Department of Health and Human Services (HHS) – Health Care
Tag

Department of Health and Human Services (HHS)

Browsing

As we wait for final rules that will enable consumers to freely access their health data, electronic health record (EHR) giant Epic is saying breaking down the silos where this information lives will create a privacy hazard for patients.

While privacy concerns over health data sharing are always legitimate, they can’t stem the tide of the inevitable: Patients and consumers are demanding access to their data, and new proposed government rules supporting a consumer-directed, seamless flow of medical information will likely go into effect as soon as this month.

When they do, it will accelerate the race among technology companies to offer consumers the end-to-end healthcare experience and outcomes we’ve all been missing. At the same time, they will force the government to move quickly to establish a new privacy framework that will replace HIPAA’s limited reach and work to benefit all stakeholders.

Case Study

Across-the-Board Impact of an OB-GYN Hospitalist Program

A Denver facility saw across-the-board improvements in patient satisfaction, maternal quality metrics, decreased subsidy and increased service volume, thanks to the rollout of the first OB-GYN hospitalist program in the state.

See how

We could be in for a wild ride. But when the dust settles, we will have what we should have had all along: a healthcare system where consumers sit at the center and are empowered by ownership of their own health data.

A snapshot of health IT’s bumpy history

In 2004, the Office of the National Coordinator for Health IT released a framework for strategic action, the decade of health information technology: delivering consumer-centric and information-rich care (PDF).

I worked for David Brailer at the time, who was appointed by President George W. Bush to be the country’s first information “czar” for healthcare. Dr. Brailer is still an advocate for information-sharing, recently calling on healthcare CEOs to lean into, not away from, the opportunity to engage the patient in a more meaningful way. If healthcare CEOs fall short, tech companies will fill the void (more on that later). 

We envisioned a system where important health data would follow the individual by building interoperability into EHRs from the start—a vision that tragically has yet to be realized. 

ELATED: Epic’s Judy Faulkner: ONC data blocking rule undermines privacy, intellectual property protections

We imagined health data would function as a powerful currency for consumers, but to date, this valuable asset has stayed in the hands of EHR companies who keep it under lock and key. 

Consumers will soon hold this currency in their hands for the first time. If they seek to understand and apply their health data like they have with their genetic information—consider the explosion of tech companies like 23andMe and others—we’ll see dramatic shifts in the health tech landscape.

Consumers are most likely to share their health information with companies that have proven they can offer a powerful, secure and user-friendly experience: companies like Amazon, Apple, Google and a host of established and emerging technology players.

We must now endeavor to build the necessary security and privacy frameworks that ensure the consumer will always be protected and in control of their personal health information.

Where to go from here

We’re entering a new era, one where healthcare providers, payers, solutions providers and technology companies will create a superior healthcare experience and deliver improved patient outcomes.

The days of medical information being walled off and guarded by EHR vendors are coming to an end.

We can expect three things to occur once the rules are finalized:

  •  EHR companies will see their business models disrupted: As consumers control their health data, the silos created by EHR companies will gradually erode. This will change these companies’ business models permanently. No longer the central gatekeepers of the country’s medical information, EHR companies will scramble to build new capabilities and services in a bid to remain important players in healthcare.
  • Technology companies that build trust will earn their moment in the sun: Consumers have shown a willingness to share sensitive information with technology companies in exchange for insights about their health. With new rules in place that turn loose volumes of health data, incumbent tech giants and newcomers will compete to create compelling new healthcare experiences and superior outcomes. Consumers will decide the winners by preferentially sharing their data with companies whose products and services are both transparent and secure.
  • New privacy laws must take shape: As tech companies compete to win the trust of consumers, the government will develop updated rules of the road for our new, consumer-centric health system. This effort is already underway thanks to multi-stakeholder groups like the CARIN Alliance and the work that the Robert Wood Johnson Foundation is doing with Manatt. We can expect these efforts to ramp up quickly.

HIPAA doesn’t cover many of the new digital products and services that can benefit consumers, but that doesn’t mean consumers and technology companies cannot hold this data. It means we need to modernize HIPAA.

When these trends come to pass, it will be the consumer—newly empowered with their health data—who will drive our country toward value-based care. Top-down decisions by healthcare providers, insurers and government agencies haven’t accomplished this vision—consumers can and will.

