Information Technology Interoperability and Use for Better Care and Evidence: A Vital Direction for Health and Health Care - National Academy of Medicine (2024)

By Jonathan B. Perlin, Dixie B. Baker, David J. Brailer, Douglas B. Fridsma, Mark E. Frisse, John D. Halamka, Jeffrey Levi, Kenneth D. Mandl, Janet M. Marchibroda, Richard Platt, and Paul C. Tang

September 19, 2016 | Discussion Paper

Introduction

Health information technology (HIT) has been seenas a vehicle for improving the quality and safety ofhealth care, for gaining more accountability and valuein purchasing, for advancing the role and engagementof consumers in prevention and health decisions, foraccelerating discovery and dissemination of new treatments,and for sharpening public health monitoringand surveillance. HIT has had high priority in the healthcare system under two presidential administrations,and it continues to enjoy strong bipartisan support atthe state and federal levels.

When the federal HIT effort was launched in 2004(The White House, 2004), four overriding nationalpriorities were articulated: providing information tools,such as electronic health records (EHRs), to cliniciansfor use in patient care; connecting health informationso that it follows patients throughout care and can beaggregated to advance health care delivery; supportingconsumers with information to help them to managetheir care; and advancing public health, clinicaltrials, and other data-intensive activities. The 2004 HITplan has been updated three times (in 2009, 2011, and2015), but the core priorities remain similar.

The first national goal for HIT has been largely realized.Nearly all hospitals use EHRs to manage patientcare (ONC, 2015a), as do growing numbers ofphysician practices, ancillary care facilities, and othersites of care (ONC, 2015b). There is widespread recognitionthat it is infeasible to operate a complexhealth care business today without having EHRs andother point-of-care information tools available forclinicians.

The other three goals of the HIT plan have not been realized. Efforts to aggregate and share information for specific patients longitudinally among providers have been aggressively pursued with some success but have been hindered by financial conflicts, proprietary barriers, legacy technology, obsolete regulations, and other challenges. Personalized consumer health information, although enjoying some advances in the form of portals and other online access tools, has not become widely used by consumers for a variety of reasons, including a lack of functionality and interoperability. Likewise, data-intensive sectors of health care—such as clinical trials, public health surveillance, and quality measurement—have not transformed their methods and rules to take advantage of the ubiquity of electronic health information.

Numerous detailed studies have shown how HIT canyield value through information availability, prompts,guidelines, and other decision influencers. However,no studies have shown a favorable aggregated effectof HIT throughout the industry. Indeed, studies in thelast decade that have forecasted substantial savingsfrom HIT investment have been called into question asoveroptimistic. Yet nearly all expectations for change inthe health care system articulated today rely in someway on HIT and health care information.

As the adoption of EHRs slows and federal incentives through the Health Information Technology for Economic and Clinical Health Act wind down, substantial discussion is underway about how to reset the HIT agenda. Having considered the numerous options for major federal goals for HIT over the next 5 years, we have identified nine central themes in three focus areas:

Focus Area 1: Technical underpinnings
Key issue 1: Data standards and achieving interoperabilityat scale
Key issue 2: Interoperability with consumer healthtechnology
Key issue 3: Improving patient identification andmatching to support interoperability
Key issue 4: Service-oriented architectures andWeb-based services

Focus Area 2: Use cases
Key issue 5: Enfranchising vulnerable populationsand improving care for chronic disease
Key issue 6: Health data and public health
Key issue 7: Accelerating use of aggregated healthinformation and research

Focus Area 3: Enablers
Key issue 8: Building a HIT workforce
Key issue 9: Creating a trust fabric for health services:privacy and security

Federal policy makers should recognize thatinformation technology will bring massive changesto health care with or without further governmentaction. The changes will be driven by adoption oftechnology throughout our society, rapid changes inHIT innovation, and economic pressures on healthcare. Instead of increasing the pace of HIT or pickingthe more advantageous innovations, policy and policymakers should ensure that the changes that arealready under way improve utility and advance thebroader principles that the United States maintains forsafe, privacy-preserving, equitable, responsive, high-quality,and cost-effective health care.

Key Issues

Data Standards and Achieving Interoperability atScale

Many have concluded that the Meaningful Use goals of improved quality, safety, and efficiency cannot be reached until more data are shared for more purposes, with sharing integrated into the routine, health care–delivery workflow. As currently designed, HIT and the applicable regulations can slow the routine provision of health care. Enablers of efficiency—such as accurate, transparent, and actionable payer information available at the point of care; the ability to reuse structured health information for health care operations and administration; and documentation well suited for care in the 21st century—could help to achieve efficiency goals. Sharing data more broadly can enhance care coordination, ensuring that patients’ lifetime medical records travel among all providers. Redundant and unnecessary testing can be reduced. Physician orders for life-sustaining treatment can be communicated broadly. One estimate suggests that $80 billion could be saved annually if a comprehensive program of EHR data sharing were widely implemented (Hillestad et al., 2005).

Opportunities and Policy Alternatives

Data standards are necessary but not sufficient for interoperability.Supporting infrastructure, policies, andincentives to share data are the rate-limiting elements.

• Patient identification. Aggregating patient data among organizations requires uniquely identifying each patient; an exact match of first name, last name, and date of birth is often not specific enough to be useful or safe. The country needs a voluntary national health care identifier, possibly modeled after the Transportation Security Administration Pre Global Entry program, that could provide patients a number to be used among disparate institutions to share their health care information with consent. (See also Key Issue 3.)
• Provider directory. There is no national provider directory that contains the electronic addresses of clinicians and hospitals for exchanging health care information, and this complicates the delivery of electronic data. The Centers for Medicare & Medicaid Services could host such an electronic directory, using the National Provider Identifier database as a starting point.
• Simpler standards for clinical summary exchange. There are many good standards in health care for clinical summaries, but some are so complex that trained clinical informaticists are needed to generate and parse clinical data summaries. In addition, the available optionality of standards for clinical summaries makes it difficult to engineer a universal import solution. We need a single document standard for clinical summaries with little optionality.
• Simpler standards for discrete data exchange. Using simpler standards for discrete data exchange, such as Fast Healthcare Interoperability Resources (FHIR), will enhance data liquidity and enable an ecosystem of new “apps” to evolve. Innovation will accelerate when developers can use agile development methods to create consumer-facing and provider-facing mobile technology that layers onto existing EHRs. The federal government can convene experts and recommend standards that are fit for purpose, but most of the standards work should take place in the private sector.
• Data governance. Every state has different privacy policies that complicate the release and sharing of patient information. We need to rationalize heterogeneous state and local policies for data exchange and use. The federal government could provide a framework or guideline that enables states and localities to reduce the number of variations in data use and reciprocal support agreements. A single national centralized policy is unlikely to be practical in the short term.

