HHS last year proposed two rules aimed at bolstering patients' access to their electronic health information, and now, as the final rules' release date nears, a battle is underway between those in favor of the rule and those opposed.
CMS issued one of the proposed rules, which would require Medicaid, CHIP, Medicare Advantage, and Affordable Care Act exchange insurers to provide enrollees with electronic access to their health information and medical claims by 2020. The proposed rule also would require affected insurers, as well as health care providers, to use open data sharing technologies to support patients as they move between different health plans. In addition, the proposed rule would require affected health plans to use application programming interfaces (APIs) for patients and providers to access to data on the plans' provider networks.
Further, the proposed rule would allow CMS to publicly report any hospitals or other health care providers found to "participate in 'information blocking' practices that unreasonably limit the availability, disclosure, and use of [electronic health information]" and "undermine efforts to improve interoperability," HHS said in a release.
The Office of the National Coordinator for Health IT (ONC) issued the other proposed rule, which would require certain entities in the health care industry to adopt standardized APIs to help developers give individuals easier and more secure access to their electronic health information via smartphones and other mobile devices. The proposed rule also would require health care providers to allow patients to access their health information electronically at no cost to them.
In addition, the proposed rule would implement certain data blocking restrictions called for under the 21st Century Cures Act.
Some stakeholders lobby against rules
One of the rules' most vocal opponents has been Wisconsin-based Epic Systems, which is among the largest EHR vendors in the United States. Epic has argued that the new rules "creat[e] new privacy risks," including the potential for family member health data to inadvertently be shared without their knowledge or permission.
According to CNBC, Epic's CEO Judy Faulkner sent an email addressed to a number of hospital and health system CEOs and presidents asking them to sign a letter with Epic against the proposed rules. "HHS needs to hear from you so they understand that you feel these issues are important," the letter stated. "Very little time is left."
Epic confirmed to CNBC that it sent the email.
Separately, Sumit Rana, an executive at Epic, said, "The primary beneficiaries of the rule are venture capitalists and others taking advantage of patient data." He added that rule ultimately would allow app developers to commercialize patient data.
Epic is also considering suing HHS depending on the final version of the rules, which are expected to be released in the coming weeks. Epic said it would prefer to "work with HHS and the administration to fix the proposed rule and make sure it is a good one," rather than engage in a lawsuit.
The American Medical Association (AMA) also has come out against the proposed rules, warning about the potential privacy implications for patients. Both Epic and AMA are urging HHS to put in place privacy protections for health information accessed through APIs.
The rules also have drawn criticism from former policymakers and current members of Congress. Former HHS Secretary and Wisconsin Gov. Tommy Thompson (R) penned an op-ed backing Epic's position and opposing the proposed rules.
Separately, Rep. Doug Collins (R-Ga.) and Sen. Thom Tillis (R-N.C.) have both stated their opposition to the proposed rules. In a letter to ONC, Collins argued that the rules "will force health IT developers to disclose proprietary screen designs and other trade secrets" and could "enable competitors to steal algorithms, configurations, and other information of significant value to the industry."
Other stakeholders push for rules' quick passage
In response to critics of the proposed rules, HHS Secretary Alex Azar said that "defending the status quo is a pretty unpopular place to be" and that the rules will preserve patient privacy once they are implemented. "Our work towards that end will in no way limit patient privacy protections," Azar said.
Meanwhile, the Carin Alliance, a collaboration of major health care industry stakeholders, including Apple, Microsoft, Humana, Walgreens, Mount Sinai Health System, and others, announced they intend to meet with federal officials to voice their support for the proposed rules.
"Although we may slightly differ in the specific details regarding how the proposed rules should be implemented, we are united regarding the consumer access sections of the two proposed rules and in our belief that both proposed rules should be finalized and released immediately," the Carin Alliance said. "It will be to the benefit of all stakeholders to finalize the rules so the industry can work on implementation while continuing to work with the public sector to improve the rules over time" (Thompson, Wisconsin State Journal, 1/10; Tahir, Politico, 1/15; Drees, Becker's Health IT & CIO Report, 1/24; Farr, CNBC, 1/22; Landi, FierceHealthcare, 1/27; Cirruzzo, Inside Health Policy, 1/27 [subscription required]; Slabodkin, Health Data Management, 1/28).