As a consumer, a health tech entrepreneur, a mother and a former federal and state official, I am eager to bear witness as consumers take the driver’s seat, which was the intention all along.

Lori Evans Bernstein is a co-founder and the president and chief operating officer of HealthReveal. She was a senior advisor to the first National Coordinator for Health IT in the U.S. Department of Health and Human Services and served as deputy commissioner of the New York State Department of Health’s Office of Health IT Transformation. 

Federal lawmakers are taking a hard look at how the VA protects patient data shared with VA-approved health apps.

As more health data is shared with technology companies and mobile apps, it raises concerns about potential privacy and security risks for veterans, according to federal lawmakers charged with oversight of the Department of Veterans Affairs’ IT modernization efforts.

The VA’s App Store includes close to 50 smartphone apps designed to help veterans manage their healthcare.

Case Study

Across-the-Board Impact of an OB-GYN Hospitalist Program

A Denver facility saw across-the-board improvements in patient satisfaction, maternal quality metrics, decreased subsidy and increased service volume, thanks to the rollout of the first OB-GYN hospitalist program in the state.

See how

Many of these apps required “significant elevated permissions” and request access to a user’s contacts, calendars, photos, and other files, and that raises questions around privacy, said Susie Lee, D-Nevada, chairwoman of House Veterans’ Affairs Subcommittee on Technology Modernization during an oversight hearing Wednesday.

Lee said she’s concerned that smartphone apps could access users’ sensitive health information, such as a post-traumatic stress disorder (PTSD) diagnosis, that could be shared or sold by third-party companies and lead to workforce discrimination or other negative consequences for veterans.

Ranking Member Phil Roe, R-Tenn., said one VA-recommended app designed to provide support to veterans with PTSD requests permission to access the smartphone user’s contacts and microphone. “That’s disturbing to me. You might inadvertently hit that,” he said.

He added, “I look at a risk-benefit ratio. Is this information shared? Is it accessible? Is it sold?”

Paul Cunningham, the VA’s deputy assistant secretary and chief information security officer (CISO), testified that the department has to make “risk-based decisions” over the value of the app while balancing security and privacy.

“We’re trying to solve this problem around access to data. If we go strictly by compliance and zero tolerance, we miss out on opportunities that technology brings if we’re not able to share information with third parties that are trusted,” he said.

Health systems are grappling with the same issues around app privacy, as the Department of Health and Human Services (HHS) will soon finalize a regulation that will allow patients to download their health data using third-party apps.

The VA is the process of implementing a multi-billion dollar IT modernization project, including a new electronic health record (EHR) system from health IT vendor Cerner. 

The Mission Act also is expanding the number of VA patients seeking treatment from community care providers which requires more data sharing. The VA needs to ensure that privacy and security policies keep pace with new technology, Lee said.

“As we assess the data landscape at the VA and the larger health IT space, we need to look at where protections exist or don’t exist and whether we need more guardrails,” Lee said. 

Cunningham said the VA has policies and practices to ensure that access to veterans’ information is strictly controlled. Apps that connect to an application programming interface (API) from the VA and are part of VA’s App Store must sign a “comprehensive and strict’ user agreement that sets limits to how health data can be used, he said.

The VA’s acceptable use agreement includes a commitment not to sell patient data.

Cunningham told lawmakers that VA does not “police” the networks of third parties, but the department would take “swift action’ to investigate if a breach was discovered.

Like many in the healthcare industry, Cunningham acknowledged that he has concerns about how third-party companies not regulated by the Health Insurance Portability and Accountability Act (HIPAA) use health data and the potential privacy risks for veterans.

“It’s difficult to make sure that people really understand when they accept an app that they understand the full access they are granting and how that information will be used downstream,” he said.

Privacy policies used by apps can be thousands of words long and many consumers do not read them, Lee noted.

Key lawmakers are considering whether federal laws like HIPAA need to be updated to better protect veterans’ sensitive health information.

Rep. Jim Banks, R-Indiana, ranking member of the committee, wants to see the HIPAA privacy rule updated to prevent health data from being monetized. 

“Today some of the HIPAA-permitted purposes to asses patient records when applied in a new context, could become loopholes,” he said. “The health technology landscape is evolving quickly. Mobile apps already have taken over the software marketplace. In a few years, most health records will be stored in the cloud. Privacy safeguards have to evolve as well.”

