Let’s take a trip down memory lane to 2009. We were neck deep in the Great Recession, Slumdog Millionaire was a cultural force, we lost Michael Jackson, and Barack Obama was our president. Top-of-mind for him, and the brass over at the Centers for Medicare & Medicaid Services (CMS), was a bold idea: What if we did away with paper health records and instead went digital? Interoperability among physicians and healthcare systems, heightened PHI security, and data-driven insights were all a part of this vision for a new era in healthcare. “And that will not only mean less paper-pushing and lower administrative costs, saving taxpayers billions of dollars; it will also mean all of you physicians will have an easier time doing your jobs,” Obama said in a 2009 speech at an AMA conference. That quote didn’t age well. Our most recent post on EHRs is still generating emails from you. Here’s an example: “I enthusiastically adopted an EMR in 2000 on my own dime,” said David Stricklin, MD, an internist. “It was one of those ‘built by doctors for doctors’ systems called eMD’s. It worked well and I remained a proponent until I sold my practice and had NextGen and later EPIC forced upon me by the corporate medical care system. … I retired 2 years ago after having my fill of coding, linking diagnosis with medically irrelevant billing details, scheduling procedures and initiating pre-authorizations and the like.” We’ve received many similar notes from doctors who bowed out of the career early, due to EHR frustrations. Stricklin’s comments also elucidate the problem inherent in the EHR crisis: They’re largely created and controlled by people who have no idea what it takes to be a doctor. That’s why a new CMS proposal concerning EHRs is setting off some alarm bells. New EHR proposal The CMS EHR proposal affects EHR use and integration in four broad ways: Public health data exchange, patient-provider data sharing, enhanced cybersecurity, and perhaps paradoxically, increasing the use of APIs. Let’s take a look at each. Public health data exchange The proposed EHR regulations are nested in the scintillatingly titled Fiscal year 2022 Medicare Hospital Inpatient Prospective Payment System and Long Term Care Hospital Rates Proposed Rule. The rule is open for comment until the end of June 2021 and will take effect in 2022. Among the many sections of the proposal is one modifying the Medicare Promoting Interoperability Program (MPIP), which helps determine reimbursement rates for hospitals. Under the proposal, hospitals participating in MPIP must improve how they electronically report data to public health agencies. This is yet another change instigated by COVID-19, which highlighted the need for accurate and more immediate public-health data. Specifically, participating MPIP healthcare organizations would have to share public health data from four categories: Syndromic surveillance reporting: Community-level numbers pertaining to health threats Immunization registry reporting: Tracking the outbreak of vaccine-preventable diseases as well as ensuring the equitable distribution of vaccines Electronic case reporting: Sending data to health departments on patients with certain conditions Electronic reportable laboratory result reporting: Data sharing that informs health departments about positive test results for specific illnesses or diseases Patient-provider data sharing Of all the proposed changes, this one seems to have the greatest likelihood of affecting the day-to-day of doctors. Participating MPIP hospitals would need to increase patient access to their EHR data. Furthermore, EHR systems would need to be capable of sending and receiving information to and from state or regional health information exchanges (HIEs). Exchange data would include what’s already in the Common Clinical Data Set, or the United States Core Data for Interoperability. Depending on your EHR, you might already have this integration/be checking the appropriate boxes. If not, this could lead to an increased clerical burden. It could be something as simple as checking a box to push data to an HIE. Or, it could be more involved. Only time will tell, and much hinges on EHR design. Enhanced cybersecurity Hospitals taking part in MPIP would need to perform an annual PHI security assessment, and monitor whether their EHRs could contribute to medical errors. In short, a hospital would need to prove that they’re sticking to these guidelines annually. What does this mean for doctors exactly? Maybe some more IT/cybersecurity training. Hopefully some more IT support. Increased use of APIs This is the possible paradox we mentioned earlier. On one hand, CMS wants enhanced PHI security. That’s something we can all get behind. On the other hand, APIs could be the major driver of patient-provider data sharing, which presents a cybersecurity/PHI security conundrum. API stands for application programming interface. Essentially, it’s a piece of software that allows two different programs to communicate. Ever create an account for an online store or app using your Google credentials? That’s an API. Painting in very broad strokes here, but in order for a software developer to create an API, they need to get under the hood of the other party’s software or service. This can sometimes lead to unwanted data exposure, as it recently did for Facebook, LinkedIn, and Clubhouse, to name a few. While it’s one thing to inadvertently reveal someone’s phone number or home address, it’s quite another to, say, reveal their HIV-positive status. Looking ahead Will these changes ultimately enhance public health? Hopefully. We’ve learned some hard lessons about the value of accurate, real-time health data as a result of the pandemic. But, will they fix the persistent problems with EHRs? For now, it appears the CMS changes do little to improve efficiency and ease of use–both of which appear to be top-of-mind for doctors, based on the emails you send us. Source
