Tag: 21st Century Cures Act

If data is the new oil, there’s going to be war over it

Apr 15, 2024

By MATTHEW HOLT

I am dipping into two rumbling controversies that probably only data nerds and chronic care management nerds care about, but as ever they reveal quite a bit about who has power and how the truth can get obfuscated in American health care.

This piece is about the data nerds but hopefully will help non-nerds understand why this matters. (You’ll have to wait for the one about diabetes & chronic care).

Think about data as a precious resource that drives economies, and then you’ll understand why there’s conflict.

A little history. Back in 1996 a law was passed that was supposed to make it easy to move your health insurance from employer to employer. It was called HIPAA (the first 3 letters stand for Health Insurance Portability–you didn’t know that, did you!). And no it didn’t help make insurance portable.

The “Accountability” (the 1st A, the second one stands for “Act”) part was basically a bunch of admin simplification standards for electronic forms insurers had been asking for. A bunch of privacy legislation got jammed in there too. One part of the “privacy” idea was that you, the patient, were supposed to be able to get a copy of your health data when you asked. As Regina Holliday pointed out in her art and story (73 cents), decades later you couldn’t.

Meanwhile, over the last 30 years America’s venerable community and parochial hospitals merged into large health systems, mostly to be able to stick it to insurers and employers on price. Blake Madden put out a chart of 91 health systems with more than $1bn in revenue this week and there are about 22 with over $10bn in revenue and a bunch more above $5bn. You don’t need me to remind you that many of those systems are guilty with extreme prejudice of monopolistic price gouging, screwing over their clinicians, suing poor people, managing huge hedge funds, and paying dozens of executives like they’re playing for the soon to be ex-Oakland A’s. A few got LA Dodgers’ style money. More than 15 years since Regina picked up her paintbrush to complain about her husband Fred’s treatment and the lack of access to his records, suffice it to say that many big health systems don’t engender much in the way of trust.

Meanwhile almost all of those systems, which already get 55-65% of their revenue from the taxpayer, received additional huge public subsidies to install electronic medical records which both pissed off their physicians and made several EMR vendors rich. One vendor, Epic Systems, became so wealthy that it has an office complex modeled after a theme park, including an 11,000 seat underground theater that looks like something from a 70’s sci-fi movie. Epic has also been criticized for monopolistic practices and related behavior, in particular limiting what its ex-employees could do and what its users could publicly complain about. Fortune’s Seth Joseph has been hammering away at them, to little avail as its software now manages 45%+ of all encounters with that number still increasing. (Northwell, Intermountain & UPMC are three huge health systems that recently tossed previous vendors to get on Epic).

Meanwhile some regulations did get passed about what was required from those who got those huge public subsidies and they have actually had some effect. The money from the 2009 HITECH act was spent mostly in the 2011-14 period and by the mid teens most hospitals and doctors had EMRs. There was a lot of talk about data exchange between providers but not much action. However, there were three major national networks set up, one mostly working with Epic and its clients called Carequality. Epic meanwhile had pretty successfully set up a client to client exchange called Care Everywhere (remember that).

Then, mostly driven by Joe Biden when he was VP, in 2016 Congress passed the 21st Century Cures Act which among many other things basically said that providers had to make data available in a modern format (i.e. via API). ONC, the bit of HHS that manages this stuff, eventually came up with some regulations and by the early 2020’s data access became real across a series of national networks. However, the access was restricted to data needed for “treatment” even though the law promised several other reasons to get health data.

As you might guess, a bunch of things then happened. First a series of VC-backed tech companies got created that basically extract data from hospital APIs in part via those national networks. These are commonly called “on-ramp” companies. Second, a bunch of companies started trying to use that data for a number of purposes, most ostensibly to deliver services to patients and play with their data outside those 91 big hospital systems.

Which brings us to the last couple of weeks. It became publicly known among the health data nerd crowd that one of the onramp companies, Particle Health, had been cut off from the Carequality Network and thus couldn’t provide its clients with data.

Particle Health, Complete Patient Records & ‘The Business’ of the Information Blocking Rule

Aug 16, 2022

By JESSICA DAMASSA

Particle Health’s CEO Troy Bannister stops by to not only talk about the API platform company’s $25M Series B, but to also explain exactly what’s going on in that patient data ‘exchange-standardize-and-aggregate’ space that, these days, looks poised to pop as the 21st Century Cures Act Information Blocking Rule stands ready to make hospitals share data like never before.

Troy calls Particle a “network of networks” and what that means is that their API pulls patient records from organizations and businesses that are already aggregating them (so aggregating the aggregators) to get all the lab data and medical data a clinician would want to in order to have a more complete picture of their patient. For clients like One Medical or Omada Health, who deliver value-based care and take on risk, having such a robust historic data set on patients – along with a more complete picture of their comorbidities – helps improve decision making and outcomes.