Potential Effect and Tracking Benchmarks

The Meaningful Use program was successful in encouraging adoption of EHRs in hospitals and clinician offices, but it did not substantially promote interoperability. If future federal programs focus on enabling infrastructure, creating trust, and streamlining heterogeneous policies, barriers will be reduced and stakeholders will exchange data that support high-value use cases, such as transitions of care, outcomes measurement, and public health reporting. Prescriptive regulations and burdensome certification requirements are not the answer. Creating incentives, such as merit-based payment approaches to use the enablers listed above, will accelerate widespread interoperability.

Overall success can be measured by surveying stakeholders and determining whether their electronic systems are exchanging data in ways that add value in their daily health care activities, including the number of records exchanged by using a national patient identifier, the number of lookups in a national provider-directory infrastructure, the number of new apps available to clinicians that use the standards and support their workflows, and the number of organizations that have successful bidirectional data exchange.

Interoperability with Consumer Health Technology

Historically, health care data systems have been optimized to address specific and localized needs. Administrative data were optimized to reimburse for health care services, medical-records data to document care and to detect adverse drug events, and prescribing and pharmacy systems to fill prescriptions and adjudicate payment. Efforts to standardize health care data have been under way for decades through a number of standards bodies, each addressing different technologies.

Coordination of those efforts has gained momentum only in the last decade as a result of three factors: advances in hardware, software, and network technologies that made interoperability economically feasible; federal mandates, alternative payment models, and programs that support innovative approaches; and public expectations that have led to an array of new consumer-focused products and services seeking to address unmet health needs.

Opportunities

A number of factors, from higher out-of-pocket costs to lack of primary care availability, are driving patient demand for and acceptance of alternative approaches to their care, including the use of retail clinics and a growing catalog of health care products that rely on mobile, “wearable,” and home-based technologies. These demands provide both the opportunity and the necessity of a broader view of interoperability among new consumer health technologies and medical devices, traditional and non-traditional health care providers, and other components of our health care system.

Traditional payers and providers face two challenges. They will need to increase their investment in the integration of data to improve care delivery and in measuring the effect of integrated care-management programs. Hospitals in particular will need to focus on ensuring interoperability in their own technologies while addressing postdischarge care in collaboration with payers, families, and other providers. At the same time, payers and providers will need to invest in integration with the emerging consumer health technology market.

Policy Alternatives

Unlike the more traditional, highly regulated health care technologies, new consumer health care products based on mobile or home-based technologies have not yet been constrained by regulatory policies. The new approaches are largely out of the control of any individual entity. Data are managed not by a hospital or health plan but instead by firms new to health care. Security and privacy preservation are not regulated by the Health Insurance Portability and Accountability Act (HIPAA) but instead in accordance with minimal standards set by other agencies. The technologies are driven by consumer demand, not payment mechanisms shaped by federal programs. The market for the new technologies is evolving as buyers and sellers begin to understand their individual and collective value.

Policy makers should create incentive structures that recognize the essential balance between market-based innovations and prescriptive technical standards. We are still experimenting with new approaches, and premature declaration of winners may forestall innovation. Interoperability standards should therefore be incremental so that they can retain a degree of freedom while maintaining core communication standards.

Initially, steps should be taken to ensure that devices at all levels of product maturity are given common data-transmission standards that address public concern about privacy and the market need for effective communication, such as TCP/IP (Transmission Control Protocol and Internet Protocol) with TLS (Transport Layer Security). As new technical innovations and care models become more mature, they should adhere to interoperability standards adopted in hospitals and ambulatory care settings. Respect of data standards is essential for data integration, maintaining data integrity, and ensuring privacy and security. Ultimately, interoperability is a matter of trust best achieved through stronger bonds between informed consumers and their local health care providers.

Standards for application programming interfaces (APIs) into and out of EHRs should be specified. The current HIT certification standards and criteria include certification of an API that enables retrieval of EHR data but that specifies no standards and is not bidirectional. Such standards would support both interoperability among EHRs and interoperability between consumer health technology and EHRs.

Potential Effect and Tracking Benchmarks

Extending interoperability to individuals, their homes, and their personal devices offers the prospect of improvement in health engagement, health behavior, and health-services delivery and the opportunity to measure and improve individual and population health. Benchmarks include the extent to which person-based and mobile technologies can interoperate with one another and with systems used by hospitals and other care providers. Policymakers should proceed cautiously in ways that improve safety and efficiency while markets evolve without impeding innovation that promises even greater long-term benefit.

Improving Patient Identification and Matching toSupport Interoperability

Increasing the level of information sharing—supported by the interoperability of systems—requires substantially improved methods for accurately identifying patients and matching their records throughout the health care system. The need for a national strategy for identification and matching has become more urgent in light of the increasingly digitized state of the US health care system and the substantial increase in demands and policies for accelerating electronic information sharing. Actions underway in the private sector can assist in migrating toward a national strategy, but federal action is needed to facilitate accurate identification and matching of patient data to support widespread information sharing and interoperability in the United States.

Opportunities

The most important barrier to a nationwide strategy for patient identification and matching is a law passed by Congress in 1999 that prohibits the US Department of Health and Human Services (DHHS) from using any of its funds to develop a unique patient identifier without the express approval of Congress (US Congress, 1998). As a result, DHHS has not promulgated policies or standards that would specifically facilitate the matching of patient data among systems. Other barriers to progress include the lack of agreement on and availability of data fields needed for matching and variability in the quality of data used for matching—variability that is due in part to the lack of standards.

