Many say that FHIR – and the ongoing rollout of the U.S. Interoperability Rule – could change the healthcare industry in dramatic ways. There’s no question that FHIR APIs have the potential to change the patient experience for the better, but a less obvious questions is: will they succeed?
In a recent webinar by Washington D.C. non-profit EHI (Executives for Health Innovation), sponsored by Axway, panelists look at how FHIR is changing the game and discuss some of the barriers to true interoperability in healthcare.
But first, a few basics: what is FHIR? And what role does it play in healthcare data?
What are FHIR APIs?
FHIR® (Fast Healthcare Interoperability Resources) is a standard developed by HL7, a not-for-profit organization dedicated to providing a comprehensive framework for electronic health records (EHRs) and related information.
Attempts at widespread interoperability have been through several iterations in the United States, explains John Halamka, M.D., M.S., President of Mayo Clinic Platform: from flat files like comma separated value (CSV), to the HL7 V2 messaging standard, to XML. But even XML, while easily generated, was a nightmare to decipher on the receiving end.
FHIR sets specifications for Application Programming Interfaces, or APIs, based on established web standards and modern information exchange to create a full interoperability solution for health care. As described above, it uses REST APIs as its foundation, simplifying the exchange of healthcare information and promoting the use of APIs for light-weight integration.
FHIR is at the heart of the Interoperability Rule and several other bits of key U.S. legislation and regulation, since they essentially mandate the use of FHIR to give healthcare organizations a common “language.” The goal of these measures is to give patients and consumers more power of choice and help improve health outcomes.
How is FHIR changing the game?
Ruby Raley, Axway’s VP of Healthcare, shares a personal example of how FHIR APIs could have improved a common patient experience:
“A couple of years ago, my husband had a slipped disc. We got several referrals, we talked to a specialist, and we tried getting as much information ahead of the procedure as he needed, but we were given the runaround from provider, to health plan, to hospital. No one could tell us ahead of time what it would cost, and we had no way of comparing between providers. We had to go into the procedure on faith alone.”
If FHIR APIs were used to their full potential – as they are intended to under the ongoing regulatory rollout – Raley explains that her husband’s records would be more portable. She could have shared them with another specialist for a consult, or simply changed surgeons or hospitals.
Crucially, she would also have been able to find out what the procedure would cost in advance. This is a particularly significant benefit since healthcare costs are a major issue for patients.
“Clinicians want to do a better job, and health plans are trying to take care of their members while managing their costs, so I think this is a measure that truly lifts all boats in solving this issue of transparency and access to information,” Raley says.
“It is a game changer, without question,” Halamka adds. He compares the use of FHIR APIs to the app store concept we’re used to on our smartphones, but for the treatment of EHRs and other data in healthcare. “It is a way of building connectivity with less friction than ever before,” he says.
FHIR is also changing the way IT teams can work: “I like to say we’re moving from a project-based world, where every connection is a project, into a world where you have the ability to go explore a set of endpoints, choose them, test them, and go to production without a project manager,” says Raley.
What barriers to interoperability remain?
Marc Overhage, MD, PhD, Chief Medical Informatics Officer at Anthem, Inc. agrees that FHIR is, technologically speaking, the right solution. So, why aren’t healthcare partners moving full speed ahead in adopting and building on APIs?
Security and privacy concerns
The API-enabled Google Maps was exciting and innovative, but it also had a lower bar to openness. When you’re dealing with people’s most intimate personal information, the stakes are higher: for one, there’s a very clear HIPAA compliance concern.
Overhage says FHIR doesn’t directly address some of the core challenges that healthcare has been wrestling with for decades, namely, how to protect sensitive data while also making sure it’s accessible to the right people, at the right time.
“The fact that we’re dealing with protected health information is part of the reason it doesn’t go as quickly as some other industries,” he adds.
Viet Nguyen, MD, the new Chief Standards Implementation Officer at HL7 International believes healthcare is in a similar position to what happened in finance a decade or so ago: at the time people were unsure about using financial apps. As general trust in the security parameters that that are used finance grew, so did adoption – and now extremely lucrative fintechs are blossoming.
Nguyen adds that past security concerns or criticisms weren’t about the FHIR standard itself but rather its implementation – a key to developing and maintaining trust in healthcare APIs will be making sure that implementers use security best practices.
While there remain challenges around granular consent – namely in the work of parsing unstructured data to remove clinical information patients may not want to share, or how consent travel across data aggregations – the ability to get patient consent and document it is already available in FHIR, Nguyen says.
But it isn’t so much consumer or patient security concerns that have proven to be a brake on interoperability implementations: in many cases, it is the healthcare payers and providers.
Halamka notes that healthcare executives aren’t trying to prevent progress or competition: they have genuine concerns about what happens to data once it has left a HIPAA-compliant environment.
“As a FHIR payload goes to a patient’s phone, it is then exiting the HIPAA cloud and all the regulatory protections surrounding it,” Halamka says. “So imagine I’m playing Wordle, and there’s a pop-up that says, ‘Are you willing to share your data?’ and I click yes. Now, all of my data has been exfiltrated to who knows where.”
Raley notes that legal advisors in hospitals typically tell ER physicians not to trust a downloaded patient record because it hasn’t been validated. The fear is that if they act on it and the data is wrong, they could be liable – or worse, hurt the patient. “Rerunning tests, though expensive and onerous, isn’t necessarily about profit or greed but an abundance of caution in making potentially life-and-death decisions,” she says.
But the answer isn’t to resist interoperability, Raley concludes. Instead, it is a challenge to healthcare practitioners and the industry as a whole to find better solutions. Some of these are technical: finding better ways to ensure security, tracing and validating records, implementing better security standards and practices.
Others are cultural: “We as an industry are often the blockers to interoperability because of our traditional thinking, and that’s why this is truly transformative, because we are being challenged about our culture,” says Raley.
“We have to think about the good in it that we want to keep – certainly, taking care of patients, doing the right thing, and not making avoidable mistakes – but also think about how to reduce the cost and friction to get the data we need in order to treat people faster, pay the right amount, and ensure they get the right care,” she adds.
Join us for part 2 of this blog next week, as the panelists discuss what it will take in terms of patient buy-in, culture shifts, and customer experience to allow interoperability to change healthcare for the better.
Download our eBook, Open for innovation, to learn how to turn healthcare interoperability into business opportunity.