October 14, 2009
Why Standards Matter 2: Health IT Enters a New Era of Regulatory Control
The recent history of electronic medical records in
ambulatory care, or what we now call EHR (electronic health record)
technology, can be divided roughly into three phases. Phase I, which
lasted approximately 20 years, from about 1980 to the early 2000's, was
an era of exploration and early adaptation of computers to outpatient
medicine. It coincided with the availability of PCs that were cheap
enough to be owned by many doctors, and with the increased capacity of
off-the-shelf software programs, mainly spreadsheet and database
management systems such as Lotus, Excel, Access, and Microsoft's SQL,
to lend themselves to computerized capture of health data and
information.
Phase II coincided roughly with the American
Academy of Family Physician's (AAFP's) commitment to health IT as a
core competency of the organization, and with its support/promotion of
the early commercial vendors in the Partners for Patients program, a
national educational campaign inaugurated in 2002 which involved joint
venturing with vendors that included Practice Partners, MedicaLogic,
eClinicalWorks, and eMDs, among others. Several other physician
membership organizations joined this effort to popularize EMRs, or
crafted their own education programs for their members based on the
AAFP's model. The most popular Phase II products were, and still are
for the most part, client-server software applications that run on
local networks and PCs within the four walls of a practice, and tend to
use very similar programming development tools, back-end databases, and
support for peripherals such as printers. The industry grew, albeit
sluggishly, from roughly 2002-present in an unregulated environment,
with increasing support from quasi-official industry groups like HIMSS
and CCHIT, and with the blessing of many professional organizations,
including the AAFP, ACP, AOA, and the AAP. Best estimates are that the
numbers of physicians using EHR technology from a commercial vendor
roughly tripled during this period, from about 5% of physicians to
about 15%. The Bush administration gave moral support to the industry,
but did not provide funding or payment incentives, and mostly left the
industry to itself to sort out the rules, including certification. The industry is now entering a new phase, one we predict will significantly depart from the previous two eras.
Phase
III will be a time of government regulation of EHR technologies during
which Congressional mandates -- sometimes quite vague -- will be
interpreted by policy bodies within the government, which in turn will
lead to federal rule-making and regulation as a means of carrying out
policy goals and objectives. This will require significant interpretive
work within the agencies delegated, mainly ONC and HHS, along with NIST
and possibly the FDA and CDC, the results of which will have the
potential to fundamentally alter the market for EHR technology and the
products within that market, for many years to come.
Because
there is a great deal of money at stake, Phase III will also be a
period of intense competition, new and aggressive lobbying activity,
and perhaps not just a few legal challenges, as winners emerge and
losers fall by the wayside.
******
Why the revolutionary efforts to exert regulatory control over the market for EHR technologies in the US, and why now?
As
we have listened to and participated in the meetings of the HIT Policy
Committee and ONC staff, we have been struck by several things. First,
the leadership are people who believe in principle in regulatory policy
as a means of managing and improving upon the market. Secondly, they
and their colleagues believe that the market for EHR technology has
failed in several important respects, most notably by failing to create
widespread adoption among physicians, medical practices and hospitals
of even the most basic health IT tools, and by failing to institute
interoperability of health data exchange, despite certifications that
claim the opposite. And third, they have faith that regulations and
rule-making are the means by which our nation's providers can be
incentivized, and punished if necessary, into adopting the EHR
technologies and associated standards that will set the stage for long
term health care reforms in the payment system. In other words, they
are committed to using the regulatory tools available to them to change
the course and to move the curves of IT adoption in as short a time as
possible.
Anyone present or listening by teleconference to the
HIT Policy Committee meeting of July 14, which was devoted to the issue
of EHR certification, had to have been impressed by both the directness
and the force of the attack on the Commission for Certification of HIT,
or CCHIT. It was relentless, and came from all quarters: from academic
informaticists, from federal standards officials, from hospital CIOs,
physicians in private practice, doctor membership organizations, and
health care economics analysts. And, at the end of the day, CCHIT was
stripped of its previously unchallenged prerogative to set
certification criteria; removed of its monopoly for certification of
EHRs; and left with large questions about even the validity of its role
as advisor to ONC on the processes of certification.
