Leslie Krigstein comes to the health IT policy arena both as the VP of CHIME for congressional affairs and as a family member of a cancer patient. These perspectives reinforce each other as she works to improve the regulatory landscape shaping security and interoperability in her role at CHIME overseeing congressional engagement efforts focused on effective use of health IT. We spoke recently about health IT issues ranging from patient matching to cybersecurity to interoperability, in the context of current and pending regulatory developments and the continuing opioid crisis.
Leslie noted that patient matching is a significant issue for her organization’s constituency – health care organizations’ CIOs – both for immediate patient care reasons and because it is difficult to have meaningful conversations about interoperability without the means to definitively identify patients.
As we all know, the federal ban on spending related to development of a unique patient identifier hindered development of solutions in this arena (though certainly some have made progress), but with the ban lifted Leslie sees an opportunity for health care providers and other industry players across the spectrum to engage on the issue. CHIME stepped back from its million-dollar challenge on patient matching because of changes in technology and has established an innovation task force that seeks to leverage industry expertise to see if there is another solution available in lieu of a universal patient ID, and to continue to explore regulatory changes.
The ban was in part based on the potential problems associated with insecure exchange of fully-identified, matched patient records, but market-driven solutions (per Leslie) are likely to bring us closer to interoperable matched records. She does not expect a government mandate in this arena anytime soon.
Another arena in which CHIME is seeking to be a convener is in designing health IT approaches to address the opioid epidemic. A CHIME task force formed in honor of a member who lost a son to the epidemic in 2017 is working to pull together member organization best practices and identify regulatory barriers and opportunities. These include developing better mechanisms for integrating prescription drug monitoring program (PDMP) data into EHRs, as well as exploring whether legislative or regulatory changes to HIPAA (or the interplay between HIPAA and 42 CFR Part 2) are needed to continue to respect patient privacy while ensuring that data is made available to enable the best possible care for patients. The task force’s goal is to pull together practical technical and tactical recommendations that CIOs can use. While there are many variations from state to state, the organization seeks to promote a robust national dialogue about the health IT issues related to the opioid crisis.
Leslie notes that at the broadest level, cybersecurity is issue #1 for CHIME members, and interoperability is issue #2. She stated that HHS recognizes that it needs to take on a more central role with respect to cybersecurity, and highlighted the WannaCry and NotPetya malware exploits as important wake-up calls and the HHS cybersecurity task force report (see also the perspective of one member of the cybersecurity task force) as an important indication of the government’s commitment.
Upcoming information blocking rulemaking and the final version of TEFCA are due out by the end of 2018 (so we will all have some reading material to get to).
Pending legislation – in the “Pandemic and All Hazards Preparedness Act” – includes a provision mandating that the National Health Security Strategy include a national strategy focused on addressing cybersecurity threats to the public health and health care system, by conducting a gap analysis and identifying strategies needed to improve preparedness and response capabilities in order to prevent harm to human health. As Leslie notes: “You’re only as strong as your weakest link … and [it can be] a little scary.” Bedside monitors can be a way in for attackers; drug dosages may be manipulated by malicious hackers; but improved efforts on this front can have significant positive impact.
Leslie sees development of open APIs, of FHIR, to be positive, but not yet the dominant reality, in terms of widespread adoption and use. She notes that “The CIO’s battle cry is ‘Standards!’” and that “if we can coalesce around a mature standard then I am hopeful.” Some CHIME members are leveraging FHIR today, but not all are doing it as robustly as possible.
With all the legislative and regulatory development in process (TEFCA, 21st Century Cures / information blocking, CMS initiative on data access as a condition of participation, national health cybersecurity strategy, etc.) as well as private sector developments (Commonwell-Carequality – an interesting development which I discussed recently with Micky Tripathi — and internet infrastructure companies’ endorsement of FHIR – a non-event, in my view, since vendors will need to deliver what their customers demand) it is difficult to predict how everything will shake out.
CHIME is convening its first advocacy summit, seeking to promote the role of technology in health care and to motivate CIOs to be their own best advocates. Issues including telemedicine, and the issues we discussed in this conversation, are all important issues, per Leslie, for CIOs to work on as they get engaged in the policy arena, and as they work collectively “to ensure that technology can be as great an asset as possible in improving healthcare.”
Five years from now, Leslie expects that cybersecurity and interoperability will be much improved. Security is likely to improve after we experience more significant breaches, which may motivate change. Interoperability has “never been more of an issue” for providers, patients, payors, policymakers, and “we will see new opportunities for patients to be at the center of their clinical information in the future.”
I spoke with Leslie as part of my ongoing series of fireside chats with healthcare innovation leaders – Harlow on Healthcare, on HealthcareNOW Radio. Listen to our radio station online, or ask your smart speaker (Amazon Echo or Google Home): “Find Tune In station HealthcareNOW Radio.” You can catch me live weekdays at 8:30 am, 4:30 pm and 12:30 am ET. As each new show goes live, the last one joins the archive, available via SoundCloud or your favorite podcast app (iTunes, Stitcher, iHeartRadio). Your comments are welcome here. Join the conversation on Twitter at #HarlowOnHC.
David Harlow
The Harlow Group LLC
Health Care Law and Consulting