The shift towards value-based health care has important and exciting implications for the digital health industry. In its pursuit of quality over quantity, value-based health care relies heavily on data and data analytics, and while providers can generate troves of raw data, they are ill-equipped to marshal that data in all of the ways that a value-based health care system demands. Companies in the digital health space, by contrast, are so equipped; they are able to fill this void by gathering volumes of information from disparate sources, aggregating it, and meaningfully analyzing it in order to generate the clinical, quality and payment insights required to foster the growth of value-based health care.
In this segment of our value-based health care teleconference series, “The Role of Digital Health in the Shift to Value-Based Health Care,” health care counsel Ira Parghi and health care associate Christine Moundas will discuss the role of digital health in the march towards value-based health care, and some of the operational and compliance challenges that this may raise for providers and digital health companies alike.
Click the links below to access the presentation materials.
Joanna Bergmann: Good afternoon, welcome to Ropes & Gray’s teleconference on the roll of digital health and value-based health care. And I guess a good morning to you guys on the west coast.
Today’s teleconference is part of our transition to value-based health care teleconference series and we thank you for joining us. My name is Joanna Bergmann and I am counsel in the health care group, resident in the New York office. I’m joined today by my colleagues Ira Parghi, counsel in the health care group out of our San Francisco office, and Christine Moundas, an associate in the health care group here with me in New York. We hope you find the program worthwhile. Nothing we say, nor our slides, should be construed as legal advice or legal opinion on any specific facts or circumstances. Today’s presentation is not intended to create a lawyer-client relationship and you are urged to consult with your own lawyer concerning your particular situation and any specific questions that you may have.
As the title suggests, we are focusing today on the role of digital health in value-based health care. We think that this is a particularly important and interesting topic because digital health really cuts across all points and all components of the value-based health care enterprise. It’s really the engine driving it forward. Whether you are a provider, a payor, or a patient, your experience with value-based health care will be shaped by digital health in inevitable and myriad ways. Today, we’re going to discuss a bit about why that is from a high 10,000 foot level and then turn to, and focus on, a number of digital health technologies, looking at their role and relevance in value-based health care, and then exploring some of the operational and regulatory challenges they present, including the role and impact of data privacy and protections.
So, I’m on slide 3 now—we’re just going to sort of define our terms, and these should obviously sound pretty familiar to you by now. Value-based health care is a reimbursement system that derives from a recognition that fee-for-service models can be inefficient and can implicitly encourage the delivery of unnecessary or ineffective care. I like to think about value-based health care as elevating value-centric outcomes over value agnostic output by promoting the delivery and consumption of more informed and better curated care. But in short, value-based health care is a reimbursement system that compensates health care providers for the quality of care they provide and not the volume of procedures they perform, which is the hallmark of a fee-for-service system.
But what do we mean when we talk about quality and what are we really referring to? I’m going to take a minute or two of acknowledge quality because I think for all of it’s appeal, especially when compared against quantity, it is really an operationally-challenging target; where quantity is precise and singular and administratively simple, quality is a relative, multi-factorial and variable concept that depends on the component of care. There are hundreds of quality metrics out there and which one applies often depends on several factors and the present circumstances.
For me, and it’s sort of something of an aside, I find it helpful to think about quality measures as falling into one of the four categories we describe on slides 4 and 5. Briefly, these categories are structure, which evaluates the characteristics of a care setting; process, which evaluates patient health care as a result of the care received and whether care goals are accomplished; outcome, which evaluates whether services provided are consistent with routine clinical care; and patient experience, which is somewhat self-explanatory and increasingly relevant. We also discuss on these two slides some of the challenges and considerations that sort of piggy-back on all of these types, and we can talk about that down the line.
Turning to slide 6, quality is also time and labor intensive. As you can see from this slide, numerous steps are involved in the development of a quality metric; from the clinical research that informs and creates the evidence base, through to the development of clinical guidelines and standards of care, to the development—and ultimately the endorsement— of a quality measure. And from slide 7, you can see more about the individuals and organizations who contribute to the process along the way.
In establishing the evidence base, you have public agencies, such as NIH, PCORI, AHRQ, and private companies in the pharmaceutical space, the medical device space, AMC’s, advocacy organizations, and professional societies. In terms of developing and endorsing the quality metrics, we have government agencies, private, non-profit organizations and for-profit companies, all weighing in on what the quality metrics should be, and ultimately, the metrics need to be endorsed. There needs to be a consensus of stakeholders including consumer groups and professional societies.
