Modern Healthcare technology reporter Jessica Kim Cohen caught up with Micky Tripathi, who in January was tapped by the Biden administration to lead HHS' Office of the National Coordinator for Health Information Technology, to talk about landmark data-sharing regulations that recently went into effect.
The ONC's rule, a provision of the 21st Century Cures Act, was released last year but implementation was pushed back to April 2021 due to the COVID-19 pandemic.
The following is an edited transcript.
Modern Healthcare: Now that ONC's information-blocking regulations have gone it effect, what's next for the agency in terms of continuing that interoperability push?
Tripathi: One is education and outreach. We recognize that information blocking is a deep cultural change in some ways. So we've got an education program that we've been developing and are rolling out and sharing it with different people. We also have a team who have been on a sort of "virtual road show" every week, meeting with different stakeholder groups, large and small, to answer questions and help them understand what the requirements are, what's the meaning of the applicability date, and how we move forward.
The second part is the internal coordination with the other agencies to put these pieces into place. There's policy creation, which is ONC, and then there's enforcement. We partner with HHS' Office of Inspector General, which is responsible for some aspects of enforcement, and then ONC is responsible for some aspects of enforcement that relate to certification of electronic health record systems as well, and then CMS comes into play with respect to what are going to be the disincentives for provider organizations.
The third part is just building the infrastructure for, if people have concerns about information blocking or complaints that they want to file, making sure that we've got that process in place so that they are able to have as many avenues as they can to file those.
MH: Enforcement is a top-of-mind concern for a lot of executives. Last year OIG issued a proposed rule on how it would enforce information blocking for health information exchanges and software developers, which hasn't been finalized, and HHS would have to propose a separate rule to establish disincentives for healthcare providers. Anything you can share in terms of what's on the horizon?
Tripathi: There isn't a whole lot I can share right now. One of the unwritten rules as I've joined the federal government is: don't comment on other people's rules, any more than I want other people to comment on ours. But that proposed rule is out there, and the expectation is that the third or fourth quarter they'll be turning the crank on the next version of it, but I certainly don't want to speak for OIG. We are actively working with CMS on the disincentive piece for providers, so I can certainly confirm to everyone that we're working hard on it and that there's a lot of engagement around that. But I can't share anything about where that discussion is until it lands from CMS.
MH: Application programming interfaces are a particular emphasis in the rule, although that part hasn't gone into effect yet. How do you think healthcare providers will have to change their data strategies once those standard APIs are more widely available?
Tripathi: The easiest way to think about it is outbound versus inbound. The outbound is what data is going to be made available to others through these APIs, which is going to be a little bit more structured, a little bit more refined. It won't be the physicians who are doing that work; it's behind the scenes with the other parts of the provider organization as well as the technology vendor making that available as FHIR (Fast Healthcare Interoperability Resources) resources. I think that there's work to do there to figure out that mapping and making those available.
A lot of vendors have already gone down that path and worked with their provider organization partners to do that. But I don't know that it really changes their data strategy per se, because they've been doing that for CCDA (Consolidated-Clinical Document Architecture) availability, though it's a different, perhaps a little bit more rigorous, type of mapping, in different areas.
The inbound side, hopefully, is a problem that they want to have, which is: How do I integrate data that's coming in that's now more "integratable," for lack of a better word? Right now I think one of the challenges that providers have is that they'll get a continuity of care document and there are integration challenges. Depending on which vendor you're on, depending on what processes you've built, you may be able to bring in some of that data as structured data and then have your system act on it as if it was natively documented in your system. But there's very clunky workflows in some cases around that, in part because there's a lot of variation in the structuring and the coding of that continuity of care document coming in. You're also often getting a whole document, when maybe all you wanted was the allergy.
So, hopefully, the work that'll have to be done is figuring out how to query just for that penicillin allergy and how to incorporate that into the workflow using APIs.
MH: What are some of the possible benefits of having standard APIs in healthcare? What's the potential?
Tripathi: There are a number of benefits. One benefit I'm hoping for is that the providers are much happier with the systems that they're using day-to-day, and that it gives them a reason to smile in the morning when they come in and they turn on their EHR system, because they are able to have the kind of user experience that you and I have on our mobile devices—which is to say it's not about the mobile device itself, but being able to create your set of apps. If you looked at my phone and your phone, we're going to have a different set of apps that really are tailored to our preferences and what work best for us. I think the hope—and the expectation—is that EHRs will be a platform that I'm able to add my own set of apps or my own constellation of apps to, working with my organization of course, which makes my experience better, so that I, as a provider, am not locked into a particular workflow.
The other side of it is for patients. It's hard to anticipate what those benefits are going to be, but it's about making the data available to patients. Some will ignore it, and that might be me—I really want to know that my providers have my data and that they're sharing it, but I, myself, personally, am not that interested in it. But I think there are a lot of other patients who feel differently. The core benefit is my being able to make those choices myself and being able to have a whole ecosystem develop around the preferences that individuals have with respect to how they want to interact with their own care.
MH: Only software developers certified in ONC's health IT certification program are required to make standard APIs available under the rule. Since post-acute care providers aren't using certified EHRs at the same rate as acute-care hospitals, do you have any concerns that they could be left out of this emerging app ecosystem?
Tripathi: Yes and no. I think the "yes" is that we know that there are parts of the healthcare delivery system that didn't get the benefit of the "meaningful use" program and being able to get those incentives to invest in those technologies. So, they're having to invest on their own, and that means that they're going to be lagging a little bit. There is a concern that maybe that part of the healthcare system might not be able to take full advantage.
There is a countervailing piece to that, though. These are APIs that are well-known in industry—you have a lot of other players who are jumping in from outside of healthcare creating the cool apps. If you're a post-acute care or long-term acute-care provider, before, if you wanted to communicate in an electronic way with a hospital that had a different EHR, you had to have another technology that was able to communicate with that. But now you have a world where there are lightweight apps that you can pull open with a browser and be able to do that in a secure way, because we're now using open industry standards that the rest of the internet economy uses. That opens up the opportunity to say, "I don't need a full-blown EHR to communicate with that other EHR." I actually can have a lightweight app that's created just for continuity of care between a hospital and a long-term acute-care provider. I think that we should have a lot of confidence that there will be a whole bunch of app developers who are going to dive into that space. There already are, but I think that we'll have more of them.