Fixing EHRs

The electronic health record (EHR) not only houses patient data, but also is a major source of frustration for doctors. Complaints about them are abundant, ranging from a design that’s focused more on billing than clinical workflow to how the computer and its data-entry tasks create a physical barrier between the physician and the patient.

Even with all their flaws, doctors still see the possibilities within the EHR. “The potential is great to be able to track various pieces of information more efficiently and not have to rifle through papers,” says Robert McLean, MD, FACP, president of the American College of Physicians. “Having the EHR identify people that haven’t had health interventions-something a doctor might forget if they are not on their radar screen-is a great way to houses have control of the health of a population of people.”

All this potential comes with a lot of negative tradeoffs, including poor usability in how information is displayed and lack of interoperability. “One of the big frustrations is that so many EHR systems don’t talk to each other,” says McLean. “Because EHRs evolved from different companies all trying to make successful ventures out of it, there was not really an incentive early on to be interoperable.”

The Office of the National Coordinator for Health IT (ONC) is well aware of the usability and interoperability complaints and has proposed rules that it hopes will change how doctors interact with their EHRs and give patients access to their data to better engage them in their care. The changes focus on a set of standards that will allow apps into the EHR ecosystem, and the hope is that this will enhance the EHR the same way apps dramatically increased the usability and functionality of mobile phones.

The promise of apps

For apps to work in healthcare, or any industry, there needs to be an agreed-upon set of standards on how information is exchanged-commonly known as an application programming interface (API). The API acts as a bridge between applications that allows data to flow seamlessly regardless of how they are constructed or what database they use. Consumer travel sites are an example of how they work: The apps go out to dozens of sites and compare rates for hotels and airlines. They aren’t moving any data, just scanning it and compiling it in a new location.

Once the rules for APIs in healthcare are finalized, Don Rucker, MD, national coordinator for health information technology at ONC, says apps will benefit both doctors and patients. “From the patient point of view, patients are going to have access to their medical records,” says Rucker. “Patients will be empowered to shop for care, and I think all doctors will have to be more concerned with consumer issues. I think increasingly, as patients shop for care, the transparency of the app economy of the price of services will make doctors think about how consumer-friendly they are.”

He also sees physicians benefitting as apps improve EHRs. “I think APIs will make it a lot easier to get information, but maybe more importantly, get the right information within the workflow,” says Rucker. “It might mean getting decent [clinical] decision support when they need it, because most decision supports now are painful alerts and not really perceived as helpful. I think APIs over time will make EHR products a lot more pleasant to use.”

Experts say that APIs are the most efficient way to share information across different platforms, so there is potential for a big boost to interoperability. But having a standard also opens the door for new ways of using EHR data.

Rucker expects a lot of apps to become available to allow just that, including some in categories that no one would think of today. There will be apps that improve the medical record to make it more understandable and apps for management of specific diseases, he says.

One area that may greatly benefit from apps is the prior authorization process. “Doctors may be able to leverage API technology within the practice and access health plans’ prior auth policies and push out the clinical template and make things a lot easier,” says Rob Tennant, MA, director, health information technology policy for the Medical Group Management Association.

App development may start with some small start-ups, but Rucker says he would be stunned if there weren’t some major name brands also entering the space. “EHR vendors will want to be in that space with maybe a vendor-labeled app as well as maybe a white-label app (a generic version) that practices could brand for themselves,” says Rucker. “I could see Apple getting in, and Microsoft, Google and Facebook have been talking about what they might do in healthcare. Amazon publicly announced they want to be in the consumer part of healthcare, so I think you will see lots of entrants into the space.”

Will apps live up to the hype?

While ONC is pushing hard for apps and promoting the expected positive changes they will bring, industry experts wonder how much promise they really hold for EHRs and healthcare in general. Undoubtedly, some aspects will improve, but APIs may not have the major impact hoped for by the government.

“The jury is still out on how effective API technology and whether the use of third-party apps will move the needle on quality and efficiency in healthcare,” says Tennant, adding that in some cases, there are other technology options to achieve the same goal. For instance, CMS has  proposed a rule that requires admission and discharge information be sent to physicians so they can provide better care coordination to their patients. “API technology may be one of the levers to get that done, but it’s not the only one.”

Giving patients access to medication information, lab results and the like from the EHR has great potential to get them engaged, but it also means practices will have to upgrade their technology to make that possible. “Practices that don’t have the capability may have difficulty attracting newer and younger patients who have much of their life driven through their smart phone,” says Tennant. “All of that engagement is great, but there is some potential concern about cost.”

