Keywords

1 Introduction

1.1 Background and Policy Context

Policies are courses of action that may be expressed through laws, regulations, public statements, budgets, position papers, actions, and other ways of communicating values. They may be voluntary, influenced by moral persuasion, or enforced through the rule of law, or by economic incentives and penalties. Policies may be created either as a response to a perceived need or as proactive measures that anticipate emerging needs. For example, administrative policies governing payment of medical claims were a reaction to the need for a national consensus on standardized payment when Medicare was introduced. Early pioneering work in the 1970s by Ed Hammond, Clem McDonald, Donald Simborg, and others served as a proactive foundation for subsequent widespread standards efforts.

The Health IT policy development process in the United States (US) is highly complex and poorly understood by most because it involves multiple stakeholders, including federal, state, and local government; private provider systems; academic institutions and professional organizations; independent research and policy organizations; philanthropies; standards development organizations; software and telecommunications industry associations; consumer organizations; and the media. Together with the number of players, the sheer size of the Health IT market is difficult to fathom, and there are many opinions on the role of government intervention in the market.

That said, we believe that the pace of Health IT adoption and the evolution of policies and regulations about interoperability of health systems can be better understood and appreciated when the policy and regulatory context is understood. This understanding will require an unmasking of some of the underlying infrastructures and tensions that come from shared power of different branches of government, the role of the private sector in policy development and implementation, and differences of opinion about what constitutes the public interest.

Individuals and organizations who seek to apply new technologies must navigate a complex and often incompletely understood array of binding and non-binding policies that may impact their own course of action. Encountering challenges or opportunities, these same individuals or organizations may seek to change policies to accommodate their concerns or interests. These pressure points are of particular concern as Health IT is both transformed and becomes more pervasive in traditional health care settings, in the home, in public places, and through wearable personal devices.

In this chapter we detail out the interrelations and interdependencies of the various public entities and policy bodies that have influenced Health IT legislation and its interpretation through regulations. We illustrate the interplay between public and private sectors through describing Health IT policy leaders, including the National Coordinators for Health IT, and by providing a timeline of key legislation and closely related policy-relevant events. We hope that a better understanding of the policy process will encourage citizen engagement in the policy process through position statements of professional societies, voluntary workgroups, public comments on draft regulations, and other means to contribute to policy decisions about legislation and regulation.

1.2 Overarching Health Policy Goals

There are many diverse and even polarized opinions about how the US healthcare delivery and payment systems can be transformed and improved. But there is general agreement on the national goals for access and quality as articulated by the Institute of Medicine (IOM) report Crossing the Quality Chasm: care should be safe, timely, efficient, effective, equitable, and patient-centered [18]. The IOM report viewed developments in information and communications technology as an integral component in achieving all six of these policy goals. At the time the Quality Chasm report was issued, the quality of existing, paper-based medical records was described as “embarrassing” and their redesign as a tool for care and information exchange was described as a “moon shot” [5].

In part, the emphasis on safety in the IOM report was a reaction to highly publicized deaths due to preventable medical errors [25], as well as a growing body of data demonstrating inexplicable geographic variations in clinical practice. For many policy-makers, early adoption of EHRs and automated clinical decision support systems brought the promise of safer care in hospitals and clinics by using evidence-based guidelines to standardize practice and reduce the “uneven and unpredictable quality of care provided at even the ‘best’ American institutions” [15].

Within months of the IOM report’s publication, the September 2001 terrorist attacks and the anthrax attacks in Washington, DC and New York City accelerated Congressional interest in funding a health information infrastructure that could be used to improve healthcare quality and patient safety as well as support the more urgent goals of biosurveillance, emergency preparedness, and rapid response. The same information infrastructure that supports the flow of secure clinical information was envisioned to also generate future benefits to population health, by helping to aggregate standardized data for analytics and forecasting, targeting of resources, and research. Through a number of studies published by the IOM and elsewhere, policymakers and the public began to take note of geographic and other variations in access, quality, and cost of healthcare.

Not surprisingly, geographic and other variations also were found in the maturity of clinical information systems, the availability of broadband communications infrastructure, and attitudes toward sharing data electronically. However, with the exception of a few individuals, many of whom were members of the IOM, the “quality movement” in health policy and the movement promoting Health IT adoption diverged and became almost completely independent by the time the Affordable Care Act was passed in 2010.

Taken in a larger policy context, the current intense focus on adoption of electronic health records (EHRs) to promote patient safety and quality is a necessary but by no means sufficient component of information infrastructure and interoperability. In this chapter, our definition of infrastructure includes not only hardware and software, but also the regulatory environment and standards that promote interoperability, defined technically as the electronic exchange of health information within a secure computer network or more simply as the electronic sharing of information among systems. Infrastructure also includes organizations and people who develop, implement, evaluate, and use information systems and promote their use, or who choose to delay for financial, technological, or other reasons.

2 Policy Development in Public and Private Sectors

Under the United States Constitution, the Congress makes laws, the President and executive branch implement the laws, and the judicial branch interprets the laws. Because of the chapter’s focus on implementation, we begin with a description of the executive branch.

2.1 Organization and Authority of the Federal Executive Branch

The President heads the executive branch of government, which has the responsibility to administer and implement laws. Executive branch activities include writing regulatory guidance to enforce the laws; developing budgets to support program activities and other policy priorities; and providing programmatic oversight.

The executive branch is organized into 15 Cabinet-level departments, including the Department of Health and Human Services (HHS), whose FY 2015 budget totaled $1 trillion [11]. HHS is the principal department that protects the health of all Americans, and it is organized into eight agencies or operating divisions that all have some responsibilities related to Health IT: the Agency for Healthcare Research and Quality (AHRQ); the Centers for Disease Control and Prevention (CDC); the Centers for Medicare and Medicaid Services (CMS); the Food and Drug Administration (FDA); the Health Resources and Services Administration (HRSA); the Indian Health Services (IHS); the National Institutes of Health (NIH); the Substance Abuse and Mental Health Services Administration (SAMHSA): and the Office of the Secretary (OS), where the Office of the National Coordinator for Health IT (ONC) is administratively housed.

