The record-keeping aspects of healthcare technology have always underperformed, with patients getting the short end of the stick. Now, applied to electronic health records, open standards may finally give patients control of their data and care.

Since the early days of the Internet, technologists have known that one potential killer app was for organizations such as healthcare providers, insurance companies, and governments to exchange electronic health records (EHRs). And yet, here we are about 30 years later and the promise of EHRs—anything by which medical information is shared securely and privately—is a lot closer but still not quite there. This is in spite of widespread agreement that it is a worthwhile vision for everyone to enjoy a healthcare system that provides better results, lower costs, and a better experience. There are few things, in fact, as pervasive as dealing with the medical community—it is something that touches almost every one of us, from birth to death. Why has something of such obvious high value taken so long?

For a variety of reasons, the medical side of the healthcare system (less so the billing side) has historically resisted hard-core computerization. The cost of these systems fell disproportionately on the providers themselves, who were not compensated for it. In recent years, as part of a long-term trend of smaller practices being swallowed up by larger ones, medical records systems are being consolidated. As new records are entered into a system, eventually old records in other systems or on paper have become irrelevant.

The rise of cloud-based medical software systems (think SAP for hospitals), which become de facto standard records systems as their use becomes more pervasive, has had a positive impact on reducing the different information sets. But lack of consolidation and interoperability with medical records adds to the cost of healthcare, regardless of the type of medical insurance or state-sponsored healthcare program patients have access to.

It's taken some time, but the U.S. federal government, in the form of the Center for Medicare and Medicaid Services (CMS), has begun mandating the development and use of open standards for interoperability of medical records systems. The regulatory end of this effort didn’t get seriously off the ground until 2018, so it’s still early. But the approach the CMS is taking is ambitious and, at least in theory, could lead to efficiencies and transparency that would make the U.S. healthcare system a less unpleasant place.

EHR genesis

Back around 1989 or 1990, my boss and I talked casually about the possibility of standardized EHRs, wherein healthcare providers could exchange them over the Internet, which was then still primitive and inaccessible to ordinary users. An open network based on standards was perfect for this sort of development.

From the beginning, I thought there should be a standard data format for a complete blood count (CBC), urinalysis, or any other such record. And then anyone's software could analyze the data, without burdening busy and expensive clinicians. If someone ended up in a strange hospital, there was the possibility of obtaining their medical records quickly and accurately.

The term "electronic medical record" and some others are often used for the same technology. I use EHR because that is the term the CMS has chosen, and whatever the market factors are, the U.S. government is bound to play a critical role in competition.

Big players and standards

The complexity, regulatory burden, and economies of scale in healthcare favor larger institutions and networks of providers. EHRs are just one of many factors, usually regulatory or insurance-mandated, which have made the independent medical practitioner a presence today only on nostalgia TV channels. As a result, adoption of EHRs at larger institutions has been more aggressive than at smaller ones.

Even as other industries went whole hog for Internet connectivity and standards, healthcare lagged. There have been small-time and academic efforts to set up rational systems, such as the Canadian OSCAR (unrelated to the U.S. insurance company Oscar), but the incentives were never there for the main players in the business and the government didn’t, until recently, take a serious interest.

Genetic research is booming, with breakthroughs coming at such a dramatic pace it is difficult to keep track. Learn more

My own long-standing interest in the subject pops up every time I go to a doctor or lab, as I peek at the screens displaying the notes my providers type in. I decided several years ago to try to use providers in one network (Atlantic Health in my case, which in my area is a large one), partly to take advantage of the network effect of EHRs. They recently completed a long project to adopt Epic EHR systems, and it shows. Wherever I go, they have all my records. I can even make some changes myself online. But they also can access records I might have through some other EHR systems, specifically Athenahealth. Some of the other big players are Cerner, Meditech, Allscripts, and CPSI, but there are a lot more.

The consolidation of smaller practices into larger networks doesn’t immediately solve the conflicts between EHR systems. A recent study cited by Healthcare IT News found that hospitals on average use products from 16 different EHR vendors at their affiliated practices, and quite a few of those come from mergers and acquisitions. All the major providers are trying to lower that number, but some of the cases are harder than others, as there are specialty products with their own EHR systems for some medical specialties, such as oncology and behavioral health.

A standard way

Imagine, as I did almost 30 years ago, what it be like if there were standards for exchanging data between the systems. It would be possible to connect different systems to make records portable between them, just as you could exchange records with other providers that support the standards. You might still want to consolidate products for many reasons, but standards would allow the products and providers to function well together.