Turning to the next slide, slide 8. Quality is also resource intensive— and the critical resource here, and the one that leads us directly to digital health, is data. If digital health is the engine of value-based health care, then data is its fuel. And as we turn to slide 9, you can see that volumes of data inform quality measure and the data derived from numerous sources, some of which are listed here: administrative sources, disease registries, medical records, research databases, qualitative data from patient surveys, focus groups and interviews, and patient reports.
But in order to yield insights and be truly useful, the data must collected, aggregated and analyzed along various dimensions. Raw data is just not enough. And this is where digital health comes in. Digital health, broadly defined, refers to the use of technology in the provision and management of health care. In recent years, I’ve seen enormous boosts in funding for innovations in digital health technologies, many of which we are going to discuss now, so I’m going to kick it over to you, Christine.
Christine Moundas: Thanks, Joanna. So, now on slide 10, I just wanted to introduce the topic— so, really we wanted to dig in a little bit more with regard to what exact digital health technologies are relevant to value-based health care, because these are really two big, separate subjects which merge together, but we wanted to focus on the particulars so that if you’re not already engaged in these topics on the day-to-day you have a better sense of where we’re coming from here.
So, Joanna was referencing quality metrics, and sort of how those metrics have been developed and how the data feeds into those metrics. What I wanted to do was step back a little bit and then talk about what specific programs those metrics have been sort of funneled into, and the role of the federal government in establishing a very broad policy framework in which those metrics are now being implemented and being used to actually implement the value-based health care programs. And just to be clear, when we think about this, there’s really two separate but intertwined policy tracks that have moved forward over the past ten years or so, that the federal government has driven, which separately address these issues. So, I’m going to refer to the value-based health care policy setting framework on one hand, and then talk about the digital health policy setting framework on the other hand, just so you get a sense of how these have separately rolled-out in parallel and then now are fusing more and more over time.
So, first to get to the topic of the value-based programs, in particular, moving to slide 11, you’ll see this is a very helpful graphic that CMS had issued, which shows over time—over the past ten years or so—more of the specific legislative actions that Congress undertook to push certain legislative priorities in the area of value-based care, and then what are the specific programs that CMS, in particular, has been rolling out to address those very general value-based priorities. So, overall, you’ll see that it’s the role of the federal government in pushing this agenda using different programs that are quite complex and really very ambitious.
So, just to sort of walk it back to 2008, which is where this slide begins— although you could point to some earlier initiatives—you had the Medicare Improvements for Patients and Providers Act (MIPPA), and as you’ll see in this graphic, that in particular related to the ESRD quality incentive program— so, that was one that was rolled out in 2012. Then you moved to 2010 and the Affordable Care Act (ACA) and obviously that then triggered a lot of different value-based programs and this shows (in green) which programs were then rolled out over time. So, in particular, you have the hospital value-based purchasing program, you have the hospital readmissions reduction program, you also had the value modifier and also the physician value-based modifier program, for instance; so, those green initiatives—they’ve gone through over time and they’ve had, I’d say, varying levels of success, but have been very important in shaping providers’ reactions to this space.
Then, of course, with PAMA, which is the Protecting Access to Medicare Act, that then rolled out was going to be the Skilled Nursing Facility value-based purchasing program—and again, this is an example of where you’re now seeing other types of providers being impacted by the value-based program and the paradigm, and I’d say that Skilled Nursing Facilities hadn’t been previously focused on a lot of other efforts.
And then most recently you have MACRA, the Medicare Access and Chip Reauthorization Act of 2015, and that is really impacting a lot of individual providers and physicians with the alternative payment models, as well as what’s known as MIPS, the Merit Based Incentive Payment System, so that is sort of the next thing to come. There are other CMS value-based programs that are not mentioned on this slide but I thought this was very helpful in sort of laying out how this has been slowly rolled out over time, in a very systematic way by Congress and by CMS.
So, then turning to slide 12, I wanted to talk simultaneously on the other hand—what had the federal government been doing to push a similar systematic adoption and progression of digital health in health care? And the most fundamental program that they had here was the EHR or Electronic Health Record Meaningful Use Incentive programs. Now, the legislative source of this program was in 2009, the American Reinvestment and Recovery Act, so that’s right between when MIPPA and the ACA were passed, you have in 2009 this major legislation; in particular, you had the Health Information Technology for Economic and Clinical Health Act—or the HITECH Act— and that really just authorized a huge amount of money to go into the American market to incentivize eligible hospitals and eligible providers and physicians to adopt, and then meaningfully use, electronic health records. And I think it was something authorized in the area of like $36 billion, so it was a tremendous investment and this really created a huge push for providers to adopt and really get comfortable with these technologies.
