Establishing Interoperability by Legislative Fiat
Mar 10, 2015h/t to Roger Maduro for the notification about the Rep Burgess Bill:
The office ofRep. Michael C. Burgess, MD (R-Texas)released a draft of the interoperability bill that they have been working for the past several months on Friday. Rep. Burgess, one of the few physicians in Congress, has been working very hard with his staff to come up with legislation that can fix the current Health IT “lock-in” crisis.
Well, I’m not sure that it’s a crisis. Perhaps it’s one politically, but maybe legislation can help. With that in mind, the centerpiece of the legislation, as far as I can see, is these 3 clauses:
‘‘(a) INTEROPERABILITY.—In order for a qualified electronic health record to be considered interoperable, such record must satisfy the following criteria:‘‘(1) OPEN ACCESS.—The record allows authorized users access to the entirety of a patient’s data from any and all qualified electronic health records without restriction.
‘‘(2) COMPLETE ACCESS TO HEALTH DATA.— The record allows authorized users access to the en- tirety of a patient’s data in one location, without the need for multiple interfaces (such as sign on systems).
‘‘(3) DOES NOT BLOCK ACCESS TO OTHER QUALIFIED ELECTRONIC HEALTH RECORDS.—The record does not prevent end users from interfacing with other qualified electronic health records.
Well, there’s some serious issues around wording here.
Firstly, with regard to #1:
- What’s the scope of this? a natural reading of this is that “the record’ allows access to all patient data from any institution or anywhere else. I’m pretty sure that’s what not they mean to say, but what are they saying? What ‘any and all’?
- Presumably they do want to allow the authorizing user - the patient - to be able restrict access to their record from other authorised users. But that’s not what it says
- The proposed bill doesn’t clarify what’s the ‘patient record’ as opposed to the institution’s record about the patient. Perhaps other legislation qualifies that, but it’s a tricky issue. Where does, for instance, a hospital record a note that clinicians should be alert for parental abuse? In the child’s record where the parent sees it?
- Further to this, just what are health records? e.g. Are the internal process records from a diagnostic lab part of ‘any and all qualified health records’? Just how far does this go?
With regard to #2:
- What’s an ‘interface’? As a technologist, this has so many possible meanings… so many ways that this could be interpreted.
- I think it’s probably not a very good idea for legislation to decide on system architecture choices. In particular, this sentence is not going to mesh well with OAuth based schemes for matching patient control to institutional liability, and that’s going to be a big problem.
- I’m also not particularly clear what ‘one location’ means. Hopefully this would not be interpreted to mean that the various servers must be co-located, but if it doesn’t, what does it mean exactly?
With regard to #3:
- I can’t imagine how one system could block access to other qualified health records. Except by some policy exclusivity, I suppose, but I don’t know what that would be. Probably, if this was written more clearly, I’d be in agreement. But I don’t really know what it’s saying
There’s some serious omissions from this as well:
- There’s nothing to say that the information must be understandable - a system could put up an end-point that returned an encrypted zip file of random assorted stuff and still meet the legislation
- There’s no mention of standards or consistency at all
- There’s no mention of any clinical criteria as goals or assessment criteria
The last is actually significant; one of the real obstacles to interoperability is the lack of agreement between clinicians (especially across disciplines) about clinical interoperability. There’s this belief that IT is some magic bullet that will create meaningful outcomes, but that won’t happen without clinical change.
As usual, legislation is a blunt instrument, and this bill as worded would do way more damage than benefit. So is there better wording? I don’t have any off the top of my head - anything we could try to say is embedded in today’s solutions, and would prevent tomorrow’s (better) solutions.
It would be good if the legislation at least mentioned standards, though. But we’re decades away from having agreed standards that cover even 10% of the scope of “any and all qualified electronic health records”