What Payers Must Know to Avoid Patient Harm with Expanded Patient Data Access
Patient access to clinical data mandated in the 21st Century Cures Act will hinge on data integrity for informed and safe decision making.
Sharing data across sectors is a meaningful strategy for establishing alignment between payers and providers. It helps to create a shift in the traditional (and at times adversarial) relationship between these stakeholders and moves them towards a more collaborative and consumer centric approach. Taking a human centered perspective requires that we start with the problem, not the solutions. If we take that approach, then it’s clear that the starting point must be supporting the needs of health consumers like you and I. This calls into question how clinical data might be used to help address those needs. Consumers can make many vital decisions about their life using the data that is available in their patient/member portal. Some of these decisions could be life and death situations while others may be related to health maintenance. For example, if the patient/member portal has incorrect or incomplete lab values and medications are prescribed using those results, then the patient is at risk of harm. This example can be applied to many scenarios and organizations should be aware of this risk as we near the patient access rule becoming a reality.
There are several reports out there intended to guide organizations on how to prepare for the final rule enforcement. However, what I am not seeing in those recommendations is an acknowledgement of the quality and safety risks that come with opening access to data. This could be due to the lacking operational experience of those putting out the recommendations — or, the risks may be perceived as too great to address in a “tech play” rule. The fact of the matter is, this isn’t purely a tech play. The final rule is intended to empower and inform patients so they are equipped to make better decisions about their care. The two most common recommendations on preparing for the potential of having incomplete or inaccurate data are:
1. Show the USCDI to display the data source, (I outlined the work involved to establish data governance in pursuant of data quality in my previous blog) and,
2. Establish a process to manage customer/member calls related to data quality issues with an escalation pathway to address situations where poor data quality data affected treatment or payment decisions.
These are not enough.
In my experience, data maturity within healthcare provider organizations is still evolving and in general, lacks the robustness to call them highly reliable. Data integrity is something that providers grapple with on a daily basis, often requiring teams of people to manage data reporting functions that include mapping, cleansing, configuring the data sources and outputs. The reality is data coming from the hospital record is rarely fully accurate or complete. Opening patient access of this clinical data raises the stakes for us all to ensure the data exchange is not ladened with the errors we know are already there.
For clarity, below are the classes medical errors by common definition:
A. Serious Safety Event: The error reaches the patient and results in moderate or severe harm, or death
B. Safety Event: The error reaches the patient and results in minimal harm or no detectable harm
C. Near Miss Safety Event: The error does not reach the patient and is caught by a healthcare worker, patient, and/or by chance
D. Safety Concern: No mistake or errors have occurred but working conditions and/or tools have caused concern by those operating within the system
As we can see with these definitions, there is high potential for data errors to result in the wrong care or decisions, while there is little room for anyone to “catch” the inaccuracies. The SAFER standards put out by HealthIT.gov recommend organizations have trained and competent staff to “catch and promptly correct errors” in areas prone to mistakes such as registration, order entry, and diagnostic test results. Additionally, they recommend that when an error does occur, a multidisciplinary and interprofessional discussion take place to correct and prevent reoccurrence.
I have a few more tactical recommendations for health plans and their provider partners to ensure opening data access does not raise the risk for errors, or even worse — harm.
1. Prioritize data governance program development to prevent the likelihood of errors occurring related to data integrity issues.
2. Establish partnerships with provider organizations to develop a plan for ongoing surveillance, shared data governance models, and related improvement plans to secure data quality and integrity.
3. When errors are discovered, ensure there is a standard process deployed that includes a formal root cause analysis with comprehensive action plans to prevent reoccurrence.
4. Retain a qualified safety/process engineer as a team member to bring the skills and competencies required to mitigate harm and address safety risks. Monitoring safety concerns that are secondary to data is a knowledge base that is generally outside of scope for a customer service staff member or technology professional.
5. Consider retaining legal counsel proactively for cases where harm occurred or when payments need refunded as a result of an error.
6. Conduct a risk assessment now using a validated instrument and qualified facilitator to identify proactively where there are weak links in process and oversight.
In summary, and to reiterate, the patient access ruling isn’t purely a tech play. There are many aspects that should be considered when designing the strategy and implementation plan that includes quality, safety, informatics, data governance, risk management, legal counsel, member experience, etc. — in addition to the customer service help desk who will serve as the front door for routing concerns appropriately. I urge healthcare organizations, payers and providers alike, to take a broader perspective while thinking through the ruling so we can continue to make progress in creating a safe and highly reliable future.