Sepsis hospitalizations cost Medicare $41.8 billion in 2018 alone, a new study from the Department of Health and Human Services (HHS) shows. 

The rate of Medicare beneficiaries hospitalized with sepsis has increased by 40% over the past seven years, the HHS study found. The researchers analyzed more than 9.5 million inpatient admissions between 2012 and 2018, making for one of the largest studies into the impact of sepsis. 

The growing sepsis infection rate isn’t related to ballooning Medicare enrollment, the study says, as enrollment grew by 22% even as infection rates grew by 40%. 

Case Study

Across-the-Board Impact of an OB-GYN Hospitalist Program

A Denver facility saw across-the-board improvements in patient satisfaction, maternal quality metrics, decreased subsidy and increased service volume, thanks to the rollout of the first OB-GYN hospitalist program in the state.

See how

“Sepsis is a lethal and costly health threat affecting Americans’ lives and our economy, yet many Americans may never have heard of it,” Robert Kadlec, M.D., HHS assistant secretary for preparedness and response, said in a statement. 

“Any infection can lead to sepsis, including infections caused by influenza or emerging diseases like coronaviruses, which makes sepsis a significant concern in public health emergencies,” Kadlec said. 

A study released last month by the University of Pittsburgh estimates that sepsis is responsible for one in every five deaths worldwide, double previous projections. And while high-income countries have plenty of work to do to address sepsis rates, middle- and low-income countries disproportionately bear the burden of the disease, the Pitt study found.

HHS’ analysis dug into sepsis’ impact on outcomes for Medicare beneficiaries and found that 10% of those with non-severe sepsis died while hospitalized or within a week of discharge, and 60% died within three years of contracting the infection. 

Of those diagnosed with severe sepsis, or septic shock, 40% died in the hospital or within a week of discharge, and 75% died within three years, according to the study. 

Mortality risks were highest among beneficiaries with comorbid chronic conditions, HHS said. 

Medicare patients were more likely to arrive at the hospital with the infection rather than contracting it while hospitalized, the study found. However, two-thirds had a medical encounter in the week before their hospitalization, emphasizing the need for earlier detection. 

The study suggests the cost burden of sepsis isn’t likely to decrease anytime soon. HHS projects that in 2019 the cost for inpatient and skilled nursing care related to sepsis could exceed $69 billion. 

Costs increased by 12% to 14% every two years, the study found. 

Centers for Medicare & Medicaid Services (CMS) Administrator Seema Verma said in a statement that the study highlights the “urgent need” for continued action to mitigate sepsis and said the agency is moving full speed ahead with efforts to eliminate regulatory hurdles that can inhibit access to lifesaving drugs. 

“This groundbreaking study sheds light on the sepsis-related challenges faced by patients, providers, and taxpayers alike,” Verma said. 

“CMS continues to clear away regulatory obstacles and financial disincentives that have long inhibited the development of life-saving antibiotics capable of treating sepsis patients,” she added. “Patients suffering from sepsis deserve to see America’s full innovative potential mobilized to address this devastating condition.” 

For the past few weeks, Epic’s opposition to the Department of Health and Human Services’ (HHS’) interoperability and information blocking rules has dominated the digital health news cycle and continued to draw ire from the industry.

Rightfully so, much of the focus has been on patients’ rights to their health data—especially given Epic CEO Judy Faulkner’s apparent opposition to making patient data access easier.

But much less attention has been given to solving for provider-to-provider information exchange, despite the enormous challenges and barriers that still exist in that arena. 

Case Study

Across-the-Board Impact of an OB-GYN Hospitalist Program

A Denver facility saw across-the-board improvements in patient satisfaction, maternal quality metrics, decreased subsidy and increased service volume, thanks to the rollout of the first OB-GYN hospitalist program in the state.

See how

With the Trusted Exchange Framework and Common Agreement and information blocking rules, the Office of the National Coordinator for Health IT (ONC) has an undoubtedly admirable goal: Create a “single onramp” for nationwide health information exchange and interoperability using a variety of policy levers. 

