Patient safety remains, as it should, a priority for developers of and providers who use electronic health records (EHRs) and other health IT. For example, ECRI’s Partnership for Health IT Safety has worked with the HIMSS EHR Association on projects on opioids and behavioral health integration. More broadly, providers and developers continue active engagement in the Partnership and other patient safety initiatives.
Those advancing health IT-related patient safety, including policymakers and regulators, should have a realistic appreciation of providers’ and developers’ challenges and opportunities. Such understanding will enhance the prospects for current and new patient safety initiatives. With expansion of health IT and digital health tools and stresses posed by the COVID-19 pandemic, close attention to health IT and patient safety is even more critical.
What challenges do providers and developers face over the next couple of years?
- Implementation of 21st Century Cures regulations, including ONC certification, information blocking, and the Trusted Exchange Framework and Common Agreement (TEFCA). Developers have major new product-level and now, company-level responsibilities associated with these regulations, including compliance with information blocking prohibitions; requirements for transparency, fees and real-world testing; and significantly revised ONC certification requirements, including HL7® FHIR® Application Programming Interface (API) requirements, the US Core Date for Interoperability (USCDI) data set (more below), and expanded data export requirements. Given these responsibilities and the challenges posed by the pandemic, on October 29, 2020, ONC announced that it was pushing out compliance dates for these requirements.
Providers have parallel compliance obligations against information blocking, including the challenge of making clinical notes available through portals and APIs and implementation and use of new certified capabilities for incentive program reporting periods starting in 2022. (Was August 2022 but likely to be December 31, 2022 per ONC compliance delay).
The ONC Final Rule provided cost estimates for developers for a subset of these requirements at $482.6 to $1,114.6 million, and some in the developer community feel that these estimates, which do not include compliance for information blocking, are understated. For providers, ONC estimates that the total cost to acquire and use software that uses certified API technology would range from $140.6 million to $929.3 million. ONC did not account for costs to comply with information blocking prohibitions. Most initial compliance and development will occur over the next two years.
Complying with these regulations will require significant resources and mindshare from developers and providers and, as a result, current and potential patient safety initiatives will face increased competition for time and attention in the near-term.
- A rapid shift to the HL7® FHIR® standard (supporting exchange of more granular data and modern APIs and apps), as well as SMART on FHIR (enabling add-on apps for EHRs), CDS Hooks (using FHIR to link clinical decision support to EHRs), and the need to support connection of patient-focused apps to providers’ EHRs or other health IT. This shift in standards and technologies is central to implementation of 21st Century Cures regulations and a broader private sector technology evolution.
The need to support an expanding USCDI data set for multiple federal and industry programs. The initial USCDI data set (v. 1) reflects a modest but important expansion of the Common Clinical Data Set (CCDS) required for use by providers and developers per the current ONC certification criteria and associated CMS clinician and hospital incentive programs. Notable additions via the USCDI include clinical notes, increased demographic information, and data provenance information. At the same time, ONC expects annual expansions to the USCDI; very quickly the data required or expected to be available for access from EHRs could grow substantially, including increased emphasis on social determinants of health (SDOH).
- The COVID-19 pandemic, including major provider clinical, organization, and financial stress and developer support for the needs of providers and public health (e.g., increased use of telehealth, remote patient monitoring, and public health data collection and reporting).
- A new ONC EHR Reporting Program, called for by Congress in 21st Century Cures. This program could launch in 2021 and add new burdens for developers (and potentially providers) to provide and respond to reported data.
- Support by hospitals and developers for a new CMS hospital conditions of participation for event notification (i.e., Admit, Discharge, Transfer—ADT). CMS in its May 2020 Interoperability Final Rule established a new hospital Condition of Participation requiring event notification for ADTs if the capability is in the hospital’s EHR or other health IT. Responding to hospital needs to implement these capabilities in a useful and usable fashion will provide additional responsibilities for developers serving hospitals and hospitals will incur additional direct and indirect costs.
- Continued provider and developer challenges associated with quality measurement and reporting.
- Integration of artificial intelligence and especially machine learning into provider EHRs and other health IT, with all of the attendant data, technology, equity, and safety issues.
- Addressing continued focus on enhanced patient identification and matching across health IT systems and providers.
- Addressing increased integration of clinical and administrative data. Such integration has become of increasing interest to policy makers and the private sector as distinctions between payers and providers blur and payers and providers are expected to implement FHIR-based APIs. This initiative is certain to influence future USCDI directions.
- Continued provider and EHR industry consolidation, which will absorb time and attention for providers and developers.
- Initiatives that accompany either a second term of the current U.S. Administration or a new Administration, which might include price transparency, new value-based payment models, and a renewed focus on health IT patient safety issues, including FDA regulation of various digital health tools though its new Digital Health Center of Excellence.
Those working on health IT-related patient safety initiatives will have a better ability to engage successfully with providers and developers if they appreciate these near-term priorities and challenges. As they do so, it will be important to identify and pursue new and less intrusive approaches to patient safety, such as the use of EHR systems data and associated safety measures, to identify and respond to safety issues. Finally, as the ECRI Partnership has demonstrated, the prospects of success in health IT-related safety initiatives will be greatly enhanced through collaborative and trusted models of engagement among stakeholders and experts.