Many HHS agencies collaborate with the Veterans Health Administration (VHA), part of the U.S. Department of Veterans Affairs (VA), and the largest integrated healthcare system in the U.S. The VA was an early adopter of electronic health records (EHRs) and developer of the consumer web portal known as Blue Button, which is being widely adapted by Medicare and many other programs.

Other agencies with responsibilities for information infrastructure and consumer protection include the Federal Communications Commission (FCC), which has invested in rural broadband infrastructure and which recently issued a joint report with the FDA and ONC on regulation of mobile health [16]; the Federal Trade Commission (FTC), which enforces the Health Breach Notification Rule for web-based businesses that are not covered by Health Insurance Portability and Accountability Act (HIPAA); the National Institute for Standards and Technology (NIST), a non-regulatory part of the U.S. Department of Commerce that advances measurement science to support technology innovation; and the President’s Council of Advisors on Science and Technology (PCAST), administered by the White House Office of Science and Technology Policy, which advises the President and issues reports on policy issues, including Health IT.

In addition to these fully federal agencies, Congress has created two statutory agencies to advise the Secretary of HHS on health data and Health IT. They are the National Committee on Vital and Health Statistics (NCVHS) and the Health IT Policy Committee.

2.1.1 National Committee on Vital and Health Statistics (NCVHS)

Since 1949, the National Committee on Vital and Health Statistics (NCVHS) has been the statutory body advising the Secretary of HHS on key health data issues, including statistics, privacy, national health information policy, and policy implementation, including ways to facilitate interoperability and networking. The majority of NCVHS meetings are open to the public and most include invited testimony and presentations. Advice reflecting this public input is conveyed to the Secretary through letters that are posted on the HHS web site. The 18-member committee members include statistical and research experts from the private sector, including academia, delivery systems, foundations, and industry. Key federal staff come from the Assistant Secretary for Planning and Evaluation (ASPE) and the National Center for Health Statistics (NCHS), which is part of the Centers for Disease Control and Prevention (CDC).

Before HITECH created the Health IT Policy Committee, NCVHS was the primary source of national guidance on health information policy. In November 2001, NCVHS issued a strategy document for building the national health information infrastructure (NHII). The report identified personal health, providers, and population health as the three dimensions of health infrastructure and estimated that a 10-year investment of $14 billion would be needed across existing agencies and nongovernmental organizations. The report also called for better coordination of the nation’s efforts across government and described its role as follows:

The Government is called upon to help set the stage for private innovation, to catalyze change through visioning and standard-setting, and to help build incentives, in addition to performing such traditional governmental functions as providing material support, widening participation and access, and ensuring privacy and confidentiality protections. [30]

Much of the behind-the-scenes support for what became the Office of the National Coordinator came from the chairs and leadership of NCVHS, including Don Detmer, then the President and CEO of the American Medical Informatics Association; John Lumpkin, Senior Vice President at the Robert Wood Johnson Foundation; and many others. The NHII report later provided the basis for the National Health Information Network (NHIN), which was renamed and became a signature initiative of the Office of the National Coordinator (ONC) in 2004 during the Bush Administration.

2.1.2 The Health IT Policy Committee

Created by HITECH, the Health IT Policy Committee advises ONC on developing a policy framework for the development and adoption of a nationwide health information infrastructure. It is staffed by ONC and consists of several workgroups and subcommittees that hold virtual and in-person public meetings to address many issues from a variety of stakeholder perspectives, including provider, industry, and consumer views. For example, the Interoperability and Health Information Exchange workgroup makes recommendations to support care management and coordination through the electronic exchange of information.

Members of the policy committee include ex officio members from federal agencies as well as private-sector members from academia, delivery systems, EHR system developers, provider associations, consumers, caregivers, and many other relevant areas of expertise and experience. Similar to the process followed by NCVHS, the Policy Committee transmits its advice in formal letters to the National Coordinator.

The Policy Committee members have played an active role in approving the criteria for meaningful use, a security policy framework for EHRs, matching patients to their own health information in different systems, public trust in Health IT and Health Information Exchange (HIE), and many other key policy issues affecting adoption and implementation. All of their policy recommendations and transmittal letters are available online at www.healthit.gov.

2.2 Role of the Private Sector in Health IT Policy Development

In addition to the role of Congress in passing legislation and the executive branch of government in implementing it, advisory bodies play a major role in Health IT policy development. Some, including the National Committee on Vital and Health Statistics and the Health IT Policy Committee, are federally staffed and supported and have private-sector members who are appointed through a variety of means, including public and Congressional input. Others are private and independent, and the most noteworthy is the Institute of Medicine.

2.2.1 Institute of Medicine (IOM) of the National Academy of Sciences (NAS)

The Institute of Medicine (IOM) was founded in 1970 by the National Academy of Sciences, later renamed the National Academies (NAS), to provide independent advice to Congress and the executive branch on issues relate to health and science policy. Originally created by Congressional charter under President Lincoln, the NAS includes the National Research Council, which is an operating branch, along with the National Academy of Engineering (NAE), and the IOM. NAS, NAE, and IOM are all self-perpetuating elected membership organizations that convene expert committees to study and report on health, science, and technology policy issues and conduct public educational activities.

IOM studies are sometimes congressionally mandated or requested, and may also be requested and funded by federal agencies, philanthropies, or other private organizations. IOM committees are made up of members and non-members who reflect a broad array of opinions and expertise on the topic being studied. The IOM also sponsors roundtables, which convene discussions, organize workshops, and write issue briefs in areas of interest to the field, but without making consensus-based recommendations.

