Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Whitepaper: Is Windows 10 HIPAA Compliant?

Posted on February 22, 2017 I Written By

The following is a guest blog post by Steven Marco, CISA, ITIL, HP SA and President of HIPAA One®.
Steven Marco - HIPAA expert
HIPAA One has collaborated with Microsoft on a new whitepaper that addresses Windows 10 and HIPAA compliance.

The whitepaper, HIPAA Compliance with Microsoft Windows 10 Enterprise, provides guidance on how to leverage Microsoft Windows 10 as a HIPAA-compliant, baseline operating system for functionality and security. Additionally, the paper tackles head on (and debunks) the myth that Microsoft Windows is not HIPAA compliant.
In light of the recent focus on HIPAA enforcement actions; hospitals, clinics, healthcare clearinghouses and business associates are trying to understand how to manage modern operating systems with cloud features to meet HIPAA regulatory mandates. Along with adhering to HIPAA, many healthcare organizations are under pressure to broadly embrace the benefits of cloud computing and manage the security implications.

Microsoft has invested heavily in security and privacy technologies to address and mitigate today’s threats. Windows 10 Enterprise has been designed to be the most user-friendly Windows yet and includes deep architectural advancements that have changed the game when navigating hacking and malware threats. For this reason, organizations in every industry, including the Pentagon and Department of Defense have upgraded to Windows 10 Enterprise to improve their security posture. However, as with all software upgrades; functionality, security and privacy implications must be understood and addressed.

The intersection between HIPAA compliance and main stream applications can often be confusing to navigate. This industry-leading whitepaper addresses the questions and concerns that are currently top-of-mind for healthcare IT and legal professionals responsible for managing ePHI and maintain HIPAA compliance.

Download your copy today and learn now Microsoft Windows 10 Enterprise enables its users to meet and/or exceed their HIPAA Security and Privacy requirements.

About Steven Marco
Steven Marco is the President of HIPAA One®, leading provider of HIPAA Risk Assessment software for practices of all sizes.  HIPAA One is a proud sponsor of EMR and HIPAA and the effort to make HIPAA compliance more accessible for all practices.  Are you HIPAA Compliant?  Take HIPAA One’s 5 minute HIPAA security and compliance quiz to see if your organization is risk or learn more at HIPAAOne.com.

Consumers Fear Theft Of Personal Health Information

Posted on February 15, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Probably fueled by constant news about breaches – duh! – consumers continue to worry that their personal health information isn’t safe, according to a new survey.

As the press release for the 2017 Xerox eHealth Survey notes, last year more than one data breach was reported each day. So it’s little wonder that the survey – which was conducted online by Harris poll in January 2017 among more than 3,000 U.S. adults – found that 44% of Americans are worried about having their PHI stolen.

According to the survey, 76% of respondents believe that it’s more secure to share PHI between providers through a secure electronic channel than to fax paper documents. This belief is certainly a plus for providers. After all, they’re already committed to sharing information as effectively as possible, and it doesn’t hurt to have consumers behind them.

Another positive finding from the study is that Americans also believe better information sharing across providers can help improve patient care. Xerox/Harris found that 87% of respondents believe that wait times to get test results and diagnoses would drop if providers securely shared and accessed patient information from varied providers. Not only that, 87% of consumers also said that they felt that quality of service would improve if information sharing and coordination among different providers was more common.

Looked at one way, these stats offer providers an opportunity. If you’re already spending tens or hundreds of millions of dollars on interoperability, it doesn’t hurt to let consumers know that you’re doing it. For example, hospitals and medical practices can put signs in their lobby spelling out what they’re doing by way of sharing data and coordinating care, have their doctors discuss what information they’re sharing and hand out sheets telling consumers how they can leverage interoperable data. (Some organizations have already taken some of these steps, but I’d argue that virtually any of them could do more.)

On the other hand, if nearly half of consumers afraid that their PHI is insecure, providers have to do more to reassure them. Though few would understand how your security program works, letting them know how seriously you take the matter is a step forward. Also, it’s good to educate them on what they can do to keep their health information secure, as people tend to be less fearful when they focus on what they can control.

