The eponymous sign outside Epic headquarters in Verona, Wisconsin.
Source: Yiem via Wikipedia CC
It’s about to get so much easier for patients within the U.S. to access their very own medical records.Â
Health-care software vendor Epic Systems on Thursday announced that individuals will have the option to securely release their health data to different apps they select to make use of, meaning they are going to have more direct control over their medical information than ever before.Â
For example, if patients are using a health coaching app or an app that reminds them to take their medicine, they’ll decide to import their records directly into those platforms. All they need are the credentials they use to sign into Epic.Â
This seemingly easy feat is definitely a serious technological leap for the health-care sector, and it reflects the start of a recent standard of data-sharing practices which might be set to take shape across the nation.Â
Epic is considered one of the organizations that has been helping the federal government establish the Trusted Exchange Framework and Common Agreement, or TEFCA. It launched in December, and goals to iron out each the legal and technical requirements for sharing patients’ data at scale.
Health-care data within the U.S. has historically been siloed and difficult to maneuver around. Clinics, hospitals and health systems can store their information in a wide range of formats across dozens of various vendors, and there hasn’t been a trusted nationwide mechanism in place for transporting it securely. This implies if a patient moves to a distinct state or visits a recent hospital, their medical records may not at all times follow them.Â
Several corporations and knowledge exchange networks have cropped up within the private sector to try to address this problem, but none of them have managed to completely resolve it on their very own. TEFCA was designed to assist bring all these different actors together. Â
TEFCA falls under the purview of an office within the U.S. Department of Health and Human Services. Patients can take into consideration TEFCA like they give thought to using their cellphone, said Micky Tripathi, assistant secretary for technology policy and national coordinator for health information technology at HHS.Â
If one person uses Verizon as their phone carrier, a second person uses AT&T and a 3rd person uses T-Mobile, they’re all still in a position to call and text each other. The identical playbook applies to TEFCA.
“The concept was, ‘We actually ought to only have that user experience that wherever I’m, whichever system I’m using, I do know that it will hook up with every other network, whichever network I’m on,'” Tripathi told CNBC in an interview.Â
‘It may be revolutionary’
The US Department of Health and Human Services constructing is shown in Washington, DC, 21 July 2007.Â
Saul Loeb | Afp | Getty Images
The predominant groups that take part in health-data exchanges through TEFCA are called qualified health information networks, or QHINs. These networks volunteer to participate – they aren’t paid – and so they should undergo a two-step approval process to make sure that they’re eligible and have the needed technical infrastructure.Â
Seven QHINs, including Epic, are live inside TEFCA now, and Tripathi said a few others are nearing the finish line. To assist contextualize the sort of scale TEFCA requires, Tripathi estimated that Epic’s own network facilitates greater than 10 million to 12 million data transactions every day.Â
“Remember, that is about connecting up networks which might be already up and running,” he said.Â
With a view to take part in TEFCA, QHINs should support six different “exchange purposes,” that are the the reason why a corporation is allowed to request health data. These purposes include treatment, payment, health-care operations, public health, government advantages determination and individual access services.
Most exchange networks have previously supported “treatment” exchange purposes, which implies the recipient, like a physician or hospital, is providing care to the person whose records they’re requesting. But by introducing other approved exchange pathways, TEFCA may manage to avoid some disagreements, like those who have arisen this 12 months over what exactly counts as treatment.Â
Individual access services, as an illustration, is a recent exchange purpose that can allow people to simply request all of their records and convey them to at least one app. This implies patients can select see their complete history of doctor visits and hospital stays directly, so long as all of the needed vendors are connected to TEFCA.Â
“I believe it may be revolutionary over the subsequent couple of years,” Steve Yaskin, CEO of Health Gorilla, which is a QHIN inside TEFCA, told CNBC. “When you have a look at every other industry, they’re utilizing data to profit that industry, right? From banking to telcos to any industry that’s deeply rooted in understanding the information.”
An individual using their smartphone.
Kohel Hara | Getty Images
Since TEFCA is so recent, many QHINs are still working to get all six exchange purposes arrange. Epic’s announcement Thursday means they’re officially able to support the person access services pathway.Â
Rob Klootwyk, Epic’s director of interoperability, said individual access took a while to implement since it needed to be done thoughtfully. He said TEFCA needed to determine guardrails that might outline how patients can be authenticated, how they could possibly be educated about whether or not they should release their data to an app and the way apps could possibly be held accountable to consumers.Â
Now, those questions have been answered, he said.Â
“We predict and our community thinks that those pieces are actually lined up and TEFCA is the correct pathway for this,” Klootwyk told CNBC in an interview.Â
For example, after a patient enters their Epic credentials to try to release their data to an app, they’ll be prompted with a patient education screen, in response to Matt Doyle, a software developer on Epic’s interoperability team. The screens outline which information the patient can be disclosing and ensure they’re comfortable with that call.Â
Patient data is inherently sensitive and invaluable, and it’s protected by the Health Insurance Portability and Accountability Act, or HIPAA, a federal law that requires a patient’s consent or knowledge for third-party access. But while some apps are required to comply with HIPAA, many aren’t.Â
Consequently, HHS decided that apps can volunteer to take part in TEFCA so long as they comply with comply with HIPAA, even in the event that they aren’t legally mandated to. This implies QHINs like Epic will have the option to tell users about whether an app is a HIPAA-covered entity, if it is an element of the federally endorsed data exchange network or not one of the above.Â
“We are saying, ‘Hey, we’re not saying they are a bad group, we just do not know what their policies are around these. It’s best to be sure that that you simply’re educated and informed before you select to share this,'” Doyle told CNBC.Â
In essence, whether individuals are interested by using apps to support their care, or they simply want a simple place to take a look at their information, TEFCA goals to determine the baseline of trust needed to make that occur, Klootwyk said.Â
It should take around two weeks for Epic customers to deploy these recent features, though it can likely take more time before individual access services are widely used across the nation at large.Â
Tripathi of HHS said now that TEFCA’s framework is in place, the QHINs and the broader market just need get on board.Â
“That is the subsequent really vital step for a patient to have the option to access their very own information through an application of their selection to have the option to participate more directly in their very own health care,” Tripathi said.