The U.S. Senate Committee on Health, Education, Labor and Pensions held its second hearing on proposed rules that would improve interoperability in healthcare and increase patient access to data Tuesday.
Committee members asked questions about how the proposed rules, which debuted in February, might affect patient data safety, reduce information blocking, as well as what healthcare data standards might be needed for greater interoperability and patient access to health data. Don Rucker, M.D., national coordinator for health IT for the Office of the National Coordinator for Health IT (ONC), and Kate Goodrich, M.D., chief medical officer at the Centers for Medicare and Medicaid Services (CMS), provided answers.
Committee members also focused on application programming interfaces (APIs), the cornerstone to connectivity as proposed by the rules. When one senator voiced skepticism that government oversight could establish interoperability in healthcare, Rucker pushed back by pointing to the transformation APIs have brought to other industries.
Chairman of the Committee on Health, Education, Labor and Pensions (HELP), Sen. Lamar Alexander, also delivered a message. He suggested discussions with ONC and CMS continue, and that a slower, more "phased-in" approach be taken for the proposed rules. While he believes the agencies are "on the right track" to implementing provisions within the 21st Century Cures Act, he also thinks the agencies need to make sure they aren't moving too fast.
"The best way to get where you want to go is not going too far too fast," he said during the hearing.
Patient data safety, APIs, information blocking in focus
The proposed rules are the result of implementing electronic health information provisions made in the 21st Century Cures Act, a healthcare bill signed into law in 2016 during the Obama administration that funds development in multiple areas of healthcare, including health IT.
They outline specific exceptions for information blocking, or a time when healthcare organizations could hinder the exchange of patient data. The proposed rules would also require healthcare organizations to use standardized APIs, which would enable machines to better talk to each other, so that patients can access their health information via an application.
By requiring the use of standardized APIs, ONC is hoping that a consumer-driven market will push trusted apps to the forefront based on consumer use and review. But committee members questioned patient data security and privacy in such a market. They wanted to know whether patients will be aware of what information they're giving app developers and third parties access to when they download and use apps for their healthcare data. Third-party applications can access an app user's data, sometimes without the user's knowledge.
Sen. Lamar AlexanderChairman, Committee on Health, Education, Labor and Pensions
Rucker gave a two-part answer to the question. He said patients will have to do their due diligence before uploading their information into an app. He also said ONC is actively engaged with the Office for Civil Rights to inform patients about their HIPAA rights and potential risks. The proposed rules include the same standards used to protect data in areas such as banking, which can also be done through secure mobile apps.
"We're optimistic that the market will provide clarity here, the same way that consumer branding helps with things like banking," Rucker said. "We don't just put our money anywhere, we go to brands. We hope that a consumer economy will drive this with trusted brands."
Rucker said he believes APIs are going to "transform" healthcare, and will include apps that are disease-focused or can provide patients with a holistic view of their health.
"App ecosystems have transformed many industries, including travel, entertainment and shopping," he said. "An app ecosystem can do the same for healthcare."
CMS' Goodrich cited the CMS Blue Button 2.0 standards-based API that launched last year, which enables patients to connect their claims data to apps and programs they trust.
"Through our Blue Button 2.0 experience, we now have about 1,800 developers who are working in our sandbox, which has synthetic data to develop apps," Goodrich said. "We have 20 that are actually out in production that Medicare beneficiaries are currently using. They kind of run the gamut, so everything from an app that can function as a personal health record for a Medicare beneficiary to apps that help beneficiaries find health plans."
The healthcare industry would be required to adopt APIs within two years after the proposed rules are finalized, a timeline Senate HELP Committee chairman Alexander questioned. He asked whether two years is too fast, and whether the focus should first be on making sure healthcare organizations are following the U.S. Core Data for Interoperability (USCDI) standards before moving on to other requirements.
Rucker said the "vast majority" of healthcare organizations already have access to the USCDI standards software.
Interoperability in healthcare: A realistic possibility?
Sen. Mitt Romney, who serves on the committee, has been somewhat skeptical about the possibility of achieving interoperability in healthcare through government oversight, and asked whether it's an achievable goal.
Rucker said while there's plenty of room for skepticism, based on the success of APIs in other industries such as banking and retail, it is "absolutely doable" in healthcare. Rucker said APIs just need to be customized to healthcare and standards such as the Fast Healthcare Interoperability Resources, which is supported by ONC and CMS, make him optimistic for its success.
"Today, much of American healthcare remains complex and opaque," Rucker said. "Congress' Cures Act and advances in computing allow us to revisit many assumptions about what medical care can be."
The comment period on both the information blocking and interoperability rules will end June 3.