Over the years, IOM’s reports have had a major impact on policy makers, the delivery system, and the research enterprise. Among many others, the subjects covered in these reports include: health care coverage [19]; patient safety and quality [23]; the role of Health IT in health system transformation [22]; and e-prescribing [21]. The Quality Chasm report mentioned at the beginning of this chapter clearly has been one of the most influential [19].

2.2.2 Other Private Sector Advisory Activities

Professional organizations such as the American Health Information Management Association (AHIMA), the American Medical Informatics Association (AMIA), the Alliance for Nursing Informatics (NIA), and the Health Information and Management Systems Society (HIMSS), also play a vital role representing their members’ opinions and interests through providing testimony at Congressional hearings, meeting with Congressional members and staff to discuss policy issues, and submitting comments on draft reports and frameworks. For example, the 2015 ONC Interoperability Roadmap Draft Version 1.0 request for comments, currently open, is likely to receive hundreds of comments from stakeholders.

Private foundations, particularly The Robert Wood Johnson Foundation (RWJF), The California Healthcare Foundation (CHCF), The Commonwealth Fund (CWF), The John and Mary A. Markle Foundation, as well as The Aetna Foundation, The Kellogg Foundation, and The Kresge Foundation are all key players in health policy. These foundations have played an important role in Health IT policy development by convening advisory groups, funding programs and studies to build the evidence base on what works in implementation, and encouraging innovation. For example, the “Blue Button” technology that allows consumers to download their health information was jointly funded by a collaborative group involving the Markle Foundation and RWJF, and beta-tested and implemented by The Department of Veterans Affairs, The Department of Defense, and The Centers for Medicare and Medicaid Services (CMS) [13].

RWJF has funded several infrastructure projects to improve the flow of information across health care and public health settings. CHCF and Commonwealth have funded academic and think tank evaluation teams to learn best practices from the implementation of 17 Beacon Communities and the different phases of meaningful use criteria. The Markle Foundation, Engelberg Center for Health Care Reform at the Brookings Institution, and the Center for American Progress have collaborated on a series of public education events and public comments documents, and the Bipartisan Policy Center has also held public events as well as issued reports on Health IT, with support from health systems and industry payers.

2.2.3 Private Industry

In Health IT, policies often require adoption of standards for data representation and process flow. These standards generally arise through the deliberations and voluntary practices of industry-led consensus groups and are later embodied into law; such standards and policies are therefore a result of a perceived market “pull.” When embodied into law, such policies change from a market “pull” adopted by some stakeholders to a mandatory “push” enforced on all stakeholders.

In the United States, the private, non-profit American National Standards Institute (ANSI) serves as a clearinghouse for national and international standards development efforts. A number of standards development organizations (SDOs) also play a critical role. Examples include: the ISO (International Organization for Standardization), responsible for many communication standards; the ASC (Accounting Standards Codification), responsible for many administrative transaction standards; HL7 (Health Level Seven), responsible for detailed clinical messaging standards; and NCPDP (National Council for Prescription Drug Programs), responsible for many standards pertaining to prescription drugs. These SDOs strive to coordinate their often overlapping interests to provide a coherent set of standards that have been incorporated into many Health IT policies.

Another example is Continua Health Alliance, a non-profit, open industry organization of technology, medical device, and healthcare industry leaders who are developing design guidelines and a certification program to promote interoperability among their diverse products. Continua focuses on Health IT that facilitates virtual visits or electronic connectivity outside of traditional office visits among patients, family members, and providers.

2.3 Key Legislation Influencing Health IT Policy

The major pieces of legislation governing Health IT are The Health Insurance Portability and Accountability Act (HIPAA) (1996), which was amended in the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009; the Medicare Prescription Drug, Improvement, and Modernization Act (also called the Medicare Modernization Act or MMA), passed in 2003; the Patient Protection and Affordable Care Act (ACA), 2009; and the Food And Drug Administration Safety And Innovation Act (FDASIA), which was passed in 2012.

2.3.1 Health Insurance Portability and Accountability Act (HIPAA)

In August of 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA), also known as Kennedy-Kassebaum and then as Kassebaum-Kennedy, after two of its leading sponsors [4]. Title I of HIPAA protected continuity of care in the group and individual health insurance markets by ensuring that individuals could keep their coverage when they changed jobs. There was widespread public support for preventing “job lock,” and it was one of two remaining issues from the Clinton health reform efforts that still had bipartisan support in Congress. The other issue was the State Children’s Health Insurance Program (CHIP), which was authorized under the Balanced Budget Act of 1997. An 1998 IOM report on the CHIP program promoted the use of information technology for enrollment and clinical purposes as well as public reporting, consistent with other IOM reports and the new legislation, but also new for the Medicaid program and others in the children’s health community who were implementing CHIP [14].

Title II of HIPAA, known as Administrative Simplification, required the establishment of national standards for electronic exchange of transactions relating to health care and payment for health care, including such functions as health plan enrollment and disenrollment, claims submission and payment, referral authorization, and the like. Broadly speaking, the goal was to facilitate the transition of the U.S. health care system from antiquated paper records and communications systems to an efficient electronic information environment.

The HIPAA legislation also called for promulgation of standards for the privacy of individually identifiable health information if Congress did not pass national health privacy legislation within 3 years. Accordingly, in 1999, responsibility for developing regulations governing health privacy passed to the Department of Health and Human Services.

