Electronic health record interoperability and secure health information exchange have been key areas of focus for federal health IT leaders in recent months. Now these topics are getting even more attention from Congress.
The Senate Committee on Health, Education, Labor and Pensions is launching a working group focused on identifying ways to improve EHRs, including facilitating secure information exchange between EHR systems from disparate vendors and between healthcare providers.
A source in the office of Sen. Patty Murray, D-Wash., tells Information Security Media Group that the goal of the working group is to make some legislative and administrative recommendations by the end of the year.
"As we focus on making our healthcare system work better for families, the promise of electronic health records could not be more important," Murray said in a statement provided to ISMG. "However, as researchers, providers and patients gather and use more health information, we need to be aware of the cyber-criminals who want to exploit that information. Patients and providers need to know that their information is safe and secure, so I look forward to working with my colleagues to develop strategies to protect privacy and meet today's challenges."
Frustrated by Pace of Change
The new Senate workgroup is the culmination of years of activity by Congressional members, says David Holtzman, vice president of compliance at the security consulting firm CynergisTek. "They are frustrated by the slow pace of change by the Department of Health and Human Services, and the companies that are in the EHR marketplace to address interoperability and patient safety issues," he says.
Holtzman adds that he hopes that the workgroup "can find a path toward restoring balance" between the needs of healthcare providers to have EHR systems that are accessible, yet secure, while facilitating information sharing with other providers - regardless of technology platform.
Because nearly $30 billion has been spent so far on HITECH Act incentives payments to hospitals and physicians for making "meaningful use" of EHRs, Congress is scrutinizing whether taxpayers are getting a return on this investment. EHRs from different vendors, for instance, often don't easily exchange data. By improving EHR interoperability so that patient data can be securely exchanged among healthcare providers nationally, treatment outcomes, as well as patient safety, can potentially be improved.
EHR interoperability is also critical to a "Precision Medicine Initiative" that President Obama unveiled in his State of the Union address (see Precision Medicine: Privacy Issues).
Precision medicine, also known as personalized medicine, involves the use of genomic, environmental, lifestyle and other personal data about patients so that clinicians can better tailor medical treatments that are potentially more effective, based on an individuals' characteristics.
During a May 5 hearing by the Senate committee, Karen DeSalvo, M.D., who heads the Office of the National coordinator for Health IT within HHS, said that the exchange of health data, including for precision medicine efforts, facilitates "more liquidity" of information, but with that, comes risks. "We're ramping up additional security. ... It's a top priority," she said.
DeSalvo told committee members that ONC, which oversees standards and policies of the HITECH Act programs, is ready to collaborate with the working group on EHR interoperability and related issues.
Working Group Goals
In a statement, the Senate committee says the goals of the new bipartisan working group are to help identify ways that Congress and the Obama administration can work together to:
Help doctors and hospitals improve quality of care and patient safety;
Facilitate information exchange between different EHR vendors and different health professionals;
Empower patients to engage in their own healthcare through convenient, user-friendly access to their personal health information;
Leverage health information technology capabilities to improve patient safety; and
Protect patient privacy and security of health information.
The working group, which is composed primarily of committee members' staff, will invite participation from health professionals, health information technology developers, relevant government agencies, and other experts specializing in health information technology, according to the committee statement.
Sen. Lamar Alexander, R-Tenn., chair of the Senate health committee, said in a statement about the new working group: "After $28 billion in taxpayer dollars spent subsidizing electronic health records, doctors don't like these electronic medical record systems and say they disrupt workflow, interrupt the doctor-patient relationship and haven't been worth the effort.
"The goal of this working group is to identify the five or six things we can do to help make the failed promise of electronic health records something that physicians and providers look forward to instead of something they endure."
The scrutiny over EHR interoperability and secure health information exchange also stretches to the House of Representatives. In March, Rep. Michael Burgess, M.D., R-Texas, unveiled legislation that calls for devising new methods for measuring whether EHR vendors are compliant with interoperability standards (see Bill Proposes EHR Interoperability Plan).
That bill proposes establishing a Congressionally appointed committee, to be known as the "Charter Organization," that would recommend methods for measuring whether EHR systems that qualify for the HITECH Act incentive program satisfy key interoperability criteria.
Interoperability and secure health information exchange is the focus of ONC's 10-year roadmap. ONC is reviewing public comments it received on its draft roadmap, and hopes to issue its next proposed version of the 10-year plan later this year.
In addition to its 10-year plan, ONC recently issued a report to Congress about information blocking, outlining how the secure exchange of health information is sometimes intentionally and unreasonably blocked by healthcare organizations, technology services providers and electronic health record vendors. In some cases, the players are inappropriately invoking HIPAA privacy and security concerns, ONC says (see Overcoming Health Info Exchange Blocking).
In an interview with Information Security Media Group at the recent HIMSS conference in Chicago, ONC Chief Privacy Officer Lucia Savage said misunderstandings about HIPAA often contribute to healthcare providers not engaging in the exchange of patient electronic health information. "We need to be a lot clearer about what the HIPAA rules are and how they support interoperable exchange," she says.