A sign of the same name outside Epic’s headquarters in Verona, Wisconsin.
Source: Yiem, via Wikipedia CC
It will become easier for American patients to access their medical records.
Healthcare software provider Epic Systems announced Thursday that individuals will be able to securely publish their health data to the different apps they choose to use, meaning they will have more direct control over their medical information than ever before.
For example, if patients are using a health coaching app or an app that reminds them to take their medications, they can choose to import their records directly into these platforms. All they need are their credentials to log into Epic.
This seemingly simple feat is actually a major technological leap for the healthcare industry, and reflects the beginning of a new standard for data sharing practices that will take shape across the country.
Epic is one of the organizations that has been helping the federal government build the Trusted Exchange Framework and Common Protocol (TEFCA). Launched in December, it aims to remove the legal and technical requirements for sharing patient data at scale.
Healthcare data in the United States has historically been siled and difficult to move. Clinics, hospitals and health systems can store information in a variety of formats across dozens of different vendors, but there is no trustworthy national mechanism to securely transmit this information. This means that if a patient moves to a different state or visits a new hospital, their medical records may not always follow them.
A number of companies and information exchange networks have emerged in the private sector to try to solve this problem, but none have been able to completely solve it on their own. TEFCA aims to help bring all these different actors together.
TEFCA falls under the purview of the Office of the U.S. Department of Health and Human Services. Micky Tripathi, HHS assistant secretary for technology policy and national coordinator for health information technology, said patients can think about TEFCA the same way they think about their cell phones.
If one person uses Verizon as their phone carrier, a second person uses AT&T, and a third person uses T-Mobile, they can still call and text each other. The same playbook applies to TEFCA.
“The idea was, ‘We really should have a user experience where no matter where I am, no matter what system I’m on, I know it’s going to connect to all the other networks, no matter what network I’m on,'” Tripathi told us When interviewed by CNBC.
“This will be revolutionary”
The U.S. Department of Health and Human Services building in Washington, DC, on July 21, 2007.
Saul Loeb | AFP | Getty Images
The main group participating in the exchange of health information through TEFCA is called the Qualified Health Information Network (QHIN). The networks participate on a voluntary basis – they are not paid – and must go through a two-step approval process to ensure they are eligible and have the necessary technical infrastructure.
Seven QHINs, including Epic, are now operational within TEFCA, and Tripathi said several other QHINs are close to the finish line. To help put the scale required for TEFCA into perspective, Tripathi estimates that Epic’s own network can handle more than 10 million to 12 million data transactions per day.
“Remember, this is about connecting to a network that’s already up and running,” he said.
In order to participate in TEFCA, QHIN must support six different “exchange purposes,” which is what allows organizations to request health data. These purposes include treatment, payment, health care operations, public health, government benefit determinations, and personal access services.
Most exchange networks previously supported “treatment” exchange purposes, meaning that the recipient (such as a doctor or hospital) was providing care to the person for whom the records were requested. But by introducing other approved exchange pathways, TEFCA may seek to avoid some of the disagreements, such as those that emerged this year over what exactly counts as treatment.
For example, the Personal Access Service is a new use of exchange that allows people to easily request all records and bring them to one application. This means that as long as all necessary providers are connected to TEFCA, patients can choose to view their complete visit and hospitalization history immediately.
“I think this is going to be revolutionary in the next few years,” Health Gorilla (QHIN within TEFCA) CEO Steve Yaskin told CNBC. “If you look at every other industry, they are leveraging data to benefit the industry. , right? From banks to telecommunications companies to any industry that is deeply rooted in understanding data.”
A person uses a smartphone.
Formerly Kocher | Getty Images
Because TEFCA is so new, many QHINs are still working on setting up all six exchange purposes. Epic’s announcement on Thursday means they are officially ready to support the personal access service path.
Rob Klootwyk, director of interoperability at Epic, said implementing personal access will take some time because it requires a lot of thought. He said TEFCA needed to put in place guardrails outlining how patients would be authenticated, how they would be educated on whether their data should be released to apps and how apps would be accountable to consumers.
Now, he said, those questions have been answered.
“We feel, and our community feels, that the pieces now fall into place and TEFCA is the right way to do that,” Klootwyk told CNBC.
For example, after a patient enters their Epic credentials and attempts to post their data to the app, a patient education screen appears to prompt them, said Matt Doyle, a software developer on Epic’s connectivity team. The screen outlines what information the patient will disclose and ensures they are comfortable with the decision.
Patient data is sensitive and valuable by its nature, and it is protected by the Health Insurance Portability and Accountability Act (HIPAA), a federal law that requires patient consent or knowledge for third-party access. However, while some applications are required to comply with HIPAA, many are not.
Therefore, HHS decided that TEFCA participation can be voluntary as long as the application agrees to comply with HIPAA, even if it is not required by law. This means QHINs like Epic will be able to tell users whether an application is a HIPAA-protected entity, part of a federally recognized data exchange network, or none of the above.
“We said, ‘Hey, we’re not saying they’re a bad group, we just don’t know what their policies are. You should make sure you’re educated and informed before you choose to share this,'” Doyle told CNBC.
Essentially, whether an individual is interested in using an app to support their care or they just want an easy place to view their messages, TEFCA’s goal is to build the trust needed to make that happen, Klootwyk said baseline.
It will take approximately two weeks for Epic customers to deploy these new features, although it may take more time for Personal Pickup to become widely available across the country.
HHS’s Tripathi said that now that TEFCA’s framework is in place, QHIN and the broader market just need to get on board.
“This is a very important next step in enabling patients to access their information through the app of their choice, allowing them to participate more directly in their own health care,” Tripathi said.