EHR interoperability: why it matters
New HHS rules set the stage for consumer EHRs and making health data portable
One of the clearest examples of healthcare’s backwardness is the lack of control patients have over their own health data. In today’s world, we take data access for granted in other industries — being able to send documents from one person to another, to aggregate meetings from multiple calendars into a single view, or to manage several bank accounts using a single app. It’s hard to imagine a similar experience in healthcare. Just the other day, a friend of mine was trying to figure out if she’d gotten all her tetanus shots when she was younger. It should’ve been a simple question, but the only answer I could think of was for her to call every single primary care provider she’s had since childhood and ask for her vaccination records. At that point, it would’ve been a coin flip as to whether they would fax the info or use the groundbreaking new technology of email.
We’re going to dive into this issue today and look at how things work today as well as the slow changes taking place. If you follow digital health closely, you may have heard that earlier this year, the Department of Health and Human Services (HHS) released new guidelines regarding interoperability of medical data. We’ll talk about what those new rules mean and how they unlock opportunities for innovation. And just a quick disclaimer upfront — although I have a high level understanding of how APIs work, I’m not a software engineer, so I apologize if some of my terminology usage is not technically 100% accurate.
Patients today have minimal direct access to EHRs
Whenever you visit a clinic or hospital as a patient, you generate medical data during your visit with your provider. After your visit, your provider inputs this data into their electronic health record (EHR), which is used both for their own record keeping purposes and for reimbursement claims. The way things are today, you have little ability to read data directly from, or write data to, your own EHR file. If you want to look up test results from a specific date, or if you want to add a new medical update to you file, you have to do it through your provider.
This may only be a minor inconvenience normally, but it starts to become a major issue if your care is fragmented. Let’s say all of your primary care is done through a company like One Medical, but you get into an emergency where you need to go to an ER for the first time. How do you make sure the ER gets accurate information on your pre-existing conditions, allergies, and medications? Or what if you prefer telemedicine visits over physical visits for routine check-ups. How can you make sure the notes from your virtual visits are passed along to your primary care provider when you finally visit them in person? These situations demonstrate that the lack of direct data access for patients isn’t simply an inconvenience; it can hinder quality of care.
New HHS rules promote interoperability and patient EHR access
Empowering patients to have more control over their health data is one of the few bipartisan issues left in Washington, and as such, it was included in the 21st Century Cures Act which was passed in December 2016. On March 9, 2020, HHS finalized a set of new rules to implement the relevant provisions from this Act. The rules tackle the issue of health data access through 3 main approaches:
First, the rules prohibit a practice known as “information blocking”, where EHR vendors actively put up barriers that hinder access to health records in their databases. Historically, many EHR vendors have used “proprietary” formats for storing patient information instead of established standards, to make it difficult for customers to transfer data to competing products or to switch over to competitors. The new HHS rules ban these approaches and instead require EHR databases to meet a set of interoperability standards to ensure that information transferred between EHRs can be mutually understood.
Second, the rules require EHRs to publish application programming interfaces (APIs) that third-party app developers can use to access health data, with patient consent. With this change, developers will be able to build applications that give patients much more direct access to their medical records than they have today. These APIs must follow standard formats as well.
Third, the rules require hospitals participating in Medicare and Medicaid programs to proactively send electronic notifications to other providers when patients are admitted, discharged, or transferred. This change is geared at ensuring continuity of information in cases where care is fragmented or where patients change providers.
It’s time to build… consumer EHRs
It’s rare to be able to find startup ideas by reading government guidelines, but in this case, HHS was pretty explicit in calling out the opportunities they foresee with these changes. Their press release reads: “As a result of this rule, patients will be able to securely and easily obtain and use their electronic health information from their provider’s medical record for free, using the smartphone app of their choice.” Ignoring the questionable syntax of the sentence, their conclusion is spot on.
EHRs have traditionally been designed and marketed with a single customer in mind: providers. Although there are clear reasons to give patients better access to their medical data, EHR vendors have been content focusing on the provider market alone and leveraging information blocking approaches to prevent data from leaving their walled gardens. Prohibiting these anti-competitive practices is a no-brainer for spurring innovation.