The HIT
Policy Committee recommended, and ONC has accepted its recommendations,
that EHR technology certification criteria are henceforward to be
decided not by CCHIT, an industry body with ties to the incumbent
vendors, but by HHS and ONC directly. The term "HHS Certification" was
coined and is now in use to indicate this change. Certification as a
process will focus no longer on a long list of features and functions,
but target Meaningful Use, interoperability, and security only. And, in
the final insult to the industry and to CCHIT, ONC declared its intent
to offer contracts to several entities to do the certification once
criteria are set in early 2010, on a competitive bidding basis.
Thus,
by the end of 2009, the industry that makes and sells EHR technology
and into which will flow upwards of $30 billion in subsidies between
2010 and 2015, will receive a set of regulations that will specify the
rules they must play by. There will be regulations defining Meaningful
Use, others that regulate the process of HHS Certification of EHR
technologies, and still others setting out the requirements physicians
must fulfill to validate that they are meaningful users of certified
products. Finally, the regulations will set the standards and protocols
all parties must utilize in order to meet these definitions and
processes, and especially with regards to computable (interoperable)
data exchanges and the security of health data while in transit or
stored in databases. This will be a complex new set of regulations
unlike anything that the health IT industry has faced before --
although, of course, there are many other industries where regulatory
control has played an important role in shaping major issues in the
market, such as competition, pricing, and innovation.
*******
What should we expect, and how might these new regulations alter the EHR technology landscape?
In his most recent book, Supercapitalism,
Robert Reich provides rich detail to support his contention that
regulations rarely result in the public good being achieved, the claims
of politicians and agency officials notwithstanding. Instead, the
regulatory environment typically becomes the battleground upon which
competing firms in a sector of the economy struggle to advantage
themselves and disadvantage their competitors, whenever and however
possible, most often through lobbying and influence peddling aimed at
Congressmen and Senators, as well as at the regulators themselves.
Regulations create regulatory disputes among competitors, each side
claiming the moral high ground in whatever argument is in play, and
often spending enormous sums on advertising, marketing, and lobbying
firms, or on lawsuits intended to increase the value of their stock or
to injure the reputation of their rivals.
These battles are
well known and can be fierce, but they are new to health IT as an
industry sector. A regulatory tussle that is current and attracting a
lot of attention is the "Internet neutrality" debate. Discussions in
Congress, at the FCC, and in the blogosphere revolve around the degree
to which Internet Service Providers, ISPs, should be allowed to charge,
or be prohibited from charging, different payment rates based on the
content and origins of material presented in Web browsers attached to
the Internet. The idea could be posed this way: Should local book
stores be as easily accessible on the Internet, at the same speed of
downloading, as large companies like Barnes and Nobles and Amazon.com?
Or, should ISPs be permitted to charge large corporations higher fees
to make their content arrive faster to customers' desktops and laptop
computers?
Proponents of Internet neutrality argue that the
federal government ought to regulate the industry to instill
competition and protect the smaller companies, who may not be able to
afford the higher prices easily affordable to Amazon.com, and in order
to allow customers the greatest freedom of choice. But the larger
companies argue that, by offering their bigger customers the
opportunity to offer their own customers better service, the public
interest is better served. They argue that to withhold the market's
determination of how rates are set is inherently anti-competitive and
against the long term interests of the consuming public, which they
argue wants fast access to the most popular websites. Of course, they
fail to mention that setting higher rates might also boost their own
profits and increase the value to their own shareholders.
Vonage
is an example of a company with a disruptive technology / business
model that has actively engaged with the regulatory process in an
effort to protect its business plan, while also being shaped by the
regulatory framework. Initially, they weren't regulated like a phone
company at all, and won a landmark case against the state of Minnesota,
in which the FCC said Minnesota couldn't regulate them as a state
telecommunications company, because their service -- voice over
Internet protocol, or VoIP -- is inherently interstate in nature. At
the same time, initially in response to consumer and legislative
outrage that Vonage didn't provide 911 emergency service, the FCC has
extended many telco regulations - including 911 regulations - to VoIP
providers to ensure that Vonage and others can't circumvent many telco
obligations and thereby gain a competitive advantage over traditional
telcos. VoIP is now subject to 911 rules, Universal Service Fund
obligations, many reporting requirements. So, in this case the
regulatory framework initially favored competition and innovation, but
was then changed to favor the incumbents. Many hundreds of millions of
dollars have been spent by both sides in this long dispute.
