The third time may not be the charm. For years now, we've been hearing about federal ambitions to have health care providers share patient records, and we're currently on the third federal effort to create a network of health records exchange system. In truth, a fax is still the only reliable way organizations can share records. There are a lot of reasons -- some not technical -- for this inability, but the two most prominent are lack of a common data format and lack of common transports to get the data in and out.
Now that deadlines are fast approaching for health providers to stand up electronic health records (EHR) systems and say good-bye to paper record-keeping, the critical mass of health data to be shared will soon be here -- but not the ways to accomplish it. The good news is that several approaches have been proposed, all piloted and even implemented in scattershot deployments. The bad news is that the sorting-out period could take years, if not a decade to complete itself.
[ Also on InfoWorld: Patient engagement will be tough task for health tech. | The iPad revolution is coming to a hospital near you | iPads have won the hospitals, but Android may win the patients | 6 innovations that will change health care | Subscribe to InfoWorld's Consumerization of IT newsletter today. ]
And for a variety of political reasons, the federal government is unlikely to dictate a standard to cut short this prolonged wait. Because the feds aren't likely to mandate EHR interchange standards, the best hope is a set of requirements that comes from an industry association such as the massive Healthcare Information and Management Systems Society (HIMSS), says Justin Steinman, vice president of marketing at GE Health.
You've no doubt heard about the promise of digital health records: If you go to the ER, the staff can access your health records from your primary care provider and discover any allergies or medical conditions while you're unconscious or incoherent -- or plain unaware. After you've been treated, that new medical data is sent back to your primary care provider so that there's a complete database of your medical information. Likewise, if you're sent to a specialist, that specialist has access to your whole record to help prevent conflicting treatments or understand issues that may contribute to your ailment that aren't otherwise obvious. Again, any treatment provided there is fed back to your master health record. Today, this data exchange is handled by fax, if relayed at all.
What stands in the way of health data exchange
But that promise is not the reality, even at providers that have implemented EHRs. There are several reasons:
- There are standards for medical billing -- the prime reason the feds pushed EHRs was to streamline billing and to detect Medicare fraud, which insurers were happy to tap in to reduce their own payouts -- but not for the medical records themselves. Thus, one EHR typically can't export to or import from another EHR, even if from the same EHR vendor. "There's no real reconciliation model yet for the data," says Justin Barnes, vice president of government affairs at EHR vendor Greenway and past chairman of the EHR vendors' association.
- There's no standard API for the file transfer itself, either.
- There is no universal medical ID that lets EHRs match up patients even when they can share data. Federal law prohibits such a national ID, so providers have to manually match and confirm the records. If you have a name like mine, that's easy. But if you're named Henry Collins or Maria Gonzalez, good luck.
- Providers have to verify that the patient has given consent for the use of that medical data (the HIPAA rules) by others in non-emergency situations, and the so-called consent management process is even more fractured than the system around medical records.
- State laws and requirements differ on medical records (especially around areas such as drug and alcohol treatment, pregnancy, and HIV) and what can be shared, so cross-state sharing is further complicated.
- The organizations that have been set up to facilitate EHR data exchange across providers -- known originally as regional health information organizations (RHIOs), then as health information organizations (HIOs), and now as health information exchanges (HIEs) -- are a motley lot, with highly variable data mapping capabilities that make reliance on them a crap shoot. Worse, many refuse to take legal responsibility for the data they map and transmit -- they tend to be small companies operating on thin margins -- which means many providers refuse to use them.
- That trust issue extends to providers, notes Mac McMillan, CEO of health care security consultancy Cynergistek. EHRs have a standard for information management that includes security, but other medical systems -- inside hospitals, at insurers, and at HIEs -- do not. There's no trusted environment for the data that providers keep, yet they're held responsible if the information is used outside of patient consent rules. McMillan notes that 30 percent of hospitals have no information security officer and overall security spend at hospitals is less than half that of other regulated industries such as finance.
- There's no consensus on how to handle patient-generated data, such as from at-home blood pressure monitoring or from fitness tools like the Fitbit. Including this data in the formal medical record carries legal risks for providers: Is it accurate? Should they monitor it closely? How should they act on it, if at all? Because formal medical records can never be deleted per law, what happens to dubious or bad data? But not having access to it deprives providers of context that could be useful. In any event, such personal health records (PHR) are today outside any EHR data-sharing plans.
- There's no strong business case for health data interchange. "Hospitals don't want to lose patients or share care -- and thus revenue," says Dr. Wayne Guerra, marketing chief at mobile health app maker iTriage and contributor to the Mobile HIMSS Roadmap, which is meant to help hospitals deliver on patient engagement via wireless and mobile devices. Benefits today mainly accrue to patients. A change to pay-for-performance will shift the balance so that providers benefit too.