What’s missing from the policy levers, however, is an understanding of the role and nature of networks, also called multisided platforms (MSPs), or what most in healthcare will recognize more generally as health information exchanges. Specifically, how networks create value, how they compete and what they need to make various interoperability use cases a reality. 

ELATED: Epic’s Judy Faulkner: ONC data blocking rule undermines privacy, intellectual property protections

Also missing from consideration? The underlying issue that, with these policies, the ONC is attempting to regulate a market into existence—and with this approach comes a ripple of negative effects standing to undermine the very result the ONC is trying to achieve. 

MSPs: Policy design versus time to develop

While they may be dominant in their respective markets today, Amazon, Uber and Lyft and Airbnb—all examples of networks/MSPs—were certainly not overnight success stories. Each network took time to grow, amass users and evolve into the well-oiled versions we know today. 

Similarly, to build a successful network for health information exchange, any policies or implementation frameworks must provide enough time and flexibility for the networks to develop and scale. Unfortunately, this is not the case in the latest ONC guidance, which has the first group of Qualified Health Information Networks up and operating by August 2020.

This accelerated timeline does not provide nearly enough of an on-ramp for proper network setup and development, let alone growth and optimization. And this isn’t the first time the industry has seen this play.

For instance, while e-prescribing between doctors and pharmacies may now be routine (85% of all prescriptions were e-prescribed in 2018), remember that Surescripts—the health information network responsible for routing the majority of the country’s e-prescriptions—started on its interoperability journey nearly 20 years ago and took about a decade to scale. 

Policy design versus market demands

On top of a lacking understanding of MSP development and optimization, perhaps the biggest issue with the federal guidance is that ONC is attempting to regulate a market into existence.

This is a problem because, outside of the growing patient desire (PDF) for health data access and utility, there hasn’t been sufficient industry demand for this level of information exchange, as evidenced by a lack of willingness to pay. 

Case in point: Almost a decade after the U.S. government invested more than $35 billion in the creation of the meaningful use program to spur electronic health record (EHR) adoption, a seamless exchange of health information between providers is a rarity, despite the fact that the majority of providers today use an EHR.  

Moreover, under ONC’s information blocking rule, health systems, EHRs and health information networks would be required to “open up” their APIs to improve the exchange of health data. The problem with this is networks compete on a variety of measures, including price, business model, quality, governance and how they uniquely facilitate the exchanges between users.

By attempting to commoditize and regulate the means and methods of health information exchange (e.g., through fees), the ONC is establishing a network value “ceiling” and thus effectively short-circuiting the way networks compete and develop.

Lastly, by removing an economic upside for MSP developers/operators, rather than having the “best network win” in the market, the industry may be left with: 1. a handful of “zombie” networks (unable to invest in improving the quality and value of exchange), or 2. a monopoly or duopoly situation, as smaller regional health information networks find themselves unable to compete with larger, national networks.

More time, fewer constraints: Interoperability depends on proper MSP development

Creating a single on-ramp for nationwide health information exchange is a commendable goal, worthy of industry action and investment in a solution. 

But taking a rushed, “one-size-fits-all” approach to MSP development—one that stands to undermine the very goal the policies were designed to achieve—is not the right way to do it.  

Will MSPs be the prescription nationwide interoperability needs to succeed? Only time will tell.

Seth Joseph is managing director of Summit Health, a recognized expert in digital health technology and author of several articles on the space. He has spent more than a decade helping companies successfully bring novel digital technology to healthcare markets. Previous to founding Summit Health, Seth led corporate strategy at Surescripts. Prior to Surescripts, Seth led eHealth strategy for Caremark, part of CVS Health. 

As the industry waits for a landmark rule aimed at opening up access to patient data, Donald Rucker, M.D. said Wednesday that regulators are challenged with balancing data privacy and transparency.

The proposed interoperability rule will be coming out “relatively soon,” Rucker, who is head of the Office of the National Coordinator for Health IT (ONC), said during a Health IT Advisory Committee meeting Wednesday.

Many have speculated that the rule will be released during the Healthcare Information and Management Systems Society conference in March.

Case Study

Across-the-Board Impact of an OB-GYN Hospitalist Program

A Denver facility saw across-the-board improvements in patient satisfaction, maternal quality metrics, decreased subsidy and increased service volume, thanks to the rollout of the first OB-GYN hospitalist program in the state.