The federal government had actually been quite involved in pushing forward health IT previously; you go back to even the Bush administration, certain executive orders that were passed to make it a federal priority, as well as the establishment of the Office of the National Coordinator for Health IT and the US Department of Health and Human Services, but it wasn’t until there was money matched with this federal priority that it really made much of a difference in the industry, and it really has had a tremendous impact. I’ve seen sort of conflicting recent statistics but, you can certainly say that now a majority of health care providers in the US have adopted electronic health records.
And the Meaningful Use Incentive Program—the rule-making process has now been going on for seven years in terms of creating specific regulations as to how this Meaningful Use Incentive Program would work. You have different meaningful use objectives and measures that eligible hospitals and eligible providers need to meet in order to successfully drawdown incentive funds. But the timing has shifted over the years and some stages have been pushed back; I like this graphic that was from hitconsultant.net, because what it did was it showed, at a very high level, what were the priorities of this program other than just forcing adoption of electronic health records; and really, what it was trying to do is say ‘okay, how does this become a meaningful tool in the health care realm’?
So, first you have stage 1—and one of the core goals was really the building block of all this—data capture and sharing. So, just as Joanna said, the fuel for all of this is essentially the data; what the federal government first I want to make sure of was that these electronic health records were accurately capturing data and that people were beginning to share it; so, that was sort of the more modest initial goal of the program.
Then in stage 2, as providers became more comfortable with the technology as the technology became more reliable and complex, the federal government was pushing for providers to then use advanced clinical processes or link the technology to advance clinical processes so that it wasn’t just a stand alone tool, but it was actually empowering providers in the provision of clinical care.
And then stage 3, which is really what we’re moving towards now, ultimately the goal is improved outcomes—and of course, that perfectly aligns with what the goal of value-based health care programs are. So, overall, the goal was not electronic health records for the sake of electronic health records, it was to improve the quality of patient care by promoting better clinical outcomes, improving population health outcomes, increasing transparency and efficiency, empowering individuals—and we’ll talk a little bit about the way in which that’s done—and then also even having this data aggregated so it could be used for research and other purposes. So, more detail to talk about there, but that really, I think, sets the stage for how the federal government was pushing most forcefully digital health—of course, there are a lot of other ancillary programs, but I think this was the one that really moved the ball the furthest in the policy realm.
So, now that we’ve talked about sort of the federal framework in which they’ve been trying to push value-based care on one hand, and then digital health technologies on another, I just wanted to then dig into a little bit what do we mean by digital health technologies, other than just electronic health records themselves—what is around this and what are the particular technologies that are useful and important to providers?
So, if you see on slide 13, this is a very high level list that we’ll dig into of the particular technologies that we think are most centrally important to value-based health care, and which really are the specific technologies that are actually going to advance these initiatives. So, they’re overlapping in some ways, so we’ll talk about that, but this is sort of a nice framework for the way to think about different types of technologies and functions. So as I mentioned, electronic health records was really the focus of the federal government’s initiatives, and when you think about it, just on a very basic level, it’s simply a digitized version of patient’s paper charts, but everyone wants it to be more than that, right? Because you want to be able to extract additional value—get higher level functions out of it—so they’re intended to be real time patient-centric records, and they’re supposed to also incorporate other key functions.
And, I’ll just say the electronic health record market itself is complex and it’s been increasingly standardized over the years. Under the EHR meaningful use program, it’s actually required that providers adopt a certified EHR technology, and that’s a defined term, and at it’s most basic level, it means that it meets certain certification standards under the certification program, which was also pushed by the federal government and that certification program. The initial intent was to give providers, I think, really, more confidence when they were buying certain EHR technologies that they were getting good, functioning, high value technologies, but it’s also to try to force the concept of standards, so that all different EHR vendors can exist, but there would still be some framework for interoperability and exchange; so, that was really the intent of having that certification program in place.