Large practices have economies of scale and dedicated IT staff to handle the upgrades. Small practices must face not only complicated technology installations, but a new security risk and questions about value. “If they invest the money and the uptick is minimal, that’s concerning,” says Tennant, who adds that if the EHR vendors are the ones developing the apps, he expects them to charge for the added capabilities.

There’s also the challenge of integrating the app into the workflow, which can vary by practice and specialty. “Getting apps working in a physician’s workflow is not a simple problem, and even once you have the API standards established, you are still going to run into that problem,” says Robert Rudin, Ph.D., information scientist and EHR expert at the RAND Corp. “And what is the business model? Who is going to pay for it?”

The CMS proposed rule requires health plans to offer their members access to claims data through apps, something Tennant says many already do with very robust apps available for easy download. Despite this, he says few patients are using them. “The whole ecosystem envisioned by the government rests on the premise that patients actually want this technology. If you are managing the care of a loved one, you might want this technology. For a lot of others, they are happy to have all the records stored and maintained by the practice.”

“For the majority of patients, their simple goal is to be healthier; they trust that doctors do the right things and have access to the data they need,” says Kyle Meadows, founder and president of Chart Lux Consulting, which helps companies navigate healthcare technology and policies. “Data on my phone isn’t where I, the patient, need it. I need to have it in front of the doctor on their screen and have it pre-fetch various activities in the last six months so they have a more complete picture of me in the 15 minutes I have with them.”

Meadows says in the short-term, once the rules are finalized, he expects to see some apps that do interesting things that help physicians, but is skeptical of their total impact. “EHRs have a large amount of data that is not curated real well,” he says. “Apps using APIs can curate that and get to the stuff you are looking for, but I don’t see them moving the needle significantly.”

Security and privacy issues

Sharing data among EHR systems via APIs may be a big boost to interoperability, but it also creates security concerns, says David Finn, executive vice president, strategic innovation, for CynergisTek, a healthcare cybersecurity firm. “APIs usually have a code to a specific site or system, and those are supposed to be secret and kept for developers,” says Finn. “We don’t have defined standards in how to protect the codes and who’s trying to use them.”

Finn says there needs to be more defined security standards and less reliance on developers and vendors to do it on their own. He says when the final HIPAA security rule rolled out in 2003, developers used the cheapest and fastest methods possible to comply with vague security standards put forth by the government. Without clear guidelines, he expects the same thing to happen with API technology.

“Providers want to provide better care; consumers have the ability to care more about their health and they want access to the same data and have it updated in a more timely fashion,” says Finn. “These are all good things, but we have to make sure we do it the right way.”

A related concern is privacy. Once patients agree to the terms of the app-and most consumers don’t read the legalese in the signup agreements-and information flows from the EHR to the app, experts say the data may be used for a wide variety of purposes. “One concern is vendors will monetize the data, because it won’t be covered by HIPAA or bound by any federal privacy laws,” says Tennant. “A large employer could offer a health app, and go to the physicians and download all the health records of their employees. Who’s to say the employer wouldn’t look through the records looking for substance abuse, pregnancy or cancer? I hope it never happens, but the way the rule is structured, there is no prohibition against that.”

The Office of Civil Rights has issued guidance that says physicians are not responsible for patient data once the patient requests it, but Tennant worries that doctors will be blamed if data is misused or if the app provider suffers a security breach. “Patients might ask, ‘Why didn’t you warn me?’ It erodes the doctor-patient relationship.”

Finn says patient education needs to be a major part of bringing apps into the healthcare system. “Patients have to understand what sharing data means and which data they are comfortable sharing. I think government and the industry itself for too long has excluded the patient from the processes.”

ONC, for its part, says patients understand what’s at stake. “Patients are going to understand that this is their medical record that is being downloaded, and they will treat it the same way they are careful with other personal information-they are not just doing their banking with anyone, for example,” says Rucker. “There will be some consumer branding and trust on these things.”

Tennant says a developer certification process is needed, and it should include a commitment to privacy and security along with clear statements of what the developer plans on doing with data collected from EHRs. “If appropriate steps are taken, this could work well for all sides, but if they are not, you could see catastrophic data breaches.”

Experts say slow, incremental improvements in usability and interoperability are more likely the end result of API standards despite the hype around them. “In healthcare, it’s very rare to have something come out of the blue and spread virally the way we sometimes see in the consumer market,” says Rudin. “There might be some specific applications that take off, but in terms of a major overhaul, I don’t see it happening in the next few years. There is still more foundational work we need to do.”

“Almost anything you can think of, API could step into the picture and really help,” says Tennant. “It’s early yet, and all this excitement comes with a price tag, and for independent practices, they will have to have true ROI to move to the new technology. But the long-term potential is tremendous.”