Prof. David Blumenthal, the new head of ONC, makes some disturbing comments regarding the Stimulus Bill, HIT and HITECH Act in his article in the New England Journal of Medicine (NEJM). The article is not completely off-base as he does a very good job of describing the basics of the HITECH Act, its intentions and some of the very real challenges that the feds face in actually executing on the language of the Act. But there are a couple of areas where Blumenthal’s interpretation of the Act raises concerns.
The first pertains to HITECH Act language regarding extension of HIPAA compliance to Google and Microsoft where he states:
It extends the privacy and security regulations of the Health Insurance Portability and Accountability Act to health information vendors not previously covered by the law, including businesses such as Google and Microsoft, when they partner with health care providers to create personal health records for patients.
At this time, neither Google or Microsoft provide the PHR to a hospital who then provides it to their customers. Rather, the current model that both Google and Microsoft are using is one that supports portability of the consumer’s health record allowing the consumer to invoke an export of their records from the hospital to one of these Personal Health Systems (PHS), of course provided the hospital establishes a link to a PHS. Our interpretation is that in this scenario, HIPAA does not extend to Google or Microsoft, as the consumer drives the transaction of data flow. Hopefully, others in HHS will convince Blumenthal of this as well as otherwise, such HIPAA extensions may thwart portability and subsequently consumer engagement and ultimately control of their records.
The second Blumenthal comment that caught us off-guard pertained to the term “certified EHR” where he states:
ONCHIT currently contracts with a private organization, the Certification Commission for Health Information Technology, to certify EHRs as having the basic capabilities the federal government believes they need. But many certified EHRs are neither user-friendly nor designed to meet HITECH’s ambitious goal of improving quality and efficiency in the health care system. Tightening the certification process is a critical early challenge for ONCHIT.
While we certainly agree with Blumenthal that defining the critical terms of “certified EHR” and “meaningful use” is paramount and must be done quickly, yet judiciously, his views on certified EHR, as defined above are downright frightening for two reasons.
First, he condones the work of CCHIT as certifying the minimum capabilities for EHR. Minimum capabilities? If anything, those minimum capabilities are already restrictive in defining use of specific standards and models that do not provide the flexibility for true innovation.
What is even worse though, is that Blumenthal appears to want to extend certification requirements to “user-friendly” and defining how “quality and efficiency” will be embedded within an EHR.
User-friendly? There is simply no way you can certify such – end of story. Let the market define what is user-friendly by what a doctor or hospital chooses to purchase.
Quality? Maybe, just maybe you can ask for the simplest of quality metrics to be recorded within the EHR, but highly doubt that is something you want to certify. Would it not be better to simply verify quality actions supported as part of meaningful use reimbursement?
Efficiency? That is certainly not something you can certify and falls in the realm of implementation (process mapping/workflow) and training. You can’t certify that!
Suggesting that we tighten the certification process is heading in the wrong direction. Instead, we need to actually relax the certification process to encourage innovation in the HIT market allowing developers to create solutions that will truly provide value to their users while concurrently meeting the broader objectives of delivering better care and better outcomes. Creating light certification criteria and focusing more on what outcomes we wish to see occur as a result of broad HIT adoption is where Blumenthal and his staff need to focus their energies. To do otherwise will lead to a stifling of innovation, stalled HIT adoption among physicians and ultimately a poor investment of the tax payers’ dollars, which we can ill-afford.
I wonder how Google and Microsoft will react to this news. I can’t imagine they’ll want to follow HIPAA procedures. Enforcement like this will definitely stifle innovation in regards to PHRs and slow adoption.
I do think you missed some of what Blumenthal said about certified EHR. Seemed to me like he took a nice swipe at CCHIT certification basically saying that it’s not good enough since too many CCHIT certified EHR aren’t usable. That he can see this is a good thing in my book.
Will be interesting how HHS, ONC and Blumenthal ultimately interpret the HIPAA guidelines as it pertains to BAs. Do believe that MS and Google are correct in that they fall outside the HIPAA/BA efinition and thus need only comply to notification. Hopefully, that interpretation will stick as it could get extremely messy otherwise.
As for Blumenthal’s article in NEJM, he actually says quite a number of good things which I fully support. And yes, one may see, as you have, that Blumenthal’s comments were reflective of nudging all those HIT vendors to start producing better apps. My concern though is that in making such a statement, is he also stating that there needs to be a process to assess usability? This would be a disaster as it is both unworkable and would kill innovation.
John
Take issue with the quote:
User-friendly? There is simply no way you can certify such – end of story. Let the market define what is user-friendly by what a doctor or hospital chooses to purchase.
OK – so “certify” may be too strong a test. But one can argue over the operational definition of “certify”. One *can* validate that something is usable to criterion measures. It is common practice outside of health IT. Using the term “user-friendly” shows a lack of understanding or appreciation for the field. There are objective standards.
Just because one doctor might like the entries in ALL CAPS ignores the fact that ALL CAPS slows reading times and increases errors. There is a body of knowledge (read Chris Wickens’ book “Engineering Psychology and Human Performance” for instance) to get serious treatments of the science, psychology, and engineering around how one can validate and improve human performance with systems.
You should thank a psychologist everytime you fly in a plane or get power from a nuclear power plant, for were it not for the field of ‘human factors psychology’ the world would be a much more dangerous place.
Furthermore, the FDA is now endorsing a usability methodology to, in effect, certify that medical devices are usable.
Health IT needs to get on board.
Please