That being said, the truth is that healthcare data security is a mixed bag. According to a study conducted last year by HIMSS, most organizations conduct IT security risk assessments, many IT execs have only occasional interactions with top-level leaders. Also, many are still planning out their medical device security strategy. Worse, provider security spending is often minimal. HIMSS notes that few organizations spend more than 6% of their IT budgets on data security, and 72% have five or fewer employees allocated to security.

Ultimately, it’s great to see that consumers are getting behind the idea of health data interoperability, and see how it will benefit them. But until health organizations do more to protect PHI, they’re at risk of losing that support overnight.

Hybrid Entities Ripe For HIPAA Enforcement Actions

Posted on February 8, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As some readers will know, HIPAA rules allow large organizations to separate out parts of the organization which engage in HIPAA-covered functions from those that do not. When they follow this model, known as a “hybrid entity” under HIPAA, organizations must take care to identify the “components” of its organization which engage in functions covered by HIPAA, notes attorney Matthew Fisher in a recent article.

If they don’t, they may get into big trouble, as signs suggest that the Office for Civil Rights will be taking a closer look at these arrangements going forward, according to attorneys.  In fact, the OCR recently hit the University of Massachusetts Amherst with a $650,000 fine after a store of unsecured electronic protected health information was breached. This action, the first addressing the hybrid entity standard under HIPAA, asserted that UMass had let this data get breached because it hadn’t treated one of its departments as a healthcare component.

UMass’s troubles began in June 2013, when a workstation at the UMass Center for Language, Speech and Hearing was hit with a malware attack. The malware breach led to the disclosure of patient names, addresses, Social Security numbers, dates of birth, health insurance information and diagnoses and procedure codes for about 1,670 individuals. The attack succeeded because UMass didn’t have a firewall in place.

After investigating the matter, OCR found that UMass had failed to name the Center as a healthcare component which needed to meet HIPAA standards, and as a result had never put policies and procedures in place there to enforce HIPAA compliance. What’s more, OCR concluded that – violating HIPAA on yet another level – UMass didn’t conduct an accurate and thorough risk analysis until September 2015, well after the original breach.

In the end, things didn’t go well for the university. Not only did OCR impose a fine, it also demanded that UMass take corrective action.

According to law firm Baker Donelson, this is a clear sign that the OCR is going to begin coming down on hybrid entities that don’t protect their PHI appropriately or erect walls between healthcare components and non-components. “Hybrid designation requires precise documentation and routine updating and review,” the firm writes. “It also requires implementation of appropriate administrative, technical and physical safeguards to prevent non-healthcare components from gaining PHI access.”

And the process of selecting out healthcare components for special treatment should never end completely. The firm advises its clients review the status of components whenever they are added – such as, for example, a walk-in or community clinic – or even when new enterprise-wide systems are implemented.

My instinct is that problems like the one taking place at UMass, in which hybrid institutions struggle to separate components logically and physically, are only likely to get worse as healthcare organizations consolidate into ACOs.

I assume that under these loosely consolidated business models, individual entities will still have to mind their own security. But at the same time, if they hope to share data and coordinate care effectively, extensive network interconnections will be necessary, and mapping who can and can’t look at PHI is already tricky. I don’t know what such partners will do to keep data not only within their network, but out of the hands of non-components, but I’m sure it’ll be no picnic.

Consumers Want Their Doctors To Offer Video Visits

Posted on February 6, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A new survey by telemedicine provider American Well has concluded that many consumers are becoming interested in video visits, and that some of consumers would be willing to switch doctors to get video visits as part of their care. Of course, given that American Well provides video visits this is a self-interested conclusion, but my gut feeling is that it’s on target nonetheless.

According to the research, 72% of parents with children under 18 were willing to see a doctor via video, as well as 72% of consumers aged 45-54 and 53% of those over age 65. Americal Well’s study also suggests that the respondents see video visits as more effective than in-person consults, with 85% reporting that a video visit resolved their issues, as compared with 64% of those seeing a doctor in a brick-and-mortar setting.

In addition, respondents said they want their existing doctors to get on board. Of those with a PCP, 65% were very or somewhat interested in conducting video visits with their PCP.  Meanwhile, 20% of consumers said they would switch doctors to get access to video visits, a number which rises to 26% among those aged 18 to 34, 30% for those aged 35 to 44 and and 34% for parents of children under age 18.

