By MATTHEW HOLT

I am dipping into two rumbling controversies that probably only data nerds and chronic care management nerds care about, but as ever they reveal quite a bit about who has power and how the truth can get obfuscated in American health care. 

This piece is about the data nerds but hopefully will help non-nerds understand why this matters. (You’ll have to wait for the one about diabetes & chronic care).

Think about data as a precious resource that drives economies, and then you’ll understand why there’s conflict.

A little history. Back in 1996 a law was passed that was supposed to make it easy to move your health insurance from employer to employer. It was called HIPAA (the first 3 letters stand for Health Insurance Portability–you didn’t know that, did you!). And no it didn’t help make insurance portable.

The “Accountability” (the 1st A, the second one stands for “Act”) part was basically a bunch of admin simplification standards for electronic forms insurers had been asking for. A bunch of privacy legislation got jammed in there too. One part of the “privacy” idea was that you, the patient, were supposed to be able to get a copy of your health data when you asked. As Regina Holliday pointed out in her art and story (73 cents), decades later you couldn’t.

Meanwhile, over the last 30 years America’s venerable community and parochial hospitals merged into large health systems, mostly to be able to stick it to insurers and employers on price. Blake Madden put out a chart of 91 health systems with more than $1bn in revenue this week and there are about 22 with over $10bn in revenue and a bunch more above $5bn. You don’t need me to remind you that many of those systems are guilty with extreme prejudice of monopolistic price gouging, screwing over their clinicians, suing poor people, managing huge hedge funds, and paying dozens of executives like they’re playing for the soon to be ex-Oakland A’s. A few got LA Dodgers’ style money. More than 15 years since Regina picked up her paintbrush to complain about her husband Fred’s treatment and the lack of access to his records, suffice it to say that many big health systems don’t engender much in the way of trust. 

Meanwhile almost all of those systems, which already get 55-65% of their revenue from the taxpayer, received additional huge public subsidies to install electronic medical records which both pissed off their physicians and made several EMR vendors rich. One vendor, Epic Systems, became so wealthy that it has an office complex modeled after a theme park, including an 11,000 seat underground theater that looks like something from a 70’s sci-fi movie. Epic has also been criticized for monopolistic practices and related behavior, in particular limiting what its ex-employees could do and what its users could publicly complain about. Fortune’s Seth Joseph has been hammering away at them, to little avail as its software now manages 45%+ of all encounters with that number still increasing. (Northwell, Intermountain & UPMC are three huge health systems that recently tossed previous vendors to get on Epic).

Meanwhile some regulations did get passed about what was required from those who got those huge public subsidies and they have actually had some effect. The money from the 2009 HITECH act was spent mostly in the 2011-14 period and by the mid teens most hospitals and doctors had EMRs. There was a lot of talk about data exchange between providers but not much action. However, there were three major national networks set up, one mostly working with Epic and its clients called Carequality. Epic meanwhile had pretty successfully set up a client to client exchange called Care Everywhere (remember that).

Then, mostly driven by Joe Biden when he was VP, in 2016 Congress passed the 21st Century Cures Act which among many other things basically said that providers had to make data available in a modern format (i.e. via API). ONC, the bit of HHS that manages this stuff, eventually came up with some regulations and by the early 2020’s data access became real across a series of national networks. However, the access was restricted to data needed for “treatment” even though the law promised several other reasons to get health data.

As you might guess, a bunch of things then happened. First a series of VC-backed tech companies got created that basically extract data from hospital APIs in part via those national networks. These are commonly called “on-ramp” companies. Second, a bunch of companies started trying to use that data for a number of purposes, most ostensibly to deliver services to patients and play with their data outside those 91 big hospital systems.

Which brings us to the last couple of weeks. It became publicly known among the health data nerd crowd that one of the onramp companies, Particle Health, had been cut off from the Carequality Network and thus couldn’t provide its clients with data.

The supposed reason was that they were getting data without a “treatment” reason.

Now if you really want to understand all this in detail, go read Brendan Keeler’s excellent piece “Epic v Particle”. Basically Particle cried foul and unusually both Michael Marchant, a UC Davis Health employee & the Chair of the big health systems on the ”Care Everywhere Committee” (remember that from earlier?) and then Epic itself responded. Particle’s founder Troy Bannister in a linkedin post and an official release from Particle said that they had not received notice or any evidence of what they’d done wrong. Michael said they had. I started quoting the Dire Straits line “two men say they’re Jesus, one of them must be wrong.” (FD. Troy was briefly an intern at Health 2.0 long, long ago).

Then Epic publicly released a letter to its clients explaining that, contrary to what Troy & Particle said, it had been discussing this with Particle for months and had had several meetings before and after it cut them off. So unless Particle’s legal counsel was parsing its words very very carefully, they knew Epic and its clients were unhappy, and it was unlikely Troy was Jesus. Michael might still be, of course. (Update: as of 4/15/23 Particle says only some feeds were cut off not all of them as Epic suggested)

In the letter Epic named 4 companies who were using Particle’s data in a way it didn’t like– Reveleer and MDPortals (who are one not two companies as they merged in 2023 before this issue started), Novellia and Integritort. 

So what do they do with the data. Reveleer says that “leveraging our AI-enabled platform with NLP and MDPortals’ sophisticated interoperability allows us to deliver providers a pre-encounter clinical summary of patients within their EHR workflow at the point of care.” Sounds like treatment to me. But Reveleer also does analysis for health plans. You can see why hospitals might not like them.

Novellia is a PHR company, presumably using “treatment” to enable consumers to access their data to manage their own care. This was EXACTLY what Joe Biden wanted the 21st  Century Cures Act to give patients the right to do and what Epic CEO Judy Faulkner told him he shouldn’t want (depending exactly who you believe about that conversation). But it’s probably not a particular “treatment” under HIPAA, because who believes patients can treat themselves or need to know about their own data anyway? (I’ll just lock you all in a room with Dave deBronkart, Susannah Fox and Regina Holliday if you want the real answer). This is apparently the line where ONC folded in its ruling to the vested interests that providers (and their EMR vendors) didn’t have to provide data to patient requests.

Finally, Integritort does sound like it’s looking for records so it (or its law firm customers) can sue someone for bad treatment (or as it turns out defend them for it). Is that “treatment” under the HIPAA definition?  Almost certainly not. On the other hand, do the providers cutting them off have a vested interest in making sure no outside expert can review what they’ve been up to? I think we all know the answer to that question. 