The risks associated with the lack of a common patient identification and matching strategy are important. Rates of false-positive and false-negative errors in patient data matching, which a considerable percentage of chief information officers believe exceed the industry standard of 8% in their health records (CHIME, 2012), can result in suboptimal care and medical errors. Incorrectly matching a patient to a health record may also have privacy and security implications—such as wrongful disclosure—in addition to the risks associated with treatment that is based on another patient’s health information (Bipartisan Policy Center, 2012). The cost and resources associated with addressing matching problems are considerable. One health care system estimated that it could save $4–5 million a year simply by doing a better job of matching records (Conn, 2016). In a recent survey of health information management professionals, 57% spent time in sorting through patient-matching duplicates regularly, often weekly (Dooling et al., 2016).

Policy Alternatives

A 2014 report of the Office of the National Coordinator for Health Information Technology (ONC) called for the standardization of specific demographic fields or data elements, the introduction of EHR certification criteria that would require the capture of such data elements according to standards, and broad collaboration on industry best practices to inform policy and practice (Morris et al., 2014). In February 2016, the US Senate Committee on Health, Education, Labor, and Pensions approved S. 2511, the Improving Health Information Technology Act, which proposes conducting a Government Accountability Office study to evaluate current patient-matching methods, define additional data elements to assist in matching, agree on a minimum set of elements that need to be collected and exchanged, and require EHRs to have the ability to contain particular fields by using specific standards (US Senate Committee on Health, Education, Labor, and Pensions, 2016).

To accelerate progress toward identification and matching, Congress should continue its efforts to advance accurate patient identification and matching by formally authorizing DHHS to adopt and promulgate standards for patient identification and matching. DHHS should adopt—through formal rule making—a common set of specific demographic fields or data elements to be used for patient matching in the United States and a common set of standards for such data elements.

Advances in the identification and accurate matching of patient data are also being encouraged by the private sector. The College of Healthcare Information Management Executives (CHIME) recently announced a National Patient ID Challenge with HeroX, offering $1 million in prizes to encourage developers to find a universal solution for accurately matching patients with their health care information (CHIME, 2016). The nonprofit Sequoia Project recently released a framework for cross-organizational patient-identity management (The Sequoia Project, 2016). The private sector should continue to innovate and improve algorithms for matching, building on the common standards adopted by the federal government. Efforts to develop and implement methods for testing and publishing outcomes on the effectiveness of alternative methods should continue.

Potential Effect and Tracking Benchmarks

Advances in patient identification and matching have the potential to reduce the rate of incorrect matching of patients to health records. Likewise, the cost and resources associated with correcting matching problems could be reduced. Those two factors—patient-matching error rates and associated expenditures—could serve as tracking benchmarks for the adoption of patient identification and matching standards.

The lack of a national strategy for identification and matching constitutes a serious barrier to realization of the full value of electronic information sharing to support the delivery of and payment for care, advances in biomedical innovation, and empowerment of patients. The policy suggestions outlined here are politically feasible and achievable in the near term and would have a favorable effect on interoperability and information sharing in the United States.

Service-Oriented Architectures and Web-BasedServices

On the whole, the EHR systems in use today are well suited to managing health care reimbursem*nts and meeting certification requirements, but the end users—clinicians and nurses—have found themselves grappling with EHR software often developed during the pre-Internet era. Furthermore, EHRs offer a clinician information entered previously but not the wide array of data and Web-based services (such as advanced decision support) that could and should drive cost-efficient care and decision making (Weber et al., 2014). Realizing a return on the substantial investment in EHRs means unlocking the point of care and opening it up to modern, Web-based software applications, local intranets, and mobile devices and fitting EHRs into a dynamic, state-of-the-art, rapidly evolving information infrastructure.

Opportunities

A truly flexible and adaptable HIT infrastructure becomes possible if the health system can converge on two key forms of interoperability. The first is substitutability—the easy addition of third-party apps to or their deletion from EHRs (Mandl and Kohane, 2009) to permit a tailored end-user experience (Mandl and Kohane, 2012). The second is the adoption of a standardized, service-oriented architecture (SOA) for clinical decision support (CDS) (Loya et al., 2014), which separates CDS rules from the EHR itself and allows recommendations or rules to be added, deleted, or updated through a Web-based service.

An ecosystem of substitutable apps requires standardized, open, and public APIs defining how apps can connect to any EHR or data warehouse (Mandl et al., 2015). The 2015 EHR certification criteria include a requirement for APIs to access EHR data but do not specify standards. An SOA-based CDS standard requires agreement on implementation of EHR triggers that launch decision support and on the mechanism to display advice from the third-party service or to launch an app in response to the trigger.

Policy Alternatives

Standards for APIs that enable EHR query and retrieval of EHR data from Web and mobile apps and upload of health data from apps should be incorporated into EHR certification criteria. App developers will be able to build apps that interoperate bidirectionally with EHRs; this will bring greater utility to the apps and greater value to the consumer. (See Key Issue 2.)

Policies should support uptake of the APIs and standards to support SOA CDS. That can happen in three ways: EHR vendors can build specified standards into their products, IT-savvy health care organizations can “retrofit” an API onto existing HIT, and organizations can extract data from EHRs and run an API and CDS on EHR data replicates in a parallel database.

The 2015 edition of the HIT certification standards and criteria specifically embraces the use of APIs as a strategy for engaging patients and for enabling efficient information sharing among providers. But increased specificity is more likely to produce the desired state—support of a common, public, vendor-agnostic API that allows third-party developers to build external applications and services that integrate with point-of-care HIT products. Rulemaking under the Merit-Based Incentive Payment System (MIPS) is another opportunity for influence as the Medicare Access and CHIP Reauthorization Act mandates a Meaningful Use component within MIPS.

