McKesson Corporation One Post Street San Francisco, CA 94104 www.mckesson.com This McKesson response was submitted electronically to the Office of the National Coordinator for Health IT (ONC) on. Question on priorities and topics 1. What are the 3 most important priority items that should be included in the national interoperability roadmap that will help advance interoperability nationwide? Achieving widespread interoperability requires a multifaceted approach. Over the last few years, significant progress has been made. Vendors are collaborating and improving their products to offer more interoperable solutions to their customers, and ONC, Congress, and other government entities should continue to support and encourage this progress. McKesson believes that the most important priority items include: Complete Work Started to Exchange Selected Document Types through Direct Exchange: ONC should concentrate its most immediate efforts on the forms of exchange that have been introduced in the market with Meaningful Use Stages 1 and 2. Specifically, we recommend that ONC focus on the exchange of the Continuity of Care Documents and other document types through Direct Exchange and the community-based query and retrieval of documents. We suggest that ONC concentrate its efforts on optimizing these forms of exchange across all care settings. Document-based exchange with optimized Consolidated Clinical Document Architecture (CCDA) documents will not solve all of our interoperability challenges; however, it is an important first step. Numerous challenges remain with obtaining compliant Clinical Document Architecture (CDAs). Today, underlying data is not standardized to enable the shared interpretation of information. One of the most important steps for ONC is to continue to develop the existing CCDA until it meets the original intent of the document types and general acceptance and adoption. This will require a more constrained CDA coupled with improved terminology and formatting standards. Future enhancements to the CCDA should be evaluated and balanced against available and emerging technologies (see response to question 2). Encourage a Consistent Patient Identification Framework: McKesson recommends that ONC prioritize the accurate identification of system users, patients and data sources. The creation of a consistent indexing service and record locating service for federated systems will accelerate the ease of exchange and improve the confidence level of both providers and patients. McKesson encourages ONC to support the advancement of public-private initiatives to achieve these goals. An example includes a not-for-profit trade association founded by McKesson in partnership with our industry competitors in order to create vendor-neutral services and standards that will break down the barriers that inhibit effective health data exchange. Currently, services provided by this trade association facilitate patient consent, identify and match patient records, securely access clinical data in near real-time, and transfer the data directly to existing health IT software systems, regardless of where the care was delivered. Prioritize More Robust Piloting: McKesson encourages ONC to prioritize a formalized program for piloting interoperability programs. These pilot programs, which would most effectively function as public-private partnerships, should ensure key stakeholder participation across the care continuum, allowing for end-to-end testing prior to full scale rollout. McKesson also supports the extension of these pilot programs into controlled adoption rather than uniform compliance dates for all provider types. If properly coordinated and appropriately scaled, vendor and provider participation will enable real world learning to occur in a controlled manner and will allow best practices to evolve prior to full market introduction. McKesson suggests two pilot programs that (1) address the creation and validation of a standard clinical data model for the CCDA and (2) leverage and expand the standard clinical data models for more real time exchange through Application Programming Interfaces (APIs). McKesson Comments to ONC on Nationwide Interoperability Roadmap 1
Harmonize All Data Privacy and Security Requirements: We encourage ONC and other entities within the Department of Health and Human Services (HHS) to work closely with Congress and state and local governments to harmonize the laws and regulations which address patient privacy and security and overall data rights. The patchwork of state laws, regulations, and local governance efforts creates substantial legal, financial and technological barriers to interoperability. Therefore, we encourage the federal government to promote and adopt uniform national policies and a governance framework that address patient authorization, redisclosure and secondary use to enable providers and consumers to exchange health information across state and local boundaries. As we address the data rights of patients, we must also consider the intellectual property of content creators and the unique contractual obligations that support content creation, automation and management of stakeholder clinical and operational practices. Laws are being introduced at both the state and federal levels that do not appropriately address these broad legal and business conditions. McKesson recommends more education on these topics to help frame policies that provide for responsible transparency. Generally speaking, McKesson supports the sharing of most healthcare data among both