But anyway it looks like Particle switched off Integritort’s access to Carequality on March 22nd before Particle was entirely switched off by Carequality sometime around April 1.

What is not answered in the letter is why, if Carequality can identify who these records are going to, it needed to switch all Particle’s access off. Additionally, you would think that Particle’s path of least resistance would be to cut off the named clients Epic/Carequality was concerned about and try to sort through things while keeping its system running–which it seems it did with Integritort. Whatever happened, instead of this negotiation continuing behind the scenes, we all got to witness a major power play–with clearly Epic & its big customers winning for now.

I think most people who are interested in getting access to data for patients are all agreed on the need for new “paths” which were already defined in the regulations but not implemented, and also presumably for agreed standards (with associated liability) of “know your customer laws” for the onramps like Particle to make sure that the clients using them are doing the right things vis a vis confirming patient identity et al. 

Slight digression: I am confused about why identity proofing is such a big deal. In recent weeks I have had to prove my identity for the IRS, for a credit union, and for the TSA. Not to mention for lots of other websites. There are companies like IDme, Clear and many others that do exactly this. I don’t see anything so specific about health care that is different from credit cards, bank accounts, airport safety, etc. Why can those agencies/organizations access all that data online but for some reason it’s a bridge too far for health care?

However you can see where the fault lines are being drawn. There are a lot of organizations, many backed by rich VCs or huge quasi-tech corporations, that think they can do a much better job of caring for Americans than the current incumbents do. (Whether they can or not is another matter, but remember we are spending 18% of GDP when everyone else spends 10-12%). Those organizations, which include huge health plans, tech cos, retail clinics, startup virtual care clinics, and a whole lot more, need data. Not everything they or the intermediaries they do will fit the “treatment” definition the current holders of that data want to use. On the other hand, the current incumbents and their vendors are extremely uninterested in any changes to their business model.

Data may be the new oil but, like oil, data needs refining to power economies and power health care services. We spent much of the last century fighting about access to oil, and we’re going to spend a lot of this one fighting about data. Health care will be no exception.

Matthew Holt is the publisher of The Health Care Blog

Knowledge is power. If this adage is true, then the currency of power in the modern world is data. If you look at the evolution of the consumer economy over the past 100 years, you will see a story of data infrastructure adoption, data generation, and then subsequent data monetization. This history is well told by Professors Minna Lami and Mika Pantzar in their paper on ‘The Data Economy’: “Current ‘data citizenship’ is a product of the Internet, social media, and digital devices and the data created in the digitalized life of consumers has become the prime source of economic value formation. The database is the factory of the future.” If we look no further than the so-called big tech companies and distill their business models down in a (likely overly) reductionist fashion: Apple and Microsoft provide infrastructure to get you online, and Facebook (Meta) and Google collect your data, while providing a service you like, and use that data to sell you stuff. Likely none of this is surprising to this audience, but what is surprising is that this playbook has taken so long to run its course in one of the world’s largest and most important sectors: healthcare.

Given the potential impact data access and enablement could have on transforming such a large piece of the economy, the magnitude of the opportunity here is — at face value — fascinating. That said, healthcare is a different beast from many other verticals. Serious questions arise as to whether target venture returns can be extracted in this burgeoning market with the scaled incumbents (both within and outside healthcare) circling the perimeter. Additionally, this is a fragmented ecosystem that has existed (in its infancy) for a few years now with well-funded players now solving for different use cases. Thus, another question emerges as to which areas are best suited for upstarts to capitalize. A key theme in our assessment of the space is that regulation is driving the move towards democratized data access in healthcare, but unlike in regulatory shake-ups of the past, this time start-ups will benefit more than scaled incumbents. Furthermore, we have identified some areas within each approach to this new ecosystem that particularly excite us for net new investment. Let’s dive in.

Why This Time is Different: Regulatory + Market Dynamics

The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 brought about an explosion of digital healthcare data by expanding adoption of electronic medical records from ~12% to 96%.

While the primary user of the EMR is the practicing physician in their journey of care delivery, today, there is increasingly demand from other stakeholders in the care ecosystem for the insights that these records hold and hence, the need for a marketplace for this data. Payers want access to the records to help with member population health analytics and risk adjustment. Life sciences companies want access to the records to power real-world data / real-world evidence initiatives for drug discovery and development and patient engagement. Digital health start-ups want access to the records largely to help you manage your specific conditions.

Hiding behind The Health Insurance Portability and Accountability Act of 1996 (HIPAA), EMR vendors and provider organizations have restricted access to this data to retain and entrap the patient base and maintain ownership of a valuable data asset. As of November 2021, at least 70% of healthcare providers still exchange medical information by fax because historically there has been no option to send EMRs using modern internet services.

Even if data sharing is enabled, real challenges persist to accessing longitudinal data for both a patient’s and a population’s health history. While de-identified data can be obtained through business service agreements with data owners and individual patient data can be accessed via consent / permissioned logins to online provider portals, there are few, if any, ways to obtain this data on an aggregated basis across multiple patients and provider organizations. Additionally, challenges to data connectivity, standardization and format integrity exist inside healthcare organizations, which largely house data in disparate internal siloes. As a result, crucial healthcare data that could be used to improve care has been locked in these disconnected, suboptimal record systems.

21st Century Cures Act of 2016 (and related regulations) enabled information sharing, making “sharing electronic health information the expected norm,” thus limiting EMR vendors’ (and other stakeholders’) ability to block the flow of information. A series of related regulations continue to be rolled out to encourage this connected end-state.

The difference this time: at the passing of the HITECH Act, Meditech, Epic, and Cerner had been around for at least 30 years. Hence, these incumbents were well-positioned to fulfill the compliance requirements for the HITECH act and emerged as major winners. As to the proof-points: Meditech approaches half a billion in sales, Epic generated $3.8B in revenue in 2021, and Cerner was acquired for $28B in 2022.

Conversely, in 2016, there were virtually no scaled rails to enable data exchange, integration and sharing in an elegant user interface, especially for stakeholders outside of the provider organizations. In the instance of the 21st Century Cures Act, the rules actually largely pre-dated the required infrastructure.

The question we are exploring is: Will the value created by these rules accrue to scaled incumbents as it did in the wake of the HITECH Act?