Potential Effect and Tracking Benchmarks

Those suggestions would build on existing “patient engagement” and “application access” certification criteria, namely, requirements for incorporating APIs into EHRs and enabling a patient to request that his or her data be transmitted to a third party. Fortunately, vendors are taking the initiative with the Argonaut Project (Halamka, 2014) and are actively implementing the “SMART on FHIR” API that manages authorization by using OAuth 2.0 and enables access to a new, openly licensed Health Level Seven draft standard called FHIR (Mandel et al., 2016).

Simply building APIs into EHR products so that data can be called by external applications will improve the current state. But the most important goal is that—as in an “app store”—an app written once will be able to run anywhere in the health care system and that a decision support service will be able to be created once and be called from any care point in the system. Hence, benchmarks should include the number of settings in which a uniform, public API has been implemented and the number of substitutable apps and CDS services created that can run universally. Those efforts will help to create a market in which innovations compete with each other for purchase and use by institutions, providers, and patients. The economies of scale will reduce the cost of care redesign and further promote the markets for new innovations.

Enfranchising Vulnerable Populations andImproving Care for Chronic Disease

Preventing disease by working upstream is more clinically effective and cost-effective than a medical model of after-the-fact attention. The current model for health care financing has motivated robust use of interventions, of which 30% are unnecessary or potentially harmful (Reilly and Evans, 2009). The aging of our society has created a vulnerable senior population and a liability for unsustainable financial demands.

The Patient Protection and Affordable Care Act (ACA) provides an opportunity for new thinking about managing health and chronic disease. Transforming health care requires more than legislation; it requires a HIT infrastructure that facilitates monitoring, learning about, and predicting the health status of all residents so that we can apply effective preventions and interventions at the appropriate times.

Opportunities

Applying society’s resources in the most effective and cost-effective ways requires a global, data-based view of personal and population health. With the opening of federal data sources and the data available through the Internet-of-Things, the opportunity for learning and improvement is more a matter of making sense of the data than of their availability.

The most potent lever for data sharing and use of data for supporting vulnerable populations and individuals is the alignment of incentives for this purpose. The ACA provides authorities that can direct America’s resources—public and private—toward improving health and well-being. The secretary of DHHS has set a goal of disbursing 50% of federal health care reimbursem*nt through value-based payment models (DHHS, 2015). As the country orients toward alternative payment models, measuring individual health outcomes and disparities among vulnerable populations is crucial for driving innovation toward outcomes that matter most to individual lives.

Policy Alternatives

Last year, the Institute of Medicine published recommendationson national measures in Vital Signs: CoreMetrics for Health and Health Care Progress (IOM, 2015). Those measures underpin the logic of a portfolio of actions that should be supported and monitored to the greatest extent possible by EHRs already in place. Further work should be done to ensure that federal public health initiatives can be supported by an expanded HIT infrastructure inasmuch as population health measures are more than the aggregate of individual patient health measures. That backbone of interoperable health information should also evolve to be the backbone of technologies that support vulnerable people in their homes and workplaces with remote physiologic monitoring and an array of “telehealth” services.

Potential Effect and Tracking Benchmarks

Progress would be tracked through performance onquality measures (corresponding to those addressingindividual and community health, as detailed in VitalSigns) and association with outcomes that matter to patients and consumers. Such progress could be reinforced by payment policies linked to demonstration of successful interoperability.

Health Data and Public Health

The ability of government public health agencies to understand the health of the entire population is limited by a reliance on legacy jurisdictional surveillance systems that have serious lags and are often incomplete. Critically important data on the health of a community are often held in the EHRs of health systems and are not accessible to public health agencies. Public health is community-based, and legal barriers can prevent sharing across jurisdictional lines.

New approaches to collaboration regarding data collection, sharing, and analysis will be critical in advancing the general health of a community. That includes a much more profound ability to collect or analyze data than the current capacity of most health departments. In a 2013 survey of local health departments, the National Association of County and City Health Officials found that only 13% of the departments were part of health information exchanges and only another 19% had plans to be; only 22% had EHR capacity, and another 22% planned to have it (NACCHO, 2014).

Opportunities

Responsibility for public health and health care data resides primarily at the state and local levels, with federal support from multiple agencies in DHHS—such as ONC, the Centers for Disease Control and Prevention (CDC), the Centers for Medicare & Medicaid Services (CMS), the National Center for Health Statistics, the Health Resources and Services Administration, and the Substance Abuse and Mental Health Services Administration—and other federal agencies, such as the Department of Defense, the Department of Veterans Affairs, the Environmental Protection Agency, and the Department of Housing and Urban Development. Jurisdictional law defines how and with whom public health data can be shared and when federal help should be solicited. With widespread adoption of EHR technology, most of the data we need are already available—but not necessarily in a coordinated way and accessible to all who need them. The federal government should work with states to articulate a shared vision regarding who should access various datasets, how datasets should be streamlined, and how all parties should be given incentives to work together to harnessthe data that are already available and identifynew data sources as we broaden our understandingof what contributes to community health (IOM, 2012).

If managed more effectively, federal investment in HIT (whether through ONC or through CMS, which is now actively encouraging states to develop all-payer data systems) and public health surveillance (CDC is the principal funder of state and local surveillance systems) could achieve better outcomes without necessarily requiring new resources. (CDC is beginning a major overhaul of its national surveillance systems and moving toward a cloud-based system that would integrate with EHRs.)

Policy Alternatives

A separation between health care and public health isno longer tenable. Policy initiatives should focus on thefollowing

• Public health departments need to have the right workforce and technology to advance surveillance and epidemiology functions. CDC should realign its support for state and local health departments to set priorities for foundational capabilities in data (and in related capabilities in communication and policy development) in every jurisdiction (IOM, 2012).
• ONC should set standards for the nation’s HIT system that ensure better coordination with public health departments as they develop the capability to work in the HIT system. ONC should continue to work with CDC and other public health agencies to ensure the interoperability of their systems.

Potential Effect and Tracking Benchmarks

Advances in surveillance and epidemiology functions and widespread use of de-identified EHR data for population surveillance would bring a deeper understanding of the health needs of communities and the nation and allow better targeting and alignment of health care and public health dollars to focus on prevention and response. In addition, improvements in the use and coordination of HIT and health data would allow earlier detection of new or re-emerging health threats and real-time monitoring of health effects of disasters, which will strengthen the nation’s preparedness system.

