By Dr. Adrian Gropper

First Posted at The Health Care Blog on 9/19/2013

Adrian Gropper, contributor, The Health Care Blog

Adrian Gropper, contributor, The Health Care Blog

Health IT Week demonstrated a double barrel strategy to segregate patient information from provider information. Providers already have the power to set prices and health IT plays the central role.

By rebranding HIPAA as “Meaningful Consent” and making patients second-class citizens in Meaningful Use Stage 2 interoperability, providers and regulators are working together to keep it that way.

Essential consumer protections such as price transparency or independent decision support are scarce in the US healthcare system. The journalists are shouting from the rooftops.

There’s  $1 Trillion (yes, $3,000 per person per year) of unwarranted and overpriced health services steering the Federal health IT bus with an information asymmetry strategy. Those of us that want to see universal coverage succeed need the information transparency tools to drive for changes.

Here’s how it works: The department of Health and Human Services (HHS) controls the health IT incentives and regulations. HIPAA applies to most licensed health services providers. Laboratories and devices are regulated by Medicare and the FDA.

Unlicensed services offered directly to patients, such as personal health records, web info sites and apps are regulated by the FTC. Separate regulatory domains facilitate the segregation of information and contribute to the lack of transparency by making patient-directed services use delayed and degraded information. This keeps independent advice from FTC-regulated service providers from illuminating the specific abuses. 

The segregation of patient information from “provider” information is the current federal regulatory strategy. It’s even more so in the states. By making patients into second-class citizens, the providers can avoid open scrutiny, transparent pricing, and independent decision support.

Federal regulators then create a parallel system where information is delayed, diluted, and depreciated by lack of “authenticity”. This is promoted as “patient engagement”. For regulators, it’s a win-win solution: the providers support the regulation that enables their price fixing and many patient advocates get to swoon over patient engagement efforts.

The proof of this strategy became clear on the first day of Health IT Week – the Consumer Health IT Summit.

In the morning, OCR Director Leon Rodriguez announced the Model Notice of Privacy Practices. In the afternoon, ONC CTO Doug Fridsma declared, out of the blue, that Direct messaging was intended for organization-to-organization messages.

The Model Notice of Privacy Practices legitimizes the practice of provider-to-provider health information exchange under the HIPAA Treatment, Payment and Operations (TPO) exemption. TPO is used by providers and health information exchanges to avoid patient authorization for sharing of private information.

For all health information exchanges, operation under TPO means that patients don’t even have the right to see their own information. Adding to the PR blitz, ONC Chief Privacy Officer Joy Pritts wrote in Health Affairs about “Meaningful Consent”. She cites the new Model Notice of Privacy Practices even though the new document offers the patient absolutely no choice. For the specifics, see the article and my comment.

The casting of Direct as an organization-to-organization system is even more damaging to transparency. The patient-accessible Blue Button Plus includes Direct as the so-called “Push” option. Direct is mandated for Meaningful Use Stage 2 certification. This should mean that every patient can do secure messaging with every MU2 certified provider using Blue Button Plus.

If Fridsma’s pronouncement is implemented, a key feature of Blue Button Plus becomes optional.

ONC guidance can replace the Direct design for patients as first-class citizens and encourage discrimination between organization, physician and patient secure email addresses. This means that patients and physicians will lose a key independent communication channel. For example, by allowing organization-to-organization only implementation of Direct, organizations can avoid giving the patient a criticalindependent decision support hook.

Without transparency and independent decision support, the tools for reducing health care cost are limited. The market-based (as opposed to Medicare for all) foundation of ObamaCare cannot highlight unwarranted and overpriced services as long as the providers of those services maintain control of our personal information. This seems merely politically expedient in these dog days of HITECH. If we accept an impotent Blue Button Plus and HIE exclusion via TPO we may be headed for a regulatory failure even larger than the sub-prime mortgage crisis.

Adrian Gropper, MD is Chief Technical Officer of Patient Privacy Rights and participates in Blue Button+, Direct secure messaging governance efforts and the evolution of patient-directed health information exchange.