Once again, the private sector generally supports the Trump administration's push toward interoperability within the healthcare industry but has a lot of issues with the specifics. Payers, providers, EHR vendors and more re-aired perennial disputes in the industry over data privacy, government regulation, price transparency and more in their comments on HHS' five-year health IT roadmap made public Sunday.
Insurers and providers are stringently against allowing patients to view confidential negotiated rates. A slew of companies are asking HHS to clarify privacy stipulations and to dial back the pace of regulatory changes, especially during the COVID-19 pandemic, while health-tech groups look to lower regulations barring app development in the sector.
The five-year roadmap released in mid-January will be used by federal agencies to coordinate initiatives, proportion resources and align with the private sector as HHS implements the 21st Century Cures Act. The blueprint is a top-level view, but will guide agencies like the Department of Veteran's Affairs as they work on their own health IT initiatives.
Key prongs of the plan include attempting to foster competitive business practices by making quality and price information public, including social determinants of health data in EHRs; aiming to ameliorate provider burden by streamlining software; and applying artificial intelligence and machine learning to the industry's thorniest problems, like patient matching.
Price transparency: out-of-pocket costs or negotiated rates?
In an attempt to tamp down on skyrocketing medical costs, one of the blueprint's 60 strategies is to "make care quality and price information available to individuals in an accessible, easily understandable format," though details are vague.
Health insurance and physician groups came out strongly against including confidential negotiated rates between payers and providers in the EHR, instead arguing HHS should focus on getting consumers tailored cost-sharing and provider quality information at the point of care. Payers were especially opposed to the suggestion, arguing consumers only want their specific out-of-pocket information, and including negotiated rates could create confusion.
In its comments, UnitedHealth Group, which owns the largest private payer in the U.S., said it doesn't support any policies publicizing information that would "mislead consumers about their out-of-pocket costs, undermine health plan competition, or increase prices."
In crafting its final interoperability rules, HHS initially weighed including medical prices under the definition of electronic health information that health plans and providers would have to make available to patients. Payer and hospital groups lobbied fiercely against the idea, which would expose pricing tactics to the public, and HHS dropped it, though the department did finalize a price transparency rule last year currently being litigated in district court.
"What matters most to the patient is not the total cost of a service; it is their own out-of-pocket responsibility," the American College of Physicians, the largest medical specialty organization in the U.S., said, arguing the onus should be on plans to convey cost, quality and coverage data to consumers.
Privacy versus security — not mutually exclusive
The push toward interoperability has been embroiled in a roiling debate around expanding patients' access to their sensitive medical information versus protecting it, a conversation that has intensified as tech heavyweights like Apple and Google move increasingly into the industry.
That debate bubbled up once again in the comments on the health IT blueprint, as stakeholders across multiple sectors argued consumers need better understanding and control over their medical data, especially once it leaves the protection of the HIPAA umbrella.
"It is not clear how ONC will strike the necessary balance between promoting business models and protecting patient privacy. While these are not mutually exclusive, there may be an inherent push and pull between competing interests," the American Medical Association wrote. "We urge ONC and CMS to create pro-consumer policies that promote accountability on the part of app developers and provide patients with information about what apps do with the health data they receive."
The final rules bake consent into the patient authentication process, so HHS says patients will know what they're agreeing to and any potential privacy concerns before exporting their data. But multiple comments called for increasing oversight of any third-party apps that may crop up to help consumers make sense of their health information, such as attestation the app won't use any data for marketing or a "verified" list in an smartphone app store.
"Data availability and patient privacy are not mutually exclusive goals. Patients have the right to know what elements of their health information are shared and how that information is used," EHR giant Epic said in its comments. The vendor walked back its opposition to the interoperability rules in April following months of vehement opposition on privacy concerns, as software companies were especially vocal in warning the rules didn't do enough to protect medical data.
Critics say allowing patients to export their data into third-party applications outside of the HIPAA privacy law's purview could result in a tsunami of leaks, though the Office of the National Coordinator for Health IT maintains security is paramount in the rules.
Some commenters also suggested the government expand HIPAA safeguards to all consumer health data applications, including the third-party apps, as Congress considers more sweeping privacy legislation.
'Micromanagement' or more lax approach
A handful of organizations asked the federal government for reduce health IT regulatory changes this year, given the interoperability rules set to take effect soon and the ongoing pandemic. In mid-April, the Trump administration did push back select deadlines for the private sector to come into compliance with the interoperability rules. In their comments, EHR vendors and software players found themselves in lockstep, pushing back against additional federal 'micromanagement' of the sector.
"There is no other country in the world that regulates EHRs in the way the U.S. does," the Health Innovation Alliance, a health-tech lobby steered by CVS Health and virtual care vendor Teladoc, among others, said, citing one small physician practice that paid $100,000 to upgrade its software to be eligible for a $34,000 federal incentive.
Though they recognized the importance of standardization in health IT, vendors Epic and Cerner commented HHS should look for ways to bring healthcare into the 21st century without more regulation.
"Collaboration across the vendor and user community shows more promise of improvement than development and introduction of prescriptive standards that have a substantial risk," Cerner said.
Many commenters, including AMA and health-tech group the Connected Health Initiative, also took issue with language in the five-year blueprint that the government should incentivize providers to adopt software by requiring it for participation in federal programs. For example, the adoption of digital tools in the sector has steadily increased without federal requirements or major payment changes, AMA said. AMA and CHI suggested instead HHS provide more flexibility in the space by recognizing non-certified health IT across federal programs.
CHI, which includes tech giant Apple, also said ONC should give third-party application developers like Apple more information on EHRs' ability to capture and use patient-generated health data, which would help with R&D.
"As ONC builds its new EHR compliance program, we urge for a prioritization of technology developer awareness to encourage market participation by innovators," Brian Scarpelli, senior global policy counsel for CHI, wrote, also saying HHS should put more emphasis on the development of artificial intelligence tools for healthcare.
But the healthcare industry is traditionally leery of tech-savvy entrants, with legacy EHR businesses and providers commenting HHS should enact higher standards for third-party applications, AI offerings and more over the next five years.
"There is justifiable concern that what may be initially presented as an assistant could easily become a risk to physician autonomy and a risk to patient safety," the American College of Physicians told HHS.