Tracking benchmarks include the number of local health departments that are participating in health information exchanges and using EHRs and the number that are able to use standardized data from throughout the health system and other local, state, andfederal partners.

Accelerating Use of Aggregated Health Informationand Research

Routinely collected health information, including EHR and claims data, has great potential for secondary use to support observational and interventional research and to inform policy. National programs that combine information from multiple organizations to assess large populations provide capabilities that have not previously existed to understand patterns and outcomes of medical care and determinants of health conditions and treatment outcomes. Development and maintenance of the infrastructure can be expensive, but the cost of the studies they support can be a small fraction of the costs that would otherwise accrue if each study needed to develop its own data capabilities.

Opportunities

The optimal database design to support care of individual people does not support analyses spanning millions of people, so data must usually be extensively curated and transformed into a new format to make the aggregated data useful for secondary purposes. Even with curation and transformation, it is often necessary to understand both the system of care, including incentives and disincentives to capture specific kinds of events, and the electronic platforms that generated the data. That is especially true for data originating from EHRs, which are typically customized by users in ways that result in the coding of the same health events in different ways. It is often necessary to engage with people who are knowledgeable about the systems that develop specific data to understand whether and how the data can be used for specific purposes.

Protection of people’s privacy and of the confidentiality of proprietary information of providers and health systems requires robust protection of information. The challenges are large when datasets involve tens of millions of people. It will be increasingly important to link individuals’ data among multiple organizations not only because of the fragmentation of care but because of the need to make the best possible use of different kinds of data (such as health records, vital statistics registries, and geocoded data).

Policy Alternatives

There has been little change in policy related to the use of HIT in lieu of expensive and rigid trials for demonstrating the safety and efficacy of treatment alternatives. For example, current Food and Drug Administration (FDA) rules severely limit the use of information collected by a medication-taking, smartphone-carrying public in postmarket or phase IV trials. Likewise, little progress has been made in automated syndromic surveillance or occurrence management in public health. Such data collection and surveillance live purely in the realm of state and federal policy and have high priority for federal government action to modernize and streamline regulation and protections to speed discovery through the use of health information.

New policies are needed to encourage the voluntary participation of the public and data holders in national research programs. These include incentives to participate and protections against uses of data in ways that threaten individual privacy or that disadvantage data holders. To be consistent with the HIPAA Privacy Rule and the Common Rule (for the protection of human subjects), holders of data should retain responsibility to ensure that data are used in compliance with applicable jurisdictional law, institutional policy, and individual permissions, including later uses of datasets. The Precision Medicine Initiative of the National Institutes of Health constitutes a bold step toward engaging individuals in helping to accelerate biomedical-knowledge discovery through the use of electronic health information from EHRs and consumer health technology (NIH, 2016).

Two recent kinds of progress should be extended and developed further. The first is the creation of large-scale distributed data systems in which the original holders of data maintain physical and operational control over the data. When the data have been transformed into a standard format, analyses can be performed behind the data holder’s firewall. The data holder then returns the results of the analysis, often simple counts or datasets that contain only a few pieces of information. Such a distributed approach eliminates the need to create large, pooled datasets. FDA’s Mini-Sentinel project (FDA, 2014) and the Patient-Centered Outcomes Research Network Clinical Data Research Networks are examples of this approach (PCORnet, 2016). The second is the development of advanced methods for analyzing distributed data. Examples are distributed logistic and proportional hazards regression methods. Although the theory for many of these methods has been developed, the methods have not been implemented in a form that allows their deployment in existing large-scale distributed environments.

There is substantial need and opportunity to coordinate federal and private investments in the data infrastructure and governance of cross-network querying capability and in creating a system that will be accessible to many users. Revisions of the Common Rule should specifically allow the use of aggregated health data for research purposes. Coordinated messaging to holders of data and to the public should emphasize the benefits of this use of private data.

Potential Effect and Tracking Benchmarks

We are on the cusp of transforming both public and private capabilities to harness electronic health data to support multiple beneficial purposes. Benchmarks should track the development of a stable funding mechanism, the creation of a system of governance, and the use of messaging about the benefits of using aggregated data for health information and research.

Building a HIT Workforce

Many clinicians learn the mechanics of using IT but lack basic literacy in informatics—the intelligence behind IT. A corollary in medicine would be expecting a physician to learn the mechanics of writing prescriptions without understanding the basics of pharmacology and pathophysiology. The workforce of our 21st-century health care system, awash in data and fundamentally transformed by IT and “big data” analytics, must develop a competence beyond the mechanics of HIT and health information management. Clinicians and other health care workers themselves must become drivers of the “learning health care system.” To realize fully the value of HIT and data-driven clinical decision making, we need an educated workforce that understands how to collect and locate, analyze, and use information for health and health care. Educational programs should emphasize the interdisciplinary nature of HIT-enabled care and include not only the technical but the social aspects of connected IT systems. Basic informatics literacy will be critical for the success of HIT in health and health care delivery.

Opportunities

Three kinds of education and training will need to beaddressed by interdisciplinary academic programs andthrough continuing medical education programs:

• Basic “informatics literacy” for all health professionalsthat goes beyond computer or HIT literacy. Literacyin informatics should become part of medicaleducation, biomedical research, and public healthtraining to give clinicians the skills needed to collectand analyze information and apply it in theirpractice.
• Intensive applied informatics training to improve leadership and expertise in applying informaticsprinciples to the collection and analysis of informationand its application to health care problems.This level of training will ensure a supply of qualifiedprofessionals for the emerging roles of chiefmedical information officers, chief nursing informationofficers, chief clinical informatics officers, chiefresearch officers, and similar roles.
• Support for education professionals who will advance the science and train the next generation ofinformatics professionals in this developing anddynamic field of study.

