This Historic Ruling by the ONC Means More Empowered Patients

David Foster, Sr. Director, Analytics and Insight


When a member of my family was diagnosed with a glioblastoma brain tumor, she had the standard treatment of surgery, chemo, and radiation at the hospital. She was also eligible for an immunotherapy clinical trial at an academic medical center 100 miles away, where she received regular scans to see if the tumor was growing back. Fortunately, when the tumor did start growing again, these frequent scans detected it and helped her make the decision to have another surgery at her hospital.

Getting the medical images and detailed notes from one medical center to another should have been an easy task, given all the investment in electronic health records (EHRs) over the last decade. Not so in this case. She was prepared to have a family member drive 200 miles round-trip to pick up a copy of the records on CD. Even with the health information exchange set up between the two systems, the surgical staff wasn’t prepared to receive the detailed imaging records through an electronic exchange.

The unnecessary suffering my family experienced could have been avoided if interoperability standards had been in place so the records could be transferred immediately.

Change is hard—especially in healthcare, where technology sometimes gets a bad rap for adding to clinician burden. Some people claim that patients will be harmed if they can access their data through third-party apps and services that utilize open APIs as required by the 21st Century Cures Act. Harmed how? Well, defenders of the status quo say that providing access will pose a risk to patient privacy. These sentiments miss a crucial principle of fair information practices intended to protect individuals’ privacy.


The Individual Participation Principle

Earlier this week, the Office of the National Coordinator published their final rule on the 21st Century Cures Act. ONC’s strategy and rulemaking places significant emphasis on patient access to data. When patients can access information about their own health care, they can be more actively engaged and have a say in what happens to them. Informed and involved patients ought to help reduce unwarranted variation in the way care is provisioned. So why is there opposition to using the power of electronic health records to help people?

Deven McGraw, chief regulatory officer of Ciitizen and a leading advocate for patient data access, is known for countering those setting up the false argument between access vs. privacy. The Individual Participation Principle, as nicely described in the Organisation for Economic Co-operation and Development’s work on privacy, states that individuals need access to their own data to know what the data controllers are saying about them.1 So access is privacy—it’s not an either/or proposition. There is a huge need to educate the public on the importance of accessing data and how to use it.

The ONC’s HIT strategy also expresses concerns about how to help patients when they lack sufficient health literacy to fully understand that data.

“Even when patients and caregivers can access health information electronically, they may have low levels of health literacy and may not understand what the information means. This is a significant challenge for improving patient health, especially as individuals are increasingly being expected to take a greater role in managing their own health and care.”

This is where patient education that is specific to the given patient comes to the rescue. We implemented solutions like the HL7 InfoButton years ago to contextually link medical records to plain-language information so people could understand their conditions and treatments. We can build on that success and continue to use medical codes and natural language processing to distill a record into basic medical concepts. We can then map the medical code metadata to educational materials.

Increased access to data may, on the surface, seem like a recipe for poor privacy. But when we take a closer look, it’s clear that this interoperability will actually improve patient privacy and give people a greater voice in their health care.


The Hazards of Information Blocking

In 2015, the ONC defined information blocking as a practice by a health care provider, health IT developer, health information exchange, or health information network that interferes with, prevents, or materially discourage access to electronic health information.

This information blocking is disconcerting. So many interoperability implementers and standards developers have spent years demonstrating the feasibility of moving data from one system to another—just look at the DaVinci Project and the FHIR at Scale Taskforce (FAST) for examples of this important work. Alternatively, there are other paths for patients to get their data even if information blockers thwart them—patients have a right to their records via HIPAA. Even delivering the files in CloudFax PDFs isn’t much of a problem anymore. Machines today are learning how to read the unstructured data in these documents in milliseconds and highlight the relevant data for further use, like education or clinical decision support.

The ONC’s final rule on the 21st Century Cures Act cements patients’ access to more of their data. Let’s remember to include patient education components in interoperability demonstrations so that, when we make the transition from demos to real-world use, we’ll have the solutions to help patients understand what is being done to them.

1 http://oecdprivacy.org/#participation