When the Department of Health and Human Services (HHS) first proposed their information-blocking ban in March of 2020, officials were quick to point out how groundbreaking these proposed rules would be for digital healthcare.
Dr. Donald Rucker, the former national coordinator for health information technology for the HHS, summarized the Cures Act Final Rule succinctly, noting that patients could now access their healthcare information “the same way they handle their finances or travel or other parts of their life on their smartphone.”
Now, with compliance measures fully in effect for healthcare providers, developers and information exchanges as of early April, the stage is set for a major shift within the healthcare industry. The renewed focus on giving patients access to their electronic health records (EHR) — as well as new guidance on what the rules mean for health IT developers — will unlock innovation across the industry, offering patients more choice and greater access, which could also help drive down medical costs.
Understanding the New Compliance Standards
At its core, the Cures Act Final Rule has been designed to give patients better accessibility to their EHR data by banning “information blocking”: the practice of EHR holders putting barriers in the way when patients try to access their data. While there are eight exceptions to this rule — ranging from privacy concerns to technical infeasibility — instances of these exceptions would need to be thoroughly documented to maintain compliance with the Office of the National Coordinator for Health IT.
A proposed rule would allow the Office of Inspector General to levy fines up to $1 million for each violation of this new compliance standard. While this monetary enforcement is yet to go into effect, the potential penalties reinforce the seriousness with which health IT companies and information exchanges should approach the information-blocking ban.
Challenges Beyond the Information-Blocking Rule
At the center of the information-blocking ban is the intention to put healthcare data into the hands of patients, providing them transparency with pricing and care options — and allowing for more competition in the digital health industry. Essentially, healthcare needs to catch up with banking, travel, investing and life’s other myriad essentials that we now manage without a second’s thought using mobile apps. But considering that an astounding 90 percent of healthcare providers still use fax machines, this is no mean feat.
So while the new compliance standards are clear and have identified and removed a major roadblock in achieving this goal — information blocking — other challenges still remain. Chief among these include:
Interoperability: The U.S. healthcare system is spread across thousands of networks, hospitals and providers, each creating and relying on their own unique databases. This creates plenty of challenges with data interoperability and the ease with which digital health providers can push, pull and update EHR held across legacy databases. However, the industry is racing towards commercial solutions to this problem, such as the health exchange API that we’re developing at Particle Health, which has the end goal of enabling digital platforms to instantly access the EHR of everyone in the country.
HIPAA regulations: While the eight exceptions to the information-blocking ban have been made clear, companies must also adhere to HIPAA’s right of access rules as well as state and local regulations that may affect access — or influence the way health tech companies utilize and display patient information.
Consumer rights and education: Patients themselves need clear guidance on how these developments positively impact their rights to access their EHR. But beyond understanding access rights, a wider conversation needs to be had around user-provider data privacy rights. The next generation of digital health platforms will have instant access to patients’ medical data, and what they can then do with that data must be governed by other rules like HIPAA and the CCPA.
What This Means for Medtech Innovation
The development and widespread adoption of digital health platforms had up until now been hamstrung by the inability to access EHR on demand. After all, if a surgery tells you that the only option available to send a patient’s records is via a fax machine, then the promise of speaking to a doctor who’s up to speed on your medical history falls at the first hurdle. This has led to the siloing of digital services, used only by certain people for specific needs, rather than being an integrated part of our everyday primary healthcare.
This will begin to change, but don’t expect patient-ready solutions to enter the market overnight. The hardest part of the equation is the middleware connecting digital health platforms to EHR databases. And the live testing of these solutions was only able to begin in earnest on April 5 of this year, when the new rules came into effect.
To illustrate this point, I’ll speak from recent experience: Here at Particle Health, we created an internal alpha program and invited our staff (having first gained all the relevant consent) to test pulling their own EHR shortly after April 5th. Nearly 20 volunteered for the test. The result? One employee got a single file back from a single provider. It’s clear that EHR holders still have some way to go before they untangle decades of ad hoc and decentralized database development.
But as with all areas of life, regulations alone are rarely the magic bullet. Rather, they create the starting point from which companies can build and deliver solutions to problems. And now the starting gun has been fired, patient-ready solutions are now only a matter of time.