Policy Alternatives

Adapting current education and training programs will require the commitment of private and nonprofit organizations, and it will demand support from the public sector through smart regulation, consistent funding, and targeted campaigns to promote awareness of training opportunities. Likewise, industry stakeholders, such as health IT developers, will need to partner with academic and nonprofit organizations to develop curricula that ensure that graduates are ready for employment on day 1. Specifically, postbaccalaureate and graduate medical education (GME) programs must rethink how informatics is integrated with other clinical domains. Federal GME and indirect medical education payment must similarly be recalibrated to ensure that this integration occurs. CMS should leverage eligibility requirements for Medicare alternative payment models and request that providers include a description of their HIT workforce plan in addition to their leadership and management structure (Leadership and management, 2015) and HIT implementation plan (Required processes, 2015). Without federal funds, programmatic requirements, and commitmentsfrom private-sector stakeholders, supply will continueto lag far behind demand for next-generation HITprofessionals.

Potential Effect and Tracking Benchmarks

The rise in informatics programs accredited by the Accreditation Council for Graduate Medical Education, the number of graduates of these programs, and the number of board-certified clinical-informatics subspecialists are important, but insufficient, metrics to monitor. To ensure that a clinical workforce is grounded in basic literacy, we must see an increase in the percentage of medical schools that offer basic informatics course work, and we should develop ways to understand whether front-line clinicians are using technology to optimize care. Surveys among specialty societies and professional organizations regarding their members’ training levels and degree of comfort in using technology to optimize care delivery could yield important benchmarks. Another example of how to understand how clinicians are using informatics skills is through their use of data collected by consumer technology to monitor compliance of chronic-care patients. That or similar data use would indicate an increased knowledge of and comfort with informatics.

Creating a Trust Fabric for Health Services: Privacyand Security

Historically, the health care community has viewed information privacy and security as necessary constraints mandated primarily by HIPAA rather than as a business imperative for enabling high-quality care. However, 87% of respondents to the 2015 Healthcare Information Management and Systems Society (HIMSS) privacy and security survey indicated that information security had become a critical business priority (HIMSS, 2015). The shift reflects a growing awareness of the need to create a “trust fabric” of trustworthy, defensible, and survivable health systems while enabling the sharing necessary for patient safety, high-quality care, population health, and biomedical knowledge advancement.

Opportunities

The most compelling challenges for health care privacyand security include the following:

• Cyberthreats. The Federal Bureau of Investigationhas warned of increasing cyberattacks againsthealth care systems and medical devices that areattributed to broad adoption of EHR technology,lax cybersecurity standards, and a higher financialpayout for medical records in the black market (FBICyber Division, 2014).
• Identity. Although federal agencies and other industries specify standard, use case-specific levels of assurance (LOAs) for identity proofing and authentication (NIST, 2013), the health care industry has not done so.
• Patchwork policy. State regulations and implementation of HIPAA rules vary. Health research is governed by the Common Rule, consumer health isgoverned by the Federal Trade Commission, andbehavioral health has its own Substance Abuse andMental Health Services Administration rules.
• Privacy consciousness. The fascination with social networking and “connectedness” is evolving intoincreasing public concern about invasive practicesthat violate personal privacy. Individuals are demandingthe capability to give permission at a highlygranular level and to change their permissions.Technology with those capabilities is beginning toemerge in federal health care agencies and the privatesector but has not been widely deployed.
• Health apps. New certification and Meaningful Use regulations encourage the development of APIs toenable patients to access their EHR data by usingapps of their choice, but the regulations raise concernsabout a health care organization’s responsibilities,vulnerabilities, and liabilities.
• Encryption. Health care relies heavily on the TLS protocol, which encrypts data from server to server orserver to browser but does not protect data end toend from sender to receiver. An alternative is theDirect secure e-mail protocol, which offers end-to-endprotection but is not practical for exchanginglarge volumes of data, nor has it been widely adoptedin the industry (The Direct Project, 2015).

Policy Alternatives

To meet those challenges, we should encourage the industry to establish and support a public-private health-cybersecurity information sharing and analysis center for industrywide sharing of information about cyberthreats, vulnerabilities, and countermeasures. We should also establish use case-specific LOAs for health care, encourage participation in national initiatives related to identity management, and broadly adopt the principles and strategy of the National Strategy for Trusted Identities in Cyberspace (NIST, no date).

We should harmonize security and privacy policy for health information among all federal agencies, minimize differences among states and between state and federal regulations, and provide a searchable online resource for federal and state privacy and security rules. We should also encourage broad adoption of Fair Information Practices Principles throughout government and industry while providing examples of surreptitious privacy threats to discourage use by developers and increase consumer awareness.

Federal health care agencies should implement granular and dynamic electronic consent mechanisms. Clarification of organizational responsibilities, vulnerabilities, and liabilities would encourage health care organizations to implement APIs that enable consumer apps to access EHR data. Finally, we should identify, support, and encourage the development and use of encryption solutions that provide end-to-end protection, are easy to implement and use, and are appropriate for the exchange of large volumes of data.

Potential Effect and Tracking Benchmarks

The financial penalty for health care organizations that experience a breach is substantial. In 2015, health care experienced the highest cost per stolen record of any industry, an average of $363 (PR Newswire, 2015). Sharing of threat information and response coordination among health care organizations and among interdependent components of the overall health system is ad hoc at best. The US health system lacks the security and resilience architecture and functional components necessary to withstand an attack on critical health infrastructure (The White House, 2013).

If we create a stronger, more secure, and more resilient critical infrastructure, we will see a reduction in the number of breaches against health care organizations and a reduction in the cost and time needed to recover from a health care breach. Such an infrastructure would include industrywide adoption of high-assurance identity management (for example, in-person identity proofing and multifactor authentication) for all accesses to clinical and safety-critical information. Patient and safety-critical data would be kept encrypted when not in use, including during storage and continuously during transmission from a sender to an intended recipient, and there would be industrywide engagement in a health care information sharing and analysis center. The proposed changes would also increase consumer trust, giving consumers choices regarding the collection of, access to, and use of their health information.

Conclusion

Creating a longitudinal, complete, and timely record of information for each person has arguably been the most important goal of federal HIT policy and continues to have top priority. The capacity to “interoperate” and share health information is central to realizing the economic and clinical benefits of EHRs and underpins the efficiency of the health care marketplace. A generation of legacy EHRs that lack the design and features needed for interoperation is widely in place, so it will be challenging and potentially expensive to reach this goal.