The new API requirement takes this goal further by prying open a second market for EHRs: consumers. Normally, you’d assume that it would be easy for the incumbent platforms to capture this new market as well. But the two markets require different priorities — whereas provider adoption is driven by enterprise sales and marketing, consumer adoption will depend on a genuinely enjoyable user experience. Given the strong dissatisfaction with existing EHR systems among providers, I wouldn’t bet on these companies successfully commercializing a consumer-facing version.
Instead, this leaves the door open for a wave of new health record apps that can pull data from APIs of existing EHRs while providing a consumer-first user experience. One product that fits the bill and is well-positioned to succeed is Apple Health Records. Health Records was initially designed to help patients aggregate medical data across care providers to have a centralized place of truth. Providers who opted into Health Records would go through a setup process to integrate their EHR vendor with Apple, and then patients would be able to find their provider within the Health app, log in with their credentials, and access their information.
Before the new HHS rules, however, the market for Health Records was limited to providers who were already using EHRs that proactively published APIs. With the regulation changes, almost all providers will use EHRs with public APIs moving forward, making adoption of Health Records for providers and patients substantially easier.
Write access APIs are a potential next step
Despite these exciting potential avenues for innovation, the new HHS rules are restricted to requiring EHRs to publish read access APIs, but stay silent on write access APIs. Without write access, consumer EHR functionality will remain somewhat limited, serving as a more user-friendly visualization of health records without being able to manage them.
Historically, most of healthcare has been “provider activated”, in the sense that providers are the ones who prescribe treatments, record diagnoses, conduct procedures, and document updates on behalf of patients. In this world, it makes sense for providers to be the only users with write access to EHRs. However, the rise of digital health has spawned a brand new category of “patient activated” healthcare — patients can order anti-depressants or ED pills (think Roman, Hims), engage with well-being platforms (think Calm, Headspace), and track digital biomarkers (think Livongo, Apple Watch, Withings) without their primary care provider even knowing.
Accounting for these applications, some form of EHR write access for patients becomes much more important. As an example, one of the main barriers to digital biomarkers being used in care decisions today is the fact that data captured by smart devices that you wear in the home may never reach your provider’s EHR. With write access APIs in the future, your provider would be able to seamlessly reference data on things like your weight, eating habits, sugar levels, or sleep quality when making care recommendations.
Consumer EHRs are a better source of truth
One important issue we’ve yet to address is what happens to health data when care is fragmented among several providers. Despite its drawbacks, care fragmentation does not appear to be going away any time soon. Depending on where you look, you could even argue that the problem is getting worse — the widespread adoption of telemedicine has spawned virtual provider networks in addition to traditional ones, the retailization of healthcare may add thousands of new locations to receive medical services, and this is on top of patient activated services like well-being apps, digital pharmacies, and digital biomarkers.
The third part of the new HHS rules, which requires hospitals to send electronic notifications to a patient’s other providers at critical junctures of care, isn’t enough to solve this problem. Care fragmentation can lead to a situation where the single source of truth for a patient’s health records isn’t clear anymore; instead, the information is scattered across multiple provider EHRs and is only complete when viewed in the aggregate. In this case, it becomes nearly impossible for each provider to keep all of a patient’s other providers up-to-date on new developments.
Perhaps the answer requires a radical shift in thinking — de-prioritizing provider EHRs and instead making consumer EHRs the single source of truth. In this world, consumer EHRs would receive information largely in real-time from patient activated services like apps and biomarkers on one end. On the other end, they would communicate on-demand with provider EHRs before and after visits to stay in sync. If you were visiting a new provider for the first time, you would give consent to your consumer EHR to share your full health records with the provider. At the end of the visit, instead of entering updates to a provider EHR, the provider would write changes to your consumer EHR, which you would have in hand for all future visits, regardless of provider.
You might think that such a radical change would never happen in healthcare, and you might be right. But in any other industry, it wouldn’t just be radical — it would be obvious.