The Health IT Advisory Committee finalized its recommendations for the hotly debated interoperability rule, which has far-reaching implications for the healthcare industry as it struggles to meet patient and regulatory demands for seamless data sharing.
HITAC, created under the 21st Century Cures Act to advise the Office of the National Coordinator for Health IT, voted Wednesday to recommend a two-tier payment system to help health IT vendors recoup costs associated with making their systems interoperable, finalizing a discussion that was tabled last week.
The committee also decided to remove its support for "data segmentation for privacy," a controversial provision that would allow patients to decide which data elements of their personal health record providers are able to see. Instead, the group recommended ONC create a workgroup to delve deeper into the technical and policy weeds.
HITAC has met twice this month to finalize its comments on the rule, which urges the industry to standardize how different computer systems send and receive electronic messages, requires systems allow patients to export and view their data and defines information blocking and enacts financial penalties for the practice. HHS has extended the public comment period, which now closes June 3.
HITAC also voted to remove price transparency stipulations from the rule over concerns it could slow down the rule's finalization although committee members stressed the issue should be a focus for ONC moving forward, voting to form a work group. The body also voted to expand the definition of electronic health information and nailed down the definition of certain health IT actors, including developers and health information exchanges.
Two fee tiers for data services
HITAC voted unanimously this week to clarify what services health IT developers can and can't profit on: "value-added" and "basic" information access.
Under the recommendations, basic access includes access to a patient's medical record and the data points within it. Developers would not be able to charge fees for providing this information to patients and providers.
Value-added access is anything that goes above and beyond basic, including artificial intelligence or machine learning tools, along with any algorithms that visualize or otherwise manipulate the data. Health IT developers that provide these additional consumer-friendly services would face fewer restrictions on fees, allowing them to turn a profit and encouraging research and development, the task force said.
"The intent here isn't to stop people from testing and trying new standards," Aaron Miri, chief information officer of the Dell Medical School at University of Texas at Austin, said.
However, the task force clarified that once value-added services are incorporated into the EHR, they are included within the basic access umbrella and the vendor can no longer charge fees for them.
As an example, "if a vendor supplies clinical risk scoring services based on the basic record, those services may be offered at market rates," the recommendation says. "If the risk score is incorporated into or used by clinical staff to make clinical decisions, the individual risk score accordingly becomes part of the record and forms part of basic access."
Patient segmentation of data over privacy concerns
The country's larger privacy debate boiled down to the data point Wednesday as HITAC decided not to endorse data segmentation for privacy (DS4P) as opposing camps argued over whether patients should be able to decide what health data their providers can and can't see.
DS4P would potentially allow patients to select individual data points they prefer not to be shared with their electronic health information. The measure is meant to combat the stigma around alcohol, drug and substance abuse. It's also meant to spur patients, especially adolescents, to be honest and open with their providers.
But DS4P critics said patients may not know what's in their best interests and retracting data poses a serious risk to their care, with HITAC member and director of the biomedical communications center at the National Library of Medicine Clem McDonald saying it "worries [him] to death as a clinical caregiver."
Another concern was that lack of policy guidelines would cause issues down the road if DS4P was required, mirroring a larger concern that healthcare interoperability requires a stronger regulatory roadmap from the government.
"We don't have clear policy guidance in terms of what's actually expected of the EHR," UT Austin's Miri said. "This is an area where I would welcome greater ONC< and greater HHS policy governance."
DS4P would also represent a huge technical and administrative burden for health IT vendors and providers, Sasha TerMatt, a director at EHR giant Epic, said. "Our fear is that we'd invest significant resources into this standard and it wouldn't meet the need," she said, noting estimates from EHR vendors that it could take more than 20,000 hours per product to enact DS4P.
HITAC ultimately decided not to endorse DS4P in this iteration of the interoperability rules, but it recommended ONC form a workgroup to look at what data elements can be redacted, and whether this is even possible with today's technology. But the group did acknowledge the importance of patient privacy.
"Physicians don't have the right to know everything about their patient," Chris Lehmann, co-chair of the task force on DS4P, said. "It's a patient's right to make these choices, just like a patient can decide whether or not he wants to have a blood transfusion."