Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Health IT Group Raises Good Questions About “Information Blocking”

Posted on September 8, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she’s served as editor in chief of several healthcare B2B sites.

The 21st Century Cures Act covers a great deal of territory, with provisions that dedicate billions to NIH funding, Alzheimer’s research, FDA operations and the war on opioid addiction. It also contains a section prohibiting “information blocking.”

One section of the law lists attempts to define information blocking, and lists some of the key ways healthcare players drag their feet when it comes to data sharing. The thing is, some industry organizations feel that these provisions raise more questions than they answer.

In an effort to nail things down, a trade organization calling itself Health IT Now has written to the HHS Office of Inspector General and ONC head Donald Rucker, MD, asking them to issue a proposed rule answering their questions.  Parties signing the letter include a broad range of healthcare and health IT organizations, including the American Academy of Family Physicians, athenahealth, DirectTrust, AMIA, McKesson and Oracle.

I’m not going to list all the questions they’ve asked. You can read the entirety yourself. However, I will share two questions and offer responses of my own. One critical question is:

  • What is information blocking and what is not?

I think most of us know what the law is trying to accomplish, e.g. foster the kind of data sharing needed to accomplish key research and patient care outcomes goals. And the examples of what it considers information blocking make sense:

  • Practices that restrict authorized access, exchange, or use [of health data] under applicable State or Federal law
  • Implementing health information technology in nonstandard ways that are likely to substantially increase the complexity or burden of accessing exchanging or use of electronic health information
  • Implementing health information technology in ways that are likely to lead to fraud, waste, or abuse, or impede innovations and advancements health information access, exchange, and use

The problem is, there are many more ways to hamper the sharing of electronic health data. The language used in the law can’t anticipate all of these strategies, which leaves compliance with the law very much open to interpretation.

This, logically, leads to how businesses can avoid running afoul of the law:

  • The statute institutes penalties on vendors to $1 million per violation. How should “per violation” be defined?

    Given the minimum detail included in the legislation, this is a burning question. Vendors need to know precisely whether they’re in the clear, violated the statute once or flouted it a thousand times.

After all, vendors may violate the statute

  • When they refuse data access to one individual within a business one time
  • When they don’t comply with a specific organization’s request regardless of how many employees were in contact
  • When a receiving organization doesn’t get all the data requested at the same time
  • When the vendor asks the receiving organization to pay an administrative fee for the data
  • When individuals try to access data through the web and find it difficult to do so

Would a vendor be on the hook for a single $1 million fine if it flat out refused to share data with a client?  How about if it refused twice rather than once? Are both part of the same violation?

Does the $1 million fine apply if the vendor inadvertently supplies corrupted data? If so, does the fine still apply if the vendor attempts to remedy the problem? How long does the vendor have to respond if they are informed that the data isn’t readable?

What about if dozens or even hundreds of individuals attempt to access data on the web can’t do so? Has the vendor violated the statute if it has an extended web outage or database problem, and if so how long does it should have to get web-based data access back online? Does each attempt to access the data count as a violation?

What standard does the statute establish for standard vs. non-standard data formats?  Could a vendor be cited once, or more than once, for using a new and emerging data format which is otherwise respected by the industry?

As I’m sure you’ll agree, these are just some of the questions that need to be answered before any organization can reasonably understand how to comply with the law’s information blocking provisions. Asking regulatory agencies to clarify their expectations is more than reasonable.

DirectTrust, CHIME Deal Not All It’s Cracked Up To Be

Posted on September 7, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she’s served as editor in chief of several healthcare B2B sites.

Recently, CHIME and DirectTrust announced a deal that sounded pretty huge on the surface. In a joint press release announcing the agreement, the two organizations said they had agreed to work together “to promote the universal deployment of the Direct Trust framework and health information exchange network as the common electronic interface for health information exchange across the U.S.”

Their plans include making the Direct exchange network available anywhere they can, including hospitals, medical practices, pharmacies, labs, long-term care facilities, payers, insurers and health departments, and to top it off, on applications. If things go the way they planned, you’ll hardly be able to kick a health IT rock without finding Direct under it.

As I noted earlier this year, DirectTrust is on something of a roll. In May, it noted that the number of health information service providers who engaged in Direct exchanges grew to almost 95,000 during the first quarter of this year. That’s a 63% increase versus the same period in 2016. The group also reported that the number of trusted Direct addresses which could share PHI grew 21%, to 1.4 million, and that there were 35.6 million Direct exchange transactions during the quarter, up 76% over the same period last year.

