ONC 2024-2030 Federal Health IT Strategic Plan

May 24, 2024 MHDC (DGC)

Interoperability 2024 Artificial Intelligence & Decision Support Data Standards & Quality Health Equity Information Blocking No Surprises Act & Price Transparency Patient Access & Experience Privacy & Security All

DOWNLOAD PDF

This document was submitted by the Massachusetts Health Data Consortium (MHDC) and its Data Governance Collaborative (DGC) on May 24, 2024 in response to 2024-2030 Federal Health IT Strategic Plan posted on the ONC website in March, 2024 and found here:

https://www.healthit.gov/sites/default/files/page/2024-03/Draft_2024-2030_Federal_Health_IT_Strategic_%20Plan.pdf

About MHDC

Founded in 1978, MHDC, a not-for-profit corporation, convenes the Massachusetts’s health information community in advancing multi-stakeholder health data collaborations. MHDC’s members include payers, providers, industry associations, state and federal agencies, technology and services companies, and consumers. The Consortium is the oldest organization of its kind in the country.

MHDC provides a variety of services to its members including educational and networking opportunities, analytics services on both the administrative and clinical side (Spotlight), and data governance and standardization efforts for both clinical and administrative data (the Data Governance Collaborative/DGC and the New England Healthcare Exchange Network, respectively).

About DGC

The DGC is a collaboration between payer and provider organizations convened to discuss, design, and implement data sharing and interoperability among payers, providers, patients/members, and other interested parties who need health data. It is a one stop interoperability resource. The DGC primarily focuses on three areas:

  1. Collaboration: Development of common understanding of and specifications for data standards, exchange mechanisms, and what it means to participate in the modern health IT ecosystem
  2. Education: helping members understand their regulatory obligations, the data and exchange standards they're expected to use, and modern technology and related processes
  3. Innovation: Identification and development of projects and services needed to make modern health data practices and exchange a reality

General Comments

This section comments on the general approach taken by ONC in the draft plan or provide comments on items that cross multiple sections of or items in the plan.

Inclusion of Payers/Payer Health IT

Participants in our Data Governance Collaborative note that the plan as presented does not seem to widely encompass or address the health IT used by payers. As this is supposed to be a general federal strategy for health IT this was concerning to the group. In addition to the increasing number of activities that span both payer and provider systems (prior authorization, API transactions, provider directories, No Surprises Act activities, etc), there are many payer-specific activities that rely on health IT that should be considered in a viable industry strategy.

Further, the lines of demarcation between payers and providers are no longer as clear as they have been at some times in the past. There are provider sponsored health plans, payer owned providers, and ACOs and other organizations and set ups that blur the lines or sometimes move activities traditionally handled by payers or providers to the other type of organization.

Lists of Uses, Priorities, Purposes, and More

The structure of the plan document presents a series of lists of uses, priorities, purposes, and other laudable goals for the strategic plan, but the mechanisms of their presentation could be improved. While this material is useful and appropriate, seeing these lists of somewhat similar and related items that are unrelated to how the bulk of the document is organized and presented before the main content (which is itself starts with another list and thus doesn’t stand out as the basis for the rest of the plan) is confusing and feels repetitive.

We respectfully urge ONC to perhaps have a single introductory slide that indicates there are many intended uses, priorities, etc (and perhaps lays out a few examples, or provides some lists without descriptions or explanations) and points to appendixes for the details.

This would have the added benefit of providing the core information quickly and limiting the possibility of losing readers because of confusion or perceived repetition.

In particular, we recommend the following slides be moved to appendixes:

  • Improve Health IT Users’ Experiences and Outcomes
  • Purpose of the Federal Health IT Strategic Plan
  • Federal Organizations’ Use of the Federal Health IT Strategic Plan
  • Federal Health IT Principles

Building on Past Government and Industry Progress

We agree it’s important to point out the areas of progress and to ensure the 2024-2030 plan builds on previous plans and actual recent accomplishments. However, this slide doesn’t quite make that jump. We suggest a higher level slide that pulls out the areas of progress to build on rather than going into specifics. This slide could point to a more verbose slide (or perhaps series of slides so the material is less dense with the specific accomplishments and achievements in an appendix).

