A convocation of trend-setters and organizational leaders in U.S. health care was called together in Washington last Monday, June 4. The attendees advised two government organizations driving health reform–the Office of the National Coordinator at the Dept. of Health and Human Services, and the Dept. of Veteran Affairs–how to push forward one of their top goals, patient engagement.
The results of the meeting, to me, demonstrated mostly the primitive state of communications and coordinated care in the U.S. health system. In an earlier posting I discussed the sorry state of health data exchange, and Monday’s patient access summit centered on the same factors of siloing and data hoarding as barriers to patient engagement.
Farzad Mostashari, the National Coordinator for Health Information Technology, tried to set the scope of the meeting as an incubator to suggest practical ways patients could use the data they get from health providers. (As I’ll explain later, we also touched on data patients generate themselves.) His reasoning, which I endorse, is that patients currently can’t do much with data except keep it somewhere and pass it to other health providers, so in order to engage them we need to provide tools for them to improve their health with this data.
But the pulse of the 75 or so attendees gave quite a different message: that we’re nowhere near ready to discuss uses of data, and that our efforts at patient engagement should start with getting the data to the patients in the first place.
Several attendees have already blogged about various aspects of the meeting:
Brian Ahier summarizes the purpose and outcomes.
Dave Chase urges the government to create an environment that encourages the release of data to the patient.
Keith Boone focused on some interesting statements and ideas aired at the meeting.
In this posting, I’ll discuss:
- Why patient access is so important, and why it doesn’t happen
- Major topics of debate
- Three action items from today’s meeting
- What did the patient access summit accomplish?
The notions of patients pouring over doctors’ notes, correlating their own test results, and making demands on their care providers may carry a faint whiff of utopianism, but thousands of patients do these things every day–and do them even when deprived of the electronic aids that could make these activities natural. The people in the room for the patient access summit were by no means utopians. They are intense movers in the health care field with deadlines to meet and budgets to allocate. So when they call for patient access to data, it’s because they all see it as critical to solving the quality and cost problems their own organizations face.
Patient engagement is critical because most health care takes place outside the doctor’s office or operating room. Patients need to take control of their own lifestyles for the problems that put a lot of strain on our health care system, such as obesity. They need to follow through on post-release instructions and monitor themselves for symptoms.
And in the silo’d state of today’s health system, the patients need to make sure their data gets to health providers. We heard over and over at the patient access summit how patients have entered treatment centers without the information needed to treat them, how doctors would refuse point-blank (in violation of the law) to give patients their folders, and how patients received inadequate care because of the lack of information.
Patient participation in health care is not only good for the individuals who do it, but are crucial for prying open the system as a whole. The providers, vendors, and insurers are moving too slowly. Their standards and electronic health records lack fields for all the data people are generating through their Fitbits and Zeos, and they don’t have pathways for continuously uploading patient-generated data. This lapse can be turned into a plus: device manufacturers and programmers out in the field will develop new, more flexible, more robust standards that will become the next generation of EHRs and personal health records. A strong push from empowered patients can really change the way doctors work, and the associated costs.
Opinions differ about the roles of electronic records, interchange systems, culture, and business models in the recalcitrance of doctors to release patient data, which I’ll discuss in the last section of the article. Getting the answer to these questions right should determine the strategy government and consumers use to breach the silos. But the consensus at the patient access summity was that we need to pursue these strategies fast, and that the fate of the rest of health care reform will rest on our success.
The first half of the Washington meeting meandered through various classic areas under constant debate in the health care field. This seemed necessary so that the participants in the summit could feel each other out, untangle some of their differences and ultimately come to a position of trust so they could agree on the topics in the previous section. I noted the following topics that threaded through the debate without resolution.
Technology versus culture
Debates come up all the time when organizational change is on the agenda about the importance of the technologies people use versus their workflows, attitudes, and willingness to change. I find the discussions silly because people usually find themselves pushed to an either-or position and that just doesn’t make sense. Of course technology can facilitate change, and of course the technology will be a big waste of time and money if the human participants fail to understand the behavior changes they need to make along the way.
But the Washington attendees raised these issues as part of the strategy-setting I mentioned earlier. Certainly, the government would prefer to avoid creating or mandating the use of certain technologies. The question is whether the ONC and VA can set goals and leave it up to the market to find the way.