Sounds good. But let’s not judge this in a vacuum. For example, on the same day DirectTrust released its first quarter results, the Sequoia Project kicked out a press release touting its performance. In the release, Sequoia noted that its Carequality initiative was under full steam, with more than 19,000 clinics, 800 hospitals and 250,000 providers using the Carequality Interoperability Framework to share health data.

In considering the impact of Carequality, let’s not forget that late last year it connected with rival interoperability group CommonWell Health Alliance. I don’t know if you can say that interoperability effort can corner a market– the organizations using the rival health data sharing networks probably overlap substantially—but it’s certainly an interesting development. While the two organizations were both allied with a leading EMR vendor (CommonWell with Cerner and Carequality with Epic), the agreement has effectively brought the muscle of the two EMR giants together.

I guess it’s fair to say that the Carequality alliance and DirectTrust may own interoperabililty for now, rivaled only by the stronger regional HIEs.  That’s pretty impressive, I admit. Also, it’s interesting to see an accepted health IT organization like CHIME throw its weight behind Direct. I wouldn’t have expected CHIME to dive in here.

That being said, when you get down to it, none of the groups’ capacity for sharing health data is as great as it sounds. For example, if Epic’s Care Everywhere exchange only transmits C-CDA records, you have to ask yourself if Carequality is working at a higher level. If not, we’re in “meh” territory.

Bottom line, it seems clear that these organizations are winning the battle for interoperability mindshare. Both seem to have made a fair amount of progress. But between you and me in the lamppost, let’s not get excited just yet.

Direct, Sequoia Interoperability Projects Continue To Grow

Posted on May 15, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she’s served as editor in chief of several healthcare B2B sites.

While its fate may still be uncertain – as with any interoperability approach in this day and age – the Direct exchange network seems to be growing at least. At the same time, it looks like the Sequoia Project’s interoperability efforts, including the Carequality Interoperability Framework and its eHealthExchange Network, are also expanding rapidly.

According to a new announcement from DirectTrust, the number of health information service providers who engaged in Direct exchanges increased 63 percent during the first quarter of 2017, to almost 95,000, over the same period in 2016.  And, to put this growth in perspective, there were just 5,627 providers involved in Q1 of 2014.

Meanwhile, the number of trusted Direct addresses which could share PHI grew 21 percent, to 1.4 million, as compared with the same quarter of 2016. Again, for perspective, consider that there were only 182,279 such addresses available three years ago.

In addition, the Trust noted, there were 35.6 million Direct exchange transactions during the quarter, up 76 percent over the same period last year. It expects to see transaction levels hit 140 million by the end of this year.

Also, six organizations joined DirectTrust during the first quarter of 2017, including Sutter Health, the Health Record Banking Alliance, Timmaron Group, Moxe Health, Uticorp and Anne Arundel Medical Center. This brings the total number of members to 124.

Of course, DirectTrust isn’t the only interoperability group throwing numbers around. In fact, Seqouia recently issued a statement touting its growth numbers as well (on the same day as the Direct announcement, natch).

On that day, the Project announced that the Carequality Interoperability Framework had been implemented by more than 19,000 clinics, 800 hospitals and 250,000 providers.

It also noted that its eHealth Exchange Network, a healthcare data sharing network, had grown 35 percent over the past year, connecting participants in 65 percent of all US hospitals, 46 regional and state HIEs, 50,000 medical groups, more than 3,400 dialysis centers and 8,300 pharmacies. This links together more than 109, million patients, Sequoia reported.

So what does all of this mean? At the moment, it’s still hard to tell:

  • While Direct and Sequoia are expanding pretty quickly, there’s few phenomena to which we can compare their growth.
  • Carequality and CommonWell agreed late last year to share data across each others’ networks, so comparing their transaction levels to other entities would probably be deceiving.
  • Though the groups’ lists of participating providers may be accurate, many of those providers could be participating in other efforts and therefore be counted multiple times.
  • We still aren’t sure what metrics really matter when it comes to measuring interoperability success. Is it the number of transactions initiated by a provider? The number of data flows received? The number of docs and facilities who do both and/or incorporate the data into their EMR?

As I see it, the real work going forward will be for industry leaders to decide what kind of performance stats actually equate to interoperability success. Otherwise, we may not just be missing health sharing bullseyes, we may be firing at different targets.

Eyes Wide Shut – Managing Multi-EMR Meaningful Use Stage 2 Is Hard

Posted on October 2, 2013 I Written By

Mandi Bishop is a hardcore health data geek with a Master’s in English and a passion for big data analytics, which she brings to her role as Dell Health’s Analytics Solutions Lead. She fell in love with her PCjr at 9 when she learned to program in BASIC. Individual accountability zealot, patient engagement advocate, innovation lover and ceaseless dreamer. Relentless in pursuit of answers to the question: “How do we GET there from here?” More byte-sized commentary on Twitter: @MandiBPro.