In the period from 1999 to 2002, HHS reached out to a broad array of stakeholders, first under the Clinton and later the Bush Administration, for input into the health privacy standards that Congress had been unable to produce through the legislative process. These stakeholders included physicians and hospitals, insurers and health plans, researchers, pharmaceutical companies, patient groups, and many others. The resulting HIPAA Security and Privacy rules [45 CFR Part 164] provide rights to individuals (patients) and mechanisms for the exercise of those rights, while imposing obligations on Covered Entities (and Business Associates performing functions on their behalf) to protect the security and privacy of individually identifiable health information and to facilitate the individual’s rights. Emphasizing the fundamental rights granted to individuals by HIPAA, the HIPAA Privacy and Security rules are enforced by the HHS Office of Civil Rights (OCR).

The Privacy and Security regulations have been modified once, at the direction of Congress. The modification was included in the HITECH Act of 2009 provisions aimed at strengthening HIPAA’s privacy, security and enforcement requirements and broadening the reach of the rules.

The Privacy and Security rules have been highly efficacious in causing “Covered Entities and Business Associates” to devote significant resources to complying with a complex regulatory environment, which includes everything from the obligation to post a Notice of Privacy Practices to enormously expensive breach reporting requirements if electronic health data is “lost” or improperly accessed.

However, the rules appear to have been only marginally successful in making information available across providers delivering care and to patients seeking access to their own medical records. To some extent, these challenges are the result of immature technologies, but to a significant degree, they are also the result of a lack of consensus among providers and administrators of exactly what HIPAA requires and how it should be implemented. As a result, the achievement of interoperable data exchange is generally understood to require the consent of every individual whose protected health information (PHI) is to be transmitted, or securing a waiver of individual consent from an Institutional Review Board (IRB). Given inadequate guidance on the topic of information exchange from the Office for Civil Rights, which enforces the HIPAA rules, it is no surprise that state and regional health information exchanges have had to devote enormous resources to the development of consent and governance models before attempting to exchange data, and that most covered entities simply don’t try. As a consequence of the complexity of the rules, sanctions, and penalties, some providers are resistant to fulfilling record requests, often on the advice of their attorneys. Thus, HIPAA is often seen by stakeholders, including legislators and other policymakers, as a barrier to information exchange, rather than the facilitator it was meant to be.

Some experts believe that the development of shared governance structures and data use agreements for multisite research can open up opportunities to support the freer flow of information across settings and help create the trust needed for learning health systems of the future [29]. From this perspective, it is the significant variability in interpretations of HIPAA that poses the main challenge in clinical data sharing, not the regulations themselves.

Others, however, believe that the “medical records” framework of HIPAA in which it is “covered entities” that create, maintain, and are responsible for health data, is increasingly outmoded in an era of wearables, patient-generated data, and health care-related applications developed outside of the traditional health care system and that a broad overhaul of health privacy regulations is called for. As of early 2015, it is difficult to believe that the current Republican Congress and Democratic President could accomplish such an undertaking.

2.3.2 e-Prescribing in the Medicare Modernization Act (MMA)

In 2003, the Medicare Modernization Act (MMA) included a new prescription drug benefit (Part D) and required drug plans participating in the new benefit to support electronic prescribing (e-prescribing, or e-rx). The e-prescribing provisions were designed to improve patient safety by reducing illegible handwritten prescriptions, providing alert and warning systems that reduce errors, and making it easier to include prescription drug information in electronic health records (EHRs). Sending a prescription directly to a pharmacy eliminates phone calls, faxes, and call-backs by clinical offices, and it was estimated that cost savings from ADEs and workflow efficiencies could total approximately $27 billion per year. It was also estimated that e-prescribing could eliminate more than two million adverse drug events (ADEs) a year, including 130,000 that were life-threatening. These changes also could increase patient adherence, by making it easier for patients to fill and pick up their prescriptions.

In 2005, HHS awarded $6 million to five teams for pilot projects [2] to test and evaluate initial standards for e-prescribing (e.g., medication history, formulary and benefits, prescription fill status notification, and others) and their interoperability with other standards. The pilot project evaluation found that provider uptake and satisfaction were generally good, and that clinical staff played a much larger role than prescribers themselves by preparing many of the orders for the prescribers’ review and signatures. This finding led to an acknowledgement of the need for significant clinical workflow changes to move from paper to electronic order systems [31], although that point was apparently totally missed in the development of HITECH.

The MMA also authorized the creation of a Commission on Systemic Interoperability, charged with “developing a strategy to make healthcare information instantly accessible at all times, by consumers and their healthcare providers.” In its 2005 report, the Commission provided many examples of individuals benefitting through “connected healthcare,” and one of its recommendations was ensuring “an interoperable medication record for every American,” including access to one’s own prescription drug history [10]. With the growing use of medication data exchanges by pharmacies, pharmacy benefits managers, and health plans, such a goal seemed possible. But that same year, Hurricane Katrina showed the glaring weaknesses in infrastructure needed to share prescription drug information across pharmacy and clinic locations for thousands of people whose paper records had been destroyed by the storm [28].

In 2005, the Institute of Medicine undertook a Congressionally-mandated study of the prevalence of medication errors in order to develop a national agenda to reduce them. The report acknowledged that medication errors are both common and costly [20], and the resulting media attention made it easier for CMS to promote and encourage providers to participate in the e-prescribing program [41].

Two years later, an e-Prescribing Incentive Program was created by Congress in the Medicare Improvements for Patients and Providers Act of 2008 (MIPPA), authorizing a new financial incentive program for successful e-prescribers. After 5 years, providers who did not use e-prescribing for Medicare beneficiaries would receive lower Medicare reimbursements as a penalty. This is the same approach used by the Meaningful Use program under HITECH, beginning with incentives and then phasing in penalties for non-participation.

2.3.3 The Health Information Technology for Economic and Clinical Health Act (HITECH)

The Health Information Technology for Economic and Clinical Health (HITECH) Act was part of the $787 billion economic stimulus package passed as The American Recovery and Reinvestment Act (ARRA) of 2009. HITECH provided between $25 and $36 billion in incentive payments to promote the adoption and use of electronic health record (EHR) systems to improve healthcare quality, reduce costs through improved efficiencies, and also improve consumers’ access to their personal health information.

