Through the Cures Act, Congress acknowledged that “information blocking” is no longer acceptable. Today is the day that rule goes into effect setting penalties for interfering with the access, exchange, or use of electronic health information unless required by applicable law(s). The loophole possibilities to implementing these directives are so numerous — privacy, security, and technology — it is hard to imagine real patient-centered change happening soon.
Medicine is pioneering new technologies that can identify patients at risk for cardiac events through the wireless connection in their hospital beds, alert physicians to possible drug prescribing errors, and enable consumers to use wearables to check their heart rate and rhythm. Yet, our health is too often determined by information technology most people long slated for their town’s dump heap or recycling center — the facsimile machine. Best known as “the fax.”
Would a student at any academic medical center today even know how to operate this tech dinosaur without training? Did they have one in their dorm or library when they first arrived at college? Would one of their peers have ever asked for the day’s class notes with the words: “fax it over?” Ridiculous. Yet, much of a person’s medical information — the stuff that influences life and longevity — is forwarded from provider to provider by way of outdated technology. How can we ever overcome the challenges of “interoperability” and information blocking when we continue to rely on fax to transmit timely patient information? How can patients gain timely access to their own data?
To implement the Cures Act rule and improve access to care, antiquated policies must be revised. Lack of consumer trust in data security inhibits the adoption of ideas that reduce costs, speed medical decision-making and help secure needed treatments. However, medicine’s unrequited love for the faxes is not love at all.
It is legal anxiety related to staying safely inside the swim lanes of the Health Insurance Portability and Accountability Act (HIPAA). The Department of Health and Human Services (HHS) created HIPAA to set privacy standards for health information; providers recognized the fax and phone as preferred ways to share patient data between providers and among labs, hospitals, specialists, and payers. But, more and more, this system of data transfer limits patient access to the very information their lives depend on.
The Cures Act is designed to help give patients greater ownership and voice over their own medical intellectual property. Yet, the HHS website still lists fax as a preferred path to share medical records, test results, instructions, and treatments.
The Privacy Rule requires that covered health care providers apply reasonable safeguards when making these communications to protect the information from inappropriate use or disclosure. These safeguards may vary depending on the mode of communication used. For example, when faxing protected health information to a telephone number that is not regularly used, a reasonable safeguard may involve a provider first confirming the fax number with the intended recipient. Similarly, a covered entity may pre-program frequently used numbers directly into the fax machine to avoid misdirecting the information. When discussing patient health information orally with another provider in proximity of others, a doctor may be able to reasonably safeguard the information by lowering his or her voice.
Four years ago, faxing remained the “best” HIPAA–compliant way of sending and receiving sensitive patient information. Why? According to the experts: it “can be a more efficient form of written communication because of the trouble and accuracy issues involved with gathering multiple email addresses.” Convenience for patients? Physicians? Regulators? Who?
We need new ways — secure and fast — to share information. Interoperability embraces a world where a consumer’s health history is accessible whether they are at world-class medical centers or community care centers. At a time when we are handwringing about medical costs, diagnostics and blood tests are repeated multiple times because physicians need data that is not readily accessible, despite its existence elsewhere. Information saves lives and keeps costs down. Pioneer companies around the globe are creating Electronic Medical Record Systems (EMR) and cloud-based AI platforms that support interoperability. It’s possible — albeit unlikely — that these companies — some challengers to the behemoths — will be at the forefront of this sorely needed evolution. However, the system has built-in “security” obstacles that will continue to tie health professionals’ hands behind their backs. It is certainly frustrating for physicians. More so, to the people, they seek to heal.
Is HIPAA Advancing Patient Access to Information?
Years ago, when my mother lay dying of cancer, I learned that the OB/GYN at a major New York-metro medical academic center had discovered a new 14 cm tumor one week before her death. That physician told me that she was waiting for the department to “type up the clinical notes,” so that they could be “faxed” to my mother’s oncologist — working in the same hospital system. The oncologist, unaware of the deadly threat posed by the growing tumor, continued to treat as if it didn’t exist. As my mother transitioned from this world to the next, I asked both of these distinguished physicians — OB/GYN and Oncologist — what they had learned. Their answer speaks to the heart of this information challenge. In unison, they replied: “We should have communicated with each other immediately.” Lesson learned! Retire the fax.
HIPAA was created for an important purpose — to maintain people’s medical-record confidentiality. However, this system, created before encrypted email and password-protect communications, is now placing people’s lives at risk. The confirmed examples of HIPAA-snafus goes on and on…
Recently, my almost 90-year old mother-in-law struggled to schedule an appointment with her physician she had not seen for more than a year. At a time when even elderly people who are vaccinated are frightened to venture outside the security of their homes, the visit required her to fill in a multi-page medical update. The problem? The physician’s office insisted that she receive and return their document by fax! Who has a fax in their home today? The unwieldy solution was to send the document by mail and have a home-health aid return the forms prior to the in-office visit. How does that advance someone’s urgent care?
While the fax may be the safest way to keep physicians HIPAA compliant, it creates a behavior inconsistent with their chosen mission — to save lives. Data safety is a priority! No question! However, this outmoded technology is in direct conflict with the physicians’ Hippocratic oath: “Do no harm!” Playing it safe may be harming people. We can invent breakthrough vaccines and therapies that arrest viruses rare diseases and cancers. Somehow, we have yet to find an agreed policy pathway to share information with confidence and speed. This is not our finest moment in medicine.
CMS Administrators have called for an end to physician fax machines. Will our medical system be ready to finally enter the 21st century of medical information sharing? Not really!
While we live in an age of wonder at technological advancements such as fitness apps and precision medicine tailored to an individual’s genetic code, health information technology remains far behind all of the major industries. Healthcare remains in a 1990s-time warp.
Now is the time to use the Cures Act and recognize that information blocking — however it’s done — is no longer acceptable.
What would Dr. Leonard “Bones” McCoy, the famed Star Trek Enterprise’s chief medical officer, say about how we share data from doctor to doctor? Likely, a similar cry from his visit to a state-of-the-art 20th-century hospital: “What is this? The Dark Ages?” Health and Human Services did not deliver on its pledge to retire the fax by 2020. Our lives should not be dependent on the policies or antiquated technologies of the previous century.
Did you get my fax yet?