Regardless
of whose side you take in these kinds of debates, there are always
going to be "winners" and "losers" when state or federal regulatory
control is put into operation. And though we may like to think that the
debates themselves are objective, free of undue influence by either
side, in fact this is almost never the case. Large corporations have
the money and other resources to lobby both Congress and regulatory
bodies like the FCC, whereas consumers' interests or those of smaller
and less well-heeled constituents are often unable to match the larger
players' coffers. This is not to say that the side with the most money
always wins. But as economist Robert Reich reminds us, the incumbents
most often have and keep the upper hand.
*******
Although
it is still early in the game, with the first issuance of regulations
expected as a Notice of Proposed Rule Making (NPRM) in late December
2009, followed by a 60-day public comment period, the broad outlines of
battles to come are now discernible. The incumbent health IT firms,
mostly those such as Cerner and Epic whose growth and financial
successes have been tied to large enterprise implementations, largely
in hospital systems and large group medical practices, have vigorously
put forward and defended a set of legacy standards that are complex,
referential to other complex standards, not-well-suited to
inter-organizational or personal data exchanges, and expensive to put
into operation. They benefit from the promulgation and extension of
these standards as regulatory mandates because, they say, this is the
way to create stability in the industry. However, they fail to mention
that these standards also advantage the older companies, as new
entrants will have to expend significant time, energy, and money to
acquire the expertise that these enterprise-friendly standards and
protocols require, but which the incumbent vendors already possess.
But
new entrants in the health IT economy, some very large and powerful,
including both Microsoft and Google, along with a host of medium and
small companies that gravitate around them like satellites circling
large planets, have started to fight back. For example, Google's CEO,
Eric Schmidt, has publicly criticized the Obama administration's
current plans for subsidizing health IT and EHR technology use among
physicians and hospitals. As a member of the prestigious President's
Council on Science and Technology, he was quoted as warning that the
ONC's plans threaten to lock the nation's health care system into the
technological past, rather than launch it into the future. Google is
not alone in wanting to see more of the nation's health IT
infrastructure -- including physicians' practices and hospital systems
-- move to Web services and so-called "cloud computing," in part
because this is Google's strength as a company and where it hopes to
make its profits in the coming years.
It's important that we
end this piece on a positive note. The Blumenthal team at ONC, along
with IT specialists at the White House and HHS, are in a listening
mode, and the regulations are not yet finalized. Aneesh Chopra, White
House CTO, has taken steps to open the discussion to include testimony
for innovators, and to make innovation an explicit goal over at the HIT
Standards Committee, of which he is a member. He and Todd Park, CIO
for HHS, have recently announced that the direction of the Health
Internet (formerly the NHIN) and its massive CONNECT gateway project
will be re-focused to make secure access to and transfer of health data
easier and under greater consumer control, using off-the-shelf
standards and protocols wherever possible. When asked recently if
these plans were endorsed by David Blumenthal, the response was an
emphatic "yes," that the team in charge of health IT within the
administration was working collaboratively under Dr. Blumenthal's
express supervision. Perhaps even more importantly, these two and
others are signaling that they want input from the experts, from the
public, and from those who will be affected by the ARRA/HITECH
programs. If you have an opinion about EHRs, PHRs, standards for
health IT, or any other aspect of this new regulatory framework, now is
the time to stand up and speak your mind.
David C. Kibbe MD MBA is a Family Physician and Senior Advisor to the American Academy of Family Physicians. Brian Klepper PhD is a health care analyst.
October 14, 2009 in Brian Klepper, David Kibbe, EHR, HIT, HITECH, Technology | Permalink
MOST COMMENTED