public and private organizations, provided that patient confidentiality is protected. Specifically, we support the following recommendations: o Any de-identified data that adheres to the strong standards outlined in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) should be available for research, enabling better patient care, care coordination and population analytics. o Access to government-held data, including fee-for-service Medicare, Medicaid, Department of Veterans Affairs, and Department of Defense claims data should be more broadly available to facilitate coordination of care among public and private organizations. o Data provided on claims should be complete and should include medical, pharmacy and behavioral health data, as well as data from all settings of care, including home care. o Organizations at risk for the health management and cost of care should have timely access to the necessary data to effectively manage quality outcomes and cost accountability. 2. What other topics should be included in the national interoperability roadmap that may not have been explicitly mentioned in the 10 year vision paper? As recommended by the recent JASON Report titled A Robust Health Data Infrastructure, McKesson supports the creation of a standardized document and discrete data Application Programming Interfaces (APIs) to encourage both intra-operability and interoperability. Standardized APIs will drive innovation and ease of adoption for best of breed systems while reducing the overall cost of integration. McKesson endorses Fast Healthcare Interoperability Resources (FHIR) as the leading standards contender for these APIs. We encourage an incremental approach to the development of these APIs. Specifically, we recommend targeting a few essential but less complex APIs for the three-year time frame and more robust APIs that support the value-based care delivery needs of population management across the care continuum for the six-year window. These APIs can support gaps in care at the discrete data level, a shared plan of care at the document level, and the incorporation of content into clinical decision support architectures. Standard APIs will open up this evolving market to a broad array of innovators. It will take time to transition from currently existing transaction-based interfaces to a more robust set of web-based APIs. This approach will ensure that newly needed points of interoperability are vendor neutral and broadly available while providing a longer transition window for those mature legacy interfaces. McKesson Comments to ONC on Nationwide Interoperability Roadmap 2
Question on Building Block #1 BUILDING BLOCK #1: CORE TECHNICAL STANDARDS AND FUNCTIONS Through our Standards & Interoperability (S&I) Framework, ONC will continue to work with industry stakeholders and federal and state governments to advance core technical standards for terminology and vocabulary, content and format, transport, and security. These standards will enable, at a minimum, the following essential services for interoperability: 1. Methods to accurately match individuals, providers and their information across data sources 2. Directories of the technical and human readable end points for data sources so they and the respective data are discoverable 3. Methods for authorizing users to access data from the data sources 4. Methods for authenticating users when they want to access data from data sources 5. Methods for securing the data when it is stored or maintained in the data sources and in transit, i.e., when it moves between source and user 6. Methods for representing data at a granular level to enable reuse 7. Methods for handling information from varied information sources in both structured and unstructured formats ONC will also work toward flexible and dynamic technical tools to support interoperability for primary and secondary use of health information, such as the architecture described in the JASON report prepared for the Agency for Healthcare Research and Quality, A Robust Health Data Infrastructure. Question: What aspects of BUILDING BLOCK #1: CORE TECHNICAL STANDARDS AND FUNCTIONS are the most important to address? And what are your recommended solutions or tactics for effectively addressing this building block? McKesson suggests that ONC clarify point six ( Methods for representing data at a granular level to enable reuse ), as interpretations vary. If ONC s intent was to include terminology standardization, we would place this point at the top of the list. Additionally, we would include the support of consistent data element definition across the standards. We recognize that point six is intended to address reuse. We encourage addressing the requirements for granularity based on a cost/benefit assessment given specific use cases and the associated data sets. We consider points one through four foundational but believe that current standards/methods can adequately address authentication and authorization. McKesson recommends that ONC address the remaining policy issues regarding those areas and select the appropriate standards to support those policies and specific types of transport methods. With regards to point two ( Directories of the technical and human readable end points for data sources so they and the respective data are discoverable ), McKesson supports a standard publish and subscribe service-based method for notifying systems of new or changed information in query-based exchanges. However, McKesson recognizes the complexities this service may have related to versioning and