So, when you think about electronic health records and the relevance to value-based health care—a little bit like I was saying before—first of all, it’s really the building block of digital health technologies here and it’s now at the point where it’s widely adapted, which was not the case 10 years ago. And it’s also sort of the vessel by which other key functionalities are incorporated, some of which I’ll talk about—but you have clinical decision support that can be built right into the EHR technology; you have computerized provider-order entry (or physician-order entry), that’s another function that then has gotten digitized; you have electronic prescribing, which has it’s own sort of regulatory framework around it, but that sort of gets built into, or incorporated into, EHR; and you have other functions like medication reconciliation, allergy alerts, other things like that that can be built in. And like I’ve been saying there is requirements for interoperability, data portability, safety, usability—so there’s quite a lot that the federal government is doing to try to create a stable framework around these EHR technologies. And as I’ve been saying in the EHR incentive programs, there’s an increasing focus on clinical quality measures, which then has a direct bearing on value-based health care.
When we move to slide 15, you’ll see sort of the next level type of construct that we think about in digital health in relation to EHRs, is really health information exchanges. And this, again, is a fairly old concept that’s been around for quite a while in healthcare, but now it’s becoming more and more real as EHRs have been adopted more widely. So, the basic concept is that it’s supposed to be real-time, or near the real-time, interoperable exchange of information between different types of healthcare stakeholders; and the idea is not to just have information exchange for the sake of exchange, but to actually have providers be able to use and interpret the information and make it meaningful for clinical care. And over the years, there has been different types of terminology used around these constructs including regional health information organization, heath information exchange organizations, etc. There’s also been different federal initiatives around trying to push the discussion forward on how to make this sort of scale up, and that things like the National Health Information Network construct—that’s something that’s been worked on for quite a while.
So, the relevance here to value-based health care: the data sharing, really, this is quite important for value-based initiatives because you can potentially, depending on the scope of an HIE, have data shared across providers in all care setting. So, you could create linkages between ambulatory, acute, post-acute, long-term and specialty providers. And that, of course, would then enable better continuity of care. It also potentially enables benchmarking and analysis depending on what type of functions or goals have been set for the health information exchanges. And then, of course, this exchange and better continuity of care is now sort of directly linked into the value-based payment models. And Ira, later on, will talk about some of the challenges associated with getting involved in, or establishing, an HIE from a regulatory perspective. And I think in advising clients in this area, it’s clear that there’s not just legal issues that people worry about here, it’s really business issues—what’s the value add, and really, what’s achievable from a practicable perspective in a fairly complicated regime?
Then moving to 16—just to sort of scale back to some more focused-types of technology, less broad then the health information exchange goals, you have clinical decision support. Again, I had mentioned that this can actually be built into the EHR technologies, but clinical decision support is really intended to provide clinical guidelines in a digitized form; and it can include condition-specific order sets; it can also include alerts and reminders for clinicians and patients; you can have diagnostic support built in; you can even have documentation templates that guide providers in their documentation responsibilities. So, the relevance here when you’re thinking about improving quality, improving the value of health care, providing really timely information to clinicians and patients and really prompting these stakeholders in the right way at the right time—that’s really key. There’s the ability to eventually lower costs and improve efficiency if these clinical decision support tools are used properly. And one of the really important things is that this is supposed to support evidence-based care—you know, to the extent there is agreement on what’s an evidence-based protocol in any area, this then helps to roll that out in a digitized manner, and hopefully that can help to avoid errors, adverse events, and it’s also supposed to really try to help clinically integrate the team. So, that is sort of the general construct around clinical decision support.
A different type of digital health technology, you’ll see on 17, is Personal Health Records and Patient Portals. These are actually somewhat separate concepts, but I lumped them together because the intent is really the same. It’s supposed to be sort of an adjunct to the provider-based EHR and both of them are consumer facing and there may be consumer control depending on the way in which they are rolled out—but really, the intent is to have a repository of personal health information and health history that then is supposed to be patient facing. This empowers patients to track and monitor their own care, which is really important and, I think, research has supported that: the more involved patients are in their own care, outcomes do improve the more informed they are. It also serves as an additional means for preserving historic health information, which is quite important when you are thinking about not having to re-do certain lab results making, sure that prior procedures, etc., are documented. So again, you could see the connection to value-based care in terms of reducing duplication and increasing the amount of information flow. And this can facilitate care continuity. And just to say, patient portals—this concept has been built into the EHR Incentive Programs; there are requirements around having patient portals and meeting certain metrics around having patients view, download, and transmit their own records. So, you can see how the Federal government is trying to push this construct generally.<p.then>
And remote patient monitoring initiatives can focus on particular sets of information that are relevant to different disease states or conditions. So, you can have general vital signs which can be, of course, relevant to a wide variety of monitoring goals; you have heart rate, blood pressure, blood sugar, weight, blood oxygen levels; so diseases like diabetes, heart failure—other things— you can see how having a consistent collection of information and reporting of information to providers, even when an individual is not at the doctor or at the hospital, can be very helpful. And the relevance is that it allows close monitoring of the patient—potentially more communication with the patient—and that enables earlier intervention. So, instead of waiting for an individual to show up in the emergency room, you potentially would have signals from this monitoring that would say “there needs to be some intervention that can be implemented at the home or through an outpatient visit.” So, this could reduce avoidable hospitalizations, EP visits and complications and that, ultimately, could lower costs. So, this is really a powerful tool for care managers and potentially primary care physicians. So, you can see how remotely monitoring a patient can be quite powerful for the value-based care. And I’ll just say here what this has meant over time in terms of what specific technologies are used to bring the monitoring to patients has changed—used to be more closely tied to specific devices; now they have been rolled out using all different types of interfaces—even personal devices so that has been and interesting area to watch develop over time.
