How much control do consumers have over their own personal health care data? The answer to that question is a moving target, and the responses will be very different if you are replying ten years ago, today, or a year from now.
When the Health Insurance Portability and Accountability Act (HIPAA) outlined minimum data privacy and security provisions for consumer health information over two decades ago, it didn’t give consumers much control over that data (see HIPAA: The Final Act and HIPAA, HIE & The Art Of Sharing Information). Historically, there has been many barriers to consumers accessing their data: The processes is complicated (when a process exists), the data is in multiple formats that aren’t easy to access, and in some cases, there is a cost. HIPAA allows entities and business associates to charge a fee for accessing data, and states can set the price. Of those consumers accessing data in 2016, 10% were charged for copies of their personal health information – a sharp decrease from 2015, when over half of consumers reported being charged for accessing their health care data (see AHIMA: Patient Data Access Through Patient Portals Increases).
But the days of keeping consumer data “under lock and key” are quickly coming to end. According to a study done by the American Health Information Management Association (AHIMA), 82% of consumers accessed their data through a patient portal in 2016, marking a dramatic increase over the 5% who did in 2013 (see Patient Access to Personal Health Information: An Analysis of the Consumer’s Perspective). The most common information accessed? Lab results, and requesting medication refills, and appointments.
This transformation in consumer data accessibility is the result of several factors – changing consumer expectations spurred by greater access to personal health monitoring devices (like the Fitbit and Apple watch); the increasing rates of adoption of electronic health records (EHRs) among provider organizations, which makes data easier to share; the Meaningful Use Stage 3 incentive program, which requires the sharing of data electronically with consumers; and most recently, large scale federal policy changes.
Last month, Secretary of Health and Human Services Alex Azar set four key policy objectives for the department at the America’s Health Insurance Plans National Health Policy Conference – including giving consumers greater control over health information technology (see Remarks on Value-Based Transformation to the Federation of American Hospitals). This was followed by the Centers for Medicare & Medicaid Services (CMS) announcing the creation of the federal MyHealthEData initiative, designed to give consumers access to their Medicare health. The initiative is designed to support interoperability and ensure that consumers have access to, and control of, their Medicare data. The MyHealthEData program includes plans for overhauling the Medicare and Medicaid Electronic Health Record (EHR) incentive programs and the relaunch of the Medicare Blue Button, version 2.0 (see Federal MyHealthEData Initiative To Allow Medicare Consumers Access To Personal Health Records).
Under this initiative, CMS will require Medicare provider organizations to update their EHR systems to the 2015 Edition Certified EHR Technology (CEHRT) starting in 2019 because that version is capable of providing consumers with data in a usable and secure electronic format. CMS has not yet specified what types of information must be shared by hospitals with a consumer’s receiving facility or post-acute care provider organization This initiative also builds on the ban on information blocking (a practice in which provider organizations prevent consumers from getting their data) that came late last year as part of the Merit-based Incentive Payment System (MIPS); CMS is requiring hospitals and clinical professionals under some CMS programs to prove that they have not engaged in data-blocking activities (see The Merit-based Incentive Payment System (MIPS) Advancing Care Information Prevention of Information Blocking Attestation: Making Sure EHR Information is Shared October 2017).
Blue Button 2.0 will allow Medicare fee-for-service (FFS) beneficiaries to download their actual Medicare claims data in a universal and secure digital format. Beneficiaries will also be able to upload the data file to applications designed to help them manage their health, or share the data file with their physicians to improve clinical decision-making. In the future CMS may require Medicare Advantage plans and other qualified health plans to also provide these same capabilities to beneficiaries. For health care consumers, this could offer greater control over their health care data, and the ability to use it for better selection of health care provider (for a look at our coverage of those, check out ‘Person-Centered’ Health Care Records Take Center Stage). As Secretary Azar noted, this shift puts the ability to judge value into the hands of the consumer. By increasing transparency and interoperability, these new initiatives can “improve quality and drive value.”
So the big question for the field. How will consumer data access and control affect the health and human service field? And, are the stakeholders ready? When I asked my colleague OPEN MINDS Senior Associate Sharon Hicks this question, her focus was on the likely impact on provider organization’s data operations.
These steps are clearly moving us in the right direction in terms of the creation of a consumer-centric model for health-data. However, making this shift is a big task. The current mindset among provider organizations and health plans is that data created during a health care service is the property, and the responsibility of (in terms of privacy, security, etc.), of the service provider. With this shift, CMS is asking the health care system to think of the person who received the service as the “owner.”
Making this shift will require some new resources – and I worry that the costs will driven down to the provider organizations without any plan for reimbursement. Regulatory relief for provider organizations is critical. The prospect of moderating the administrative rules is an important part of the whole conversation. In terms of concrete steps, it is time for provider organization executive teams to sharpen their health information exchange capabilities – in advance of these new initiatives being put in place. Most organizations will need an external data sharing plan and should plan on more active participation in statewide and regional HIEs.
Are provider organizations and health plans ready for the new era of consumer control of health information? The answer is some arem, and some aren’t. But interoperability and health information exchange are likely to soon be a much bigger factor in competitive advantage.
For more, check out these resources it the OPEN MINDS Industry Library:
- Moving EHR Investments From ‘Must Do’ To ‘Must Have’
- CMS Fact Sheet: MyHealthEData Initiative
- Google Launches Cloud Healthcare API To Address Interoperability Conundrum
- ‘Person-Centered’ Health Care Records Take Center Stage
- Carequality, LifeWorks Northwest & Netsmart Collaborate To Share Client Data To Improve Outcomes
- The Essential Tech List For Value-Based Purchasing
- Leveraging Technology For Better Interoperability: Harnessing The Power Of FHIR & Blockchain
- AMA Launches Integrated Health Model Initiative To Create A Common EHR Data Framework
- The Impact Of Tech In The Future – & The Reality Of Tech In The Present
- National Quality Forum Issues New Quality Measurement Reports For Telehealth & Interoperability
For more on this developing and important discussion on data management and access in the health care landscape, join us on October 23 at The 2018 OPEN MINDS Technology & Informatics Institute for the session, “The Challenges Of Data Management In A Digital World: An Executive Discussion On Security, Privacy, & Consumer Control.”