In addition to getting acute consults via video visit, 60% of respondents said that they would be willing to use them to manage a chronic condition, and 52% of adults reported that they were willing to participate in post-surgical or post-hospital-discharge visits through video.

Consumers also seemed to see video visits as a useful way to help them care for ill or aging family members. American Well found that 79% of such caregivers would find this approach helpful.

Meanwhile, large numbers of respondents seemed interested in using video visits to handle routine chronic care. The survey found that 78% of those willing to have a video visit with a doctor would be happy to manage chronic conditions via video consults with their PCP.

What the researchers draw from all of this is that it’s time for providers to start marketing video visit capabilities. Americal Well argues that by promoting these capabilities, providers can bring new patients into their systems, divert patients away from the ED and into higher-satisfaction options and improve their management of chronic conditions by making it easier for patients to stay in touch.

Ultimately, of course, providers will need to integrate video into the rest of their workflow if this channel is to mature fully. And providers will need to make sure their video visits meet the same standards as other patient interactions, including HIPAA-compliant security for the content, notes Dr. Sherry Benton of TAO Connect. Providers will also need to figure out whether the video is part of the official medical record, and if so, how they will share copies if the patient request them. But there are ways to address these issues, so they shouldn’t prevent providers from jumping in with both feet.

Health IT Leaders Struggle With Mobile Device Management, Security

Posted on January 30, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A new survey on healthcare mobility has concluded that IT leaders aren’t thrilled with their security arrangements, and that a significant minority don’t trust their mobile device management solution either. The study, sponsored by Apple device management vendor Jamf, reached out to 550 healthcare IT leaders in the US, UK, France, Germany and Australia working in organizations of all sizes.

Researchers found that 83% or organizations offer smartphones or tablets to their providers, and that 32% of survey respondents hope to offer mobile devices to consumers getting outpatient care over the next two years.  That being said, they also had significant concerns about their ability to manage these devices, including questions about security (83%), data privacy (77%) and inappropriate employee use (49%).

The survey also dug up some tensions between their goals and their capacity to support those goals. Forty percent of respondents said staff access to confidential medical records while on the move was their key reason for their mobile device strategy. On the other hand, while 84% said that their organization was HIPAA-compliant, almost half of respondents said that they didn’t feel confident in their ability to adapt quickly to changing regulations.

To address their concerns about mobile deployments, many providers are leveraging mobile device management platforms.  Of those organizations that either have or plan to put an MDM solution in place, 80% said time savings was the key reason and 79% said enhanced employee productivity were the main benefits they hoped to realize.

Those who had rolled out an MDM solution said the benefits have included easier access to patient data (63%), faster patient turnaround (51%) and enhanced medical record security (48%). At the same time, 27% of respondents whose organizations had an MDM strategy in place said they didn’t feel especially confident about the capabilities of their solution.

In any event, it’s likely that MDM can’t solve some of the toughest mobile deployment problems faced by healthcare organizations anyway.

Health organizations that hope to leverage independently-developed apps will need to vet them carefully, as roughly one-quarter of these developers didn’t have privacy policies in place as of late last year. And the job of selecting the right apps is a gargantuan one. With the volume of health apps hitting almost 260,000 across the Google and Apple app marketplaces, it’s hard to imagine how any provider could keep up.

So yes, the more capabilities MDM systems can offer, the better. But choosing the right apps with the right pedigree strikes me as posing an even bigger challenge.

AMIA Asks NIH To Push For Research Data Sharing

Posted on January 23, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The American Medical Informatics Association has is urging leaders at the NIH to take researchers’ data sharing plans into account when considering grant proposals.

AMIA is responding to an NIH Request for Information (topic: “Strategies for NIH Data Management, Sharing and Citation”) was published in November 2016. In the RFI, it asked for feedback on how digital scientific data generated by NIH-funded research should be managed and disclosed to the public. It also asked for input on how to set standards for citing shared data and software.

In its response, AMIA said that the agency should give researchers “institutional incentives” designed to boost data sharing and strengthen data management. Specifically, the trade group suggested that NIH make data sharing plans a “scoreable” part of grant applications.