Sometimes the health care field is so distorted and dysfunctional that the government feels it has to step in, such as when HHS created CONNECT and then Direct. Without these, the health care providers and health information exchanges (HIEs) would claim that exchanging patient data was an expensive or intractable problem. One might also interpret the release of VistA and BlueButton to the general public as the VA’s statements about how health care should be conducted.
So Mostashari’s original call for actions that patients could take fits into the technology end of the debate. By suggesting technological paths forward, we can effect cultural change. For instance, if a patient uses an app or web site to view all the potential reactions between the drugs she takes (and I heard one estimate this week that people in their 80s take between five and eight medications), she can warn her own doctor about an adverse reaction.
Ultimately, the working groups that today’s meeting settled on included a lot of technological innovation.
The need for standards
Standard setting is another perennial area for disagreement, because premature standard-setting, like premature optimization, can have an effect opposite to what you want. If we took all the efforts that companies put into standards that bombed in the marketplace and devoted the resources over the decades to competition between innovations, we might have an explosion of new technologies. So even if you accept the value of technology to effect culture change, you can ask where and when can governments and standards committees can intervene positively.
And this caution applies to health care too. The old guard of EHRs and HIE suffer from a lack of (useful) standards. But I mentioned earlier, an exciting explosion of patient-centered apps and devices is developing in the absence of standards. The Washington meeting ended up endorsing many standard-setting efforts, although these applied mostly to mature fields such as EHRs.
Transfer standards versus data format standards
Mixed up in the debate over the timing of standards was a distinction between standards used for sending data around and standards used to represent the data. The former are called protocols in the communications field. HTTP is a transfer standard, for instance, whereas as HTML is a data format standard. Both are needed to make the World Wide Web operate. And both ended up part of the action items from the patient access summit.
Privacy versus data availability
As I reported from the first health privacy conference, health care advocates argue over the importance of privacy. At the patient access summit, everybody who spoke on this topic prioritized the exchange of data. Privacy concerns are the magic amulet that providers wave at patients to ward off their requests for data. But in fact, the much-derided Health Insurance Portability and Accountability Act (HIPAA) requires providers to give patients data: that’s what the terms Portability and Accountability in the name refer to. The providers are required to take reasonable steps to preserve privacy–and the Direct project aims to simplify these–but the patient can waive even these modest safeguards if he or she is anxious to get the data quickly.
Given our skepticism toward claims of security concerns, a bit of security theater we encountered as we entered the conference center is illustrative. We were warned ahead of time that the facility was secure and told to bring a government-issued photo ID. Indeed, the guard checked my ID and looked at my face when I entered, but nobody checked my name against a list to see whether I was actually supposed to be there.
A later article in this series will explore the relationships between privacy, security, patient access, accuracy, and accountability that create a philosophy of control.
Motivations for doctors versus patients
Another topic at the patient access summit that reflected a dilemma in the health care field is how much effort to aim at the doctors versus the patients, when trying to change the behavior of both. Many patients try to engage as adults in their own care and are stymied by resistant doctors. And as I pointed out in an earlier posting, the patients who need the most lifestyle changes ignore their own perilous conditions. So these considerations would suggest focusing on motivations for doctors to change.
But a market approach would suggest that, when enough patients want to have a say in their care, and have the means to choose their doctors, change will reach the examination rooms. The conclusions of the patient access summit did not reflect any particular positions along this spectrum. Participants pointed out, however, that institutions such as Kaiser Permanente who wanted patients to use their portals invested a lot into advertising them.
Pushing versus pulling data
Telephone calls, email, and online chats are push technology, in that the person sending them decides when (approximately) they are delivered. The web is a pull technology, because the recipient visits the site at his or her choosing. In health exchange, one doctor may push a patient’s records to the next provider, or the next provider can pull them when the patient is due to arrive. Sometimes articulated unhelpfully as a battle for push versus pull, our discussion revealed that each had its uses.
The issue is especially salient when a patient has records stored by multiple institutions. Currently, a patient can pull records from each and (if they use a common format such as BlueButton) combine them. In fact, a mobile app named iBlueButton allows a patient to show data from providers to a doctor during a visit. But it would be much better for each institution to push information to the patient as it’s added to the institution’s record. This would bring us closer to the ideal situation where records are stored by a site on behalf of the patient, not the doctor.
Now we get to the meat of the summit. Leaders asked participants to define areas for research and to make commitments to incorporate the results of the research teams into their products and activities. Three action items were chosen, and two were excluded from consideration at this round.
