Why Standards Matter (2): Health IT Enters a New Era of Regulatory Control

David KibbeThe recent history of electronic medical records in ambulatory care, or what we now call EHR (electronic health record) technology, can be divided roughly into three phases. Phase I, which lasted approximately 20 years, from about 1980 to the early 2000’s, was an era of exploration and early adaptation of computers to outpatient medicine. It coincided with the availability of PCs that were cheap enough to be owned by many doctors, and with the increased capacity of off-the-shelf software programs, mainly spreadsheet and database management systems such as Lotus, Excel, Access, and Microsoft’s SQL, to lend themselves to computerized capture of health data and information.

Phase II coincided roughly with the American Academy of Family Physician’s (AAFP’s) commitment to health IT as a core competency of the organization, and with its support/promotion of the early commercial vendors in the Partners for Patients program, a national educational campaign inaugurated in 2002 which involved joint venturing with vendors that included Practice Partners, MedicaLogic, eClinicalWorks, and eMDs, among others. Several other physician membership organizations joined this effort to popularize EMRs, or crafted their own education programs for their members based on the AAFP’s model. The most popular Phase II products were, and still are for the most part, client-server software applications that run on local networks and PCs within the four walls of a practice, and tend to use very similar programming development tools, back-end databases, and support for peripherals such as printers. The industry grew, albeit sluggishly, from roughly 2002-present in an unregulated environment, with increasing support from quasi-official industry groups like HIMSS and CCHIT, and with the blessing of many professional organizations, including the AAFP, ACP, AOA, and the AAP. Best estimates are that the numbers of physicians using EHR technology from a commercial vendor roughly tripled during this period, from about 5% of physicians to about 15%. The Bush administration gave moral support to the industry, but did not provide funding or payment incentives, and mostly left the industry to itself to sort out the rules, including certification. The industry is now entering a new phase, one we predict will significantly depart from the previous two eras.

Phase III will be a time of government regulation of EHR technologies during which Congressional mandates — sometimes quite vague — will be interpreted by policy bodies within the government, which in turn will lead to federal rule-making and regulation as a means of carrying out policy goals and objectives. This will require significant interpretive work within the agencies delegated, mainly ONC and HHS, along with NIST and possibly the FDA and CDC, the results of which will have the potential to fundamentally alter the market for EHR technology and the products within that market, for many years to come.

Because there is a great deal of money at stake, Phase III will also be a period of intense competition, new and aggressive lobbying activity, and perhaps not just a few legal challenges, as winners emerge and losers fall by the wayside.


Why the revolutionary efforts to exert regulatory control over the market for EHR technologies in the US, and why now?

As we have listened to and participated in the meetings of the HIT Policy Committee and ONC staff, we have been struck by several things. First, the leadership are people who believe in principle in regulatory policy as a means of managing and improving upon the market. Secondly, they and their colleagues believe that the market for EHR technology has failed in several important respects, most notably by failing to create widespread adoption among physicians, medical practices and hospitals of even the most basic health IT tools, and by failing to institute interoperability of health data exchange, despite certifications that claim the opposite. And third, they have faith that regulations and rule-making are the means by which our nation’s providers can be incentivized, and punished if necessary, into adopting the EHR technologies and associated standards that will set the stage for long term health care reforms in the payment system. In other words, they are committed to using the regulatory tools available to them to change the course and to move the curves of IT adoption in as short a time as possible.

Anyone present or listening by teleconference to the HIT Policy Committee meeting of July 14, which was devoted to the issue of EHR certification, had to have been impressed by both the directness and the force of the attack on the Commission for Certification of HIT, or CCHIT. It was relentless, and came from all quarters: from academic informaticists, from federal standards officials, from hospital CIOs, physicians in private practice, doctor membership organizations, and health care economics analysts. And, at the end of the day, CCHIT was stripped of its previously unchallenged prerogative to set certification criteria; removed of its monopoly for certification of EHRs; and left with large questions about even the validity of its role as advisor to ONC on the processes of certification.

The HIT Policy Committee recommended, and ONC has accepted its recommendations, that EHR technology certification criteria are henceforward to be decided not by CCHIT, an industry body with ties to the incumbent vendors, but by HHS and ONC directly. The term “HHS Certification” was coined and is now in use to indicate this change. Certification as a process will focus no longer on a long list of features and functions, but target Meaningful Use, interoperability, and security only. And, in the final insult to the industry and to CCHIT, ONC declared its intent to offer contracts to several entities to do the certification once criteria are set in early 2010, on a competitive bidding basis.

Thus, by the end of 2009, the industry that makes and sells EHR technology and into which will flow upwards of $30 billion in subsidies between 2010 and 2015, will receive a set of regulations that will specify the rules they must play by. There will be regulations defining Meaningful Use, others that regulate the process of HHS Certification of EHR technologies, and still others setting out the requirements physicians must fulfill to validate that they are meaningful users of certified products. Finally, the regulations will set the standards and protocols all parties must utilize in order to meet these definitions and processes, and especially with regards to computable (interoperable) data exchanges and the security of health data while in transit or stored in databases. This will be a complex new set of regulations unlike anything that the health IT industry has faced before — although, of course, there are many other industries where regulatory control has played an important role in shaping major issues in the market, such as competition, pricing, and innovation.


What should we expect, and how might these new regulations alter the EHR technology landscape?

In his most recent book, Supercapitalism, Robert Reich provides rich detail to support his contention that regulations rarely result in the public good being achieved, the claims of politicians and agency officials notwithstanding. Instead, the regulatory environment typically becomes the battleground upon which competing firms in a sector of the economy struggle to advantage themselves and disadvantage their competitors, whenever and however possible, most often through lobbying and influence peddling aimed at Congressmen and Senators, as well as at the regulators themselves. Regulations create regulatory disputes among competitors, each side claiming the moral high ground in whatever argument is in play, and often spending enormous sums on advertising, marketing, and lobbying firms, or on lawsuits intended to increase the value of their stock or to injure the reputation of their rivals.