Coordination Between Agencies

Alignment of agencies within (and beyond HHS) is an important part of any health IT strategy. Our Data Governance Collaborative participants noted that there seems to be a clear line of demarcation between ONC and CMS that undergirds much of this document (including in the previously mentioned focus on providers over payers). There are clear areas of collaboration that are touched upon, particularly in the areas of public health, but it still seems like the plan as a whole is more about ONC’s focus areas than a whole of HHS or whole of government focus.

Use of Goals with Objectives

Despite our concerns about the general structure of the document as noted above, we find the approach of setting goals with objectives under each goal is nice way to lay out a general strategy.

Disconnects Between Strategy and Reason for Strategy

We plan to call out some specific instances below, but we note that, at times, there appears to be a disconnect between various stated strategies and the stated reason for those strategies (under “so that”). Examples include cases where there is a difference of scope or applicability and cases when both the strategy and the reason are laudable and make sense as part of a plan but they do not fully align with each other (among others). We urge ONC to go through and think about whether the reason supplied fully matches the strategy it is paired with and, if not, whether one or the other should be adjusted or if they need to be moved into two separate strategies with two separate reasons for the strategy or some other change is warranted.

Consent

We note a general theme of improving consent mechanisms to give individuals more and more granular control over how their health data is shared. We strongly approve of this and encourage ONC and the wider HHS community to prioritize more granular consent in all activities, even in some cases where consent may not technically be required.

Themes of plan

We noticed several themes that cut across several different goals and objectives but were not necessarily directly called out in any of the priorities, purposes, uses, or other lists provided within the plan document. Although we find the various lists confusing and believe our suggestion above of relegating them to the appendixes makes sense, we do think it may make sense to provide a single “overarching themes” list, or perhaps “new or increased areas of focus” list to highlight things like consent (as noted above) or improving health literacy and health/health IT education or promoting competition that seem to cross different goals and objectives as new or increased areas of focus.

Certification and other Tools

We realize this could verge more into tactics than strategy if not addressed carefully and it doesn’t necessarily fit nicely into the goals-outcomes framework, but our Data Governance Collaborative was struck by the lack of direction and information about any strategies for deciding when to require certification for something vs when to leave it up to the industry to adopt at will. This touches on many of the topics already raised such as cross-agency coordination, building on past progress, and more so we felt it worth mentioning.

Similarly, we wondered if specific strategies for advancement of industry-wide tooling for various priority areas should be addressed or if they fell too far down into the tactical realm.

Our other comments assume these areas are out of scope.

Use of Social Determinants of Health data/Health Equity data/Demographic data terminology

We urge ONC, HHS, and the federal government more widely to more consistently define and use the terms “SDOH data” (or variants thereof), “health equity data” or “equity data”, and “demographic data” so readers are crystal clear on what is being discussed or proposed at any given time.

The most common general definitions we’ve seen fall along the lines of (paraphrasing of concepts are ours):

  • Health equity/equity data: a superset of demographic and SDOH data consisting of all data likely to affect health equity or designate an individual as part of a population for which equity concerns are captured/researched
  • Demographic data: characteristics an individual is born with or adopts that represents some type of feature commonly used to group or categorize individuals across or as part of a population
  • SDOH data: individual situational data concerning an individual’s ability to interact with society in expected ways or that identify issues that cause detrimental outcomes for the individual

We note that there is some mixing and matching of this terminology throughout the plan. While we know the definitions above are not necessarily the ones that ONC, HHS, or the federal government more generally would choose, we feel it is important to have specific definitions delineating these three types of data which should then be consistently applied across all programs, documents, regulations, etc. including this plan.

We realize this may be a larger project than is possible within the scope of adopting this plan, so we propose that plan-specific definitions that are adopted and consistently applied would be a good first step. We note that the process used to decide whether data elements are placed under the Patient Demographics/Information data class or elsewhere within USCDI might be a good starting point for making the distinction between demographic and SDOH data given the wide applicability of that data set.

