peshkova - Fotolia
While CIOs applaud the efforts by federal agencies to make healthcare systems more interoperable, they also have significant concerns about patient data security.
The Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare & Medicaid Services proposed rules earlier this year that would further define information blocking, or unreasonably stopping a patient's information from being shared, as well as outline requirements for healthcare organizations to share data such as using FHIR-based APIs so patients can download healthcare data onto mobile healthcare apps.
The proposed rules are part of an ongoing interoperability effort mandated by the 21st Century Cures Act, a healthcare bill that provides funding to modernize the U.S. healthcare system. Final versions of the proposed information blocking and interoperability rules are on track to be released in November.
"We all now have to realize we've got to play in the sandbox fairly and maybe we can cut some of this medical cost through interoperability," said Martha Sullivan, CIO at Harrison Memorial Hospital in Cynthiana, Ky.
CIOs' take on proposed interoperability rule
To Sullivan, interoperability brings the focus back to the patient -- a focus she thinks has been lost over the years.
She commended ONC's efforts to make patient access to health information easier, yet she has concerns about data stored in mobile healthcare apps. Harrison's system is API-capable, but Sullivan said the organization will not recommend APIs to patients for liability reasons.
"The security concerns me because patient data is really important, and the privacy of that data is critical," she said.
Harrison may not be the only organization reluctant to promote APIs to patients. A study published in the Journal of the American Medical Association of 12 U.S. health systems that used APIs for at least nine months found "little effort by healthcare systems or health information technology vendors to market this new capability to patients" and went on to say "there are not clear incentives for patients to adopt it."
Jim Green, CIO at Boone County Hospital in Iowa, said ONC's efforts with the interoperability rule are well-intentioned but overlook a significant pain point: physician adoption. He said more efforts should be made to create "a product that's usable for the pace of life that a physician has."
The product also needs to keep pace with technology, something Green described as being a "constant battle."
Jeannette CurrieCIO of Community Hospitals, Beth Israel Deaconess Medical Center
Interoperability is often temporary, he said. When a system gets upgraded or a new version of software is released, it can throw the system's ability to share data with another system out of whack.
"To say at a point in time, 'We're interoperable with such-and-such a product,' it's a point in time," he said.
Interoperability remains "critically important" for healthcare, said Jeannette Currie, CIO of Community Hospitals at Beth Israel Deaconess Medical Center in Boston. But so is patient data security. That's one of her main concerns with ONC's efforts and the interoperability rule, something physicians and industry experts also expressed during the comment period for the proposed rules.
"When I look at the fact that a patient can come in and say, 'I need you to interact with my app,' and when I look at the HIPAA requirements I'm still beholden to, there are some nuances there that make me really nervous as a CIO," she said.