the challenges associated with data exchange and incorporation. Versioning represents one of the more complex challenges associated with data exchange and incorporation. This problem lends itself to public-private collaboration and will be best served by a pilot process that uses real world data for validation. In general, we encourage ONC to address all relevant transport methods, not just Direct, which is limited to document exchange. We support optimizing the CCDA and targeting the specific use cases for query and retrieval where document exchange is appropriate. However, today, we are leveraging document exchange for use cases where discrete data APIs would be more appropriate. To that end, we encourage ONC to partner with stakeholders to enhance standards such as FHIR that would provide more appropriate solutions for these scenarios. An example on this use case would be providing access to key pieces of data to assess whether or not there is a gap in care. McKesson Comments to ONC on Nationwide Interoperability Roadmap 3
Question on Building Block #2 BUILDING BLOCK #2: CERTIFICATION TO SUPPORT ADOPTION AND OPTIMIZATION OF HEALTH IT PRODUCTS AND SERVICES ONC will leverage the ONC Health IT Certification Program to ensure that a broad spectrum of health IT conforms to the technical standards necessary for capturing and exchanging data to support care delivery. Certification will be used to test that health IT conforms to standards, and also to certify that the technology has the ability to interoperate with other data sources so that users can exchange and use information from other systems. To increase flexibility in our regulatory structure, ONC has proposed that content and transport functions of technology be tested for certification separately. ONC has also been responsive to a demand for expansion of the certification program s scope to include health IT used in a broader set of health care settings, such as long-term and post-acute care and behavioral health. Ensuring consistent adoption of standards and policies for health IT applications used across all settings of care will support interoperability and health information exchange. Question: What aspects of BUILDING BLOCK #2: CERTIFICATION TO SUPPORT ADOPTION AND OPTIMIZATION OF HEALTH IT PRODUCTS AND SERVICES are the most important to address? And what are your recommended solutions or tactics for effectively addressing this building block? McKesson recommends that if a standard is needed, just one should be selected for certification. In most cases, the requirement of vendors to support multiple standards increases overall costs and delays the natural selection process by forcing continued support and optimization of less effective solutions. If standards are not mature enough and more than one must be selected, McKesson encourages ONC to employ the collaborative efforts of the S&I framework, standard development organizations (SDOs), and related stakeholders. As noted in our response to question one, we also recommend leveraging the formal piloting process to accelerate the maturation process. We encourage ONC to refrain from requiring certification and subsequent adoption of standards that the industry believes to be immature, as this will undermine credibility, add costs, and increase patient safety risks. We strongly support a more robust pilot program and controlled rollout. Nationwide adoption does not allow enough time to address real world findings, regardless of a vendor s certification status. Vendors and providers that collaborate and actively participate in pilot programs, including a controlled release, should be allowed to attest to conformance rather than formally certify. Thought leaders and early adopters should be encouraged to accelerate development and innovate in segments of the market that are important to them. This approach transfers the expense of certification to a point in the process where together we can influence, design and innovate. This step will encourage greater participation and accelerate the rate of change. McKesson also encourages ONC to also consider attestation rather than certification in certain instances where the changes are minor in scope. An example of this would be the adoption of a dot release. McKesson Comments to ONC on Nationwide Interoperability Roadmap 4
Question on Building Block #3 BUILDING BLOCK #3: PRIVACY AND SECURITY PROTECTIONS FOR HEALTH INFORMATION ONC will strive to ensure that privacy and security-related policies, practices, and technology keep pace with the expanded electronic exchange of information for health system reform. We will continue to assess evolving models of health information exchange to identify and, with stakeholder input, develop solutions to address weaknesses and gaps in privacy protections. We will encourage the development and use of policy and technology and workflow practices to advance patients rights to access, amend, and make informed choices about the disclosure of their electronic health information. We recognize that there are certain state and federal laws under which some patients must give affirmative consent to the disclosure of their health information (often related to a sensitive health condition such as behavioral health or genetic information), a privacy protection that is more stringent than the HIPAA Privacy Rule. ONC will endeavor to ensure that these patients will not be left on the wrong side of the digital divide. We will work to improve standards, technology, and workflow that enable the electronic collection