Response to Specific Items

This section will address specific goals, objectives, and strategies listed in the plan and provide our responses to them

Goal 1, Objective A, Strategy: Protect the privacy and security of EHI in circumstances beyond those addressed by all applicable federal and local regulations and statutes

This strategy appears to span beyond HIPAA to other regulations and laws, most directly applicable of which is the FTC Health Breach Notification rule covering third party apps developed by for-profit organizations that (generally) fall outside of the scope of HIPAA. However, the “So that” rationale for the strategy specifically references reaching beyond the scope of HIPAA as the explicit reason why this strategy is in place.

This is inconsistent.

Either the strategy itself should be tightened to address “all things not HIPAA” or the rationale for the strategy should be expanded to include all avenues of regulatory/statutory privacy rules covering third party apps and other PHI/EHI. If tightening the strategy, mention of the FDA rule, at a minimum, as one avenue for addressing this strategy may be appropriate.

We further suggest that, since the scope of the strategy document is federal, the strategy focus on federal laws and regulations regardless, perhaps with an additional strategy (objective? Goal?) of coordinating across the federal and state landscapes to ensure privacy rules are compatible with each other at each level.

Goal 1, Objective C, Strategy: Use health IT to distribute health education and disease prevention measures to communities

This is a laudable strategy toward meeting the goal of making communities healthier and safer. However, the stated “so that” rationale is not entirely aligned with this goal. In particular, the rationale of achieving a more equitable care experience for all is again laudable and something we wholeheartedly agree with. However, the line between the two is not clearly drawn. If the rationale is improving health equity through increased health literacy, then the strategy perhaps should be something like “Use health IT to distribute health education and disease prevention measures to communities in the languages and formats best suited to their populations” which is more specifically aligned to that desired outcome.

Goal 2, Objective A, Strategy: Use health IT to support payment for high-quality, value-based care

This is another example where both the strategy and the supplied rationale are laudable but it’s not obvious how they fit together. The rationale presented for this strategy is:

“Health care providers deliver high-quality care in a transparent, modern, and competitive market”

This should be a desired outcome of any health-related strategy. However, it is unclear how that ties back to payment in any way or that value-based care is the sole or even main mechanism for addressing transparency, modernity, or market competitiveness.

We respectfully suggest that a different rationale might be more appropriate for value-based care strategies and that one or more new strategies address transparency and competitiveness as outlined in this rationale.

Goal 2, Objective A, Strategy: Increase transparency and understanding of health data that goes into algorithm-based decision support tools

Perhaps it is intended to be a tactic for implementing this strategy, but given the way this plan discusses education and health/health IT literacy throughout, it stood out to us that there wasn’t a corresponding “provider education” strategy around explaining how AI/DSI works to providers who may not be data scientists and likely do not understand the nuances and specifics of what DSi tools are spitting out at them without education on their probabilistic nature, use of thresholds, and other standard AI mechanisms that might greatly affect how those tools work when providers (and others) use them.

We also note that the strategy itself is not explicitly provider-specific, but the rationale provided is. There are other parties that need that same level of confidence (such as patients, and perhaps payers if the results are used in making care decisions that might be covered by payers).

Goal 2, Objective B, Strategy: Expand health IT use beyond hospitals and physician offices

We respectfully note that health IT of all sorts is widely used outside of hospitals and physician offices already, including by the various types of provider organizations outlined in the related rationale for this strategy as well as by payers and many other types of health-related organizations.

If the strategy is meant to expand the use of EHRs as opposed to health IT more generally, the strategy should explicitly say so. Further, we suggest that other types of organizations be called out regardless including payers (for care management programs and beyond), community service organizations providing SDOH-related interventions, emergency medical services, and more.

Goal 2, Objective B, Strategy: Advance the collection and use of standardized social determinants of health data (including preferred languages) to reduce health and health care inequities and disparities

Participants in our Data Governance Collaborative thought it strange that preferred languages were specifically called out here (and also note it’s demographic data; see general terminology comment above). Why this one factor? If calling it out because it might result in proper availability of translation services, one could argue that noting disability to promote the availability of disability-related services might also be appropriate (and perhaps even more important as they are even more likely to be difficult to access than language services).

Goal 2, Objective B, Strategy: Use digital engagement technologies beyond portals to connect patients to their health information

We applaud the specific call out to move beyond portals, and hope this includes the sometimes-requirement of having an active portal account in order to use third party health apps. We also note the mention of self-scheduling in the rationale provided for this strategy and note the lack of mention of better backend integration of clinical and administrative systems within this plan. While perhaps this is a tactic that could be employed to meet this and other strategies, goals, and objectives of the plan, we think it warrants higher level, explicit mention in this plan as something needed to ensure better patient (and provider) access to data generally.