Progress toward interoperability could be accelerated initially by focusing on high-value use cases, such as transitions of care, outcomes measurement, and public health reporting. Achieving interoperability is like building the interstate highway system: we need to construct on-ramps and off-ramps one at a time, but we also need a master plan.

In the absence of an authoritative private source, the federal government should be highly specific about standards for end-to-end interoperability. Interoperability needs to extend from medical devices to EHR systems. In the absence of interoperability, end-user costs are higher because users are compelled to cobble together inherently noninteroperable systems. In addition to all the risks posed by imperfect interoperation, there is a loss of the value that could be gained through research, care, and public health when these systems interoperate.

Privacy and security risks are increasing as more private and life-critical information becomes available, as health care practitioners increase their dependence on vulnerable technology, and as cyberterrorists become more highly skilled, more determined, and better financed. “Trust” issues and trends span the health care experience. EHRs have become ubiquitous; nearly all health practitioners and hospitals now use the technology. However, cyberthreats are exacerbated by a weak critical security infrastructure and a patchwork security and privacy policy throughout the federal government, between states, and among nations.

There is tension between the clear need for personal health identifiers for seamless interoperability and the need to protect personal privacy. In the era of “big data,” the availability of more comprehensive, sensitive, and valuable—but less regulated—data emphasizes the ever-present need for standards for encryption. Genomic (and “multi-omic”) data used in personalized medicine lack policies and standards. Consumers are taking more control of their health and increasing the use of personal devices and mobile apps to monitor and improve their health; the data generated should be considered a rich source of information. The ultimate goal of information technology is not only to service patient care in the moment but to be the underpinning of a continuously learning health system that supports the continuous improvement of health, care, and value.

Vital Directions

1. Commit to end-to-end interoperability extendingfrom devices to EHR systems. End-to-end interoperabilitywould advance the longstanding goal to createa longitudinal, complete and timely record of informationfor each person. Efforts to realize this goal mustcontend with the existing generation of EHRs that lackthe design and features needed to interoperate. A lackof interoperability increases end-user costs, as usersare compelled to cobble inherently noninteroperablesystems together, and limits the use of these systemsfor research, care, and public health. In the absenceof an authoritative private source, the federal governmentor a body empowered by the government mustbe highly specific about standards for end-to-end interoperability.
2. Aggressively address cybersecurity vulnerability. Increased reliance on vulnerable technology and the availability of private and life-critical information are increasing privacy and security risk. As cyberterrorists become more highly skilled, more determined, and better financed, we remain exposed due to a weak critical security infrastructure and a patchwork security and privacy policy across the federal government, between states, and among nations. Stronger penalties are needed for hackers and cyberterrorists. Policy should be designed to protect those institutions and entities that meet or exceed applicable laws, policies, and best practices for data protection; appropriate institutional sanctions should be developed for those that fail to meet this minimum standard. Concerted effort is necessary to address the “trust” issues and trends that span the health care experience.
3. Develop a data strategy that supports a learning health system. Future federal programs should focus on enabling infrastructure, creating trust, and streamlining heterogeneous policies. This includes making data available for large-scale projects, such as the FDA’s Sentinel Initiative, and for comparative effectiveness trials. However, prescriptive regulations and burdensome certification requirements are not the answer. Rather, policy should enable and promote learning from available data.

References

1. Bipartisan Policy Center. 2012. Challenges and strategiesfor accurately matching patients to their healthdata. Available at: http://bipartisanpolicy.org/wpcontent/up-loads/sites/default/files/BPC%20HIT%20Issue%20Brief%20on%20Patient%20Matching.pdf. (accessed May 3, 2016).
2. CHIME (College of Healthcare Information Management Executives). 2012. Summary of CHIME survey on patient data-matching. Available at: https://chimecentral.org/wp-content/uploads/2014/11/Summary_of_CHIME_Survey_on_Patient_Data.pdf (accessed May 5, 2016).
3. CHIME. 2016. CHIME issues national patient ID challenge. Available at: https://chimecentral.org/chimeissues-national-patient-id-challenge/(accessed May 3, 2016).
4. Conn, J. 2016. Seeking a solution for patient record matching. Modern Healthcare January 23. Available at: http://www.modernhealthcare.com/article/20160123/MAGAZINE/301239980 (accessed May 3, 2016).
5. DHHS (US Department of Health and Human Services). 2015. Better, smarter, healthier: In historicannouncement, HHS sets clear goals and timeline for shifting Medicare reimbursem*nts from volume to value. Available at: http://www.hhs.gov/about/news/2015/01/26/better-smarter-healthier-in-historic-announcement-hhs-sets-clear-goals-and-timeline-for-shifting-medicare-reimbursem*nts-fromvolume-to-value.html (accessed May 5, 2016).
6. The Direct Project. 2015. Applicability statement for secure health transport, v1.2. Available at: http://wiki.directproject.org/file/view/Applicability+Statement+for+Secure+ Health+Transport+v1.2.pdf (accessed May 3, 2016).
7. Dooling, J., L. Fernandes, A. Kirby, G. Landsbach, K. Lusk, M. Munns, N. Noreen, M. O’Connor, and M. Patten. 2016. Survey: Patient matching problems routine in healthcare. Journal of AHIMA January 6. Available at: http://journal.ahima.org/2016/01/06/survey-patient-matching-problems-routine-in-healthcare/ (accessed May 3, 2016).
8. FBI (Federal Bureau of Investigation) Cyber Division. 2014. Healthcare systems and medical devices at risk for increased cyber-intrusions for financial gain. Available at: http://www.illuminweb.com/wpcontent/uploads/ill-mo-uploads/103/2418/healthsys¬tems-cyber-intrusions.pdf (accessed May 3, 2016).
9. FDA (US Food and Drug Administration). 2014. MiniSentinel. Available at: http://www.mini-sentinel.org/ (accessed May 5, 2016).
10. Halamka, J. 2014. Life as a healthcare CIO: The Argonaut Project charter. Available at: http://geekdoctorblogspot-com/2014/12/the-argonaut-project-charterhtml (accessed May 3, 2016).
11. Hillestad, R., J. Bigelow, A. Bower, F. Girosi, R. Meili, R. Scoville, and R. Taylor. 2005. Can electronic medical record systems transform health care? Potentialhealth benefits, savings, and costs. Health Affairs 24(5):1103-1117. https://doi.org/10.1377/hlthaff.24.5.1103.
12. HIMSS (Health Information Management and Systems Society). 2015. 2015 HIMSS cybersecurity survey. Available at: http://www.himss.org/2015-cybersecurity-survey (accessed May 3, 2016).