“Data sharing has become such an important proximal output of research that we believe the relative value of a proposed project should include consideration of how its data will be shared,” AMIA said in its NIH response. “By using the peer-review process, we will make incremental improvements to interoperability, while identifying approaches to better data sharing practices over time.”

To help the agency implement this change, AMIA recommended that applicants earmark funds for data curation and sharing as part of the grants’ direct costs. Doing so will help assure that data sharing becomes part of research ecosystems.

AMIA also recommends that NIH offer rewards to scholars who either create or contribute to publicly-available datasets and software. The trade group argues that such incentives would help those who create and analyze data advance their careers. (And this, your editor notes, would help foster a virtuous cycle in which data-oriented scientists are available to foster such efforts.)

Right now, to my knowledge, few big data integration projects include the kind of front-line research data we’re talking about here.  On the other hand, while few community hospitals are likely to benefit from research data in the near term, academic medical organizations are having a bit more luck, and offer us an attractive picture of how things could be.

For example, look at this project at Vanderbilt University Medical Center which collects and manages translational and clinical research data via an interface with its EMR system.

At Vanderbilt, research data collection is integrated with clinical EMR use. Doctors there use a module within the research platform (known as REDCap) to collect data for prospective clinical studies. Once they get their research project approved, clinicians use menus to map health record data fields to REDCap. Then, REDCap automatically retrieves health record data for selected patients.

My feeling is that if NIH starts pushing grantees to share data effectively, we’ll see more projects like REDCap, and in turn, better clinical care supported by such research. It looks to me like everybody wins here. So I hope the NIH takes AMIA’s proposal seriously.

E-Patient Update:  You Need Our Help

Posted on January 20, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

I just read the results of a survey by Black Book Research suggesting that many typical consumers don’t trust, like or understand health IT.

The survey, which reached out to 12,090 adult consumers in September 2016, found that 57% of those interacting with health IT at hospitals or medical practices were skeptical of its benefit. Worse, 87% said they weren’t willing to share all of their information.

Up to 70% of consumers reported that they distrusted patient portals, medical apps and EMRs. Meanwhile, while many respondents said they were interested in using health trackers, 94% said that their physicians weren’t willing or able to synch wearables data with their EMR.

On the surface, these stats are discouraging. At a minimum, they suggest that getting patients and doctors on the same page about health IT continues to be an uphill battle. But there’s a powerful tactic providers can use which – to my knowledge – hasn’t been tried with consumers.

Introducing the consumer health IT champion

As you probably know, many providers have recruited physician or nurse “champions” to help their peers understand and adjust to EMRs. I’m sure this tactic hasn’t worked perfectly for everyone who’s tried it, but it seems to have an impact. And why not? Most people are far more comfortable learning something new from someone who understands their work and shares their concerns.

The thing is, few if any providers are taking the same approach in rolling out consumer health IT. But they certainly could. I’d bet that there’s at least a few patients in every population who like, use and understand consumer health technologies, as well as having at least a sense of why providers are adopting back-end technology like EMRs. And we know how to get Great-Aunt Mildred to consider wearing a FitBit or entering data into a portal.

So why not make us your health IT champions? After all, if you asked me to, say, hold a patient workshop explaining how I use these tools in my life, and why they matter, I’d jump at the chance. E-patients like myself are by our nature evangelists, and we’re happy to share our excitement if you give us a chance. Maybe you’d need to offer some HIT power users a stipend or a gift card, but I doubt it would take much to get one of us to share our interests.

It’s worth the effort

Of course, most people who read this will probably flinch a bit, as taking this on might seem like a big hassle. But consider the following:

  • Finding such people shouldn’t be too tough. For example, I talk about wearables, mobile health options and connected health often with my PCP, and my enthusiasm for them is a little hard to miss. I doubt I’m alone in this respect.
  • All it would take to get started is to get a few of us on board. Yes, providers may have to market such events to patients, offer them coffee and snacks when they attend, and perhaps spend time evaluating the results on the back end. But we’re not talking major investments here.
  • You can’t afford to have patients fear or reject IT categorically. As value-based care becomes the standard, you’ll need their cooperation to meet your goals, and that will almost certainly include access to patient-generated data from mobile apps and wearables. People like me can address their fears and demonstrate the benefits of these technologies without making them defensive.