In addition to access to scheduling systems, this has come up within the context of SDOH where reasons for missed appointments, pertinent financial information, and other data that could and should be used to screen for and note patient SDOH issues is segregated off in administrative systems that do not feed into or otherwise integrate with clinical systems being used to tie SDOH findings to particular patients.

Goal 2, Objective C, Strategy: Encourage pro-competitive business practices for the appropriate sharing of EHI

The stated rationale for this strategy is vital, but seems very incomplete. We believe an ecosystem that allows individuals to easily select and use the health applications of their choice without special effort is important and encouraging practices that enable this absolutely should be present within the health IT strategy. However, upon reading this strategy within the context of the stated objective, our initial assumption was that it was a plan to address provider views that data is a competitive advantage and thus sharing it with payers or many others is a bad thing they should not have to do. Information blocking rules are hopefully making inroads in addressing this attitude, but we know it is still very much part of the provider mindset in many cases and something that the federal government could do a lot to mitigate.

Given this, we would also like to see a version of this strategy that calls out that the data itself is not a competitive advantage but rather the table stakes of doing business and sharing data (within the confines of laws, regulations, and consent structures) serves everyone. The extra things different providers, payers, and others offer as a result of having the data that drives their business are the competitive advantages they bring to the table; sharing EHI to make that possible is a pro-competitive business practice that allows organizations to develop programs that attract patients because of their quality, innovation, and perceived value to patients and communities.

Goal 2, Objective C, Strategy: Make care quality and price information available electronically

We strongly approve of this strategy and the related rationale for including it in the plan. We note a growing industry pushback toward the patient-centric components of current price transparency efforts such as the Good Faith Estimates and Advanced Explanation of Benefits components of the No Surprises Act and feel the government has a large role to play in ensuring the patient voice is heard as payers and providers work to implement these and other provisions designed to make price information for scheduled services available to patients as well as support their ability to shop for the best combination of price and quality to meet their specific needs.

Goal 2, Objective C, Strategy: Support efforts to merge clinical and administrative data streams, including payment data

In keeping with our last comment on price transparency, we applaud the ability to include financial information in care discussions at the time those decisions are being made by providers and patients. However, we hope that this merging of data goes well beyond financial data and the specific rationale outlined in the plan at this point in time. We do not wish to dilute the importance of making financial data available at the time of care, but perhaps the rationale for this strategy could be extended slightly to encompass other administrative data as well. We suggest the following edit:

“Health care providers and patients have access to real-time financial and other administrative data at the point of care…”

Goal 2, Objective C, Strategy: Foster a safe and secure health application market

We note the rationale for this strategy is perhaps too restrictive in its mention of just providers and patients. We believe the entire healthcare ecosystem benefits from safe and secure health applications including not just providers and patients but payers and others as well.

Goal 2, Objective D, Strategy: Provide education and outreach on applicable regulations and expected business practices related to EHI sharing

Participants in our Data Governance Collaborative note that this strategy is on point, but the rationale for it is perhaps overly focused on privacy and security concerns. We absolutely believe respecting privacy and security is essential and must be part of any and all conversations about sharing any data of any kind, let alone EHI, but there are also other important aspects to data sharing that are not reflected in this strategy and that are also worth calling out as important to relations and expected business practices around EHI sharing.

In particular, education around when providers and payers are required or expected to share information that perhaps in the past they did not or reluctant to share, who they should be sharing it with, and the mechanisms they are expected to use to share it seem like important topics to include around EHI sharing expectations.

Goal 3, Objective A, Strategy: Advance individual- and population-level transfer of health data

While we laud the idea of advancing the transfer of health data, it might be helpful to outline some specific expectations or hoped for outcomes of advancing this strategy given that, in theory, full EHI export is already required to be supported on both an individual and population level. More guidance on what else you have in mind here would be a helpful step toward understanding why this is still part of the ongoing health IT strategy for anyone who might think this has already been accomplished.