and management of consent as well as the electronic exchange of related information within existing legal requirements (including notice of redisclosure restrictions). We will also invest in methods and approaches that support distributed analytics and open evidence sharing without sharing PHI. Continued coordination across federal and state governments is needed to develop, implement, and evolve appropriate privacy and security policies for various types of health information exchange. Expanding interoperability and exchange may also pose new security challenges. We will work with the National Institute of Standards and Technology (NIST) and other stakeholders to expand the options for ensuring, at an appropriate level of certainty, that those who access health information electronically are who they represent themselves to be. We will continue to assess and improve policies and standards that help ensure health information is only accessed by authorized people and is used in reasonable and transparent ways. We will also work with the private sector to address emerging cyber threats. Given our support for electronic access by individuals to their own health information, we will also be mindful of the privacy and security risks created when information exits the realm of HIPAA covered entities. We will support developers creating health tools for consumers to encourage responsible privacy and security practices and greater transparency about how they use personal health information. In addition, we will collaborate with the Office for Civil Rights and other agencies to encourage greater consumer education about the benefits of health information exchange and the steps they can take to safeguard their own data. As we expand health information exchange, it is important that all stakeholders (the government, health care providers and plans, vendors, developers, patients and their caregivers) recognize their responsibility in protecting health information. We intend to continue our outreach and technical assistance to help everyone reach this goal. Question: What aspects of BUILDING BLOCK #3: PRIVACY AND SECURITY PROTECTIONS FOR HEALTH INFORMATION are the most important to address? And what are your recommended solutions or tactics for effectively addressing this building block? Please see McKesson s response to question one, specifically the comments regarding responsible transparency (paragraph 2 under Harmonize All Data Privacy and Security Requirements ). We believe the harmonization of the existing rules is the first step. It is important to recognize that there are still significant policy questions that must be addressed before technological solutions can be most effectively utilized. As a nation, we are still debating patient rights and the data access rights of providers and clinical researchers. As these policies evolve, so will the technological solutions to support them. McKesson Comments to ONC on Nationwide Interoperability Roadmap 5
Question on Building Block #4 BUILDING BLOCK #4: SUPPORTIVE BUSINESS, CLINICAL, CULTURAL, AND REGULATORY ENVIRONMENT While the Medicare and Medicaid EHR Incentive Programs have been a primary motivator for the adoption and use of certified EHR technology, these programs alone are insufficient to overcome barriers to our vision of information sharing and interoperability as outlined above. Current policies and financial incentives often prevent such exchange, even when it is technically feasible. To ensure that individuals and care providers send, receive, find, and use a basic set of essential health information across the care continuum over the next three years, we need to migrate policy and funding levers to create the business and clinical imperative for interoperability and electronic health information exchange. In collaboration with employers, federal agencies, and private payers, ONC will help define the role of health IT in new payment models that will remove the current disincentives to information exchange. Incremental steps to accelerate health information exchange will initially stem from Affordable Care Act (ACA) delivery reform programs and Medicare payment regulations. HHS will consider ways in which the adoption and use of ONCcertified health IT products can be aligned with and encouraged by Medicare and Medicaid payment policy, and other HHS programs funding health care delivery so that care delivery transformation and interoperability evolve in tandem. With regard to individual access to health information and the engagement it enables, a significant barrier is a lack of knowledge among members of the public that access to health information is becoming increasingly available, and a cultural bias against taking advantage of it. Many patients are intimidated or embarrassed to ask for copies of their records or to ask health-related questions of their providers. To address these cultural barriers, we will encourage providers to proactively offer access to health information for their own patients, and using consistent marketing and messaging via the Blue Button Initiative, encourage diverse stakeholders including data holders and consumer advocacy organizations to educate individuals about their rights and the benefits of access to and use of health information. We will also work with states, employers, consumers, providers, technology developers, payers, and others to support efforts driving appropriate health information exchange for improvements in care and to see that any regulatory and business barriers preventing data flow