Ben Thompson argues in this piece that for consumer/ big tech, this is true. He makes a good case here that today’s cloud and mobile companies — Amazon, Microsoft, Apple, and Google — much like the automotive giants — GM, Ford, and Chrysler — will dominate the market.

There is reason to believe this is possible. After years of seemingly fighting interoperability, the incumbent EMRs are beginning to play ball. As proof-points, Cerner, Allscripts, and athenahealth are founding members of the CommonWell Health Alliance, and Epic is planning to join TEFCA and launched a connection hub to allow any vendor with a connection to Epic to list their app and self-report if they have achieved successful data exchange. Incumbents from outside the healthcare ecosystem (largely from our parallel consumer data story) are swooping in as well. AWS, Google, and Microsoft have all launched healthcare cloud services platforms to help with data normalization and sharing. Apple is offering its HealthKit APIs to help developers access healthcare data for the purpose of creating apps for its iOS and watchOS. Oracle’s acquisition of Cerner is also relevant here by moving healthcare data to the cloud for easy access and sharing.

That said, there is reason to believe these scaled players will struggle. Google, Amazon, and Microsoft have all encountered issues in their pursuit of healthcare profits. While Epic and Cerner have partnered up with big tech (Google and Oracle, respectively) in the wake of the new regulations, early indications show challenges in these relationships.[1] Additionally, the incentive structure for incumbent EHR vendors providing access to the underlying data held by their provider customers is questionable at best. It is also worth noting that, while the duration of the current macro headwinds for the enterprise technology sector is unclear, it is not a stretch to imagine these companies will prioritize their core businesses in the near term. This dynamic, in our view, presents opportunity for upstarts to build both the infrastructure and apps needed for a new era of connected digital health.

Where to Focus / Zooming in: Select Areas of Interest in Healthcare Data

The below captures our take on the current state of play with respect to the different models tackling this problem of healthcare data access.[2] [3]

The above healthcare data category that has (arguably) seen the best outcomes to-date is the net new data generators. These businesses often provide a useful product or service in exchange for rights to and the ability to monetize the underlying data collected. This is not unlike the ad revenue business model in the consumer data economy where consumers are incentivized to contribute their data in exchange for a product/service (often free). For example: Tempus has reportedly raised $1B+ in funding and recently inked pharma deals representing a reported approximately $700M in revenue over the next few years for its combined sequencing + data platform. Evidation has reportedly raised $250M+ in funding around its two-sided consumer-pharma research platform. Perhaps the posterchild of this model, and the entire healthcare data movement, thus far is the oncology-focused Flatiron Health. Flatiron’s OncoEMR is becoming the market leader for oncology practices, plus its others software applications (for example: Flatiron Assist and OncoTrials) are helping make cancer treatment providers much more efficient. In addition, Flatiron delivers data generated at the point of care to help the life sciences community develop new cancer drugs. This is a rare win-win-win: providers no longer have to deal with frustrating technology that is largely from the ’80s, life sciences get access to net new data to improve their drug development, and better outcomes are driven for the patients. This alignment of incentives and creation of a trove of rich, valuable new dataset catalyzed their purchase by Roche for $1.9B.

While the primary data collection strategy is vital to enriching the dataset accessible to the ecosystem, we are at a point where we already have massive troves of data which remain trapped in silos across complex organizations. For example, it is a tedious, largely manual task to extract and integrate our own healthcare data from various hospitals and clinics, oftentimes in multiple states, let alone multiple countries. No scaled player exists today to do this efficiently and digitally for hundreds of thousands of patients, as needed for risk underwriting by payors or real-world initiatives by life sciences companies. The coveted concept of the ‘longitudinal health record’ on either a population (de-identified) or an individual (permissioned) level is still largely ‘on the come.’ The ‘holy grail’ vision is to create an internet of healthcare data that various stakeholders in the healthcare ecosystem can conveniently access for their respective use cases.

This will likely be done piecemeal across various areas, as is the case with the consumer data economy (e.g., there are different companies that get us online, organize our data, and use it to sell relevant services and products to us).

There is an alternative where we achieve a ‘golden mean’ — few new companies seek to simply become systems of record — to store data; rather, they extend the capabilities of existing stores of data — on prem or cloud — and seek to leverage and utilize these data resources in ways that were previously impossible when they couldn’t talk to each other in a fluid, seamless, common language. One of the many ways to achieve and incentivize this shared data ecosystem could be the “give-to-get” model that David Sacks outlines here. Once data sharing becomes the new normal, it will be more interesting to build businesses that can capitalize on this and build high value applications to realize an equitable, accessible, and connected healthcare ecosystem. Just as when cars became a household necessity, building the roads, developing suburbs and selling oil became more interesting.

Footnotes:

[1] Epic did finally ink a commercial deal with Google, but not without Epic putting its customers in the middle of integration disputes and Google almost dismantling its Health unit and laying off hundreds of employees in its Verily Life Sciences unit.

[2] Veradigm also has access to primary data they generate via their family of EHR systems (e.g. PracticeFusion).

[3] Many of these businesses also offer other products and services not captured in this map. For example, Change Healthcare, which sold to Optum in 2022 for $7.8B, primarily offers RCM/payments and imaging solutions.

Shubrha Jain MD, MBA is Head of Healthcare Investments and Jay Santoro is an Associate at Tarsadia Investments, a $2bn fund. This article first appeared on their Medium channel

I had a skin cancer diagnosed in November. It’s my third, and I researched the last one heavily, so I knew what I wanted (Mohs on the nose). But the hospital that did the diagnosis insisted I wait and have a consult visit in January, and *then* they’d let me schedule the procedure, probably in March.

I said I know what treatment I want – can’t I schedule the surgery now? They said, “That’s not how we do it.”

So I went home and called around. Beth Israel Deaconess Medical Center said if I could get them the information they would book me for January, right then and there.

How long did it take me to get them the data? 15 minutes. I went back to the first place’s portal and downloaded my visit note and pathology report and emailed it all to BIDMC. An hour after I dialed the phone I had the appointment I wanted.

Patient power. I took my records – and my business – elsewhere.

This is of course a nightmare for providers who think they can lock us in. And it’s a dream come true for providers who have been longing to win us away by providing better service.

(I would have had the surgery before now, within January, but COVID struck so we postponed.)

Medical record access is empowering! Thank you to those who worked so long and hard to create these policies!

It’s also great news for providers who are trying hard to be #patientcentric: now we can easily reward them with our business!