Then we go to slide 19. This, again, is sort of a sub-function, but it is important to think about and that is patient care alerts. It has been touched upon a little bit, but just to make the point of it, there are certain prompts and reminders that can be sent to healthcare providers that are really intended to provide actionable information. So, there are automated systems that may identify instances where there is a potential gap in care or certain follow up required, and these alerts may be prioritized based on urgency or severity. And patient care alerts, we’ve seen technologies that are sort of stand-alone technologies that implement this function as well as this function being implemented into EHR, so that is something to think about in terms of the way these are rolled out in reality. And again, this may reinforce certain care protocols, as well enable better clinical outcomes, and even clinical workflow optimization as you are potentially prompting providers to do the right thing at the right time with these alerts.
Then we get to secure electronic messaging on Slide 20. This is technology that enables providers to electronically exchange clinical messages with one another and it can also be with patients. This area is defined differently depending on what the goal is, whether it’s between clinicians and patients. And there is functionality embedded in the eHR technology that addresses this area and communication with patients was, in fact, a requirement under meaningful use and increasingly, of course, the communication between providers is of utmost importance in electronic means rather than having sort of separate electronic and paper communication. So again, vital to care coordination and can potentially improve patient access to the health care providers and access between providers to one another.
Then just to talk a little bit more generally about, not necessarily about the specific technology, but really a function that flows from all of this, is just data analytics generally. So, because you now have all these different technologies that are collecting information and you have these data streams flowing from all different types of modules, systems, and technologies, you then have this wealth of data that then can actually be leveraged. So, health care analysis activities that can be undertaken as a result of all this data—that’s really what we’re referring to in the analytics here.
So, when you think about different data sources, you not only have electronic eHR data now, but of course, you also have digitized billing data, cost data, patient satisfaction data—so there is a lot of potential data sources. And data analytics itself involves data capturing, data provisioning—sort of making the data fit together—and then data analysis and mining. And of course, when you’re dealing with so many different data sources, making the data work nicely with one another—that’s not a small undertaking. But this is really now an area for these big data initiatives trying to leverage this data. So, the relevance here is data analytics at it’s best could enable the examination of patterns in the data to try to come to some conclusion as to how to improve clinical care, how to avoid unnecessary costs; there could be predictive clinical modeling, things that you know, can be sort of drawn from the data by modeling it out, as well as, potentially, protocols or other types of insights that are developed that can then be used for evidence based population health management or other types of recommended care improvements. So, this is sort of a general concept that sort of floats above all these different digital health technologies, which then can be used in the context of value-based health care.
So, then just on Slide 22, just to recap, digital health these days, we’re really talking these days about a wide array of technologies, we’re talking about an increasingly sophisticated set of tools and functionality. And when we think about these big federal initiatives that are sort of converging over time, we have to think about what this all means for the individual provider. This is a very complex area and one of the things to think about is ok, in selecting and integrating these technologies, it’s not just difficult for operations in general in the health care field, but it’s also particularly difficult figuring out how this all feeds into the value-based health care realm. So, up next, Ira will talk about the challenges in selecting and integrating digital health technologies into value-based health care.
Ira Parghi: Great, thank you, Christine. I’m going to start at Slide 24 of the slide deck. And really, this portion of the presentation is going to ask the next question. Now that we understand what role digital health may play in value-based health care and what some specific examples are of the digital health technologies that may be particularly helpful, the question then becomes what are the issues we need to think about when we’re contemplating implementing some sort of digital health technology into a value-based health care initiative?
