top of page

Why Aren’t More Patients Electronically Accessing Their Medical Records? (Yet!)

In November 2019, Health Affairs published an article by Sunny C. Lin and colleagues that analyzed data on the number of patients who accessed their health records online as a result of the federal Promoting Interoperability Program (formerly known as Meaningful Use). The low proportion (10 percent of patients with online access to their records used it) led the authors to conclude that the patient access aspect of the program was a “public policy failure.” 


As consumer advocates, we strongly agree that the program’s patient access requirements should have been much stronger, and we advocated against the changes that weakened them substantially in previous years. But it’s also important to recognize—and address—the major underlying problems: misaligned financial incentives and significant gaps in usability.  







Patient Demand Is Not The Problem  


As veterans of the early movement to democratize health data by putting it squarely in the hands of patients and their families, we have witnessed many forms of pushback against efforts to enable patients such access. Among the most common arguments are that patients don’t want or won’t understand their health records, or that the privacy risks outweigh the benefits. But survey data have consistently shown that patients want and would, in fact, access their information, if they knew the capability existed and the process wasn’t too difficult relative to the value received. Despite patient interest, the process remains rife with obstacles and frustration, as illustrated by the GetMyHealthData campaign, which spent a year documenting what happened when patients requested their health records in electronic formats, as is their right under the law. The campaign showed that consumers definitely want their health data, but they are thwarted at almost every turn by outdated formats for information, inefficient delivery methods, cultural pushback, and exorbitant fees. But why?   


Yes, Meaningful Use Policy Was Weak  


As Lin and colleagues describe, the federal requirement that qualifying health care providers had to meet related to patient access was extraordinarily low—just one patient had to access his or her records online for a whole organization to get financial credit for participating in the program run by the Centers for Medicare and Medicaid Services (CMS). Pro-patient voices—including our own—had proposed stronger requirements, but policy drafts requiring that 10 percent of patients access their records were pared back to 5 percent and then eventually to the one patient requirement in response to strong industry opposition. We predicted back then this would be an epic mistake. Without the leadership and encouragement from providers as partners in consumer engagement to accelerate online access, few people would take advantage of—or maybe even know about it. Our fear was that low threshold requirements would increase the likelihood that providers would simply turn the capability on but never promote it. And that prediction has indeed come true.  


We believed then, and still do, that providers must play the central role in educating and encouraging consumers to access their data because most people trust their doctor more than anyone else when it comes to matters of health. Studies have shown that 63 percent of patients who viewed their medical records were encouraged to do so by their providers. Only 38 percent of patients took the initiative on their own, according to the same survey.  


Misaligned Economic Incentives in Health Care Dwarf Meaningful Use Issues  


Although the absurdly low threshold for patient access set by Meaningful Use was a weak catalyst for change, the bigger problem is that the federal electronic health records (EHRs) incentive program was grafted onto a fee-for-service payment system that discourages data sharing, leading health care organizations to implement the minimum requirements but not the spirit of this policy. The problem of “data hoarding” is so great that Congress has repeatedly investigated it and recently established penalties for so-called “information blocking.”  


In a nutshell—the data sharing and interoperability aspects of Meaningful Use were leading a horse to water that absolutely did not want to drink. Fee-for-service payment models continue to support inefficient and often harmful care, the costs of which are ultimately borne—in dollars and lives—by patients.  


So What Now? Four Things We Can Do Today 


And so, with the profound hope that this time decision makers, developers, and care providers will heed our voices, we offer the following solutions that, taken together, would be a game changer for patients, providers, and payers alike. The good news is, there are some areas in which we as a country appear to be on the right trajectory already—we just need to stay the course and override objections by those with vested interests in the status quo. A critical example of the former is the move toward value-based payment models. Fortunately, we have continued on that policy trajectory regardless of the change from the Obama to Trump administrations, which has radically changed policy direction in so many other areas.  

These recommendations are intended for a broad audience including policy makers, providers, patient advocates, and technology developers.   


Accelerate The Technical Requirements For Patient Access To Data Through Open Application Programming Interfaces


Application programing interfaces (APIs) and standards such as fast healthcare interoperability resources (FHIR) will accelerate the development of new apps and services for both providers and patients that address a wide range of challenges, including the need to help patients and families gain more control over the access to and sharing of their health information. Although EHR vendors may not relish the competition, we believe that the system will benefit from enabling technology developers beyond those already entrenched in health care to apply their tools and design skills to health care’s challenges. Even absent any new competition, open APIs are a necessity to provide the best quality care. CMS is due any day now to issue a final regulation mandating that Medicare providers and health plans upgrade to EHRs that use open APIs, but the timeline for when providers would have to implement and use them is uncertain.