That’s basically the vision of the new MyHealthEData Initiative announced at HIMSS18. The main public rationale for MyHealthEData is to give patients control of their healthcare data and the power to decide how it will be used. Many government offices in the Department of Health and Human Services (HHS), including CMS and the Department of Veterans Affairs, are involved.

The laws and regulations involved usually assign responsibility to the national coordinator for health information technology, a position currently held by Don Rucker, MD. The position of national coordinator was created in 2009 as part of the American Recovery and Reinvestment Act of 2009 (or the Stimulus Act), and efforts have been underway for many years to enable standardization and certification of products by CMS and others at HHS.

Major certification initiatives were released in 2014 and 2015, and an industry of certification services exists to ensure that healthcare products comply with the standards. CMS requires that providers use products that are so certified, lest they receive a Medicare payment adjustment (presumably downward) or risk their Medicaid incentive payment.

The Office of National Coordinator (ONC) is certifying solutions in this space and not just EHR-specific solutions but all Health IT products generally—for example, in behavioral health and long-term and post-acute care. A list of certified Health IT products is on HealthIT.gov, the ONC’s official site.

The current version (or edition) of certification is 2015, but many of the products are listed as certified for earlier editions. New rules published in August 2018 require that providers use technology certified for the 2015 edition as of 2019.

The new rules also cover many other aspects of Health IT and payments, including mandates for pricing transparency. For some light reading, see “Requirements for Hospitals to Make Public List of Standard Charges” on page 41155 of this episode of the Federal Register. (Short version: Effective Jan. 1, 2019, CMS requires hospitals to “make available a list of their current standard charges via the Internet in a machine-readable format and to update this information at least annually or more often as appropriate.” Imagine such a system, combined with software that has access to your records and diagnoses, where you can shop around for the best deal for your treatment. It makes sense, but it still reads like science fiction.)

APIs and interoperability

MyHealthEData has its origin in the 21st Century Cures Act (2016) Sections 3001 – 3010A, which states, in part, “In order for health information technology to be considered interoperable, such technology must … allow for complete access, exchange, and use of all electronically accessible health information for authorized use under applicable state or federal law without special effort by the requestor of such health information.”

The law directs HHS to work with standards bodies to produce open, published standards. The standards will be API-based. The exact nature of the APIs has not been finalized, and it’s unlikely that CMS would mandate, for example, REST over SOAP or XML over JSON, but the rules that result will likely open the way for any technically competent actor to access records to which they have rights. An April blog by Rucker goes into a teeny bit more detail about the architecture.

Over the next few years, the ONC and HHS will do the following:

Engage in rule-making related to APIs in order to open up access to clinical data

“Advance a Trusted Exchange Framework and Common Agreement to improve data sharing across disparate health information networks.” Obviously, there are significant security questions to answer, many specific to healthcare privacy law.

Work with CMS to create a strategy to reduce administrative and reporting burden on clinicians. (Talk to your doctor frankly and she will probably complain about being made to spend absurd amounts of time with her computer rather than her patients.)

The new interoperability rules are not yet part of any certification test program, but CMS claims that the new rules for 2019 “incentivize” providers to use interoperable technologies. It’s probably too early to say whether the actual rule (CMS-1694-F), at 641 pages (about 700,000 words) of dense Federal Register copy, advances the cause of standards and interoperability in the way intended.

The 21st Century Cures Act emphasizes that those who hold patient data are not allowed to engage in “information blocking” (section 3010A(d)), which it defines rather aggressively. The statute's clear purpose is to encourage the accessibility of data between systems.

Interoperability now

As another recent ONC blog argues, interoperability at the hospital level is improving greatly. The large majority of hospitals can exchange “patient summary of care records” with the outside. A lot of this has come from the improvement and increased reach of large players in the medical software establishment. As usually the case, heavy regulation works to the benefit of the larger players. In this case, the effect is also to the benefit of patients and other actors.

But this is nothing compared with the potential for open standards and nondiscriminatory access rules, which are the goals of MyHealthEData. If things develop as planned, they just might reach the potential that was evident 30 years ago. And it still sounds like science fiction.

Electronic health records: Lessons for leaders

In 2018, government mandated adoption in the United States took significant steps forward.

The ONC is certifying standards.

New standards will be API-based, but that hasn't happened yet.

Useful link:

Highly scalable storage meets healthcare’s growing medical imaging data challenge