So, at a high level—and this is a stage of the analysis that is sometimes easy to skip over too quickly—there is an initial question of fit; and what we mean by that is: we have a clinical program and we have a digital technology—how do we make sure that they are appropriately sculpted and tailored to work intelligently with one another? We sometimes hear care providers say “we have a lot of data on X issue, we just don’t do anything with it”, or “we get a lot of feedback from a computerized report system about our patients and how they do, we just aren’t looking at it or acting on it.” So, the goal here is, first of all, to make sure that the clinical program that you’re thinking of really supports and needs a digital health technology. To echo some of the earlier comments, you don’t want technology just for the sake of having the technology, it needs to play some sort of role in the care program.
You want the technology to be appropriately tailored to the program; so, for instance, if you’re dealing with a particular patient population, you may want to tweak the technology or tweak its user interface to make it more appropriate. For instance, for elderly patients, you may want to change the user interface a little bit—things like that. The goal at the end is to consciously build a full clinical program around the technology, so again, not just have a technology in there for the sake of having it in there, but really make it a corner piece of the clinical care program and revise the program around it. And so, for instance, not just having the technology, but thinking about things like patient education, following up with patients, and really building a different care program around the use of the technology.
And last, sort of related to all of this, is the idea of articulating the value proposition. So, what role is it that you hope the technology will play here? What gap do you hope it will fill? How do you hope that it will actually add value and improve outcomes? Sometimes on the provider side, we get so caught up in implementing that it’s hard to pull back and remind ourselves what our ultimate objectives are, and so it’s helpful to keep in mind that value proposition all the way along.
Turning to the next slide, number 26, there are a lot of challenges that are quite specific to the shared technologies—the sort of technological and analytic questions that are going to come up and sometimes make these types of initiatives a little more complicated. Of course, you have the concern of disparate data sources, so some technologies, their whole objective is to collect data from multiple sources; that’s where the value comes from, but on the ground, collecting data from a lot of different sources and systems can actually be quite complicated. You can be dealing with large volumes of data and you can also be dealing with what’s called unstructured data; what that means is data that comes in free text form, so it’s a non-standardized narrative as opposed to data in a pre-set field. So, the example here might be, you would have a narrated discharge summary by a physician that she has dictated and appears in a typed form in the record—that would be unstructured data. A date of birth would be structured data. And any electronic record is going to have a combination of the two. The unstructured data takes some work to convert into data that’s ready for large scale analytics. You need to think about integrity, removing duplicates and outliers and normalizing the data around common terminology. And so, this is an important step of the data translation process to give some thought to.
You can also have challenges with interoperability—that refers to the ability of computer systems or software to exchange and make use of information. So, for instance, most hospitals will tell you that they run several different kinds of electronic health records, even within the same building. So, how do those different electronic systems within the hospitals speak to each other, if at all? Is it actually technologically possible to take a patient’s emergency room record and her in-patient record and make them both visible to the technology that is supposed to crunch them?
Information blocking goes hand in hand with this—that refers to any practice that’s likely to interfere with proper access to information or exchange of electronic information. I sometimes hear examples of eHR software providers who lock out physicians or hospitals who don’t pay their fees or hospitals who try to make it harder for physicians to transfer their records out of the hospital, so as to discourage doctors from leaving. Those are examples of information blocking and between inoperability constraints and information blocking, you can actually have, on the ground, a lot of obstacles to successful data aggregation. The Office of the National Coordinator for Health Information Technology, or ONC, is working on these issues in developing interoperability standards. MACRA and the 21st Century Cures act are setting out requirements and really turning this into a compliance issue. But, it’s an important piece from the technical side to keep in mind.
I am going to turn now to Slide 27. This drills down on a particular bucket of compliance challenges, all having to do with the area of patient privacy. And, there’s a lot to talk about here. I am really going to speak at a high level and try to flag some of the things to think about. One of the prior questions we always ask ourselves, in any analytics exercise, is can we de-identify this information? Because, if we can, then, of course, we can sidestep HIPAA and other laws, and sort of place ourselves outside the reach of that regulatory regime. So, it’s a helpful and entirely honorable legal shortcut, so it may be a temptation. As a practical matter, it’s really going to depend on the nature of the technology and what you are trying to achieve, and how you are trying to change clinical care in a particular program.