To reconcile the rapidity mandated by HITECH with the concerns that federal funds would not be spent wisely, ONC and CMS worked together on a regulatory framework to ensure the value of IT investments to providers and patients. They named this set of financial incentives, certification requirements, and regulations “meaningful use” [9, 32]. The program was launched in 2011 and will continue through 2016. To receive an incentive payment, providers need to show that they are “meaningfully using” certified EHR technology. Eligible providers and organizations must show through their reporting that they are meeting certain measurement thresholds.

These measurements have been developed with extensive public involvement and comment and reflect a blend of policy goals and industry and provider readiness and capacity. The first round of certification (Stage 1) emphasized basic EHR functionality, and relatively wide adoption occurred. The second round of certifications (Stage 2) required a greater degree of communication with external entities, and these have not yet been as broadly accepted. Beginning in 2015, eligible professionals who do not successfully demonstrate meaningful use of EHRs will become subject to financial penalties, and this transition from incentives to penalties is catching some providers without certified systems. The third round (Stage 3) was released in March 2015, and it reflects a new emphasis on data flow and flexibility, reflecting both the successes and failures of the previous two stages [24]. Recent adoption figures show that more than half of physicians and more than 60 % of hospitals are using EHRs, which shows significant progress [1, 12].

Five years after HITECH was introduced, the consequences are not yet fully knowable. The legislation has led to an unprecedented degree of EHR adoption and serves as a critical foundation for future efforts to coordinate care. There is no doubt that the implementation of HITECH was hindered by the wide variation in the provider community in terms of experience with EHRs and health information exchange. However, evidence suggests that within a year of implementation most providers have improved workflow efficiency, appreciate the ability to access patient information from the office or remote locations, and do not want to return to paper [26].

Overtime, the slow rate of adoption at the state level led to the realization that the incentives for interoperability are primarily to support regional exchange within a geographic market, following the referral patterns of local providers. This may be one of the most important lessons from HITECH: developing a national plan such as the National Health Information Network (NHIN) from the top-down makes sense from a policy perspective, but in the end, all implementation is local. The incentives and business case for providers to invest in Health IT are based on their need for clinical information to flow between hospitals and other healthcare settings to take better care of the same patients as they move through the system, usually within a defined geographic area or market. The abstraction of a “national network of networks” is appealing intellectually but very difficult to operationalize.

As of spring 2015, concerns about HHS priorities and strategies to promote interoperability have been expressed by many, including the Government Accountability Office (GAO) [42], members of the provider community [37], and six US Senators [38]. All but the most ideological critics recognize the growing need for a comprehensive technology infrastructure capable of interoperability and information exchange in ways that assure care is both safe and financially accountable. However, interoperability is not exclusively a technical and legal challenge. Hospitals and health care organizations compete with each other for patients and staff, and there is no financial or other incentive for them to share information in a competitive marketplace. This fact about the healthcare market is rarely raised in policy discussions.

2.3.4 Food and Drug Administration Safety and Innovation Act (FDASIA)

Passed in 2012, FDASIA gives the Food and Drug Administration (FDA) authority to continue to collect user fees from the biomedical industry, as well as to regulate medical software. By request of the Secretary of Health and Human Services (HHS), the Health IT Policy Committee convened a stakeholder group to advise on a risk-based framework for regulating software, in collaboration with the FDA and the Federal Communications Commission. A full report from the three agencies was released in the spring of 2014 [16].

The tri-agency report found that EHRs are relatively low-risk, and that full FDA regulation would not be helpful and could stifle innovation. However, the report recommended the creation of a new HIT Safety Center to improve the design, development, implementation, maintenance, and use of Health IT to prevent any future risks to patients. A federal contract is currently providing input about the Center’s mandate and goals and a report will be issued later in 2015.

3 The Changing Policy Goals of the Office of the National Coordinator (ONC)

Earlier sections of this chapter have described federal responsibilities for Health IT, the role of the private sector in influencing and implementing policy, and the importance of the Office of the National Coordinator for Health IT (ONC) in serving as the focal point and channel for Health IT policy initiatives, which have involved an unprecedented level of public-private collaboration. We have deliberately provided a broad policy context because the complexity of the policy development process is poorly understood and often underappreciated, and because it continues to evolve under the influence of different stakeholders in the Health IT space. This section focuses on the Office of the National Coordinator (ONC) as a barometer of Congressional support for Health IT and as a reflection of the value of public-private collaborations. As will become clear, ONC leadership has played an important role in influencing provider and industry engagement, as well as informing public opinion and increasing awareness of the value of real-time information exchange to the clinical enterprise and to patients and caregivers.

3.1 The National Coordinators for Health IT (ONC)

The position of National Coordinator for Health IT was created by Presidential Executive Order in April 2004, and was legislatively mandated in 2009 in the Health Information Technology for Economic and Clinical Health Act (HITECH). Even at the time of the creation of the Office of the National Coordinator (ONC), it was recognized that the primary barriers to implementation of a nationwide health information infrastructure were not primarily technological, but were more related to leadership and organizational factors.

The role of the National Coordinator was seen as essential to the federal role of bringing together private and public stakeholders, and all levels of government [30]. It was also partly symbolic at the time it was created, in that the emerging field of Health IT began to coalesce once its importance was acknowledged by locating ONC administratively in the Office of the Secretary of HHS. Over the next decade, each one of the National Coordinators brought a different leadership style and expertise, faced a different set of issues, and had different policy and implementation priorities that are arguably more visible in hindsight than they were at the time.