Most discussions on Meaningful Use (MU) seem to focus on a single healthcare provider organization (acute or ambulatory), with a single EMR, and a single Medical Record Number (MRN) pool generating unique patient identifiers. Even in that context, the complaints of the difficulties of successfully implementing the technology and obtaining the objectives are deafening. How daunting might those challenges seem, multiplied across a large integrated delivery network (IDN), attempting to make enterprise-wide technology and operational process decisions, in alignment with MU incentive objectives?

Imagine you are an IDN with 9 hospital facilities, sharing a single EMR. You also have 67 ambulatory practices, with 7 additional EMRs. You’ve made the progressive choice to implement a private health information exchange (HIE) to make clinical summary data available throughout the IDN, creating a patient-centric environment conducive to improved care coordination. To properly engage patients across the IDN and give them the best user experience possible, you’ve purchased an enterprise portal product that is not tethered to an EMR, and instead sources from the HIE. And because you’ve factored the MU incentive dollars into the budget which enabled these purchasing decisions, there is no choice but to achieve the core and select menu measures for 2014.

It is now October 2013. The first quarter you’ve chosen to gather Stage 2 attestation data starts on April 1, 2014. All your technology and process changes must be ready by the data capture start date, in order to have the best opportunity to achieve the objectives. Once data capture begins, you have 90 days to “check the box” for each MU measure.

Tech check: are all the EMRs in your IDN considered Certified Electronic Health Records Technology (CEHRT) for the 2014 measures?

Your acute EMR is currently 2 versions behind the newly-released MU 2014-certified version; it is scheduled to complete the upgrade in November 2013. Your highest-volume ambulatory EMR is also 2 versions behind the 2014-certified version, and it cannot be upgraded until March 2014 due to vendor resource constraints. Your cardiology EMR cannot be upgraded until June due to significant workflow differences between versions, impacting those providers still completing Stage 1 attestation. One of your EMRs cannot give you a certification date for its 2014 edition, and cannot provide an implementation date for the certified version. The enterprise portal product has been 2014-certified as a modular EMR, but the upgrade to the certified version is not available until February 2014.

Clearly, your timeline to successfully test and implement the multitude of EMR upgrades required prior to your attestation date is at risk.

Each EMR might be certified, but will it be able to meet the measures out of the box?

Once upgraded to the 2014 version, your acute EMR must generate Summary of Care C-CDA documents and transmit them to an external provider, via the Direct transfer protocol. Your ambulatory EMRs must generate Transition of Care C-CDA documents and use the same Direct protocol to transmit. But did you purchase the Direct module when you signed your EMR contract, or maintenance agreement?

Did you check to see whether the Direct module that has been certified with the EMR is also an accredited member of DirectTrust?

Did you know that some EMRs have Direct modules that can ONLY transmit data to DirectTrust-accredited modules?

You determine your acute EMR will only send to EMRs with DirectTrust-accredited modules, and that you only have a single ambulatory EMR meeting this criteria. That ambulatory EMR is not the primary target for post-acute care referral.

You have no control over the EMRs of providers outside the IDN, who represent more than 20% of your specialist referrals.

Your 10% electronic submission of Summary of Care C-CDA documents via Direct protocol measure is at risk.

Is your organization prepared to manage the changes required to support the 2014 measures?

This is a triple-legged stool consideration: people, process, and technology must all align for change to be effective. To identify the process changes required, and the people needed to support those processes, you must understand the technology that will be driving this change. Of all the EMRs in your organization, only 2 have provided product specifications, release notes, and user guides for their 2014-certified editions.

Requests for documentation about UI, data, or workflow changes in the 2014 versions are met with vague responses, “We will ask product management and get back to you on that.” Without information on the workflow changes, you cannot identify process changes. Without process change recognition, you cannot properly identify people required to execute the processes. You are left completely in the dark until such time as the vendors see fit to release not only the product, but the documentation supporting the product.

Clearly, your enterprise program for Meaningful Use Stage 2 health IT implementation and adoption is at risk.

What is the likelihood that your Meaningful Use Stage 2 attestation will be a successful endeavor for the enterprise?

As a program manager, I would put this effort in flaming red status, due to the multitude of risks and external dependencies over which the IDN organization has zero control. I’d apply that same stoplight scorecard rating to the MU Stage 2 initiative. There is simply too much risk and too many variables outside the provider’s control to execute this plan effectively, without incurring negative impacts to patient care.

The ONC never said Meaningful Use would be easy, but does it have to be this hard?