See how

A year ago, ONC, which is part of the Department of Health and Human Services (HHS), proposed an interoperability and information-blocking rule that defines the demands on healthcare providers and electronic health record (EHR) vendors for data sharing. The rule also outlines exceptions to the prohibition against information blocking and provides standardized criteria for application programming interface (API) development. 

HHS officials say the rule, which promotes the use of application programming interfaces (APIs), will help bring healthcare into the modern app economy.

The proposed rule has created an industry rift—EHR vendor Epic, many health systems, and some privacy groups have voiced strong opposition to the rule. About 60 health systems signed an opposition letter circulated by Epic CEO Judy Faulkner that was sent to Azar. The letter cited risks to patient privacy and intellectual property if the rules are finalized now.

Meanwhile, newer technology entrants to healthcare such as Apple and Microsoft, some EHR companies like Cerner and consumer advocates are backing the rule. Google Health’s David Feinberg, M.D. has met with HHS officials about the rule, Politico reported.

Rucker was asked by members of the Health IT Advisory Committee about the status of the rule.

“There are complicated issues balancing the various interests of the American public to get a good deal in healthcare, to have transparency, to do this in a way that doesn’t prevent innovation and allows vendors to be able to build products in a practical way and draws the right balance on protecting privacy, yet addressing what is ultimately the biggest issue, which is simply the vast amount of healthcare costs that are out there and lack of patients having agency.”

As the lobbying battle over the rule goes on, Politico reported Tuesday that ONC’s rules gained a rare endorsement from a hospital system: the University of California, San Francisco. The “nation needs ONC’s proposed regulations,” the leaders of UCSF and its health system wrote to HHS Secretary Alex Azar, according to Politico.

All the lobbying efforts and public debates could have some positive results, Rucker said.

“Maybe it’s had the unintended benefit of getting people to focus on how this all will play out and part of a broader dialogue about what we want to do with technology in our lives,” he said.

Over 41 million patient records were breached in 2019, with a single hacking incident affecting close to 21 million records.

Healthcare data breaches in 2019 almost tripled those the healthcare industry experienced in 2018 when 15 million patient records were affected by breach incidents, according to a report from Protenus and DataBreaches.net.

Protenus, a healthcare compliance analytics firm, analyzed data breach incidents disclosed to the U.S. Department of Health and Human Services or the media during 2019.

Case Study

Across-the-Board Impact of an OB-GYN Hospitalist Program

A Denver facility saw across-the-board improvements in patient satisfaction, maternal quality metrics, decreased subsidy and increased service volume, thanks to the rollout of the first OB-GYN hospitalist program in the state.

See how

There also has been an alarming increase in the number of breaches of patient privacy since 2016. Four years ago, there were 450 security incidents involving patient data, and that jumped to 572 incidents in 2019.

This number is likely to be a huge underestimate, as two of the incidents for which there were no data affected 500 dental practices and clinics and could affect significant volumes of patient records, Protenus reported.

There continues to be at least one health data breach per day, a trend Protenus first reported in 2016.

Here are three major cybersecurity trends Protenus found:

1. Hacking incidents surge

It appears hacking incidents, particularly ransomware incidents, are on the rise—hacking was the cause of 58% of the total number of breaches in 2019, impacting 36.9 million patient records

And one disturbing trend: Hackers are getting more creative in how they exploit healthcare organizations and patients alike.

In 2019, there were incidents of hackers attempting to extort money from patients whose records were exposed, not just the affected healthcare organization. In one incident in Florida, hackers sent ransom demands to a number of the affected patients, “threatening the public release of their photos and personal information unless unspecified ransom demands are negotiated and met,” Protenus reported.

2. One massive data breach

The single largest privacy incident reported last year was a massive security breach at American Medical Collection Agency (AMCA), a third-party billing collections firm. At least four clinical labs, including Quest Diagnostics and LabCorp, were impacted by AMCA’s security breach which, to date, exposed the sensitive data of 21 million patients.

The breach was discovered when analysts discovered patient information including dates of birth, social security numbers and physical addresses, for sale on the dark web, according to Protenus.

In the aftermath of the breach, AMCA’s parent company, Retrieval-Masters Creditors Bureau, voluntarily filed for Chapter 11 bankruptcy protection in the Southern District of New York in June.  