A number of organizations, such as Aetna Health Plans have adopted the BlueButton format created at the VA. In the line-up of data formats available for storing health information, BlueButton is shockingly casual. But it’s list of plain-text fields is easy to read and unfrightening for patients. It is also undeniably popular, as the number of VA patients downloading their data approaches one million. So the immediate impetus for the first goal of the patient access summit, dubbed “automating BlueButton,” is to keep patients’ records up to date and integrated by pushing data to them from institutional EHRs.
But BlueButton can be massaged into other formats easier for programs to manipulate, the so the “automating BlueButton” task really refers to the entire movement to empower patients who want control over their records. One way to state the principle is that every action in a hospital’s or doctor’s EHR will be accompanied by an update to the patient’s copy of the data. Hopefully this movement will soon lead to simple but program-friendly XML formats, robust transfer standards such as Direct, and universal integration of hospital and clinic EHRs with patient health records.
Identification and access technologies
Congress has ruled out a single nation-wide ID for patients, thanks to worries from privacy advocates that the system could facilitate identity theft and commercial data mining. Some have proposed a Voluntary Universal Healthcare Identifier (VUHID), but that’s encumbered with the same problems. Identification systems used nowadays for HIE are cumbersome and error-prone, and revolve around cooperating health care institutions rather than individual patients with few resources. Individual hospitals can verify patients’ email addresses and passwords when they come in for treatment, but in-person authentication doesn’t scale to data exchange.
A more rational solution revolves around certificates and digital signatures, which security-conscious institutions in government and industry have used for years. The has gotten a bit of a bad rep because it has been poorly implemented on the Web (where browsers trust too many certificate authorities, and system administrators fail to keep accurate signatures) but the health care system is quite capable of implementing it properly. The Direct Trust project is creating a set of practices and hopefully will stimulate the industry to create such a system. In fact, I think Direct Trust is already addressing the issues listed under this task. OAuth was also mentioned repeatedly at the summit. the National Strategy for Trusted Identities in Cyberspace was also mentioned.
The questions of identifying oneself and of authorizing access to data are linked, so they were combined in a single working group even though they are somewhat distinct technically.
Standards for content
The final task approved at the patient access summit was to work further on data standards. It was late in the day and the task was defined only in a very broad manner. But I think it’s an important leg of the patient access stool because current standards for patient data, such as HL7′s CDA, were meant for communicating the results of clinical interventions. They’ll be hard to use when patients generate and store their own data, both because they lack the appropriate fields and because they aren’t designed for continuous uploads of data. Segmented access (allowing providers to see certain records while withholding records that the patient considers sensitive) was also mentioned.
I mentioned at the summit that patients are starting to generate data that could be invaluable in their treatment, and that the possession of this data gives them leverage. Doctors who are serious about treating common chronic issues such as hypertension, or any condition that can be improved through careful monitoring, will want the patient data. And patients can use their leverage to open up doctors’ EHRs. As patients got more involved in their care, the very term “provider” (meaning a doctor or other professional who provides diagnosis and treatment) will become obsolete. Patients will be co-providers along with their professional team.
Patient-generated data got some attention during the day, but the attendees concluded that not enough time had been spent on it to turn it into an action item.
The final issue on the agenda for the day was privacy. I estimate that we spent a full half-hour at one point, in addition to which it was raised at other times. Because I am covering privacy in the third article of this series, I’ll simply say here that the attendees were most concerned about removing excuses for data exchange, and did not treat risks to privacy as a problem to be fixed.
I’m proud that the ONC and VA created a major discussion forum for patient access. I think the issues that came up were familiar to all participants in the meeting, and that ONC together with industry partners is already moving forward on them. The summit provided affirmation that the health care field as a whole takes the issues seriously, and the commitments that will arise from the meeting will lend more weight to government efforts.
And a lot of the time, knowledgeable patients need to know that progressive health care leaders and the government have “got their back” as they demand their rights to know what’s going on in their bodies. The Office of Civil Rights has publicly championed the patients’ right to their data (in fact, the biggest fine they’ve levied for a HIPAA violation concerns a refusal to release data to a patient), and the initiatives we all supported last Monday will give them more tools to use it.
Regulations can make a difference. A representative from Practice Fusion told me they offered a patient download option on their EHR service years ago, but that most doctors refused to allow it. After the ONC’s meaningful use regulations required patient access, adoption by doctors went up 600%.
While laying the groundwork for patient access, we are ready to look forward to wonderful things patients and providers can do with data. That will be the subject of my next article in the series, which will cover the health data initiative forum I attended the next day.