So, how is Particle Health working now – and what will change – as the Information Blocking Rule gets implemented? Troy’s written about this for Forbes, and explains what has him fired up here too. Turns out their model has room to accommodate a big pivot: giving patients access to their own ‘network of networks’ record. Find out what sets Particle off in this new B2B2C direction and how they will be using that Series B funding to build out deeper analytical tools to help everyone make better sense of what the data in all those records can show us.

Link to Troy’s Forbes piece on Anti Information Blocking Rules

Link to Jess’s chat with Micky Tripathi, the National Coordinator for Health Information Technology at HHS, on Anti Information Blocking & TEFCA:

Strategic Interests and the ONC Annual Meeting

Jan 29, 2020• 6

By ADRIAN GROPPER, MD

The HHS Office of National Coordinator (ONC) hosted a well-attended Annual Meeting this week. It’s a critical time for HHS because regulations authorized under the almost unanimous bi-partisan 21stC Cures Act, three and a half years in the making, are now facing intense political pressure for further delay or outright nullification. HHS pulled out all of the stops to promote their as yet unseen work product.

Myself and other patient advocates benefited from the all-out push by ONC. We were given prominent spots on the plenary panels, for which we are grateful to ONC. This post summarizes my impressions on three topics discussed both on-stage and off:

Patient Matching and Unique Patient Identifiers (UPI)
Reaction to Judy Faulkner’s Threats
Consumer App Access and Safety

Each of these represents a different aspect of the strategic interests at work to sideline patient-centered practices that might threaten the current $Trillion of waste.

The patient ID plenary panel opened the meeting. It was a well designed opportunity for experts to present their perspectives on a seemingly endless debate. Here’s a brief report. My comments were a privacy perspective on patient matching, UPI, and the potential role of self-sovereign identity (SSI) as a new UPI technology. The questions and Twitter about my comments after the panel showed specific interest in:

The similarity of “enhanced” surveillance for patient matching to the Chinese social credit scoring system.
The suggestion that we already have very useful UPIs in the form of email address and mobile phone numbers that could have been adopted in the marketplace, but are not, for what I euphemistically called “strategic interests”.
The promise of SSI as better and more privacy preserving UPIs that might still be ignored by the same strategic interests.
The observation that a consent-based health information exchange does not need either patient matching or UPIs.

Patient Controlled Health Data: Balancing Regulated Protections with Patient Autonomy

Sep 3, 2019• 1

By KENNETH D. MANDL, MD, MPH, DAN GOTTLIEB, MPA, and JOSHUA MANDEL, MD

This piece is part of the series “The Health Data Goldilocks Dilemma: Sharing? Privacy? Both?” which explores whether it’s possible to advance interoperability while maintaining privacy. Check out other pieces in the series here.

A patient can, under the Health Insurance Portability and Accountability Act (HIPAA), request a copy of her medical records in a “form and format” of her choice “if it is readily producible.” However, patient advocates have long complained about a process which is onerous, inefficient, at times expensive, and almost always on paper. The patient-driven healthcare movement advocates for turnkey electronic provisioning of medical record data to improve care and accelerate cures.

There is recent progress. The 21st Century Cures Act requires that certified health information technology provide access to all data elements of a patient’s record, via published digital connection points, known as application programming interfaces (APIs), that enable healthcare information “to be accessed, exchanged, and used without special effort.” The Office of the National Coordinator of Health Information Technology (ONC) has proposed a rule that will facilitate a standard way for any patient to connect an app of her choice to her provider’s electronic health record (EHR). With these easily added or deleted (“substitutable”) apps, she should be able to obtain a copy of her data, share it with health care providers and apps that help her make decisions and navigate her care journeys, or contribute data to research. Because the rule mandates the ”SMART on FHIR” API (an open standard for launching apps now part of the Fast Healthcare Interoperability Resources ANSI Standard), these apps will run anywhere in the health system.

Apple recently advanced an apps-based information economy, by connecting its native “Health app” via SMART on FHIR, to hundreds of health systems, so patients can download copies of their data to their iPhones. The impending rule will no doubt spark the development of a substantial number of additional apps.

Policymakers are grappling with concerns that data crossing the API and leaving a HIPAA covered entity are no longer governed by HIPAA. Instead, consumer apps and the data therein fall under oversight of the Federal Trade Commission (FTC). When a patient obtains her data via an app, she will likely have agreed to the terms and the privacy policy for that app, or at least clicked through an agreement no matter how lengthy or opaque the language. For commercial apps in particular, these are often poorly protective. As with consumer behavior in the non-healthcare apps and services marketplace, we expect that many patients will broadly share their data with apps, unwittingly giving up control over the uses of those data by third parties.