I hope hospitals and medical practices take advantage of people like me soon. We’re waiting in the wings, and we truly want to see the public support health IT. Let’s work together!

Healthcare Industry Leads In Blockchain Deployment

Posted on January 19, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A new study by Deloitte concludes that healthcare and life sciences companies stand out as planning the most aggressive blockchain deployments of any industry. That being said, healthcare leaders are far from alone in paying close attention to blockchain, which seems to be coming into its own as corporate technology.

According to Deloitte, 39% of senior executives at large US companies had little or no knowledge of blockchain technology, but the other 61% reported their blockchain knowledge level as broad to expert. The execs who were well-informed about blockchain told Deloitte that it would be crucial for both their company and industry. In fact, 55% of the knowledgeable group said their company would be at a competitive disadvantage if they failed to adopt blockchain, and 42% believed it would disrupt their industry.

Given this level of enthusiasm, it’s not surprising that respondents have begun to invest in blockchain internally. Twenty-eight percent of respondents said their company had invested $5 million of more in blockchain tech to date, and 10% reported investing $10 million or more. Not only that,  25% of respondents expected to invest more than $5 million in blockchain technology this year.

While the level of blockchain interest seems to be pronounced across industries studied by Deloitte, healthcare and life science companies lead the pack when it came to deployment, with 35% of industry respondents saying that their company expects to put blockchain into production during 2017.

All that being said, aggressive deployment may or may not be a good thing just yet. According to research by cloud-based blockchain company Tierion, the majority of blockchain technology isn’t ready for deployment, though worthwhile experiments are underway.

Tierion argues that analysts and professional experts are overselling blockchain, and that most of blockchain technology is experimental and untested. Not only that, its research concludes that at least one healthcare application – giving patients the ability to manage their health data – is rather risky, as blockchain security is shaky.

It seems clear that health IT leaders will continue to explore blockchain options, given its tantalizing potential for sharing data securely and flexibly. And as the flurry of interest around ONC’s blockchain research challenge demonstrates, many industry thought leaders take this technology seriously. If the winning submissions are any indication, blockchain may support new approaches to health data interoperability, claims processing, medical records, physician-patient data sharing, data security, HIEs and even the growth of accountable care.

If nothing else, 2017 should see the development of some new and interesting healthcare blockchain applications, and probably the investment of record new amounts of capital to build them. In other words, whether blockchain is mature enough for real time deployment or not, it’s likely to offer an intriguing show.

Patient Engagement Platforms Are 2017’s Sexiest Tech

Posted on January 3, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Over the last few months, I’ve become convinced that the predictable star of 2017 — population health management — isn’t going to be as hot as people think.

Instead, I’d argue that the trend to watch is the emergence of new technologies that guide, reach out to and engage with patients at key moments in their care process. We’re at the start of a period of spectacular growth for patient engagement platforms, with one analyst firm predicting that the global market for these solutions will hit $34.94 billion by 2023.

We all seem to agree already that we need to foster patient engagement if we want to meet population health goals. But until recently, most of the approaches I’ve seen put in place are manual, laborious and resource-intensive. Yes, the patient portal is an exception to that rule – and seems to help patients and clinicians connect – but there’s only so much you can do with a portal interface. We need more powerful, flexible solutions if we hope to make a dent in the patient engagement problem.

In the coming year, I think we’ll see a growing number of providers adopt technology that helps them interact and engage with patients more effectively. I’m talking about initiatives like the rollout of technology by vendor HealthGrid at ColumbiaDoctors, a large multispecialty group affiliated with Columbia University Medical Center, which was announced last month.

While I haven’t used the technology first hand, it seems to offer the right functions, all available via mobile phone. These include pre- and post-visit communications, access to care information and a clinically-based rules engine which drives outreach regarding appointments, educations, medications and screening. That being said, HealthGrid definitely has some powerful competitors coming at the same problem, including the Salesforce.com Health Cloud.

Truth be told, it was probably inevitable that vendors would turn up to automate key patient outreach efforts. After all, unless providers boost their ability to target patients’ individual needs – ideally, without hiring lots of costly human care managers – they aren’t likely to do well under value-based payment schemes. One-off experiments with mobile apps or one-by-one interventions by nurse care coordinators simply don’t scale.

