It’s a new year. It’s prediction time! Networks will resolve trust and privacy issues in 2022, says Particle's CEO, giving patients more paths to access their data.
As we begin the new year, interesting interoperability trends are starting to emerge. I’m going to have a little fun by making predictions for 2022.
One of the most impactful health tech trends over the past year has to be the rapid acceleration of connections to Health Information Networks and Health Information Exchanges (HIN/HIEs).
Organizations that serve a treatment purpose of use will continue to connect to Health Information Networks en masse. Growth has been substantial: Carequality has grown from about 8,000 organizations in 2020 to 26,000 in 2022. This proliferation of participating organizations means that not being connected will be a stark disadvantage in the near future. More apps and services are seeing the value of network effects and connecting to HINs (including innovative Particle customers like Robin Health).
We’ve established that HIN/HIEs are a great place to exchange patient records, but they’re also not a cure-all for interoperability. Next year, I think we’ll start to see other entities (not just providers) joining these networks.
There’s going to be more ways for patients to access their health information in 2022. (I will predict this every year until it happens!)
But the stars of individual access in 2022 will be the groups facilitating network-wide trust, like the CARIN Alliance. CARIN pushes healthcare app developers to design for patient access in responsible ways. They’re taking a unique approach, where they’re openly working through privacy and security concerns from a patient standpoint, and trying to bake that into a code of conduct called a Trust Framework.
We’ve seen national interoperability networks like Carequality and Commonwell starting to reference this Code of Conduct. In the process networks are unofficially nudging consumer apps towards equivalent standards. CARIN’s impact is clear here - they’re working towards a way for providers to trust apps - and that’s a key ingredient to making this work.
If everyone in a network is on board with a well-vetted Code of Conduct…well, suddenly providers will be comfortable with data sharing between EHRs and consumer-oriented apps.
Instead of assuming that apps are unsecure by default, imagine that a vendor like Epic could trust a consumer app because it meets certain criteria. That trust can allow for data exchange. For instance, we could build a better COVID pass, one that automatically and regularly pulls verified test & vaccine results directly to individuals.
Without that trust, providers have a reason. This offers a potential way to make consumer-interoperability work in practice. Ultimately, groups like CARIN share our mission of making it easier for patients and caregivers to access their health information.
Anti-information blocking (AIB) rules have been in effect since early 2021 (my prediction from last year), and previewed for years before that. It’s fair to say that providers have been given enough time to comply.
Yet, the final rules around enforcement are still being finalized - these things take a while - but the HHS Office of Inspector General is already taking notes. You can submit AIB violations right now. All indications show that enforcement will warm up and escalate this year.
With fines of up to $1 million per violation, I expect that the OIG will make a headline-generating example in 2022 out of the least compliant organizations, in order to drive widespread change.
Rumor has it that enforcement letters went out at the end of 2021 regarding patient data access violations - not anti-info blocking specifically. We know the timeline is slow, and it’s baby steps to what we want to see happen, but it signals that organizations can’t get away with failing to comply. Pressure from HHS will push organizations to readily share data with patients, in accordance with the new rules.
While rules specify that individuals should have access to data, there are many technically feasible ways in which it can happen. AIB rules (specifically the Content and Manner Exception) allow providers to suggest an alternate approach to lawful patient requests.
Providers regularly share data with other health systems using HINs and APIs, but claim that they can’t do so for individuals. EMRs also support IAL2 based access for consumers. Patient Rights for Access advocates are waiting on the OCR to set a precedent on what is and isn’t ok to claim an exception on. Alternatively, HHS can specify that provider organizations can’t refuse to share data in a manner which they’re capable of doing.
IAL2, or identity-based authentication, is an example of a selectively-deployed component of patient record sharing. It’s also a potential solution to AIB privacy concerns, and the likely way that patient records will be secured in the future (in my opinion). If some patients can access their records via IAL2, why can’t everyone?
Whatever does happen in 2022, the new year is a good opportunity to appreciate the entire health tech community has accomplished so far. It’s a privilege to enable better treatment through health data and we’re looking forward to big changes over the next 12 months.