Epic posts its concerns about HHS’s proposed interoperability rule:
- The rule would require health systems to send data to any app that a patient requests.
- 79% of healthcare apps have been found to sell or share patient data.
- Those app vendors would not be required to ask the patient for approval to use their data for other purposes.
- The patient’s data might also include family member data, such as family history, that the patient doesn’t realize, and those family members would not necessarily approve of having their information disclosed.
- The proposed rule does not limit the extent of information that an app can request or how its developer can use it.
The company concludes that while it rarely comments on national policy issues, “We must speak out to avoid a situation like Cambridge Analytica. The solution has a clear precedent in HIPAA protections, and creating similar protections that apply to apps would make a difference in the privacy and well-being of millions of patients and their families.”
Meanwhile, HHS Secretary Alex Azar said in his keynote speech at ONC’s annual meeting on Monday:
Health records today are stored in a segmented, balkanized system, and it’s not just affecting the patient and provider experience—it’s affecting care. This has to change, which is why, last year, we proposed ONC’s bold interoperability rule, as well as accompanying rules from CMS. I want to briefly lay out the context of the interoperability rule, which is the result of years of thinking about what’s needed to deliver on the potential of health IT.
The rule was authorized and required by the 21st Century Cures Act, a piece of legislation that passed on a nearly unanimous, bipartisan basis, and a law that I know many of you in this room either worked on or advocated. The details of the rule may be complex, but the goal is very simple: It’s about access and choice. Patients should be able to access their electronic medical record at no cost, period. Providers should be able to use the IT tools that allow them to provide the best care for patients, without excessive costs or technical barriers.
This sounds like a pretty intuitive, appealing standard. Unfortunately, some are defending the balkanized, outdated status quo and fighting our proposals fiercely.I want to be quite clear: Patients need and deserve control over their records; interoperability is the single biggest step we can take toward that goal.
In determining how to implement it, we will take very seriously all input from our stakeholders, including all of you in this room. We extended the comment period for the interoperability rule, and have done extensive in-person outreach as well. We will pursue the goal of patient empowerment while providing robust enforcement of and protection for these same patients’ privacy.
This is not about one software system design or the other. This is about ensuring that patients have access to information about their own health, and that providers have a choice in tools and solutions to provide the best possible care. Our work toward that end will in no way limit patients’ privacy protections.
Look at the status quo: Patients cannot easily access their medical records, providers on different systems cannot effectively communicate, and those holding patient data have prevented new market entrants from participating in this space. Defending a system like this, defending that status quo, is a pretty unpopular place to be … scare tactics are not going to stop the reforms we need.