If you follow healthcare news, you’ve likely heard about the recent dispute between Epic and Particle Health. ICYMI: both companies are members of Carequality, a nationwide healthcare data exchange, and they are locked in a very public battle over how patient data from Epic’s systems can be shared and used by Particle Health’s customers.
The balance between privacy and access to patient data is essential, and disputes like the one between Epic and Particle Health highlight the friction that exists between these two objectives when digital access to patient data is happening at scale. Rapidly growing health information exchanges and interoperability frameworks, like Carequality and TEFCA, bring the potential for speed and efficiency to the exchange of patient data, but they also raise questions about how patient data will be sufficiently protected and released only to authorized recipients for specifically approved purposes.
This article from Modern Healthcare about the Epic and Particle Health situation is an excellent summary of what is at the heart of this debate—trust. It talks about how information moves at the speed of trust, and what’s happening with these two companies is an example of how a lack of trust has hindered the more widespread execution of interoperability. Patients deserve transparency on how their health data is being used, and complexities around how patient data can and should be used are proving difficult to normalize across the scale of these networks (for example, Carequality exchanges 400 million documents across its network each month).
The Epic and Particle Health disagreement is between two legitimate organizations, but we also have to consider the rise in illegitimate attempts to access patient data, which are further eroding this trust gap – look no further than the Change Healthcare hack for a recent example. Medical records are 50 times more valuable than credit cards on the black market1, and in today’s digital landscape, hackers can access not just one but thousands or even millions of records in one fell swoop. If bulk patient data is accessible without the necessary guardrails to ensure patient privacy and proper limitation on use, suddenly the security risk and the associated liability are huge.
To add further complication to an already complex situation, we have not been able to align on universally accepted definitions for different data use cases as an industry. Even definitions for common terms like “treatment”, “payment” and “operations” are elusive; at the heart of the dispute between Epic and Particle Health is different perspectives on the definition of treatment. And then there’s the issue of achieving fully informed patient consent, which is becoming increasingly difficult as use cases for data proliferate in an interoperable world.
There’s not a silver bullet here, but as experts in release of information who support compliant data sharing on behalf of thousands of health systems and providers, AHIOS believes that bringing real-world release of information experience and proven best practices into the conversation can help bridge the trust gap. The interoperability train has left the station, and we are advocating for good, thoughtful governance and constituent engagement to solve these challenges before that gap continues to widen.