The proposed 21st Century Cures rules around information blocking, interoperability and patient access were released nearly a year ago – and the final rules are expected soon. But recently, a major healthcare player has been getting more vocal about how it thinks the forthcoming regulations need to be changed.
On Monday, Epic posted a long note to its homepage. It touts the company’s support for the patient access goals of the soon-to-come ONC rules, with their focus on API-enabled data exchange – but also calls for new protections to patient privacy.
“By requiring health systems to send patient data to any app requested by the patient, the ONC rule inadvertently creates new privacy risks,” according to Epic, which points to a recent study showing that 79% of healthcare apps resell or share data. “There is no regulation requiring patient approval of this downstream use.”
The info blocking rules have been in review at the Office of Management and Budget, pending finalization, for some time now. Many healthcare observers are expecting them to be announced in the days or weeks ahead. (If past rulemakings are any indication, they could be published before the HIMSS20 conference in Orlando, which starts March 9.)
But recently, Epic’s opposition to some of the core provisions of the proposed rules has been made more apparent, in several different ways.
On Jan. 22, CNBC reported that Judy Faulkner, founder and CEO of the privately held electronic health record giant, had sent an email to chief execs at major hospitals and health systems. In the letter obtained by CNBC, Faulkner implores that ONC’s proposed rule “could negatively affect patients and healthcare organizations.” And she tells these presidents and CEOs that “HHS needs to hear from you so they understand that you are feel these issues are important. Very little time is left.”
Given the potential “unintended consequences” of the new rules, Faulkner said, “we are concerned that health care costs will rise, that care will suffer, and that patients and their family members will lose control of their confidential health information.”
And this past week, Faulkner, in an interview with Politico, indicated that Epic could sue HHS if the final rules are as similar to the proposed rules as she fears. She said the draft regs don’t offer enough privacy protections, and aired concerns about patient data being sold or otherwise misused by unregulated app developers.
Faulkner is not the only one campaigning for changes to the proposed rules. Earlier this month, Tommy Thompson, former HHS Secretary – and former governor of Epic’s home state – wrote in the Wisconsin State Journal that the regs “would unfairly harm Wisconsin’s health IT industry and, along with it, the Wisconsin economy.”
As drafted, they “would compel Epic to give its trade secrets away to venture capitalists, Big Tech, Silicon Valley interests, and overseas competitors for little or no compensation,” Thompson wrote. “HHS’ rule would conscript Epic to work for these new entrants, subverting free market principles at the expense of Wisconsin residents.”
Facebook and Cambridge Analytica
In the note on its homepage, Epic maintains that it “strongly agrees” ONC’s goal to support patient access. And it touts its own innovations on that front:
“For decades, Epic has been enabling this access, starting with the creation of the MyChart patient portal 20 years ago. From there, Lucy (2010) allowed patients to download health information to a file or a thumb drive, and Share Everywhere (2017) allowed patients to share personal health information with anyone in the world who has internet access.”
But the company says there are “serious risks to patient privacy” in the proposed rules. Specifically, it points to two potential cases, with hypothetical examples to illustrate them:
Data of patients’ family members may be shared with inadvertently, without their knowledge or permission: “Almost all medical records contain family history, which may be threaded throughout the record.”
Apps could use more data than the patient intends, since there are “no transparency requirements to make it very clear to the patient what data the app is taking and what the app will do with that data.”
The ONC rules, as they currently exist, could lead to situations similar to “what happened to Facebook friends who did not give their approval for their information to be harvested by Cambridge Analytica,” according to Epic.
“We have always, and will always, support patients’ right to use their data as they see fit. However, it is the role of government to ensure that patients have the information they need to make those decisions knowledgeably,” said the note – which called for “transparency requirements and privacy protections are established for apps gathering patient data before the ONC rule is finalized.”
‘Patients need & deserve access’
While Epic is certainly to be believed that it cares for patient privacy, some observers have wondered aloud whether it has other concerns in mind as well – whether it sees the data sharing rules as an opening that could allow some big tech competitors to erode some of its long-held hegemony in the space.
Companies such as Apple, Google and Microsoft have made big inroads into healthcare in recent years, and its worth noting that they are all proponents of the new rules. They are members of the CARIN Alliance, for example, which has advocated that “the two proposed rules should be finalized and released immediately.” (It’s also worth noting, perhaps, that Epic this month announced plans to stop integrations with Google Cloud.)
At the ONC Annual Meeting this week, attendees and speakers were talking about this ongoing debate.
And in a letter this week, posted at the Society for Participatory Medicine and signed by patient advocates Morgan Gleason, “e-Patient Dave” DeBronkart and others, chided Epic by name and called for the info blocking rules to be published posthaste.
“For vendors to justify resisting the proposed rule to ‘protect’ patients from their own naivete is classic paternalism, implying that today’s patients don’t know what’s good for them,” Gleason and DeBronkart wrote. “We will decide that for ourselves, thank you. We will decide what American healthcare needs, to move toward better patient experience and outcomes.
“We support requiring apps that house patient data to follow codes of conduct and disclose how the data will be used in clear, easy to understand terms,” they added. “However, this should not prevent this ONC rule from moving forward and beginning the end of information blocking so that we can have access to the information we need.”
Email the writer: [email protected]
Healthcare IT News is a publication of HIMSS Media.
Source: Read Full Article