David Brailer, a physician entrepreneur and economist, was the first ONC director or “Health IT czar.” He was appointed in May 2004 and agreed to stay in the position for 2 years, after which he planned to return to the private sector. Previously, Dr. Brailer had founded CareScience, a spin-off from the Wharton School of Business at the University of Pennsylvania and one of the first companies to use electronic health information to improve the quality of care. Dr. Brailer’s credibility in launching the new federal office came not only from his deep knowledge of Health IT, but from his industry perspective and ability to frame the business case for Health IT in terms of bringing value from improved efficiencies and cost savings. Dr. Brailer was popular with the business media and was interviewed frequently. He often described the history of underinvestment in Health IT, with most hospitals spending 2–3 % of their budgets compared to 10 % for other industries, and appealed to industry to invest in the new field [8].

During the time Dr. Brailer served as National Coordinator, HHS formed a Federal Advisory Committee known as the American Health Information Community (AHIC), which met for the first time in November 2005. HHS also issued five contracts to convene a Health IT Standards Panel (HITSP); develop criteria and evaluation processes for certifying EHRs (Certification Commission for Health IT, or CCHIT); develop prototype architectures for the National Health Information Network (NHIN); identify security and privacy barriers in business and state laws; and measure the state of EHR adoption.

In September 2006, Robert Kolodner left the Veterans Health Administration (VA) to become the Acting National Coordinator, an appointment which was confirmed in April 2007. Dr. Kolodner, a psychiatrist, was well known in Health IT and informatics circles for his leadership in a variety of VA Health IT solutions, including My HealtheVet, a Personal Health Record for veterans, and VistA – the first successful large-scale Electronic Health Record implementation. Kolodner’s appointment was reassuring to the field after Brailer’s departure because he had a track record of demonstrating that implementation can be achieved at a large scale and that EHRs can improve workflow. He worked to continue to build support for EHRs among the provider community by appearing at conferences and publishing articles in provider journals, and was generally regarded as a good steward of the federal investments in the emerging field.

Before his appointment, Kolodner had already gone on public record supporting the national health information infrastructure [39], and his knowledge of government and years of experience in inter-agency collaboration helped ONC establish relationships with the Agency for Healthcare Research and Quality (AHRQ), which had been funding Health IT research and implementation projects, and with the Centers for Medicaid and Medicare Services (CMS). In retrospect, his most important contribution may have been building trust among the private-sector members of the American Health Information Community (AHIC) and the federal advisory body formed in 2005 to advise the Secretary of HHS on how to accelerate the adoption of Health IT. He served until the 2008 election and the change of administration.

After President Obama took office in 2009, David Blumenthal took a leave of absence from Harvard University to become the new National Coordinator. A practicing internist, health policy expert, and effective public speaker, Dr. Blumenthal had served as an advisor for the Obama campaign. He came from the highly inter-connected environment of Partners HealthCare, the Harvard-affiliated health system that was an early adopter of Health IT, and the hallmark of his leadership at ONC was his sharing many examples of his first-hand clinical experience in seeing how Health IT improved the quality of care.

As director of Harvard’s Institute for Health Policy, Dr. Blumenthal had been involved in IOM committees and other efforts to promote adoption of Health IT in the academic medical community. The tsunami of $27 billion in funding from HITECH included $2 billion in direct appropriation for ONC to set up a nationwide network of regional Health IT extension centers to provide technical assistance to local providers; launch Health IT training programs in community colleges; oversee the two Federal Advisory Committees Act committees created by HITECH (the Health IT Policy Committee and the Health IT Standards Committee), and establish testing and certification criteria for EHR. Also during Blumenthal’s tenure, work began on defining criteria for meaningful use of certified EHRs, and after an extensive public comment period, the Stage 1 Final Rules were published in the Federal Register in July 2010. Through it all, Blumenthal built consensus with AHRQ and CMS, and kept the ONC focused on the value of providing quality care in a safe, secure environment. He returned to Harvard after his 2-year leave of absence to resume his academic appointment there.

The fourth ONC Coordinator, Farzad Mostashari, had been serving as a Deputy at ONC and was promoted in April 2011. He had come to ONC from the New York City Department of Health and Mental Hygiene, where he had served as Assistant Commissioner for the Primary Care Information Project and oversaw the adoption of Health IT by 1,500 providers in low-income communities. An epidemiologist with expertise in developing biosurveillance systems, Dr. Mostashari’s appointment shifted the meaningful use discussion to include public health reporting and population health, which reflected the policy priorities of the Affordable Care Act (ACA). He was an energetic advocate for the use of “big data” for planning and research, and also for direct consumer access to personal health information through Blue Button, developed by the VA and adapted by the Medicare program.

By this time, the meaningful use incentives were starting to work and the majority of providers were adopting and using EHRs, although interoperability was still a long way away. After the American Medical Informatics Association (AMIA) issued a report on the unintended consequences of Health IT in terms of patient safety [6], ONC asked the Institute of Medicine to study the issue. The subsequent IOM [22] report suggested that a systems approach was required to monitor the impact of Health IT on patient safety, including a user-centered design approach to make software improvements that are a better reflection of workflow and use patterns. The IOM also called for the creation of a new Health IT Safety Council to set safety standards, and advised against the Food and Drug Administration (FDA) being given those responsibilities. After the IOM report on Health IT and patient safety was released, ONC released a draft plan on how to make it easier to track and fix Health IT problems due to software malfunctions and systems errors and received more than 100 comments [35].

Dr. Mostashari announced his departure in August 2013 and became a Visiting Fellow at the Brookings Institution a few months later to focus on helping small clinical practices adopt Health IT. He did not make his reasons public, but HHS Secretary Kathleen Sebelius acknowledged his leadership in presiding over the enormously complex implementation of HITECH, linking meaningful use to population health goals, and increasing the focus on patients and families [7].