Goal 3, Objective A, Strategy: Foster data governance that reinforces privacy protections for large datasets

We find it interesting that, despite many mentions of consent throughout the strategic plan, consent is not raised in this context. We believe that consent should be part of any use of PHI or EHI in research and patients should have the right to consent or decline the inclusion of their data in any data used for research purposes.

Goal 3, Objective A: All strategies

Participants in our Data Governance Collaborative were slightly perplexed by the changing lists of health IT users across the different strategies found in this objective. We respectfully suggest the plan may be more digestible if a standard list of health IT users is mentioned across each of these objectives even if an argument could be made that a particular strategy is not applicable for one or two of the group of users.

Goal 3, Objective B, Strategy: Promote increased transparency into the development and use of AI algorithms in health care settings

Participants in our Data Governance Collaborative note that the rationale listed for this strategy does not entirely line up with the strategy itself. In particular, the rationale is to mitigate bias which we wholeheartedly agree needs to be addressed. However, the strategy itself has broader applicability and is not particularly related to bias or mitigating bias beyond transparency being a pre-requisite for recognizing and mitigating bias.

We believe that transparency in development and use of AI algorithms should be tied to the need for patients, providers, payers, researchers, and others to understand the tools being used in decision making so they can be applied correctly. Mitigating bias is only one component of this, albeit an important one. We note that bias is explicitly called out in a separate strategy in Goal 3, Objective C – perhaps the correct answer is to make this strategy more general and focus on bias in AI in the strategy under Objective C.

Goal 4, Objective A, Strategy: Promote mechanisms to address data governance and provenance

We believe this strategy is important but wonder if it would be better served by calling out provenance as a separate item with a note about the importance of tracing how data flows through the system, not just its origin, and highlighting its role in understanding where errors may have been introduced or quality otherwise impacted via data mapping choices or other issues as well as its importance in understanding where to go for more details about a specific piece of data.

Goal 4, Objective A, Strategy: Reduce financial and regulatory barriers to innovation

Participants in our Data Governance Collaborative note that the barriers are not specific to health IT developers, but also exist for health IT users. It does no good to develop something innovative if no one can afford to use it, and without the ability for real world usage, how do we judge whether something truly is innovative and works to solve the problem it was designed to address.

Goal 4, Objective B, Strategy: Advance a Trusted Exchange Framework and Common Agreement (TEFCA) that creates a universal governance, policy, and technical floor for nationwide interoperability; enables individuals to access their EHI; and simplifies connectivity for organizations to securely exchange information

Participants in our Data Governance Collaborative note that TEFCA is a tactic being used to help address the need for universal governance and a technical floor for nationwide interoperability and this strategy is not well served by melding the two. Even if TEFCA did not exist or were to fail to take off for some reason, the underlying strategy may be sound and achieved via other means.

We respectfully urge ONC to separate out the tactic of TEFCA from the strategy of universal governance and setting a nationwide interoperability floor, just as it did not explicitly impose USCDI into its discussions in various places where it might have done so if digging into tactics around how certain strategies might be implemented.

Goal 4, Objective C, Strategy: Assess current and expected health IT and broadband infrastructure demands

We respectfully note that cell service deserts exist and should be part of this discussion as much as broadband deserts given the increasing prevalence of app usage. We also note that the geographic locations of each are often different and addressing cell service deserts may require completely different approaches than the more widely discussed broadband deserts. Further, the cell service deserts may be more complex than lack of cell towers or building new physical structures of some sort to bring service to a new area as there are physical building components and features sometimes found in taller buildings (especially older buildings) that make areas that otherwise have a high level of general infrastructure prone to issues with cell service (for example, this is an ongoing issue in some parts of Boston and Cambridge that tend to have tall but older buildings).

Goal 4, Objective C, Strategy: Enhance and expand broadband access and communication infrastructure

It is unclear to us why this strategy is applied only to providers. It seems more generally applicable to all organizations and individuals in healthcare (see comment above).

Goal 4, Objective C, Strategy: Support adoption and development of infrastructure needed for telehealth

It might be worth noting that part of meeting this strategy should involve audio-only telehealth given the equity component mentioned in the strategy rationale and continuing support for audio-only telehealth is important for health equity.

Share This: