Empowering the Patient vs. Enabling an Artificial Monopoly

Health Information Technology is moving along fairly quickly, with the stimulus money and the rise of Personally Controlled Health Records (Indivo/Dossia, Google Health, Microsoft HealthVault). I’m quite optimistic about the future of health data: there is a growing effort to free the data in order to empower patients. And then there are some really boneheaded efforts that appear to be for patient safety, but end up creating all the wrong incentives and further blocking patients from taking an active role in their care. This week provided fantastic examples of both.

Harvard’s own Donald Berwick explains to the New York Times that it’s time to empower patients (see the original Health Affairs article):

Some examples of this new model of care? Shared decision-making would be mandatory in all areas of care, with patient preference occasionally putting evidence-based care “in the back seat.” Patients and families would participate in the design of health care processes and services and would be a part of daily rounds. Medical records would belong not to clinicians but to patients, who would no longer have to get permission to look at them or call the doctor for lab results.

Read the full interview, it’s brief and highly worthwhile. I completely agree with Dr. Berwick.

Meanwhile, in New Jersey, a proposed state law wants to fine anyone who sells software that has anything to do with health data if it hasn’t been certified by CCHIT. CCHIT is a single entity that would get to certify all health software. CCHIT is also pushing to be the lone certification authority for all stimulus-funded work. So, as if health IT wasn’t already painful enough to deal with, now we’re going to move towards a certification monopoly? Say goodbye to:

• iPhone apps that let you track your kids’s vaccines for $4, and really most small iPhone medical apps in general, as they clearly won’t be able to afford the certification fee,
• storing your health data online at Google Health, Microsoft HealthVault, or Indivo/Dossia.
• open-source medical software. As hard as Fred Totter is working to get CCHIT to see the free/open-source point of view, there’s simply no incentive for a certification authority to spend time on a distributed community where it’s unclear who will pay the certification fee.

No matter how well-intentioned and knowledgeable the folks at CCHIT are, creating a certification monopoly shows a lack of understanding of how these things really work. Once the monopoly is in place, where is the motivation for CCHIT to be efficient, responsive to new healthcare models, adaptable to new software methodologies? In addition, what is the certification really worth when the vendors are paying for it anyways? We’ve seen this conflict before in the election world: the “Independent Testing Authorities” are paid by vendors to certify voting machines. At least there, there’s mild competition. How much do you think that certification really means in terms of voting security/privacy/safety? Here’s a hint: all the voting machines that were found to be laughingly insecure by the Berkeley and Princeton teams had been certified by Independent Testing Authorities.

Now, the question on everyone’s mind should be “ok, but how do we ensure that there’s some kind of oversight for health software?” A good and very important question, which I’ll try to answer in a future blog post. But for now, let’s be clear: we need more patient involvement, not less. We need new software that will enable this patient involvement, not old software with half-baked web interfaces tacked on as an afterthought. The last thing we need is a government-mandated certification monopoly. Even if they asked Dr. Berwick to run it, it would be a bad idea, because the incentives are all wrong. Innovation/disruption, which we so desperately need, comes from the new, small players, the ones that simply won’t be viable if they have to pay an upfront certification tax, both in dollars and process.