Epic, the largest electronic health record company in the U.S., launched an effort last week to persuade hospital CEOs across the country to fight recent efforts by the federal government to ensure that patients can easily access their electronic health data. In essence, Epic CEO Judith Faulkner asked hospital leaders to make it more difficult for patients to easily access their electronic health data.
By making it easier for people to access their own health data, the federal government aims to help people manage their health and shop for care.
Epic’s position is akin to banking leaders trying to limit your access to your own financial data or restrict your freedom to transfer your funds and saying they are doing it for your own good.
Why is it so important for people to have access to their data? These data are necessary to liberate people to obtain second opinions, transfer to a new doctor, see results, avoid unnecessary testing, correct mistakes, participate in some types of research, and much more. Today, having agency over your own data can be empowering.
At issue is a proposed rule from the Department of Health and Human Services that would require electronic health records from various makers to “talk” to each other and to third-party apps.
We need to get this right. It is an opportunity for an entire consumer-mediated health information economy to emerge, customizing services and information to individuals and enhancing competition based on quality, outcomes, and experience.
The current situation for patients is rather dire. Although laws clearly articulate the rights of people to access their digital health records, few people find that the system really works for them. My research team and I recently conducted a secret shopper study of top U.S. hospitals and found widespread violation of people’s rights to access their health information. We found that hospitals often provide patients conflicting information about requesting their records and, in many cases, give blatant misinformation or limited information. The cost for obtaining a 200-page record was as high as $542, even though a flat rate of $6.50 was proposed for digital records. There were often delays, incomplete records, and limitations in the ways that people could receive their data.
I have personally heard stories about the travails of people who tried to get personal health information. One woman, one behalf of her hospitalized mother, sought copies of her mother’s health information from a major New York City hospital. After much back and forth, she was finally told that she could not get the digital data. Instead, a large box with hundreds of disordered pages showed up, along with a bill for $500.
One hospital executive actually told me that hospitals did not like people easily getting their records because they could more easily transfer their care to other institutions.
Meanwhile, technology is enabling solutions that could be under patients’ control. For example, Apple has touted its ability to connect to health systems and enable data to stream to iPhones. In full disclosure, I started a company, Hugo Health, that helps people connect with their health data and makes a promise that data will move only with their permission. And the number of such options for patients is growing.
Yet there remain impediments, one of which is that people generally aren’t being given access to their entire records, including notes, images, and other important information. This information blocking is just what the law and proposed rule are seeking to address.
The existing lack of data liquidity also stymies innovation, making it hard to accomplish the kind of customer-centered approaches that the digital world now affords in other sectors. These new regulations have the potential to create an app-based marketplace to serve patients and their data, unleashing new approaches and services specifically tuned to patient needs.
Some perceive the increased patient access to their digital records as a threat to existing business models. Epic wrote to health systems that the proposed rules promoting patient access and choices will bring more work and higher cost, even though the transfer of data can be accomplished without much difficulty. The company says the rules will jeopardize health system’s investments in electronic health systems, but that feels strongly self-serving and without basis. Epic also implied that giving data to patients could bring privacy risks. But isn’t it up to patients to decide for themselves what they want to do with their data?
There’s no question that health data is especially sensitive. It’s imperative that companies helping people with their health data must respect privacy, employ strong security practices, and stay transparent about whether they share data with others. People must be informed about what happens to their data and if it is being used by others for commercial purposes. People should be granted greater agency over their data — and be in control of it.
The solution should not be to restrict access.
The new laws and rules have the potential to eliminate the many ways that data holders, like Epic, impose information blocking. People should have access to all their electronic patient record data, as is required in the 21st Century Cures Act, which Congress passed in 2016. These advancements will require EHR vendors, health systems, and others in the health care ecosystem to adapt to new opportunities. The banking industry showed us what is possible when services became available to us digitally. Competition was enhanced and so was convenience. Security was not compromised and banks did not insist that the government require the public to continue to use tellers.
It’s time for health care to catch up. I look to health systems to advocate for patient rights in the digital era and leverage the possibilities of a digital world to achieve higher-quality services at more affordable prices with better experience than their competitors. As HHS Secretary Alex Azar said clearly at the annual meeting of the Office of the National Coordinator, “Scare tactics are not going to stop the reforms we need.” Now is also the time for people who care about patients’ rights to access to support the government to issue final rules that side with patients.
At the same time, vendors of electronic health systems should spend less time lobbying the government to push back on patient access to data and more time producing innovative products that better serve the needs of patients and health care professionals.
Harlan M. Krumholz, M.D., is professor of medicine and of public health at the Yale School of Medicine, director of the Center for Outcomes Research and Evaluation at Yale New Haven Health System, and co-director of the Yale Open Data Access (YODA) Project.