are reduced and/or removed. Question: What aspects of BUILDING BLOCK #4: SUPPORTIVE BUSINESS, CLINICAL, CULTURAL, AND REGULATORY ENVIRONMENT are the most important to address? And what are your recommended solutions or tactics for effectively addressing this building block? McKesson recommends that ONC conduct a comprehensive survey of the industry to identify and quantify the disincentives and barriers to interoperability. By better understanding these disincentives and barriers, as well as the economic forces that drive them, ONC and other agencies will be able to appropriately design and size incentives. The clinical imperative for interoperability is directly correlated to improved outcomes. We recommend that ONC advocate for the inclusion of specific quality measures which as a by-product require supportable forms of interoperability. Interoperability is a means to an end and that end must add value. The business imperative is more complex. It must be more financially beneficial to openly exchange information than to retain it for proprietary purposes. We encourage the development of creative payment models that establish a business case for exchange while also allowing for the inclusion of clinical quality measures that necessitate McKesson Comments to ONC on Nationwide Interoperability Roadmap 6
interoperability. We encourage ONC to work with CMS to highlight how interoperability facilitates success under these payment models. As providers and health systems take on more risk, patient usage patterns become essential information. This type of consumer information, which is commonly used in retail markets, is difficult to acquire in healthcare, very costly and highly competitive. In addition to guiding many public health initiatives and research efforts, claims data is currently the best source for much of this information. Today, 13 states have established all payer claims databases, and an additional 17 states are in various stages of implementation or active assessment. We encourage ONC to promote the establishment and the standardization of these state databases. Without guidance, each state will adopt its own unique set of governing polices and standards for content and transport, which will introduce unnecessary costs for the industry and reduce the efficacy of the information. Providing policy guidance and best practices for governance and standards will accelerate the availability of this essential data source for health reform while ensuring responsible transparency and interoperability. Question on Building Block #5 BUILDING BLOCK #5: RULES OF ENGAGEMENT AND GOVERNANCE OF HEALTH INFORMATION EXCHANGE The HITECH Act charged ONC with establishing a governance mechanism for the nationwide health information network. We view the nationwide health information network as a continually expanding ecosystem of electronic exchange activities and network service providers across the nation that rely on a set of standards, policies, and services to meet electronic exchange needs including the privacy, security, and appropriate use of the information exchanged. This market includes many forms of electronic exchange and network service providers, ranging from simple forms (such as direct electronic exchange of health information between two known providers) to more sophisticated forms (such as query and response techniques). Governance will facilitate trust and interoperability across all the diverse entities and networks that provide exchange services so that health information follows individuals regardless of where and when they access care. Question: What aspects of BUILDING BLOCK #5: RULES OF ENGAGEMENT AND GOVERNANCE OF HEALTH INFORMATION EXCHANGE are the most important to address? And what are your recommended solutions or tactics for effectively addressing this building block? In order to scale information exchange from community-based, to interstate, to national exchange, there must be a common framework for governance. A number of models currently operate with varying degrees of success. The industry challenge is that these models have different policies, principles and standards. We are quickly moving towards unique state governance and certification models. This will slow interoperability and burden the industry with more unnecessary overhead. McKesson agrees with ONC s previous premise that a governance framework is necessary and should address organizational, trust, and technical principles. We support the inclusion of certain business principles, to the degree that they encourage transparency in practice and in compliance with regulatory and statutory requirements, including fair business practices. This framework would establish a basic set of technical and trust policies starting with authorization and authentication requirements for consumers, individual providers and organizations. It would establish a trading partner agreement which would remove the burden associated with negotiating and managing multiple trading partner contracts and would provide industry best practice expectations around data rights, privacy and security. The framework would establish a mechanism to ensure adherence to shared polices, principles, best practices and applicable federal and state laws. We suggest that the framework and the governance board be structured as a McKesson Comments to ONC on Nationwide Interoperability Roadmap 7