Of course, these technologies are probably pretty expensive right now – as new tech in an emerging market usually is — which will probably slow adoption somewhat. I admit that when I did a Google search on “patient engagement solutions,” I ran into a vendor touting a $399 a month option for doctors, which isn’t too bad if it can actually deliver. But enterprise solutions are likely to be a big investment, and also, call for a good deal of integration work. After all, if nothing else, health systems will want to connect patient engagement software to their back-office systems and EMR, at minimum, which is no joke.

Still, to my mind there’s little question that patient engagement technologies are going to be the sexiest health IT niche to watch in 2017, one which will generate major buzz in healthcare boardrooms across the country. Whether you invest or not, definitely watch this space.

ONC Takes Another Futile Whack At Interoperability

Posted on January 2, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

With the New Year on its way, ONC has issued its latest missive on how to move the healthcare industry towards interoperability. Its Interoperability Standards Advisory for 2017, an update from last year’s version, offers a collection of standards and implementation specs the agency has identified as important to health data sharing.

I want to say at the outset that this seems a bit, well, strange to me. It really does seem like a waste of time to create a book of curated standards when the industry’s interoperability take changes every five minutes. In fact, it seems like an exercise in futility.

But I digress. Let’s talk about this.

About the ISA

The Advisory includes four technical  sections, covering a) vocabulary/code sets/terminology, b) content/structure standards and implementation specs, c) standards and implementation specs for services and d) models and profiles, plus a fifth section listing ONC’s questions and requesting feedback. This year’s version takes the detailed feedback the ONC got on last year’s version into account.

According to ONC leader Vindell Washington, releasing the ISA is an important step toward achieving the goals the agency has set out in the Shared Nationwide Interoperability Roadmap, as well as the Interoperability Pledge announced earlier this year. There’s little doubt, at minimum, that it represents the consensus thinking of some very smart and thoughtful people.

In theory ONC would appear to be steaming ahead toward meeting its interoperability goals. And one can hardly disagree that it’s overarching goal set forth in the Roadmap, of creating a “learning health system” by 2024 sounds attractive and perhaps doable.

Not only that, at first glance it might seem that providers are getting on board. As ONC notes, companies which provide 90% of EHRs used by hospitals nationwide, as well as the top five healthcare systems in the country, have agreed to the Pledge. Its three core requirements are that participants make it easy for consumers to access their health information, refrain from interfering with health data sharing, and implement federally recognized national interoperability standards.

Misplaced confidence

But if you look at the situation more closely, ONC’s confidence seems a bit misplaced. While there’s much more to its efforts, let’s consider the Pledge as an example of how slippery the road ahead is.

So let’s look at element one, consumer access to data. While agreeing to give patients access is a nice sentiment, to me it seems inevitable that there will be as many forms of data access as there are providers. Sure, ONC or other agencies could attempt to regulate this, but it’s like trying to nail down jello given the circumstances. And what’s more, as soon as we define what adequate consumer access is, some new technology, care model or consumer desire will change everything overnight.

What about information blocking? Will those who took the Pledge be able to avoid interfering with data flows? I’d guess that if nothing else, they won’t be able to support the kind of transparency and sharing ONC would like to see. And then when you throw in those who just don’t think full interoperability is in their interests – but want to seem as though they play well with others – you’ve pretty much got a handful o’ nothing.

And consider the third point of the Pledge, which asks providers to implement “federally recognized” standards. OK, maybe the ISA’s curated specs meet this standard, but as the Advisory is considered “non-binding” perhaps they don’t. OK, so what if there were a set of agreed-upon federal standards? Would the feds be able to keep up with changes in the marketplace (and technology) that would quickly make their chosen models obsolete? I doubt it. So we have another swing and a miss.

Given how easy the Pledge is to challenge, how much weight can we assign to efforts like the ISA or even ONC’s long-term interoperability roadmap? I’d argue that the answer is “not much.” The truth is that at least in its current form, there’s little chance the ONC can do much to foster a long-term, structural change in how health organizations share data. It’d be nice to think that, but thinking doesn’t make it so.