In December 2013, Karen DeSalvo, Health Commissioner from New Orleans, became the new National Coordinator, continuing the policy focus on public health reporting and population health. After the Ebola outbreak began in West Africa during the summer of 2014, Dr. DeSalvo was named the Acting Assistant Secretary for Health while continuing as National Coordinator. Industry leaders questioned whether it was possible for her to perform both positions and called for a full-time replacement at ONC, particularly in light of the recent departures of several senior ONC leaders [27]. As of spring 2015, Dr. DeSalvo was still holding both positions.

3.2 ONC’s Draft Interoperability Roadmap

The Version 1.0 Interoperability Roadmap released by ONC for public comment in January 2015 [33] seeks to remedy some of the major criticisms of the meaningful use program, which many providers see as overly bureaucratic and burdensome [3] and some policy-makers see as too slow in achieving interoperability [40]. The stated goal of the roadmap is to ensure that individuals and their providers can get accurate, electronic health information when and how they need it to make informed decisions about healthcare. ONC’s Interoperability Roadmap also calls for public and private stakeholders to collaborate around a core set of business and functional requirements to achieve a learning health system within 10 years. ONC’s call for collaboration represents more of an aspirational goal than a mandate. This goal of collaboration would require a major shift in key stakeholders’ willingness to share information for the public good as reflected in the policy goal of improvements in patient care and safety while also helping providers achieve cost-saving efficiencies.

Concurrently, ONC released an interoperability standards document to help clarify the technical infrastructure requirements for the learning health system. “Learning Health System” is a term first used by the IOM to reflect the use of data analytics to generate knowledge that is used to improve the quality and effectiveness of healthcare. The “open draft” document is non-regulatory and non-binding and describes a less prescriptive process for interoperability and implementation standards for clinical Health IT. It is intended to “begin a dialogue” with the provider community, the research community, and industry by supporting areas of consensus and agreeing on ways to harmonize standards to allow providers flexibility while accelerating interoperability and supporting health information exchange [34].

Together, these plans, particularly if coupled with a relaxation of meaningful use mandates and other HIT-related penalties, may shift attention back to what providers and patients think technology should do. And that goal is to promote the flow of information to the right person at the right time. It remains to be seen how many of the currently factionalized stakeholders will be able to work together to achieve this common goal.

4 What Lies Ahead?

This chapter is being finalized during the public comment period for ONC’s January 2015 Interoperability Roadmap, which covers the next 10 years. From a broad policy perspective, we foresee that hospitals, physicians and other providers will increasingly be part of a “system” that takes on responsibility for the health and health care of individuals and groups and populations. These sociocultural shifts will happen concurrently as the US moves toward patient-centered and accountable care and payment models that reward quality and value and not merely tests and procedures. Healthcare organization and all stakeholders – providers, payers, patients, caregivers, and healthy consumers – will benefit from secure but highly accessible data exchange. Data exchange will happen at the point of care, as well as in other settings where analytics, discovery, health planning, and software systems development take place.

Many factors contribute to the problem of interoperability, of course, including that health data is multi-faceted and difficult to digitize, that the complexity of HIPAA and other regulatory constraints meant to protect patients have erected barriers to out-of-the-box problem solving, that vendor competition encourages data siloes, that basic usability problems are legion, etc. We have referred to these and many other obstacles throughout the chapter.

From our perspective, however, a key problem is that the ultimate end-users of health care – namely, patients and their caregivers – are still “missing persons” in the quest for interoperability. Patient advocacy groups are sometimes present during policy discussions, but even the Patient Centered Outcomes Research Institute (PCORI) created by the Affordable Care Act has not been able to address the problem of patients’ inability to access their own personal health information. In all of the ambitious and even heroic efforts to implement HITECH, the goal of promoting patient access through meaningful use has not motivated industry and providers to develop systems that “talk to each other” in real time to improve patient care and access to their own information.

Other industry sectors – from banking and insurance to automotive and retail sales – understand consumer data as an asset, and monetization of such data as a part of a business’s revenue stream. Health data is different, of course, not only because it may be far more sensitive than other consumer data but because it is shared with the business (the health care provider or payer) for a specific, confidential purpose (the delivery of care or payment for such care). There is a general expectation that the information will not be further used or shared, except for purposes such as research and public health analytics, which are typically seen as public goods.

Interoperable data exchange, even within a policy framework that protects confidentiality and individual privacy, represents a fundamental shift to the traditional expectations of all the stakeholders: providers, plans, payers and, most importantly, patients, families, and caregivers. In fact, interoperability and information exchange presume a more communitarian model of care, in which providers, patients, and caregivers are engaged in shared, evidence-based decision-making based on personal and family preferences and understanding of risks. We think that the challenges of the transformation to patient-centeredness in the provider community may be as much or more of a challenge than realigning financial incentives in the policy community.

The combined impact of federal and private-sector initiatives can make innovation even more likely, but only if goals are more closely aligned. The Blue Button initiative is a fine example of disruptive innovation that serves the interests of patients, families, and caregivers by improving their direct access to personal health information. Consumer healthcare is a rapidly growing market, and the demand for web portals, remote monitoring devices, and other devices will increase if proposed changes in Medicare payment policies for telehealth are implemented.

HITECH is the most recent and largest single national investment in Health IT, and its implementation has been a massive undertaking. There is no comparable initiative in the history of US healthcare, and the largely voluntary mobilization of private sector entities to engage in enlightened self-interest while serving the public interest has been unprecedented, and not without significant challenges.

To realize transformational change, health information technology and health policy goals must be aligned with industry trends and interests of the private providers. We recognize that without that alignment, the current state will be maintained. We firmly believe that those healthcare organizations that will thrive under the new reimbursement requirements, will be those early adopters that embrace the ability to share patient data with the individual patient and external entities that serve as their primary care and community/home care partners. We hope that the learning health systems of the future will find that it is to their competitive advantage to focus on the common goal of achieving patient-centric systems with interoperability across providers and systems. Once this end-point is reached, we will have achieved transformational change that benefits all.

