An Alternative Proposal for Certification

John D. HalamkaSome have suggested that my comments over the past few months about the Meaningful Use program, MACRA/MIPS, and Certification imply that we should just give up - throw out the baby with the bath water.

That’s not what I’ve written.

Here’s a clarification.

I believe MACRA/MIPS is the right trajectory - create a set of desirable policy outcomes, then enable clinicians to choose technology, quality measures, and process improvements that are relevant to their practice.

Although the current MACRA formula is overly complex, it’s the right idea and I’m confident that CMS will revise the notice of proposed rulemaking appropriately.    My metric for MACRA’s success is simple - can a clinician keep three goals in mind while seeing a patient and be rewarded if successful i.e.

  • Ensure care is delivered in the most appropriate location in the community (urgent care, home care, rural hospital)
  • Focus on wellness/prevention
  • Avoid redundant and unnecessary testing, medications, and procedures

My issue is that MACRA currently “inherits” the flawed 2015 Certification Rule that is a kitchen sink of immature standards and a black hole for developers.   Overly zealous regulatory ambition resulted in a Rule that has basically stopped industry innovation for 24-36 months since it has listed every use case for every purpose including those unrelated to Meaningful Use and MACRA.   For vendors, every “OR” means an “AND” - developers must implement everything in the Rule because some stakeholder will demand every transaction in the regulation.   There was little curation in the Rule and most of the HIT Standards Committee recommendations to limit scope were ignored.

Here’s my recommendation for the path forward.   When the MACRA/MIPS rule is finalized it needs to reduce or eliminate dependency on the 2015 Certification Rule.  I realize that is highly unlikely because the Obama administration is drawing to a close and as of June 2016, there was not enough time for clearance processes to consider any major changes in regulations.   However, the entire HIT ecosystem is begging CMS to realize that the 2015 Certification Rule is mostly burden without benefit  - it paralyzes the industry for years without increasing interoperability.   Maybe subregulatory guidance can help diminish the role of the 2015 Certification Rule in MACRA/MIPS if regulatory change is impossible.

I’ve said this many times before, but here it is again for clarity.    There are 3 kinds of interoperability - push, pull and view.

To push data from one place to another you need a directory of endpoints (could be a provider, patient, payer, quality registry, or clinical trial database), a means (technical or policy) to trust those endpoints, and  a transmission standard to send data to an endpoint.

The right approach is to use a FHIR-based query/response for endpoint addresses, a private industry enabler for trust (such as DirectTrust, Surescripts, Commonwell etc) and a RESTful approach to push data from point to point, although the Direct protocol will suffice, given the regulatory and political history of the past 5 years.   Remember, Direct was a political compromise.  REST was always the desired technical solution.

To pull data from one place to another you need a master patient index/record locator service, a consent registry, and a query/response transaction for the data.    The right approach is to use a FHIR query/response for the master patient index/record locator service, and a FHIR query/response to request the records.   Consent can be handled in policy, technology or both.

To view data from one EHR in another EHR you need a means to identify the patient (probabilistic matching based on name/gender/data of birth or a national healthcare identifier).   You need shared authentication and authorization of trust such as OAUTH2/OpenID and a means of calling a remote viewer using a URL (a RESTful approach)

If I were King for a day, I would require certification of only 5 things

  1. Use of OAUTH2/OpenID to demonstrate an organization is a trusted exchange partner
  2. Use of a FHIR-based query to request the electronic endpoint address for a push transaction.
  3. Use of  a RESTful approach to push data to an endpoint
  4. Use of a FHIR-based query to request an enumeration of a patient’s record locations
  5. Use of a FHIR-based query to exchange the actual record (a common data set of key elements using the best available vocabulary standards)

We should limit certification to production testing of an EHR’s ability to do those 5 things.  The result would be seamless interoperability controlled by providers and patients, empowered by the vendors.

Developers would then return their programming resources to innovation and meeting their customer needs.

If Brexit taught us anything, it’s that over regulation leads to a demand for relief.

  • Pythagoras' Theorem has 24 words.
  • Archimedes’ Principle has 67 words.
  • The Ten Commandments has 179 words.
  • The US Declaration of Independence has 1300 words.
  • The EU regulation on the sale of cabbages has 26,911 words.
  • As a comparison, the 2015 Certification Rule document has 166,733 words.

As I’ve said in an earlier post, we need to step back and ask what we’ve done to ourselves.  We can be thoughtful and incremental about addressing regulatory zeal and we should start by eliminating the concept of Certification as it exists, replacing it with only 5 criteria that are easy to understand and measure.

An Alternative Proposal for Certification was authored by Dr. John D. Halamka and published in his blog, Life as a Healthcare CIO. It is reprinted by Open Health News under the terms of the Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License (CC BY-NC-SA 3.0 US). The original post can be found here.