It’ll be even better in the coming years because data #interoperability via FHIR will let apps and hospitals go GET the data … or, even better, let consumers already have their data in their own app, to do anything they want with it. True patient autonomy.

Dave deBronkart is a patient activist, speaker and author. This was originally published on his LinkedIn page

Micky Tripathi the National Coordinator for Health Information Technology at HHS says this year will be a “transformative” year for Health IT as the decade-long, $40 billion dollar effort to lay an electronic foundation for healthcare delivery heads to the next level. Why is this year THE YEAR when it comes to the digital exchange of health information? Where is federal health IT strategy headed in order to provide the standards and policies health tech co’s need to be able to kick up the pace of innovation?

We get into a SWEEPING chat about the technology and business implications of all the work coming out of ONC, including implementation of those new information blocking regulations, goals for API standardization, and TEFCA (Trusted Exchange Framework & Common Agreement). Micky not only gives the background on the regulations and policies, but also provides some analysis on what they actually mean for those health technology companies trying to do business in-and-around a more digital healthcare ecosystem.

By ADRIAN GROPPER and DEBORAH C. PEEL

September 4, 2020

Thank you, ONC for the opportunity you gave me to speak in June. Also, thank you for the format of your August meeting where the Zoom chat feature offered a wonderful venue for an inclusive commentary and discussion as the talks were happening. Beats lining up at the microphone any day.

Here is a brief recap of my suggestions, in no particular order:

• Patient identity is not different from human identity. Working on healthcare-specific solutions is not only expensive, but also ineffective. As some of your speakers made clear, the economic value of patient ID requires access to social determinants of health, non-HIPAA wearables, social relationships, assisted living, and economic correlates. Access to these will not be covered by HIPAA so any solution that depends on HIPAA-derived federations, including the incumbent HIEs, is not going to work. The Surescripts approach, for example, may be surveilling 315 million people already but it’s a dead end.
• HIPAA does not provide a right to consent. Because HIPAA is not broad enough to drive the economic and social benefits of patient identity, a HIPAA-based solution cannot be effective in the long run. A national patient ID strategy must be based on consent. One way to introduce consent into the solution is to involve payer IDs. Although not everyone is insured, yet, those who are have every reason to provide strongly validated identity voluntarily. Leveraging the near-universal consensus against surprise medical bills will align incentives even further.
• TEFCA depends on patient identity on a scale that stresses probabilistic matching. As it stands, TEFCA is not guaranteed to succeed because it still depends on new regulation and enforcement. The incumbent state and vendor HIE interests have almost no economic reason to cooperate. Major integrated delivery networks invested in “Epic Everywhere” as a way to control local competition have no reason to help TEFCA dilute their expensive investment. To derive value and equity benefits from TEFCA, its governance strategy will need to be much more patient-focused than it is so far. The tendency for ONC to stand back and wait for Sequoia to do its thing will lead to failure. If ONC wants TEFCA to succeed you will need to give consumers and economists the lead, with incumbent HIEs, hospitals, and vendors in an advisory role. Furthermore, all of TEFCA’s and Sequoia’s doings need to be in the open and subject to Federal transparency regs.
• Regardless the pace of insurance or health reform, our nation needs timely and accurate data to drive health policy and provide the resilience essential to dealing with public health emergencies. Research uses of health data can also be improved. Most of all, a remedy for the health access disparities unique to the US among rich nations, will require patient trust and unprecedented transparency into how healthcare is delivered, to whom, and at what cost. As the disgusting lobbying over ending surprise medical bills has clearly shown, the majority of private and incumbent interest, including the AMA, have little regard for the social impact of their policies. Patient identity strategy is critical to providing the sunshine and driving the science we need to serve the interest of all Americans.
• Self-Sovereign Identity (SSI) in the form of standardized decentralized identifiers (DID) is certainly going to be part of the patient ID solution because the alternative, federated identity (as in OpenID Connect) has already failed both in healthcare and other markets. The reason OpenIDConnect has failed is inadequate privacy. Nobody wants “Sign In with Facebook” to mean that Facebook gets to track everywhere they sign-into and that Facebook gets to cancel their account on a whim and have them lose control of the services that depend on the Facebook-controlled credentials. I am not aware of any successful consumer-level federation for single sign-on, in or out of healthcare, except for ATMs, which benefit from the huge homogeneity and deep regulation of banks. So, wherever overall strategy we go forward in TEFCA and beyond, please consider that there is no current alternative to SSI for the patient ID components.

Signed,

Adrian Gropper, MD

CTO, Patient Privacy Rights

Deborah C. Peel, MD

President and Founder, Patient Privacy Rights

By ADRIAN GROPPER, MD

How should we react to 1,718 pages of new regulation? Let’s start by stipulating the White House and HHS perspective: 

“Taken together, these reforms will deliver on the promise to put patients at their center of their own health care — you are empowered with control over your own health care choices.” 

Next, let’s stipulate the patient perspective via this video lovingly assembled by e-Patient Dave, Morgan Gleason, and the folks at the Society for Participatory Medicine. In less than 3 minutes, there are 15 patient stories, each with a slightly different take on success.

Third, allow me to summarize the 15 stories:

1. Regina – needs a hospital to know her pain meds
2. Sue – needs a doctor to know her path report
3. Morgan – has 23 patient portals with records to show her doctor
4. Amy – wants her doctor to retrieve records
5. Sue – needs records to make critical appointments
6. Adrian – needs all doctors to share an authoritative current medication list
7. Janice – needs notification of critical follow-up from doctors
8. Bray – misses a comprehensive health record
9. Stacey – needs her doctors to access her mammograms
10. Bailey – is frustrated by manual repetition
11. Stacy – wants to be an effective navigator for patient clients
12. G – was victim of a transcription error
13. Betty – was harmed by records lost in transit
14. Anne – caught an error in her chart
15. Grace – wants a single record available everywhere

Notice that all but one or two of these patient stories has a doctor, hospital, or staff as the target and the real goal of the patient-directed access. 

Now, here’s the challenge to my expert friends and pundits reviewing the 1,718 pages. All of these pages are about basically one thing, a regulation on how to build and operate electronic health records that doctors and staff use. Will these regulations actually achieve the goal?

“Taken together, these reforms will deliver on the promise to put patients at their center of their own health care — you are empowered with control over your own health care choices.” 

