Across the country, groups of CIOs, healthcare IT experts, and attorneys are sitting in committee rooms and holding conference calls trying to solve vexing policy and governance issues raised by the prospect of interoperable electronic health records (EHRs). With a focus on making the most of short-term federal incentives, these policymakers are wrestling with a host of thorny issues that they have never had to tackle before or ones that have previously seemed intractable. Some of these are central to the current debate about spurring health IT adoption; others await resolution once more health information exchanges get off the ground.
A review of the draft plans for state-level health information exchange (HIE) organizations reveals that some of the issues deal with authentication, trust, cooperation among competitors and sustained financing; other contentious issues about privacy, consent and sensitive data seem to hinge on a debate between an established “enterprise-centric” view of data vs. an emerging model built around the patient or consumer.
What follows is a status report on six challenging health IT policy issues and some comments from experts about why they are tough to solve.
1. Sustainable funding. High on the to-do lists for newly formed state-level HIE groups is developing a business model that provides sustainable funding. Some integrated delivery networks and multi-stakeholder HIEs are working toward sustainability, but very little progress has been made yet on state-level models. Although it provides more than $400 million in startup funding, the HITECH Act does not ensure long-term sustainability of any HIE effort, and requires states to raise matching funds.
John Moore, an analyst with the Cambridge, Mass.-based Chilmark Research, which is preparing a study of state HIE development, notes that many failed RHIOs and HIEs have developed sustainable business plans in writing, but very few have actually been able to make them work. He adds that the HITECH matching fund requirements rise from $1 for every 10 federal dollars in 2011 to $1 for every three federal dollars in 2013. “Some states are going to have a hell of a time raising enough money to make it to self-sufficiency by the fourth year,” Moore says.
Jeff Bauer, the futures practice leader of ACS Healthcare Solutions, agrees. He notes that many states are facing huge financial problems from unfunded pension bills coming due as people retire in the next few years. “In every state capital, as health IT is competing with so many other vital interests, will funding for HIE survive?” he asks.
While states will consider subscription or access fees for providers, another possible model is emerging in Vermont, which in 2008 passed a law a imposing a fee of two-tenths of 1 percent on all medical claims to fund health IT efforts. It is expected to raise $32 million over seven years to help fund EHR adoption and HIE development. Moore notes that the Wisconsin HIE is seeing strong early results with 40 percent of physicians surveyed saying access to patient data is changing how they order prescriptions and the number of diagnostic tests ordered. “Those savings are largely going to the payer, so it is not unreasonable to have some type of fee on transactions,” he says. “It's not clear which model will emerge,” Moore says. “There will be experimentation on things like taxes on transactions, but it is going to be a tough sell.”
2. Privacy and consent. Having each state work through the same series of difficult privacy and consent issues might be inefficient, but it may also be necessary, because so many state laws already on the books relate to these topics and must be complied with or amended. To take just one example, the state of California's long-running and contentious effort to develop consensus around how patients should consent to have their data shared as well as the treatment of sensitive data such as substance use and HIV/AIDS information, highlights the complexity of the issues.
“There is no question that there are two issues we are absolutely stuck on: consent and sensitive data,” says Pam Dixon, executive director of the World Privacy Forum and co-chair of the California Privacy and Security Advisory Board (CalPSAB). She says the group is having trouble finding middle ground between consumer group representatives like herself and those who represent large healthcare organizations.
Industry representatives have labeled “unworkable” a proposed hybrid model that would require consumers to specifically opt out of sharing most information but opt in before sensitive information could be shared, she says.
“We are having a tug of war between a traditional HIPAA-centric approach and a new approach that needs to emerge,” she says. Although the discussion has been going on for two years, Dixon is optimistic that a compromise will be reached. “We have 20 people in the room who are very knowledgeable about this topic,” she stresses. “If we can't come to a consensus, nobody will. Consent and sensitive data issues are the first two buttons on the vest. We have to do those first, and if we don't get them right, it doesn't matter what else we do on other issues.”
3. HIE and federal confidentiality laws. At the national level, some organizations would like to see changes to the federal confidentiality regulations which state that without written authorization from the patient, physicians cannot access patients' substance use history and current treatment regimen, except in cases of emergency. Getting those written authorizations each time data is accessed may prove antithetical to the way HIEs are set up to work.