Remembering the Real Stakeholders: Patient Privacy Rights Comments on the Proposed CMS Regulation Pursuant to the Cures Act

Jun 14, 2019• 3

By ADRIAN GROPPER, MD and DEBORAH C. PEEL, MD

Electronic health records (EHRs) are a polarizing issue in health reform. In their current form, they are frustrating to many physicians and have failed to support cost improvements. The current round of federal intervention is proposed rulemaking pursuant to the 21st Century Cures Act calls for penalties for “information blocking” and for technology that physicians and patients could use “without special effort.”

The proposed rules are over one thousand pages of technical jargon that aims to govern how one machine communicates with another when the content of the communication is personal and very valuable information about an individual. Healthcare is a challenging and unique industry when it comes to interoperability. Hospitals spend lavishly on EHRs and pursue information blocking as a means to manipulate the physicians and patients who might otherwise bypass the hospital on the way to health reform. The result is a broken market where physicians and patients directly control trillions of dollars in spending but have virtually zero market power over the technology that hospitals and payers operate as information brokers.

What follows below are comments by Patient Privacy Rights on the proposed rule. The common thread of our comments is the need to treat patients and physicians, not the data brokers, as the real stakeholders.

Comments to the ONC Rule

Overview: 21st Century health care innovation, policy, and practice is increasingly dependent on personal information. This is obvious with respect to machine learning and risk adjustment, but personal information is now central to the competitive strategy for most of the health care economy, clinical as well as research. ONC’s drafting of this rule reflects the importance of competition to innovation and cost containment.

Our Guide to Pre-Approval Access to Drugs For Both Doctors & Patients

Sep 6, 2017• 1

By ALISON-BATEMAN HOUSE

In April 2016, I published guidance, in the form of a mock case study, on how to access a drug before it has been approved by the FDA—what’s known as pre-approval (or expanded or compassionate) access. This is an updated version of that guidance, reflecting multiple important changes in the pre-approval landscape over the past year. In particular, the FDA rolled out a new, streamlined form for single-patient requests, and Congress passed the 21st Century Cures Act, which, among many other things, mandated that certain pharmaceutical companies provide public information about their pre-approval access policies.

Patients (and physicians) trying to access an unapproved drug outside of a clinical trial can feel as though they’re navigating uncharted waters. Many physicians don’t know that the FDA permits the use of unapproved drugs outside of clinical trials; those who do know often have no idea how to access such drugs for their patients. Those physicians who know about pre-approval access are largely specialists in certain areas—often, oncology or rare diseases—and they are generally self-taught: they didn’t learn about pre-approval access in medical school or in their residencies. Thus, while some physicians have become very accustomed to requesting pre-approval access to drugs, the majority lacks this knowledge. In this essay, I use a fictional case to trace the process for requesting access to an unapproved drug. I hope to explode several myths about the process, especially the beliefs that the FDA is the primary decision-maker in granting access to unapproved drugs and that physicians must spend 100 hours or more completing pre-approval access paperwork.

Imagine you are a physician, and you have a pregnant patient who has tested positive for the Zika virus. She is only mildly ill, but she’s terrified that the virus, which has been linked with microcephaly and other abnormalities, will harm her unborn child. She’s so concerned that she is contemplating an abortion, even though she and her husband have been trying to have a child and were overjoyed to learn she was pregnant.

Proposed Drug and Device Laws Should Be Pushed to 2017

Jul 14, 2016• 1

By PAUL BROWN, TRACY RUPP, and STEVEN FINDLAY

flying cadeucii Senate leaders now say they won’t consider companion legislation to the House-passed 21st Century Cures Act until September, after months of delay. Lawmakers would then have to reconcile the differing House and Senate versions, presumably by year’s end during a lame-duck Congress.

We believe the summer delay is a good thing, and that Congress should actually extend consideration of the complex legislation into 2017 when must-pass FDA funding through industry user-fees will be on the congressional calendar. That way, lawmakers can debate the implications of the proposed bills in the context of the resources FDA needs.

Why further delay? Because the legislation—which makes substantial changes to the way the Food and Drug Administration (FDA) approves drugs and devices—is flawed. As currently crafted, it lowers standards for drug and device approvals and safety, and risks adding to the rising cost of prescription drugs.
The ostensible rationale for the legislation—being pushed by drug and device companies—is that the FDA stifles innovation and advances in treatment by approving drugs and devices too slowly compared with other countries.