The Cures regulations are clearly a step in the right direction but they seem to be missing essential components. Simply put, the regulations mandate access by patients but not by the patient’s doctors – and that’s not nearly enough. The missing link is a mandate for EHRs to enable patient-centered input in a way that is convenient and time-effective for doctors and staff. Patients can manage stacks of paper and dozens of apps but if there’s no way to deliver authoritative, current, and succinct information to their doctors then most of the 15 patient stories will remain unfulfilled and the goal of “control over your own health care choices” will be just rhetoric. 

Fortunately, HHS still has some powerful cards to play, and how they play them in 2020 will make a huge difference. 

• One of these is TEFCA, which has yet to issue rules for how a hospital EHR gets access to records from another source. TEFCA can be strongly linked to the patient’s right of access that the Cures regulations provide. This would avoid the loss of provenance and authenticity that will otherwise occur if patients are forced to use an app in the middle of the transfer as the CARIN Alliance is suggesting. Unfortunately, patient and physician advocates like Patient Privacy Rights are not considered principal stakeholders in the TEFCA design. We’re excluded from the core decision-making process.
• Another lever is the power of the purse as the Federal Health Architecture is deploying a new commercial EHR in the coming years. The VA and others can require that their EHR behaves symmetrically, where anything the Cures regulations say can be sent out of a certified EHR can also be brought into the VA EHR. This would set a good example without introducing additional regulatory or standards delays that might easily eat-up another decade. 
• Lastly, HHS can drive for the next generation of standards that are based on modern, self-sovereign identifiers and zero-trust architecture. They can do this by contributing to the HEART Workgroup and launching the next iteration of the API Task Force to make clear that patient control of the regulated API is separate form patient control of the data itself. Standards for identity and consent apply to APIs for wearables, banking, and social services as well as they do to regulated health care providers. Health industry API standards like FHIR are critical but a patient-centered perspective will bring in other APIs and so the identity and consent practices should follow industry practices beyond healthcare.

Implementation of the Cures regulations is mandated over the next four years. Now that this major milestone has been reached, HHS needs to pull the next levers of power to drive meaningful competition and a new generation of healthcare innovation.

Adrian Gropper, MD, is the CTO of Patient Privacy Rights, a national organization representing 10.3 million patients and among the foremost open data advocates in the country.

By ADRIAN GROPPER, MD

The rather esoteric issue of a national patient identifier has come to light as a difference between two major heath care bills making their way through the House and the Senate.

The bills are linked to outrage over surprise medical bills but they have major implications over how the underlying health care costs will be controlled through competitive insurance and regulatory price-setting schemes. This Brookings comment to the Senate HELP Committee bill summarizes some of the issues.

Who Cares?

Those in favor of a national patient identifier are mostly hospitals and data brokers, along with their suppliers. More support is discussed here. The opposition is mostly on the basis of privacyand libertarian perspective. A more general opposition discussion of the Senate bill is here.

Although obscure, national patient identifier standards can help clarify the role of government in the debate over how to reduce the unusual health care costs and disparities in the U.S. system. What follows is a brief analysis of the complexities of patient identifiers and their role relative to health records and health policy.

Patient Matching

Patient matching enables surveillance of patient activity across service providers and time. It can be done either coercively or voluntarily. We’re familiar with voluntary matching like using a driver’s license number to get a controlled substance prescription. People are not aware of the coercive matching that goes on without our consent.

Voluntary matching is cheap and reliable. Coercive surveillance for patient matching is quite expensive and prone to errors. Why would so many businesses promote the coercive alternative? It’s mostly about money. The relationship between health surveillance and money in the U.S. healthcare system is relatively unique in the world. The issue of a national patient identifier is also pretty specific to the U.S. The reasons, as all things in U.S. healthcare, are complicated. But, fundamentally, they boil down to two things:

• Patients have a right to be treated without identification — what HIPAA calls “known to the practice” — but paying for that treatment clearly requires some identification.
• The byzantine financial incentives in the U.S. system mean that thousands of data brokers have a financial interest in the hidden surveillance. Otherwise, they would just ask patients for consent.

Insurance

Payers already have a patient identifier. The impact of adding a surveillance component, either voluntary or coercive, is hard to estimate. Would patients have a choice of plans with or without coercive surveillance? Would we need regulations, similar to GINA, to reduce the risk of biased interpretation? I’m not aware of any insurance industry comments on the House national patient identifier amendment.

All Payer Claims Databases

Pretty much everyone in the health care “system” is working as hard as they can to avoid transparency. Transparency of quality, of cost, of data uses, of directories, of “black box” and artificial intelligence algorithms, and more. The principal strategy for both the House and Senate versions of the cost reduction bills is to increase transparency, but that could be achieved with either coercive or voluntary identifiers.

Prescriptions

Coercive patient surveillance is already in place on a massive scale. Surescripts tracks over 200 million U.S. patients and sells that information for all sorts of purposes without patient consent or obvious oversight. In theory, one can opt-out of Surescripts. In practice, it’s practically impossible. (I tried it.) I did find errors in my file. Even fixing those errors was more trouble than it was worth. Would Surescripts’ coercive surveillance be mitigated by a national patient identifier? Quite possibly, if the final legislation introduces privacy protections, such as opt-in and real-time patient notification by Surescripts or anyone else that is making use of the identifier.

Known to the Practice

HIPAA encourages a trusting physician-patient relationship by allowing confidential and even anonymous consultation. This promotes public health. The implementation of a national patient identifier must preserve this option.

TEFCA

The federal government has been trying to create a national network for health records for over a decade. The current state is the Trusted Exchange Framework and Common Agreement (TEFCA) Draft 2. TEFCA is still far from obvious with major detractors from the incumbents and no clear solution to the very hard problems of regulatory capture of standards, security, consent, and patient matching. Three comments by Patient Privacy Rights address these issues.

Aside from moving patient data from here to there, TEFCA aims to provide a surveillance mechanism that will track the locations where patients receive health services. This can be quite useful for maintaining a longitudinal patient record, measuring outcomes, and informing research, as well as policy.

But a national surveillance system can also spook patients and increase public health risks if populations concerned about bias and loss of opportunity hide or actively game the system. It’s therefore essential to design TEFCA with the highest level of privacy and transparency, similar to what we have in finance. A national patient identifier will help TEFCA, but only if it is voluntary (linked to consent), transparent (to mitigate security risks), and most importantly, if it replaces the current design based on coercive surveillance.