In many cases, as you can imagine, what really makes the data helpful is all of the granular, identifiable stuff in there. So, the patient’s age, and their course of clinical care, and the details of their care, dates of treatment, all those sorts of things may actually be very helpful; the age of the patient may be something that you want to understand better, in terms of finding connections between treatment and outcome. So, although there is a temptation to want to de-identify at the outset, it’s important to think about whether de-identification is feasible, given your ultimate objective. And, of course, some people will say you can never truly de-identify information. It’s always a bit of a dilemma between very sophisticated computer systems, and everything else. Some people say it’s quite difficult, HIPAA notwithstanding, to truly remove all identifiers. And, if you do de-identify information, you may need additional protections to keep it de-identified. Sometimes de-identified information, when combined with other de-identified information, actually in the aggregate, ceases to be de-identified, and that’s an important thing to keep in mind.
In terms of clinical data privacy, there are a few different elements here to think about, and the analysis is always going to be complicated and fact-specific. But, the ultimate question here is, how can we exchange and disclose and use the information that we need to for value-based healthcare purposes? How can we feed that information from the hospital to a technology company, for example? How does that data flow work? What are the frameworks that make it possible, legally? So, there are a few different pieces to think about here. One is, for instance, whether providing a patient’s information to an analytics company is going to require authorization from that patient, under HIPAA. Whether it’s something you want to talk about in detail in the Notice of Privacy Practices, which is the patient-facing document patients see when they go to visit their doctor— it talks about how their information will be used. Whether your analytics exercise falls under the Healthcare Operations Exception in HIPAA. So, HIPAA, as you may know, in the main, requires patient authorization to disclose data, but sets out certain exemptions from that authorization requirement. One of those exceptions is if you’re disclosing or using information for healthcare operations purposes. And, operations can include things like population health efforts. So, at first glance, in any case, it would seem like the kinds of data crunching that we’re interested in doing here would fall under the operations exception, but that’s something to think through.
Another thing to think through, whether this is a business associate relationship, under HIPAA. So, for instance, is a hospital disclosing information to some outside technology company that’s going to run the analytics, is that a business associate relationship? If so, do you have the business associate agreement and the other contracts that you really need to have? Do they permit this information to be collected, and used, and disclosed in the way you want? Do they impose any restrictions on downstream collection used for disclosure?
Another important consideration that is, in itself, a fairly complicated legal universe is whether an organized healthcare arrangement under HIPAA may be helpful. It’s a structure you can set up under HIPAA among different entities that allows for more information to be shared among them than would be the case without that structure. So, for instance, if you set up an OCA as they are called, for short, you could have an OCA with hospitals and analytics companies that are all parts of the OCA, and they could much more readily share information with one another for those operations purposes that we talked about earlier.
One more thing to throw into the mix, on the clinical data privacy side is whether state law applies. There are state laws on personal information, on particularly sensitive types of information like behavioral health information, and there’s always that piece to throw into the mix.
To the extent that the technology is going to draw on research data, there are also privacy considerations there. I won’t go into too much detail in the interest of time, but the ultimate question here on the research side is, do you have permission to use information that was gathered from a research study for a distinct purpose—a separate purpose—in this case, the analytics work you want to do on the data? And, that’s a question that comes up even if the information is de-identified; it ultimately turns on what the patient has consented to have done with his information. And, an important consideration here is that there are going to be changes made to the Common Rule. The Common Rule is the law that governs research funded by various US government departments. And, those changes will come into effect, January 1, 2018. So, really, the question we are going to have to ask ourselves, for research data gathered after that date will be different from the questions we ask ourselves now.
Quickly, a couple of thoughts on variations in state laws. States have their own laws on privacy and breach notification; they really run the gamut in terms of what entities they apply to and what types of information they apply to, and it can often be a pretty elaborate exercise in itself to wade through that.
In the interest of time, I am just going to zip over to slide 28. There are a number of information security challenges, as well as the privacy ones we talked about. How do you think about information security at all stages of the data flow, the collection, the use, the storage, the transmission? How do we think about those folks who use non-standard technology; for instance, the researcher who has a large volume of data and buys his own computer because it can handle large data volumes more effectively? Thinking about the whole world of bring your own devices—remote patient monitoring systems now, they are trying to make them compatible with individual’s own devices, so how is that going to work from an information security point of view? We have more and more devices that are connected with one another, or with EMRs—how do we think about information security in that context? How do we think about issues like cyber security, ransomware incidents? So, a number of things to think about on that side.