5 Timeline of Key Events in Health IT Policy

Given the number of legislative, executive branch, and private-sector initiatives that have influenced Health IT policy over the years, we developed a timeline of events as a reference document. Timelines often illuminate the sequence of events in ways that narrative does not, and also illustrate the proverbial saying that “change takes time.”

Timeline of key events in Health IT policy

January 1991

Institute of Medicine releases The Computer-Based Patient Record: An Essential Technology for Health Care, with a blueprint for transitioning to CPRs, later known as Electronic Health Records (EHRs)

December 1991

Congress passes the High Performance Computing and Communications Act of 1991, creating the National Research and Education Network (NERN) as a partnership of government, industry, and academia and leading to the National Information Infrastructure (NII) or “information superhighway”

November 1993

The Health Security Act, also known as the Clinton health reform proposal, was introduced in Congress

1994

HL7 becomes an ANSI-certified Standards Development Organization and the global authority on interoperability standards

1994

Community-based HIT initiatives (e.g., CHMIS, CHINS) inspired by the Clinton health reform proposals, begin to lose momentum with the Congressional failure to pass legislation

August 1996

Congress passes the Health Insurance Portability and Accountability Act (HIPAA), with administrative simplification provisions requiring development of standards for electronic exchange of health information

December 2000

After a year of comments on the proposed rule, the HIPAA Privacy Rule sets national standards to protect individually identifiable personal health information used by health plans, health care clearinghouses, and health care providers (covered entities)

April 2001

Institute of Medicine report “Crossing the Quality Chasm” calls for a national commitment to an electronic infrastructure to support sharing of personal health information

November 2001

The National Committee on Vital and Health Statistics sets out a national strategy for health information infrastructure (NHII)

August 2002

The HIPAA Privacy Rule is modified and finalized, with a compliance date of April 2003 for most entities

February 2003

The HIPAA Security Rule establishes national standards to protect the confidentiality, integrity, and security of electronic personal health information

December 2003

Medicare Modernization Act (MMA) requires pharmacies and health plans to follow e-prescribing standards under Medicare Part D

April 2004

Presidential Executive Order creates Office of the National Coordinator for Health IT in the Office of the HHS Secretary and calls for widespread use of Health IT within 10 years

May 2004

David Brailer is appointed the first National Health Information Technology Coordinator

July 2004

Markle Foundation’s Connecting for Health Initiative Issues Preliminary Roadmap for Achieving Electronic Connectivity in Health Care

October 2004

Agency for Healthcare Research and Quality (AHRQ) funds $139 million in Health IT projects

August 2005

Hurricane Katrina strikes Louisiana and Hurricane Rita strikes the Gulf Coast 25 days later. Ability to provide prescription medication lists and other basic health information is limited due to destruction of paper records by the storms (Markle Foundation, 2006)Footnote 1

October 2005

Commission on Systemic Interoperability issues a report recommending a prescription medication history for every American

November 2005

HHS provides support for regional electronic health record (EHR) adoption in Gulf States as part of post-Katrina response, but state legal barriers later prevent implementationFootnote 2 (HHS 2005)

April 2006

A public-private collaborative funded by Markle Foundation releases Connecting for Health, a common framework to develop a networked health information environment

Sept 2006

Dr. Robert Kolodner begins serving as interim National Coordinator for Health IT and is appointed to position in April 2007

May 2007

ONC releases report on the NHIN Prototype Architecture Contracts, comparing the results of four consortia to develop a “network of networks”

October 2007

HHS awards $22.5 million to test implementation of nine prototype state-level health information exchanges

November 2007

Federal Communications Commission provides $400 million to rural areas for broadband to promote telehealth

September 2008

Government Accountability Office releases a report advising the HHS could risk losing public trust unless it creates a comprehensive privacy, confidentiality, and security strategy

Feb 2009

Congress passes the Health Information Technology for Economic and Clinical Health (HITECH) as part of the American Reinvestment and Recovery Act of 2009 (ARRA), outlining a “meaningful use” incentive program for adopting electronic health records. The bill makes permanent the Office of the National Coordinator and creates the HIT Policy Committee and HIT Standards Committee to advise ONC

March 2009

David Blumenthal is appointed as National Coordinator for Health IT

March 2010

The Patient Protection and Affordable Care Act (ACA) is enacted

December 2010

President’s Council of Advisors on Science and Technology (PCAST) issues report recommending ways to accelerate Health IT adoption and reduce healthcare costs

April 2011

HHS Secretary Kathleen Sebelius appoints Dr. Farzad Mostashari as National Coordinator for Health IT

July 2012

The Food and Drug Administration Safety and Innovation Act (FDASIA) expands the agency’s regulatory authorities in medical device innovation and launches a public debate about its authority to regulate mobile health applications

January 2013

HHS releases an “omnibus” Rule that makes changes to HIPAA Privacy, Security and Enforcement Rules as required by the HITECH statute

December 2013

Dr. Karen DeSalvo is appointed National Coordinator for Health IT, and becomes Acting Assistant Secretary of Health in October 2014

April 2014

ONC, FDA, and the Federal Communications Commission (FCC) issue a joint report mandated by FDASIA to propose a risk-based regulatory framework for Health IT, including mobile medical applications that “promotes innovation, protects patient safety, and avoids regulatory duplication”

January 2015

ONC releases a draft “interoperability roadmap” to achieve interoperable Health IT infrastructure within 10 years, seeking public comments by April 2015, and also issues a 2015 Interoperability Standards Advisory to highlight specifications for interoperable clinical Health IT