3. Staff members pose major security risk

Staff members inside healthcare organizations were responsible for breaching 3.8 million patient records in 2019, up from 2.8 million records in 2018.

The report characterized insider incidents as either human error or insider wrongdoing, which includes employee theft of information, snooping in patient files and other cases where employees appeared to have knowingly violated the law. 

As one example, the report highlighted an incident where a nurse is suspected of gaining access to patient information and providing the data to a third-party for fraudulent purposes. It is estimated that 16,542 patients could have been affected over the course of almost two years before discovery. The investigation is still ongoing.

Phishing attacks also continue to plague healthcare. Hospital employee education and training to detect and not fall victim to such attacks are imperative to get ahead of the hacking incidents, the report said.

“Hackers are also using credential-stuffing attacks, making it increasingly important to train employees not to reuse passwords across work settings and personal accounts,” Protenus wrote.

NRC Health was hit with a ransomware attack Feb. 11 and it still working to restore its systems and services.

The company, which works with 75% of the 200 largest U.S. hospital chains, administers patient survey tools to hospitals.

The cyberattack was first reported by CNBC’s Chrissy Farr on Thursday.

Case Study

Across-the-Board Impact of an OB-GYN Hospitalist Program

A Denver facility saw across-the-board improvements in patient satisfaction, maternal quality metrics, decreased subsidy and increased service volume, thanks to the rollout of the first OB-GYN hospitalist program in the state.

See how

NRC Health works with 9,000 healthcare organizations, including Adventist Health, Jefferson Health, Cedars Sinai, Phoenix Children’s Hospital, Ochsner, and Providence Health, according to the company’s website. NRC Health collects data from more than 25 million healthcare consumers a year across the U.S. and Canada.

In a statement provided to FierceHealthcare, Paul Cooper, Chief Information Officer at NRC Health, said on Feb. 11 the company experienced a ransomware attack on certain computer systems and immediately shut down its “entire environment,” including client-facing reporting portals, to contain the issue.

“We also immediately launched an investigation with the assistance of a leading forensic investigation firm to determine the nature and scope of the incident and notified the FBI,” Cooper said.

Since last week’s attack, NRC Health has made “significant progress” in restoration to its systems and services to its customers.

The company anticipates full restoration in the coming days, according to Cooper.

Cooper said in his statement that there is no evidence, to date, of unauthorized access to or acquisition of any data from NRC Health’s systems, including protected health information or other confidential information.

The company started notifying its hospital customers with an email alerting them to the attack, according to CNBC.

Despite the company’s assurances, some hospitals notified of the cyberattack have raised concerns that private patient data was accessed, according to sources who spoke with CNBC’s Farr.

One health system CEO, who requested anonymity, said that they were concerned about hackers having access to confidential information about their hospital including its market share, Farr reported.

David Holtzman, executive advisor to cybersecurity firm CynergisTek said federal HIPAA Rules and many state laws hold health care organizations responsible for assessing and carrying out notifications to consumers when one of their vendors suffers a cybersecurity incident or ransomware event that compromises their unencrypted electronic protected health information (e-PHI).

“HHS’ Office for Civil Rights has issued guidance that when an intruder has gained access to an information system in which e-PHI is stored and has compromised the availability or integrity of the data, it is presumed to be a reportable breach,” Holtzman said.

Measures from patient satisfaction surveys are not only used for patient loyalty, but the majority of senior health care executives have compensation tied to patient satisfaction scores. Hospital reimbursement is also being directly affected by inpatient satisfaction ratings as a part of the Centers for Medicare and Medicaid Services (CMS) value-based purchasing program and private payer initiatives, according to the American Medical Association Journal of Ethics.

“With NRC’s systems shut down, one chief information officer at a hospital said that it’s been a ‘major source of irritation internally,’ because the systems are used to determine how much its physicians are getting paid,”  Farr reported. The executive requested anonymity because they were not authorized to speak about the attack

If private patient information was accessed, hospitals will need to notify their patients.

“Our resources are singularly dedicated to regaining full operability and investigating this matter to completion,” Cooper said. “NRC Health takes our customers’ information and security very seriously, and we have and will continue to share additional updates on progress with customers on a daily basis until the issue is completely resolved.”

A recent report from Protenus found that over 41 million patient records were breached in 2019, almost triple what the healthcare industry experienced in 2018. Incidents involving business associates impacted 24 million patient records.

One incident alone, a massive security breach at third-party billing collections firm American Medical Collection Agency (AMCA), exposed the sensitive data of 21 million patients.

Federal regulators have listened to physicians’ complaints about health IT burdens and they have some solutions.

The Department of Health and Human Services (HHS) released Friday a final version of an overarching strategy to reduce clinician burden revolving around entering information into the electronic health records (EHRs), meeting regulatory requirements and improving EHR ease of use.

The new report (PDF), which includes 43 recommendations around clinical documentation and health IT usability, is a follow-up to a draft strategy released in November 2018.

Case Study

Across-the-Board Impact of an OB-GYN Hospitalist Program

A Denver facility saw across-the-board improvements in patient satisfaction, maternal quality metrics, decreased subsidy and increased service volume, thanks to the rollout of the first OB-GYN hospitalist program in the state.

See how

The overall goal is to improve patient care by enabling physicians to spend more time focused on them instead of their keyboards, HHS officials said.

“Physicians and other healthcare providers have long identified regulatory and administrative burdens as a key contributor to the many challenges they face. They also note these burdens weigh down the overall healthcare delivery system as well. Clinicians have pointed to an ever-increasing and poorly coordinated set of requirements they must meet to deliver and receive payment for patient care,” senior officials with the Office of the National Coordinator for Health IT (ONC) wrote in a blog post Friday.

The clinical community frequently links the increased burden of meeting these requirements with the tasks and use of health IT, such as EHRs, Andrew Gettinger, chief clinical officer for ONC, and Thomas Mason, ONC’s chief medical officer, wrote.

The report targets burdens tied to regulatory and administrative requirements that the federal government can directly impact through the rule-making process.

When looking at the steps HHS could take to mitigate EHR-related burden for healthcare providers, ONC and the Centers for Medicare & Medicaid Services (CMS) focused on strategies that are achievable within the near to medium term, roughly a three- to five-year window, according to the report.

And HHS is looking at strategies it can implement through existing or easily expanded authority.

EHR burdens have been a near-constant complaint from physicians that see the technology as an impediment to their relationship with patients. Numerous studies have documented the time suck of the technology.

The finalized strategy, required under the 21st Century Cures Act, reflects feedback from industry stakeholders and healthcare groups, including 200 comments submitted to the draft strategy, HHS said.

In several recommendations, the agency vowed to continue its work stripping down regulations and working with the industry to find solutions to growing problems. 

CMS already has taken some steps to reduce administrative burden such as changes to the more-than-two-decades-old E/M documentation and coding framework that clinicians use to bill Medicare for common office visits. 

HHS also wants to see health IT vendors doing more to improve technology usability. EHR vendors need to work with clinicians when designing systems or new features and should consult with experts in user-centered design during development, HHS officials said.

Specifically, EHR vendors should take the lead in developing health IT-specific user interface best practices and should collaborate to develop a shared repository of EHR usability practices.

This collaboration would help provide better consistency with user interface best practices while still enabling EHRs to compete with each other, HHS said in the report.

HHS also wants an EHR vendor’s user-centered design process to be highlighted on the ONC Certified Health IT Product List so potential EHR customers can see the efforts that went into the products they are considering acquiring.

“A shift from check-box interface elements to intelligent features that extract needed data from routine clinical workflows would provide a substantial reduction in usability-related clinician burdens,” HHS officials wrote in the report.

HHS’ recommendations represent the “best next steps” to address the growing problem of clinician burden related to their use of health IT and EHRs, ONC chief Donald Rucker, M.D., said in the report.

As part of its ongoing strategy, ONC plans to work to enable further automation in healthcare, with a focus on prior authorization and quality reporting.

“Through this HHS strategy, we look forward to advancing the premise of how to accurately model and support the clinical cognitive process in the EHR—a shift away from a strictly linear, logic-based model to a more sophisticated design that supports the complex pattern recognition inherent in the diagnostic and treatment process,” Rucker said in the report.

“We envision a time when clinicians will use the medical record not as an encounter-based document to support billing, but rather as a tool to fulfill its original intention: supporting the best possible care for the patient.”