13. Institute of Medicine. 2012.For the Public’s Health: Investing in a Healthier Future. Washington, DC: The National Academies Press. https://doi.org/10.17226/13268

14. Institute of Medicine. 2015.Vital Signs: Core Metrics for Health and Health Care Progress. Washington, DC: The National Academies Press. https://doi.org/10.17226/19402
15. Leadership and management. 2015. 42 CFR § 425.108.
16. Loya, S. R., K. Kawamoto, C. Chatwin, and V. Huser. 2014. Service oriented architecture for clinical decision support: A systematic review and future directions. Journal of Medical Systems 38(12):140. https://doi.org/10.1007/s10916-014-0140-z.
17. Mandel, J. C., D. A. Kreda, K. D. Mandl, I. S. Kohane, and R. B. Ramoni. 2016. SMART on FHIR: A standards-based, interoperable apps platform for electronic health records. Journal of the American Medical Informatics Association 23 (5): 899-908. https://doi.org/10.1093/jamia/ocv189
18. Mandl, K. D., and I. S. Kohane. 2009. No small changefor the health information economy. New England Journal of Medicine 360(13):1278-1281. https://doi.org/10.1056/NEJMp0900411
19. Mandl, K. D., and I. S. Kohane. 2012. Escaping theEHR trap—the future of health IT. New England Journalof Medicine 366(24):2240-2242. https://doi.org/10.1056/NEJMp1203102
20. Mandl, K. D., J. C. Mandel, and I. S. Kohane. 2015. Drivinginnovation in health systems through an apps-basedinformation economy. Cell Systems 1(1):8-13. https://doi.org/10.1016/j.cels.2015.05.001
21. Morris, G., G. Farnum, S. Afzal, C. Robinson, J. Greene, and C. Coughlin. 2014. Patient identification and matching final report. Available at: https://www.healthit.gov/sites/default/files/patient_identification_matching_final_report. pdf (accessed May 3, 2016)
22. NACCHO (National Association of County and CityHealth Officials). 2014. 2013 national profile of localhealth departments. Available at: http://archived.naccho.org/topics/in¬frastructure/profile/upload/2013-National-Profile-of-Local-Health-Departments-report.pdf (accessed May 3, 2016)
23. NIH (National Institutes of Health). 2016. PrecisionMedicine Initiative Cohort Program. Available at: https://www.nih.gov/precision-medicine-initiativecohort-program (accessed May 5, 2016)
24. NIST (National Institute of Standards and Technology).2013. NIST Special Publication 800-63-2: Electronicauthentication guideline. Available at: http://nvlpubs.nist.gov/nist¬pubs/SpecialPublications/NIST.SP.800-
    63-2.pdf (accessed May 3, 2016)
25. NIST. No date. National strategy for trusted identities incyberspace. Available at: http://www.nist.gov/nstic/ (accessed May 3, 2016)
26. ONC (Office of the National Coordinator for HealthInformation Technology). 2015a. Non-federal AcuteCare Hospital Electronic Health Record Adoption.Health IT Quick-Stat 47, June. Available at: http://dashboard.healthit. gov/quickstats/pages/FIG-Hospital-EHR-Adoption.php (accessed May 3, 2016)
27. ONC. 2015b. Office-Based Physician Electronic HealthRecord Adoption: 2004-2014. Health IT Quick-Stat 50, September. Available at: http://dashboard.healthit.gov/quickstats/pages/physician-ehr-adoptiontrends.php
    (accessed May 3, 2016)
28. PCORnet (National Patient-Centered Clinical ResearchNetwork). 2016. Clinical data research networks.Available at: http://www.pcornet.org/clinical-dataresearch-networks/(accessed May 5, 2016)
29. PR Newswire. 2015. Ponemon Institute’s 2015 globalcost of data breach study reveals average cost ofdata breach reaches record level. Available at: http://www.prnewswire.com/news-releases/ponemoninstitutes-2015-global-cost-of-data-breach-studyreveals-average-cost-of-data-breach-reachesrecord-levels-300089057.html (accessed May 3, 2016)
30. Reilly, B. M., and A. T. Evans. 2009. Much ado about (doing)nothing. Annals of Internal Medicine 150(4):270-271. https://doi.org/10.7326/0003-4819-150-4-200902170-00008
31. Required processes and patient-centeredness criteria.2015. 42 CFR § 425.112.
32. The Sequoia Project. 2016. A framework for cross-organizationalpatient identity management. Available at: http://sequoi-aproject.org/framework-for-crossorganizational-patient-identity-matching/ (accessed
    May 3, 2016).
33. US Congress. 1998. 1999 Omnibus Appropriations Act.P. L. 105-277, 105th Congr., October 21.
34. US Senate Committee on Health, Education, Labor, andPensions Committee. 2016. Improving Health InformationTechnology Act. S. 2511, 114th Cong.
35. Weber, G. M., K. D. Mandl, and I. S. Kohane. 2014. Finding the missing link for big biomedical data. JAMA 311(24):2479-2480. https://doi.org/10.1001/jama.2014.4228
36. The White House. 2004. Transforming health care: The President’s Health Information TechnologyPlan. Available at: https://georgewbush-whitehouse.archives.gov/infocus/technology/economic_policy200404/chap3.html (accessed June 5, 2016)
37. The White House. 2013. Presidential Policy Directive 21: Critical infrastructure security and resilience.Available at: https://www.whitehouse.gov/the-pressoffice/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil (accessed May 3, 2016)