If you are a payer or purchaser, make open APIs mandatory ASAP in 2020 through your contracting and payment levers. Don’t wait for the possible two-year timeline proposed by CMS in the draft regulation. If you are a care provider, update your EHR, ASAP. Bi-directional information sharing in automated ways will enable patients to become partners in supplying needed data and help reduce your documentation burdens through automation. If you are an EHR vendor, ensure that 100 percent of your clients implement and benefit from open APIs. There are plenty of ways to differentiate and grow your service based on better design and performance that supports improved health outcomes.  


Create An Immediate Bridge To The World Of Open APIs By Using Technology That Consumers Have Right Now—Email 


App developers can assign secure email addresses to their users in a way that allows patients to have structured data sent to the app without having to wait on API implementation or fight with providers about how best to connect specific apps to data. The federal Office of the National Coordinator for Health IT’s 2013 Blue Button Challenge showed this was possible, and easy. It’s not a solution for all types of data but is a solution for a large chunk of data currently held in EHRs, as well as insurance claims data.

If you’re a health care data holder, make sure email is a delivery option on your HIPAA records request form, and on your encounter intake forms. You can also model your HIPAA records request process on the Health Record Wizard, a grant-funded effort that developed an idealized process that encourages electronic delivery options, such as to email and apps. 


We hope that in the foreseeable future, the widespread adoption of open APIs will obviate this need. However, HIPAA forms aren’t going anywhere anytime soon, and none of them list an app as an approved delivery method for patient records. But many do list email. This will help patients “hack the system” so to speak, as we await full implementation of open APIs. It will also help consumers who prefer not to use an app or are unable to easily link their preferred app to the data holder’s system.  


Strengthen Our Privacy Policy Framework 


It’s time to get serious about a new national conversation on privacy, starting with rules of the road for app developers, Google, Facebook, and others with access to massive data sets that ignore the boundaries of health and other data currently reflected in our national legal framework for privacy. This will take some time, but consumers must be able to trust apps, developers, and data holders for all of this to work. The recent uproar about news regarding Ascension and Google’s Project Nightingale demonstrates the public’s (appropriate) concern over privacy and technology, particularly when it comes to matters of health. HIPAA, the predominant legal framework for health data, is already wildly insufficient for protecting health data, both because the re-identification of de-identified data becomes increasingly easy as the volume of data about individuals grows and because HIPAA applies only to a set of “covered entities,” which do not always include many of the parties developing and using new health apps and services. The latest studies indicate that research participants can be identified by their MRI scans alone, even after they have been stripped of all identifying information including the 13 identifiers that HIPAA uses to define “legally protected health information.” The increasing use of artificial intelligence and genomic sequencing in health care will only make matters worse. We believe a more comprehensive policy approach to privacy, such as the European Union’s General Data Protection Regulation, is a more appropriate framework.   


Accelerate The Transition To Value-Based Care 


Unleashing the power of data and giving patients and providers the tools they need to live better and work smarter is among the greatest challenges—and opportunities—of our era. A fee-for-service payment model hampers the exchange of data because health care providers and EHR vendors risk losing money as data flow more freely. Providers are disinclined to make it easy for their patients to switch to other providers and are not remunerated for the time they take in engaging patients using new data services. Some also fear increased liability if patient data they have recorded is made more accessible. At the same time, EHR vendors fear that increased data exchange threatens their installed base of customers, will more easily be able to switch to competitive services, whether they are offered by other EHR vendors or a new crop of health care technology service providers encompassing startups, technology companies, and other consumer companies from other industries that are now entering health care (such as Wal-Mart, for example).   


Virtually every other industry has adopted technology more widely and successfully than health care, largely because it makes sense from a business perspective. If health care incentives depended upon better health outcomes, care providers and the infrastructure that supports them would have to figure out ways to share data, not only among providers, but with consumers, who play a critical role in shaping and maintaining their own health.   


We therefore believe that accelerating the trajectory toward value-based care is the most essential step that policy makers, purchasers, and payers can take toward better health. It’s time to make a dramatic shift to a world in which patient data is no longer a closely held business asset, but a private (for use by the individual!) and public good. This is an effort many decades in the making, and it is worth doubling down on, right now.


Original article HERE

35 views0 comments
bottom of page