public-private collaboration under the ONC oversight. Similar to the recommendations around piloting, those organizations actively participating in policy, guidance and practice creation should be allowed to attest to adherence. It is important that the framework be nimble. It should initially cover the basics what is needed and no more. We recommend that ONC address a few of the most important policies or standards barriers in each of the four areas, specifically where the presence of multiple choices hinders progress. Examples of areas that ONC should address include levels of authorization and authentication. Finally, we encourage ONC to set reasonable timelines that reflect the reality that the technology will likely outpace the cultural transformations that are needed to achieve these goals. The governance framework should support our progress to date but also be flexible enough to evolve as the market changes. Question on Three Year Agenda Use Cases Question: What priority use cases should be considered for the 0-3 year agenda in the national interoperability roadmap? McKesson is a member of and works closely with the Electronic Health Record Association (EHRA) and supports the use cases that they are proposing on behalf of their members. Below we have included their recommendations, along with additional comments or expansions. General Recommendations Finish, fix, and operationalize what has been started with the 2014 Edition and Meaningful Use Stage 2 before moving to new use cases. Year 1 Recommendation Fix guides, address terminology standards, etc. Scope the 2017 Edition for success, limiting to what is needed and ready for wide scale deployment. Develop pilot program methodology. Year 2 Recommendation (Piloting and Testing) Begin the transition to an attestation-based framework rather than a certification-based framework. Initiate pilot programs for document-based exchange using the new clinical data models. Year 3 Recommendation (Deployment) Establish pilots for new use cases, but do not roll them out widely until the current 2014 Edition is fully operational. Complement the transitions of care (TOC) push mode with a pull mode (not new data/content, rather additional transport) in pilot/emerging environment. Review the use of current capabilities and any roadblocks to expansion. Explore the use of new standards (e.g., FHIR). Use ehealth Exchange and other public-private interoperability projects as the starting point. Introduce Appropriate Use Criteria (AUC) as the drive to establish consistent clinical decision support (CDS) standards for the knowledge artifact and decision support service. McKesson Comments to ONC on Nationwide Interoperability Roadmap 8
Question on Six Year Agenda Use Cases Question: What priority use cases should be considered for the 3-6 year agenda in the national interoperability roadmap? McKesson Recommendations Integrate push/pull framework definition that has clarity on when to use messages/services to push (e.g., workflow initiation), document push/pull (e.g., CCDA), or query (e.g., document and data). Widely deploy Transition of Care (TOC) pull mode and other use cases that have sufficiently matured. Establish and deploy discrete data APIs in addition to document exchange (deployment) of well-defined, simple, focused use cases. Avoid any data, all queries, as practical value must first be established. With the exception of PIX/PDQ, query models are already available, yet not widely used. Immunization query definitions exist but are not widely used. Question on Ten Year Agenda Use Cases Question: What priority use cases should be considered for the 6-10 year agenda in the national interoperability roadmap? McKesson Recommendations Further deploy specific use cases against the framework. Deploy further discrete data APIs in addition to document exchange (deployment) of simple/narrow use cases. General Suggestions and Feedback Concluding Comments and Recommendations McKesson encourages ONC to consider the JASON Task Force s recommendations which include: (1) limit the scope of the 2017 Edition and Meaningful Use Stage 3 to completing what was initiated with Stage 2 for interoperability and (2) incorporate only what is fully tested and ready for nationwide deployment. However, this does not mean that the industry should stop there. Concurrently, through a public-private effort led by ONC, the agency should establish a pilot methodology for advancing interoperability by initially targeting the remaining foundational elements, such as a clinical data element model. The industry will move faster through a combination of piloting and attestation rather than through standalone certification for newer, less developed scenarios or use cases. As referenced by the JASON Task Force and Report, considerable policy work must be conducted to address the regulatory, governance and business barriers to interoperability. This policy work must lead and guide the technological solutions that will enable interoperability. McKesson Comments to ONC on Nationwide Interoperability Roadmap 9
McKesson believes that these recommendations (1) complete work started to exchange selected document types through Direct Exchange, (2) encourage a consistent patient identification framework, (3) prioritize more robust piloting, and (4) harmonize all data privacy and security requirements will help to address the current barriers to achieving widespread interoperability. McKesson supports ONC s efforts to advance interoperability and looks forward to continuing to partner with ONC and other stakeholders to realize our shared goal of achieving interoperability in healthcare. McKesson Comments to ONC on Nationwide Interoperability Roadmap 10