Privacy

People already have any number of national-scale identifiers. Mobile phone numbers and the unique device identifiers that phones broadcast just by being on, email addresses, driver’s license numbers, Medicare and private insurance IDs, a Social Security Number, and credit cards. What matters for privacy is not the existence of personal identifiers but how they are used. Is the usage regulated? Does use in one domain, e.g. purchasing, cross over into another domain such as taxation? Is the use of the identifier voluntary like when you sign to allow your credit surveillance history to be accessed by an auto dealer or a landlord? Are you notified whenever an identifier is used? Are there usage logs and statements conveniently available to you? A national patient identifier will need to answer all of these questions and more.

Errors, bias, and ethics

Every large system is subject to errors, bias, and ethical issues. The proponents of a national patient identifier make self-serving arguments about reducing errors, such as assigning data to the wrong patient, without a critical analysis of how errors might be intentionally or accidentally introduced into the system. Other questions include how patients can catch errors or omissions and how access to a national identifier might bias relationships with employers or a new generation dating sites. The ethics of health care are mostly about the unintended consequences of what superficially seems like a good idea.

Coerced, Voluntary, or Self-sovereign

Self-Sovereign Identity (SSI) that is cryptographically secure and controlled by the individual person. If we introduce a national identifier, for patients or any other large-scale use, in 2020, should that identifier be compatible with SSI?

Independent Patient-Controlled Longitudinal Health Record

A new national patient identifier is not an end in itself, it must serve or enable something new. That new thing could be universal healthcare coverage, which exists in almost every other developed economy. Another new thing would be a longitudinal health record that is independent of any particular public or private institution. An independent health record would promote competition, enable greater transparency of outcomes and costs, and it would significantly reduce the costs of research and innovation. It’s important to design TEFCA and other federal programs around the outcome rather than a tweak of the process.

Non-HIPAA Components

What would be the scope of a new national patient identifier? Should it be used to add non-HIPAA components like exercise or diet to a patient’s record? Should it apply to over-the-counter purchases in pharmacies or telemedicine from outside the US? Will the new identifier expand the scope of surveillance by Facebook, Google, and other hard-to-avoid platforms?

Should you care?

Yes. The uniquely high U.S. health care costs are now driving politics directly and indirectly. Universal coverage could be the top issue in 2020. But health costs also impact immigration discussions, as well how we deal with technology-driven shifts in employment and employer-based insurance.

Bi-partisan efforts such as the “surprise medical bills” legislation now before the House and Senate are aimed at health care cost outcomes and the balance of power between hospitals, payers, patients, physicians, and regulators. That balance of power was swept under the political rug in previous efforts. With health care waste and fraud running at about $1.5 trillion or 6 percent of GDP, the debate over a national patient identifier should not be about the process of patient matching but over the path to increased transparency, competition and innovation.

Adrian Gropper, MD, is the CTO of Patient Privacy Rights, a national organization representing 10.3 million patients and among the foremost open data advocates in the country. This post originally appeared on Bill of Health here.

By ADRIAN GROPPER, MD and DEBORAH C. PEEL, MD

TEFCA will succeed where previous national health information exchange efforts have failed only if it puts patients’ and families’, and/or their fiduciary agents, in control of health technology. This is the only path to restore trust in physicians, and to ensure accurate and complete data for treatment and research.

As physicians and patient advocates, we seek a longitudinal health record, patient-centered in the sense of being independent of any particular institution. An independent health record is also essential to enhancing competition and innovation for health services. TEFCA Draft 2 is the latest in a decade of starts down the path to an independent longitudinal health record, but it still fails to deal with the problems of consent, patient matching, and regulatory capture essential for a national-scale network. Our comments on regulatory capture will be filed separately.

We strongly support the importance in Draft 2 of Open APIs, Push, and a relationship locator service. We also strongly support expanding the scope to a wider range of data sources, beyond just HIPAA covered entities in order to better serve the real-world needs of patients and families.

However, Draft 2 still includes design practices such as the lack of patient transparency, lack of informed consent, and a core design based on involuntary surveillance. This institution-centered design barely works at a community level and leaves out many key real-world participants. It is wishful thinking to believe that it will work with expanded participant scope and on a national scale.

TEFCA’s path to a successful national-scale network goes through the patient.

A person-centered architecture for health interoperability should emulate the modern-day version of our architecture for financial interoperability. Specifically:

• Data moves only with complete transparency under explicit patient authorization.
• The APIs are symmetrical with respect to read and write, push and pull.
• Security is enhanced by contemporaneous notification of all transactions.
• Surveillance, to provide a relationship locator service, is very limited and transparent.
• Coercive and probabilistic patient matching is replaced by voluntary identification linked to consent.
• Privacy by default is not only compatible with flow of sensitive data and social determinants of health, it’s the only way patients will trust revealing this data .

Our detailed comments below call out where Draft 2 deviates from a patient-directed design and suggests the only scalable and sustainable alternative for data exchange. Page references are to Download the Trusted Exchange Framework and Common Agreement Draft 2.

Page 14 – Three exchange modalities

TEFCA should enable a longitudinal health record controlled by patients. From that perspective, it ensures patients know where their records are, ensures providers can get information from whatever places patients allow, and enables providers to update the patient record, with strong support for security and accountable attribution. All three modalities are essential to serving patients and health professionals. We recommend greater focus on the desired outcomes and guidance on how the modalities support the clinical outcome of patient-controlled care.

Page 15 – Individual Access Services

Individual access services are essential for a scalable network that also includes non-HIPAA entities. We recommend that TEFCA build on individual access to explicit consent mechanisms instead of HIPAA T/P/O, that TEFCA account for all disclosures, provide contemporaneous notice of all transactions, and build trust through this unified user experience. Just as TEFCA aims to present “a single on-ramp” to institutions, it should also provide a single point of contact for patients by linking consent and accounting for disclosures to a single point of contact that’s linked to the relationship locator service functionality in TEFCA. It’s time to give patients technology that makes it easy for them to easily navigate, understand, and control their health data.

Page 16 – Non-HIPAA entity participation

We encourage participation by non-HIPAA entities as well as HIPAA entities that are more strictly regulated under 42CFR Part 2. However, the draft description of how this will come about is too vague to be useful in terms of security as well as privacy. HIPAA is inadequate in many ways for 21st Century technology and practice because it avoids consent, transparency, and notice that is common practice in banking, telecommunications, and other networked services. We recommend that this section be rewritten without reference to HIPAA.

Page 17 – Meaningful choice to participate

This section is inadequate. Meaningful choice must be defined in terms of the patient, family, and physician experience. Should our choice be only all-or-none? Should what shows up as a result of broadcast queries or other relationship locator services be hidden from patients? Will patients be notified of all activity under TEFCA? How will patients manage dozens of service relationships including non-HIPAA and 42CFR Part 2 sources unless new technology to support patient’s/or a fiduciary agent’s easy management of our health data? Will patients have the opportunity to specify a particular QHIN of their choice as primary access providers?

Page 19 – Security

Transparency and contemporaneous notification of activity is essential to modern network security. Draft 2 fails to provide adequate guidance of how this will be achieved.

Page 19 – Individual rights

We commend Draft 2 for being explicit on the primacy of individual rights and urge further clarification of how users can exercise their individual rights.

Page 20 – No charge for individual access services

This is an essential component for a successful network. A QHIN that wants to compete on the basis of individual access services must be able to provide patients and physicians a defined fee structure regardless of where the information originates.

Page 26 – HIN privacy practices

This section is confusing. The requirements for patient-directed sharing are pretty clear in the recent ONC NPRM with regard to covered entities. The underlying assumption is patients should have a choice of covered entities. Will patients have a choice of HIN? Will patients even know which HIN has information about them? We support patient-directed sharing as the foundation for TEFCA but seek clarity and technology standards to assure it works from the patient and physician perspectives. We suggest more specific solutions below.

Pages 28 and 29 – Patient-directed exchange

We strongly support a TEFCA design built on patient-directed exchange via APIs. As mentioned above, this is the only method that can solve consent and patient matching problems at scale. Nothing else is scalable.This section is a good start because it makes explicit that the introduction of HINs (and QHINs) should not dilute or limit the patient experience via technology or limit the scope of patient-directed access. From a patient perspective, will patients have a choice of HINs? Will QHINs compete with HINs? How will patients know or choose where to address their requests for patient-directed sharing: to a covered entity, a HIN, or a QHIN?

Page 45 – Patient matching

Moving around patient demographic data for patient matching purposes is a national surveillance mechanism of unprecedented scale outside of law enforcement. Once it becomes public, it will spook many patients and cause them to opt-out of TEFCA all together. Building TEFCA on a surveillance backbone will limit both the kinds of patients who will participate and the kinds of services that they will connect with. Furthermore, the whole framing of this section makes clear that mistakes in patient matching will happen. What will be an acceptable threshold for errors? How will patients become aware of the errors? Who will be responsible for fixing the errors?

Page 51 – Identity proofing

HIPAA allows treatment on the basis of “known to the practice”. Although QHINs are not a covered entity in the treatment sense, the requirement for identity-proofing means patients who receive care under “known to the practice” will not be able to participate in TEFCA. We urge HHS to make TEFCA accessible to all patients by allowing patients to self-identify (as part of the consent process) if they choose. Identity-proofing in healthcare is only appropriate under very limited circumstances such as prescribing of controlled substances. Typical care, including third-party payment, can be done as known-to-the-practice and to the payer without introducing privacy compromises on a national scale.

Page 69 – Accounting of disclosures exception

Section 9.5.3 violates good security practice and should be unacceptable for a national-scale government program. Lacking transparency, a TEFCA built on hidden transactions and national-scale surveillance will not be trusted by many patients. As of 2016, 89% of patients are withholding information from providers. Computation and connectivity are now effectively universal and must be leveraged by TEFCA to the fullest extent in order to provide security, engender trust, and catch errors.

Page 82 – Direct address and other address modalities

The ability to correctly designate a recipient is essential for both patients and clinicians. National databases such as NPPES (for NPI) and Physician Compare that already exist and they are open for access in order to verify the identity of a designee. We urge TEFCA to build on this existing infrastructure by adding Direct addresses to NPPES and Physician Compare. To the extent that TEFCA develops other means of identifying practices or individuals, we strongly urge them to be fully open, API-enabled, and easily accessible to products and services in the general marketplace and beyond TEFCA.

Page 85 – ONC Request for Comment #7 – Patient matching

The E in IHE stands for Enterprise. Patient matching at enterprise scale is complex but uncontroversial because the patient universe is relatively small and the party responsible for errors is clear. Patient matching on the national scale of TEFCA is not supported by evidence and an unnecessary risk to TEFCA and the public. We urge TEFCA be built on explicit patient consent and voluntary self-identification the way that banking and other commercial networks operate.

Page 85 – ONC Request for Comment #8 – Patient identity resolution

Patient matching is a form of coercive surveillance. The introduction of data sources outside of healthcare, such as government registries or so-called “referential matching”, extends surveillance across domains unrelated to healthcare and is subject to unacceptable risks and abuses of security as well as privacy. Such practices risk having a majority of people opting out of TEFCA. The capture of all citizen data required by nations like China and Russia, forced surveillance allows government to control and harm its citizens, the opposite of Democracies that place individuals’ rights first.

Page 85 – ONC Request for Comment #9 – Patient identity resolution performance

This question highlights just how risky it is to design a national network based on untested surveillance principles. Health care is not like law enforcement where governance is well understood and almost exclusively in the public domain. We urge ONC to abandon surveillance and patient matching as a foundation for TEFCA. Build on ethical and universal human rights to autonomy, self-determination, respect and individual consent and on voluntary self-identification as the foundation.

Page 85 – ONC Request for Comment #10 – Record location services

Record location services enable a longitudinal health record but they can also be a component of a longitudinal health record. A record locator service should be centralized or distributed among QHINs. It can also be decentralized to wherever a patient chooses to maintain a longitudinal health record. We urge TEFCA to adopt practices that do not prevent patients and innovative services that allow patients to be in control of their health record. A patient-centered independent health record can manage the authoritative list of providers, payers, apps, and other data sources that pertain to that patient.

Page 86 – ONC Request for Comment #11 – Directory services

QHINs should be required to implement standardized directory services for all public information relevant to TEFCA. This includes provider information that is already public in NPPES and Physician Compare as well as payer network participation and other information essential to decision support by patients, families, and providers. These directories should be publicly available at no cost to app and service developers. Let’s keep in mind that most healthcare is either directly or indirectly paid by the Federal government and lack of consistent APIs and access to essential information is a barrier to competition where it matters most. This is the only path to enable privacy and innovation in health and health IT. Patients must be able to know and control all users of their sensitive health data.

Page 86 – ONC Request for Comment #12 – Meaningful Choice (consent) directories

The standard for communicating Meaningful Choice between directories should be Kantara User Managed Access (UMA). UMA is based on the OAuth2 standard already widely adopted by FHIR and SMART. It is a standard that allows for both institutions such as QHINs and individuals to provide authorization services, the essential component of Meaningful Choice. UMA has already been profiled by the HEART Workgroup, which is co-chaired by ONC. We recommend the adoption of UMA for TEFCA specifically because it allows for both institutional and individual (patient-centered) architectures.

Privacy-sensitive patients are reluctant to broadly share the policies by which they grant authorization with third-parties such as QHINs across the land. UMA allows patients to choose their authorization service and to keep their policies restricted to that authorization server. This creates an innovative market for QHINs to compete to provide authorization services or for patients and operate authorization services as fiduciaries. When patients don’t care, UMA can still be used among QHINs by adding an authorization server entry to every patient’s record locator service.

The adoption of UMA also solves a major problem, discussed in the recent ONC NPRM as the multiple portals problem, where patients are expected to monitor their Meaningful Choice policies separately across a dozens of HIPAA covered, 42CFR and non-HIPAA entities. This is clearly very hard or impossible. Again, health technology should make it easy for patients to acquire, manage, use, and enable disclosures or queries of health data. UMA provides the patient with one single point of contact that is accessed by all the other service providers to get authorization for data uses. US health technology fails unless patients have a single point of contact.

As mentioned above, building TEFCA on demographic patient matching can’t succeed. We  recommend the only safe and effective method based on voluntary identity linked to consent. This solves the problem of sharing demographic information as part of Meaningful Choice notices because the notices are explicitly linked to the patient identity with no additional risk or privacy burden.

Page 87 – ONC Request for Comment #13 – Meaningful Choice standards

The sharing of Meaningful Choice notices across the entire country creates an unprecedented and unnecessary privacy risk. As described above (Comment #12) a patient-controlled design for TEFCA consent management avoids the problem by keeping patient policies in a single QHIN or patient-selected service. The logging and documentation requirements for all of the other QHINs are much reduced and their liability for privacy breaches is mostly eliminated. QHINs can compete to serve as the patient’s point-of-contact for Meaningful Choice and can be compensated for this additional service.

Page 87 – ONC Request for Comment #14 – Auditing

Every one of the actions listed must be subject to audit. This is the minimum for a scalable security and privacy infrastructure. The amount of information kept about each action is less important. It’s reasonable to start with a minimum of information such as date-time, patient identity, data source, and authorization authority. More detailed logs should be kept by the authorization authority (sometimes called the policy decision point or the UMA authorization server). These logs can include information about the requesting party and the policy applied which, for privacy reasons, might best be kept off the network. A patient-centered and possibly patient-designated authorization service also promotes trust by offering the patient a single point of contact to audit transactions about them.

In conclusion, we are very eager for TEFCA to succeed because it can be a path to a patient-controlled independent health record that will reassure patients and restore trust in physicians, reduce errors, and lower the barrier to innovation and market entry for health services. TEFCA’s path to a successful national-scale network goes through the patient.

Adrian Gropper, MD, is the CTO of Patient Privacy Rights, a national organization representing 10.3 million patients and among the foremost open data advocates in the country. 

Deborah C. Peel, MD, is the Founder and President of Patient Privacy Rights.

By ADRIAN GROPPER, MD

The original sin of health records interoperability was the loss of consent in HIPAA. In 2000, when HIPAA (Health Insurance Portability and Accountability Act) first became law, the Internet was hardly a thing in healthcare. The Nationwide Health Information Network (NHIN) was not a thing until 2004. 2009 brought us the HITECH Act and Meaningful Use and 2016 brought the 21st Century Cures Act with “information blocking” as clear evidence of bipartisan frustration. Cures,  in 2018, begat TEFCA, the draft Trusted Exchange Framework and Common Agreement. The next update to the draft TEFCA is expected before 2019 which is also the year that Meaningful Use Stage 3 goes into effect.

Over nearly two decades of intense computing growth, the one thing that has remained constant in healthcare interoperability is a strategy built on keeping patient consent out of the solution space. The 2018 TEFCA draft is still designed around HIPAA and ongoing legislative activity in Washington seeks further erosion of patient consent through the elimination of the 42CFR Part 2 protections that currently apply to sensitive health data like behavioral health.

The futility of patient matching without consent parallels the futility of large-scale interoperability without consent. The lack of progress in patient matching was most recently chronicled by Pew through a survey and a Pew-funded RAND report. The Pew survey was extensive and the references cite the significant prior efforts including a 100-expert review by ONC in 2014 and the $1 million CHIME challenge in 2017 that was suspended – clear evidence of futility.

Pew’s chronicle of futility is capped by a 2-hour panel discussion designed to highlight innovations in patient matching. Pew’s experts did not include privacy experts. Nobody was there to call patient matching what it really is: involuntary surveillance. The new idea in the Pew reports is “referential matching” where the surveillance system is enhanced with information about us from data brokers and credit bureaus. What could possibly go wrong, especially as we add artificial intelligence into the surveillance toolkit?

Why is healthcare the only industry with a person matching problem? The reason is partly historical. In the days before HITECH incentives and BIG EHRs, each hospital had dozens of proprietary software vendors, many of them with their own patient ID. Within a single hospital, patient consent was not an issue and probabilistic patient matching can work when the patient universe is a single hospital. As hospitals and practices began consolidating, probabilistic patient matching still made some sense because the governance was effectively a single entity and the number of patients was in the few millions. But regional or national interoperability is a very different ballgame. Governance is now spread across competitors and the universe of patients to match within is hundreds of millions.

The solution to patient matching and to interoperability is the same: patient-directed exchange. With the patient-directed exchange, patient matching is trivial and non-proprietary, consent is automatic by definition, and the costs of data brokerage are eliminated. Furthermore, the patient-directed exchange allows interoperability across 42CFR Part 2 behavioral health practices and includes community organizations and social services that are typically not covered by HIPAA. The quantity and the quality of patient data are both improved.

The next round of regulations from ONC will be a definition of information blocking and an updated version of TEFCA. Will this ONC continue to promote a strategy of involuntary surveillance by ever more powerful incumbents or will they finally allow patients to say: “Nothing about me without me”?