These battles are well known and can be fierce, but they are new to health IT as an industry sector. A regulatory tussle that is current and attracting a lot of attention is the “Internet neutrality” debate. Discussions in Congress, at the FCC, and in the blogosphere revolve around the degree to which Internet Service Providers, ISPs, should be allowed to charge, or be prohibited from charging, different payment rates based on the content and origins of material presented in Web browsers attached to the Internet. The idea could be posed this way: Should local book stores be as easily accessible on the Internet, at the same speed of downloading, as large companies like Barnes and Nobles and Amazon.com? Or, should ISPs be permitted to charge large corporations higher fees to make their content arrive faster to customers’ desktops and laptop computers?

Proponents of Internet neutrality argue that the federal government ought to regulate the industry to instill competition and protect the smaller companies, who may not be able to afford the higher prices easily affordable to Amazon.com, and in order to allow customers the greatest freedom of choice. But the larger companies argue that, by offering their bigger customers the opportunity to offer their own customers better service, the public interest is better served. They argue that to withhold the market’s determination of how rates are set is inherently anti-competitive and against the long term interests of the consuming public, which they argue wants fast access to the most popular websites. Of course, they fail to mention that setting higher rates might also boost their own profits and increase the value to their own shareholders.

Vonage is an example of a company with a disruptive technology / business model that has actively engaged with the regulatory process in an effort to protect its business plan, while also being shaped by the regulatory framework. Initially, they weren’t regulated like a phone company at all, and won a landmark case against the state of Minnesota, in which the FCC said Minnesota couldn’t regulate them as a state telecommunications company, because their service — voice over Internet protocol, or VoIP — is inherently interstate in nature. At the same time, initially in response to consumer and legislative outrage that Vonage didn’t provide 911 emergency service, the FCC has extended many telco regulations – including 911 regulations – to VoIP providers to ensure that Vonage and others can’t circumvent many telco obligations and thereby gain a competitive advantage over traditional telcos. VoIP is now subject to 911 rules, Universal Service Fund obligations, many reporting requirements. So, in this case the regulatory framework initially favored competition and innovation, but was then changed to favor the incumbents. Many hundreds of millions of dollars have been spent by both sides in this long dispute.

Regardless of whose side you take in these kinds of debates, there are always going to be “winners” and “losers” when state or federal regulatory control is put into operation. And though we may like to think that the debates themselves are objective, free of undue influence by either side, in fact this is almost never the case. Large corporations have the money and other resources to lobby both Congress and regulatory bodies like the FCC, whereas consumers’ interests or those of smaller and less well-heeled constituents are often unable to match the larger players’ coffers. This is not to say that the side with the most money always wins. But as economist Robert Reich reminds us, the incumbents most often have and keep the upper hand.


Although it is still early in the game, with the first issuance of regulations expected as a Notice of Proposed Rule Making (NPRM) in late December 2009, followed by a 60-day public comment period, the broad outlines of battles to come are now discernible. The incumbent health IT firms, mostly those such as Cerner and Epic whose growth and financial successes have been tied to large enterprise implementations, largely in hospital systems and large group medical practices, have vigorously put forward and defended a set of legacy standards that are complex, referential to other complex standards, not-well-suited to inter-organizational or personal data exchanges, and expensive to put into operation. They benefit from the promulgation and extension of these standards as regulatory mandates because, they say, this is the way to create stability in the industry. However, they fail to mention that these standards also advantage the older companies, as new entrants will have to expend significant time, energy, and money to acquire the expertise that these enterprise-friendly standards and protocols require, but which the incumbent vendors already possess.

But new entrants in the health IT economy, some very large and powerful, including both Microsoft and Google, along with a host of medium and small companies that gravitate around them like satellites circling large planets, have started to fight back. For example, Google’s CEO, Eric Schmidt, has publicly criticized the Obama administration’s current plans for subsidizing health IT and EHR technology use among physicians and hospitals. As a member of the prestigious President’s Council on Science and Technology, he was quoted as warning that the ONC’s plans threaten to lock the nation’s health care system into the technological past, rather than launch it into the future. Google is not alone in wanting to see more of the nation’s health IT infrastructure — including physicians’ practices and hospital systems — move to Web services and so-called “cloud computing,” in part because this is Google’s strength as a company and where it hopes to make its profits in the coming years.

It’s important that we end this piece on a positive note.  The Blumenthal team at ONC, along with IT specialists at the White House and HHS, are in a listening mode, and the regulations are not yet finalized.  Aneesh Chopra, White House CTO, has taken steps to open the discussion to include testimony for innovators, and to make innovation an explicit goal over at the HIT Standards Committee, of which he is a member.   He and Todd Park, CIO for HHS, have recently announced that the direction of the Health Internet (formerly the NHIN) and its massive CONNECT gateway project will be re-focused to make secure access to and transfer of health data easier and under greater consumer control, using off-the-shelf standards and protocols wherever possible.  When asked recently if these plans were endorsed by David Blumenthal, the response was an emphatic “yes,” that the team in charge of health IT within the administration was working collaboratively under Dr. Blumenthal’s express supervision.

Perhaps even more importantly, these two and others are signaling that they want input from the experts, from the public, and from those who will be affected by the ARRA/HITECH programs.   If you have an opinion about EHRs, PHRs, standards for health IT, or any other aspect of this new regulatory framework, now is the time to stand up and speak your mind.

About Brian Klepper

Brian Klepper is a health care analyst, commentator and a Principal in Worksite Health Advisors.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s