So, just turning to slide 29, in the last couple of slides, we've pulled back a little bit from compliance and business considerations to think a bit more broadly about how the roles of everybody in a value-based health care universe stand to change, and how there are some things that folks will now be asked to think about closely that maybe were not as important in the past. So, on slide 29, there are a number of things providers will think about as they are launching digital technologies in connection with these value-based health care initiatives. How do you maintain patient trust so that patients feel like they know what is being done with their information? How do you encourage patients to be engaged? How do you, yourself as a physician, come to understand these different technologies? It goes without saying that this isn’t the area of expertise for most providers. They often feel like this is something different from what they were trained in and the question is, “how can they become literate in, and comfortable with, the use of those technologies?” Can they handle the additional data reporting obligations? Can they cope with the additional notifications fatigue? Many doctors will say they get a notification every twenty minutes about something on an electronic system and they don’t necessarily know what to do with it.
And the last one I’ll comment on here is what we would call the data reimbursement link, and this is really a consideration that applies to everybody. So, in the past, of course, payment was based on volume or quantity and so, really the data was driven towards tracking that. And the question now for everybody, not just providers, will be, “how do we use data to show value or quality, and to make a link for reimbursement?” It’s hard to reimburse based on savings. We’re much better at measuring costs; not so good at measuring savings. And people change insurance plans often enough that someone who’s insuring a patient now may not even realize the savings from a value-based health care system— those savings may not materialize until 3 or 4 years later.
You’ll see on slide 30, we set out some considerations for payors. Payors are very important players in the whole world of value-based health care. They have contractual arrangements with their members that generally let them gather and work with a lot of data. But now, the challenge for them would be for them to think about how they want to marshal that data, whether the purposes for which they want to crunch it is going to be more in the way of predictive analytics, not just payment related crunching.
On slide 31, we’ve set out a few considerations for the digital health industry. And there’s a lot of talk about here. Patients and providers may be paying more attention to patient-facing technology. Doctors have often said they’re skeptical about technology because they are not sure the evidence supports it’s use. So, digital health players will need to think about how to make their technologies fit into the so-called evidence based rubric that physicians work with. How to make technologies clinician friendly, patient friendly, whether you want to make them HIPAA or FDA compliant, even if they don’t have to be, just because that can serve as a signal to purchasers and payors and providers that a particular technology may be a wise bet to go with.
Finally, the last thought here is employers, regardless of what happens with the Affordable Care Act, employers are, and will continue to be, the largest purchasers of health care, so an important consideration for digital health players will be how to focus on that market appropriately.
I see we are coming close on time. Are there any questions? No. Okay.
Christine Moundas: I think we might have just one quick question around what are some of the key issues faced by providers when they’re negotiating agreements with digital health vendors.
Joanna Bergmann: I would be happy to take a quick stab at that. For me, what I feel that, and this is typically sort of in the EHR space, you know, over the years and then sort of moving into some of the more mobile devices and mobile apps that we are seeing cropping up in different pods. We spent a lot of time sort of negotiating use rights and license rights kind of on the one hand, to the extent that new technologies are being developed and providers may be contributing their own intellectual property or data answers to the extent that they want to have a stake in the ultimate product, so that’s become a more lively point of discussion.
Another thing we have spent a lot of time negotiating are just the support arrangements, and the support agreements that go along with the service delivery; so, service level commitments, folks looking to make sure that their digital health vendors, you know, that there is a real relationship there and there is a real commitment to develop something that could be useful services for both sides and making sure that everybody has their feet to the fire in delivering on things. Not only to make it through some of the federal standards that, Christine, you were talking about for the EHR initiative, but just sort of generally, to serve the patient population. You know, because providers are really coming to rely on these third parties and there’s a dance, there’s sort of a delicate interplay of commitment and responsibility in making sure that the care is being delivered and the information is served up to do that. So, those are two, sort of, big buckets of areas where I’ve spent a fair amount of time, kind of negotiating terms. I don’t know if anybody has some thoughts on that.
Ira Parghi: No, I think the time has probably come for us to close things. Thank you for that, Joanna.
This concludes our program. Thank you all for joining us. If you would like further information on this topic, please feel free to contact Joanne, Christine or myself. We hope you can join us again soon. Thank you.</p.then>
Stay Up To Date with Ropes & Gray
Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Stay in the loop with all things Ropes & Gray, and find our more about our people, culture, initiatives and everything that’s happening.
We regularly notify our clients and contacts of significant legal developments, news, webinars and teleconferences that affect their industries.