The next issue turned to who should ultimately control a patient's data. Should it be the patient (patient access control), provider/clinician, care team/ACO/PCHM, HIE/gov't/CMS?
Here's what I wrote:
Some believe patients should have granular control of who gets to see their health data and, if de-identified and aggregated for population health research, that the patient should be compensated financially for authorizing such use of their data.
Concerns about PHI privacy and gov't control are certainly warranted and, I agree with Randall, that legacy systems have been incapable of doing what's needed to give patients peace of mind that storing their PHI in the cloud provides a high enough level of privacy protection. We cannot achieve the Triple Aim unless we have wide deployment of a secure, low-cost, always available, and simple way to exchange data from EHR to EHR, EHR to PHR, EHR to Population Health and After Market Surveillance repositories (with de-identified data), and from Person to Person (patient to clinician, clinician to patient, and clinician to clinician).
A pub/sub, loosely-coupled, mesh node network, with identity management and endpoint-to-endpoint encryption, is one way to achieve this.The next issue raised is whether the actual goal of healthcare reform is to make it fail. I responded by saying:
I've heard from more than one person that current healthcare reform efforts were designed to fail. While I'm not sure about that, I AM confident that the cost, complexity, inefficiencies, and insecurities built into current implementation regulations are too big NOT to fail.
Nevertheless, the underlying goals of ARRA HIT--to improve care quality and contain costs/prices (i.e., increase value to the consumer)--are absolutely essential. We have a real big problem if all the spending and hassles are just a manipulation to funnel taxpayer's money into the coffers of certain big corporations under the guise of helping the common good.
As such, I believe physicians and other clinicians, researchers/informaticists, and HIT developers have a duty to participate in loosely coupled collaborative networks focused on ensuring that the HIT being developed is designed and used to improve patients' health and wellbeing, to minimize the burden and maximize the competency of providers, and to reward delivery of high value care.I then went on to describe my experiences as a committed member of the government's HIT standards bodies:
Having been involved over the past few years in a half dozen HHS/ONC technical workgroups that determine EHR/HIT standards, my associates and I have been like David facing an arena of Goliaths. I've been dealing with the biggest EHR vendors, as well as Federal contractors and agencies. It's been a very frustrating and enlightening experience. We entered the arena with the faint hope that the powers-that-be would compare our simple, low-cost, highly capable, disruptive innovations to the complex, convoluted, expensive mainstream technologies currently being adopted.
What we’ve found is that the standards-making process is rife with regulatory capture in which new standards are built on top of old standards without due consideration of modifying those standards in light of new and better technologies. Simplicity, efficiency, and usability are an afterthought. The result is an extraordinarily complex set of monolithic processes that few (if any) can implement and few are willing to use.
Examples include, in no particular order: (a) an over-reliance on XML data representations and Web services, (b) long delays due to HL7 voting processes, (c) changes to DIRECT taking it from what was supposed to be one step above the fax to a convoluted amalgam of HISPs that make PHI vulnerable with exposure to man-in-the-middle attacks, (d) incestuous relationships between vendors and ONC that block innovation from “outsiders,” (e) reticence to deal with difficult clinical workflow issues, and (e) the natural tension between making huge leaps in EHR system capabilities and the “let’s just keep crawling until we can walk” mentality. The result is that money continues to be spent with dismal progress in enabling HIT to increase value to the consumer while enabling and rewarding providers for delivering such value.It seems to me that most of these problems are due to business strategies and tactics supported by regulatory capture; it is not a technology issue, per se.
In part 3, at this link, I elaborate about the problems identified above.