The recommendations came from the Electronic Health Records Association in a six-page letter to two Senate Finance Committee leaders, Sens. Ron Wyden (D-Ore.) and Chuck Grassley (R-Iowa).
The two in June sent queries to 200 healthcare industry individuals and organizations asking for their ideas “to enhance the availability and utility of healthcare data, while maintaining and strictly protecting patient privacy.”
The EHRA, which represents about 40 of the major EHR vendors, is an affiliate of the Healthcare Information and Management Systems Society, a Chicago-based healthcare IT industry trade group. Tuesday was the deadline for submissions of responses to the senators' query letter.
The EHRA letter said that “in general, the patient should determine (by) who and for what purposes (their) data can be used,” but noted the different approaches to consent when the data is shared for patient use, and for research, public health and operational efficiency.
Health data should be made available using “standardized mechanisms” that include health information exchange organizations and software tools such as APIs, “which are increasingly standards based and made available to software developer customers and partners.”
That said, according to the EHRA, “the creation of centralized data stores to be queried and/or enabled via APIs outside the context of an HIE-type organization, an approach that is often oversimplified and recommended by researchers, would not be acceptable to the range of affected stakeholders, including patients and consumers.”
In response to a question by the senators asking respondents to identify any barriers to using data sources more effectively, the EHRA cited several priority problem areas, including “the need for a nationwide patient data-matching strategy to ensure the accurate, timely and efficient matching of patients with their healthcare data across different systems and settings of care.”
Potential patient safety risks from the current system are high enough “to cause concern about medical errors, redundant testing and inefficiency,” but the group offered no recommendation on what such a strategy might entail or who should implement it.
It is “widely recognized that inconsistencies in various state and federal privacy laws as they pertain to sensitive health information ... continue to be obstacles to widespread HIE,” the group said.
It specifically cited data protected under the rule for federally funded drug and alcohol treatment programs, rule 42 CFR Part 2, which is more stringent that the federal privacy rule under the Health Insurance Portability and Accountability Act.
Possible modifications to 42 CFR Part 2 to accommodate health information exchange are under consideration by the federal Substance Abuse and Mental Health Services Administration and by two subcommittees of the Health IT Policy Committee, an advisory panel to the Office of the National Coordinator for Health Information Technology at HHS.
And, technology to segment this more sensitive data is becoming available.
The EHRA letter was heavy on pointing up issues, but light on proposing solutions intentionally, said Mark Segal, chairman of the EHRA and one of the letter's seven signatories.
“The data issue in the U.S. in our healthcare system is just very complex and some of that just can't be reduced,” said Segal, who is also vice president of government and industry affairs for GE Healthcare IT. “You just have to factor that in when setting policy.”
The reference to APIs was in response to a federally funded report issued in April by a group of scientists known as Jason, which called for a federal mandate to force health IT vendors to publish common APIs as an approach to achieve widespread health information exchange.
“I think that's premature at this point,” Segal said.
Follow Joseph Conn on Twitter: @MHJConn