By David Harlow, JD MPH, Principal, The Harlow Group LLC
Twitter: @healthblawg
Host: Harlow on Healthcare
Hashtag: #HarlowOnHC
Leslie Krigstein comes to the health IT policy arena both as the VP of CHIME for congressional affairs and as a family member of a cancer patient. These perspectives reinforce each other as she works to improve the regulatory landscape shaping security and interoperability in her role at CHIME overseeing congressional engagement efforts focused on effective use of health IT. We spoke recently about health IT issues ranging from patient matching to cybersecurity to interoperability, in the context of current and pending regulatory developments and the continuing opioid crisis.
Episode NOW on Demand
Leslie noted that patient matching is a significant issue for her organization’s constituency – health care organizations’ CIOs – both for immediate patient care reasons and because it is difficult to have meaningful conversations about interoperability without the means to definitively identify patients.
As we all know, the federal ban on spending related to development of a unique patient identifier hindered development of solutions in this arena (though certainly some have made progress), but with the ban lifted Leslie sees an opportunity for health care providers and other industry players across the spectrum to engage on the issue. CHIME stepped back from its million-dollar challenge on patient matching because of changes in technology and has established an innovation task force that seeks to leverage industry expertise to see if there is another solution available in lieu of a universal patient ID, and to continue to explore regulatory changes.
The ban was in part based on the potential problems associated with insecure exchange of fully-identified, matched patient records, but market-driven solutions (per Leslie) are likely to bring us closer to interoperable matched records. She does not expect a government mandate in this arena anytime soon.
Another arena in which CHIME is seeking to be a convener is in designing health IT approaches to address the opioid epidemic. A CHIME task force formed in honor of a member who lost a son to the epidemic in 2017 is working to pull together member organization best practices and identify regulatory barriers and opportunities. These include developing better mechanisms for integrating prescription drug monitoring program (PDMP) data into EHRs, as well as exploring whether legislative or regulatory changes to HIPAA (or the interplay between HIPAA and 42 CFR Part 2) are needed to continue to respect patient privacy while ensuring that data is made available to enable the best possible care for patients. The task force’s goal is to pull together practical technical and tactical recommendations that CIOs can use. While there are many variations from state to state, the organization seeks to promote a robust national dialogue about the health IT issues related to the opioid crisis.
Leslie notes that at the broadest level, cybersecurity is issue #1 for CHIME members, and interoperability is issue #2. She stated that HHS recognizes that it needs to take on a more central role with respect to cybersecurity, and highlighted the WannaCry and NotPetya malware exploits as important wake-up calls and the HHS cybersecurity task force report (see also the perspective of one member of the cybersecurity task force) as an important indication of the government’s commitment.
Upcoming information blocking rulemaking and the final version of TEFCA are due out by the end of 2018 (so we will all have some reading material to get to).
Pending legislation – in the “Pandemic and All Hazards Preparedness Act” – includes a provision mandating that the National Health Security Strategy include a national strategy focused on addressing cybersecurity threats to the public health and health care system, by conducting a gap analysis and identifying strategies needed to improve preparedness and response capabilities in order to prevent harm to human health. As Leslie notes: “You’re only as strong as your weakest link … and [it can be] a little scary.” Bedside monitors can be a way in for attackers; drug dosages may be manipulated by malicious hackers; but improved efforts on this front can have significant positive impact.
Leslie sees development of open APIs, of FHIR, to be positive, but not yet the dominant reality, in terms of widespread adoption and use. She notes that “The CIO’s battle cry is ‘Standards!’” and that “if we can coalesce around a mature standard then I am hopeful.” Some CHIME members are leveraging FHIR today, but not all are doing it as robustly as possible.
With all the legislative and regulatory development in process (TEFCA, 21st Century Cures / information blocking, CMS initiative on data access as a condition of participation, national health cybersecurity strategy, etc.) as well as private sector developments (Commonwell-Carequality – an interesting development which I discussed recently with Micky Tripathi — and internet infrastructure companies’ endorsement of FHIR – a non-event, in my view, since vendors will need to deliver what their customers demand) it is difficult to predict how everything will shake out.
CHIME is convening its first advocacy summit, seeking to promote the role of technology in health care and to motivate CIOs to be their own best advocates. Issues including telemedicine, and the issues we discussed in this conversation, are all important issues, per Leslie, for CIOs to work on as they get engaged in the policy arena, and as they work collectively “to ensure that technology can be as great an asset as possible in improving healthcare.”
Five years from now, Leslie expects that cybersecurity and interoperability will be much improved. Security is likely to improve after we experience more significant breaches, which may motivate change. Interoperability has “never been more of an issue” for providers, patients, payors, policymakers, and “we will see new opportunities for patients to be at the center of their clinical information in the future.”
About the Show
Tune in to Harlow on Healthcare to hear healthcare attorney and award-winning blogger David Harlow and his guests discuss the critical issues shaping the future of health IT and healthcare at large. From cybersecurity to AI, precision medicine to health reform, if the topic is trending Harlow is on it.
This article was originally published on HealthBlawg and is republished here with permission.