- The EHR Association (EHRA) Executive Committee has fired back at accusations that EHR companies are partially to blame for interoperability problems, claiming health data exchange is progressing quickly.
The association published a response to an earlier post on Health Affairs Blog that accused EHR and health IT companies of monetizing the custody of patient protected health information (PHI).
Former ONC Chief Privacy Officer Lucia Savage urged the Office of Inspector General (OIG) to enforce provisions of HIPAA prohibiting business associates such as EHR developers from using PHI for business operations. She stated some EHR companies may be leveraging ownership of patient PHI for profit.
“Building a revenue stream out of charging exorbitant fees to transmit the protected health information is arguably the EHR developer’s business, not the provider or hospital’s health care operations,” she wrote.
“Moreover, in the HITECH Act, Congress made it clear that individuals have a right to transmit at little or no cost their data directly from an EHR to the location of the individuals’ choosing, even if that is a competing provider, hospital, or EHR developer,” she added.
In response, EHRA called these assertions “inflammatory and inaccurate” and noted that the accusations undermine the progress EHR vendors and regulatory bodies have already made toward enabling interoperability.
“It also seemingly advocates for a ‘gotcha’ system of penalizing potential missteps by providers and developers, which is the wrong approach to encouraging information sharing,” wrote the association.
EHRA admitted more improvements are needed before health data exchange fully matures. However, the association stated interoperability is undoubtedly growing quickly between providers and patients.
“Specifically regarding information exchange between clinicians and their patients, those being cared for have broad electronic access to the information in their provider’s EHR,” wrote the association. “All certified EHRs make available clinical summaries in a readable format based on standards adopted by the ONC via the View, Download, and Transport capability, typically through patient portals.”
Additionally, the association maintained that widespread use of application programming interfaces (APIs) to access health data paired with new regulatory approaches should further accelerate and bolster existing progress.
EHRA also defended EHR and health IT companies against claims that the fees associated with some forms of data sharing are unreasonable or unlawful. The association stated vendors always allow data sharing with registries — regardless of whether the registry is a customer — as long as the registry is willing to share information using standards-based tools and data requirements.
“Of course, if the registry employs a non-standard information exchange approach or requires data elements not captured in the provider’s clinical workflow, which is not uncommon, there reasonably may be fees for creation of any needed interface or other customization necessary to collect the additional data, in addition to any normal fees for integration with the registry, depending on the particular EHR’s architecture and business model,” the association clarified.
EHRA asserted charging a fee for customization, additional data collection, or data integration with the registry does not constitute information blocking.
The association also countered the crux of Savage’s argument, saying HIPAA restrictions on the monetization of patient PHI have no bearing on the ability of developers to charge for interoperability services.
“Other capabilities have associated charges, such as software development and services costs, and it is clear that the same allowance is given to products and services oriented toward information exchange, given developers’ costs and the associated investments to provide these capabilities,” EHRA maintained.
Overall, EHRA expressed a belief that existing regulations including those stemming from HIPAA, HITECH, and the 21st Century Cures Act are enough to snuff out information blocking. Penalizing providers and health IT developers for interoperability problems or mistakes with health data sharing will not fuel improvements in this area.
“The major drivers of interoperability will continue to be provider business cases, augmented by these existing regulatory requirements,” the association concluded.