris Healthcare Solutions, hopes that over time it will become a de facto national HIE, creating a center of gravity that EHR vendors adapt to, says Dr. Vishal Agrawal, Harris Healthcare’s CEO. Separately, a few years ago the VA and Kaiser Permanente — the largest medical provider that acts as its own insurer — began working on a common interchange system, as the two organizations were the pioneers in EHRs and have significant patient overlap.

In the meantime, Agrawal says, there are two models that can be used in today’s more locally oriented health data exchange — that is, between providers in the same town or area, which is the geographic range of most patients’ care.

• Unified view: Just as an iPhone, BlackBerry, or Android device can show a unified email inbox drawing from separate email accounts, so can EHRs. Instead of exchanging data across multiple systems to keep records complete and updated, this approach pulls the separate data into a metalayer that assembles a common view. Thus, providers can see a master record though one doesn’t actually exist. As with email, each “account” resides only with that provider. This approach works when just a few entities are involved, Agrawal says, due to the communications overhead of a real-time pull from all sources. He suggests it to providers with remote clinics, so those clinics don’t have to carry the massive data storage of the main hospital.
• Replicated data: Although the numbers are declining, it’s still common for private physicians to affiliate with one or more hospitals when treating patients for specialty issues. Such small shops can’t afford massive EHR systems but need access to the central EHR data for specific patients, and their treatments tend to be unrelated to the rest of the care given the patient. Replicating the data to such providers as needed and replicating the data on their treatments back to the main hospital makes sense, Agrawal says. “Of course, this approach can’t be immediate. But most information [in this scenario] is not urgent, so that’s OK.”

What doesn’t work is the notion of a master database, says Agrawal. There’s simply no way to have one repository of a patient’s medical records that all providers can access and update. The U.S. legal framework doesn’t support it, and such a massive database would be, to put it mildly, a very tough technical challenge to build, run, and maintain.

Blue Button to the rescue? The feds seem to be encouraging a common health information standard by promoting the VA’s Blue Button effort, which provides a download format for a patient’s entire medical record. The successor Blue Button Plus adds a human-readable requirement and a standard for the information transmission. Blue Button Pus is not mandated by the Health and Human Services Department’s Office of the National Coordinator (ONC), which sets the rules on EHRs and so-called patient engagement standards.

But it’s clear that the feds are suggesting it as a common platform for the health care industry to adopt, given that the industry has yet to do so on its own. EHR providers are now beginning to incorporate Blue Button Plus, but most insurers and many health care providers have not come on board, says Greenway’s Barnes. “The Big Blue Button download becomes the common conduit,” says GE Health’s Steinman, “but there are still too many export standards right now. It’s like financial services 10 years ago.”

This article, “Promised health records exchange faces rough road to reality,” was originally published at InfoWorld.com. Read more of Galen Gruman’s Smart User blog. For the latest business technology news, follow InfoWorld.com on Twitter.