Micky Tripathi, PhD, MPP, is the Assistant Secretary for Technology Policy and National Coordinator for Health Information Technology at the U.S. Department of Health and Human Services. Dr. Tripathi discusses the Office of the National Coordinator’s two-decade journey in transforming health care through electronic health records (EHRs), interoperability and secure data exchange. He highlights the progress in digitizing health care, addressing privacy concerns and enabling patient access to health data.
Watch this podcast episode on the Nemours YouTube channel!
Guest:
Micky Tripathi, PhD, MPP, Assistant Secretary for Technology Policy, National Coordinator for Health Information Technology, and Chief Artificial Intelligence Officer, U.S. Department of Health and Human Services
Host/Producer: Carol Vassar
TRANSCRIPT
Announcer:
Welcome to Well Beyond Medicine, the world’s top-ranked children’s health podcast produced by Nemours Children’s Health. Subscribe on any platform at nemourswellbeyond.org or find us on YouTube.
Carol Vassar, host/producer:
Each week, we’re joined by innovators and experts from around the world exploring anything and everything related to the 80% of child health impacts that occur outside the doctor’s office. I’m your host, Carol Vassar, and now that you are here, let’s go.
MUSIC:
Let’s go, oh, oh.
Well Beyond Medicine.
Carol Vassar, host/producer:
Within the US Department of Health and Human Services, there’s a little-known but large and influential agency tasked with improving healthcare by developing a secure nationwide health information technology infrastructure. This two-decade-old agency, the Office of the National Coordinator, ONC, for Health Information Technology, HIT, is headed by Dr. Micky Tripathi, National Coordinator for HIT, Assistant HHS Secretary for Technology Policy, and Acting HHS Chief Artificial Intelligence Officer. Dr. Tripathi came to our podcast booth at HLTH 2024 in Las Vegas to discuss the history and work of ONC, the state of electronic health records and secure record exchange today, and his team’s work regarding policies on artificial intelligence. Here’s Dr. Micky Tripathi.
Micky Tripathi, PhD, HHS:
So ONC was created in 2004, so we’ve been around for now 20 years. We just celebrated our 20-year birthday, and it was really with an eye toward helping the federal agencies. So we’ve got many, many different agencies within the Department of Health and Human Services that people are very familiar with, CDC, CMS, NIH, FDA, as well as the VA, and the DOD, who are also very big in healthcare. The idea was to establish an office that would help to coordinate our activities related to health information technology, recognizing how important health information technology was going to be to the country, and also to work with the market to try to advance open industry approaches to health information technology so that information could flow securely and with privacy protections in the best interest of the patient.
Carol Vassar, host/producer:
At first, that was turbocharging EMR adoption, which happened in 2010, actually as a result of the HITECH Act of 2010, which everyone probably remembers as part of the American Recovery and Reinvestment Act of 2009 after the 2008 Great Recession. It was really an historic piece of legislation. It pushed for the digital transformation that we’re still experiencing even today here in healthcare. At its core, it had a number of really transformative goals. Widespread adoption and use, meaningful use, which is a key term here of electronic health records, improvement of coordination of records and coordination between health and public health reporting, strengthening privacy. It basically took HIPAA and updated it in terms of the digital space and also addressing disparities in health IT. A lot of really transformative and audacious goals of the day. HITECH is approaching its 15th anniversary. Where have we met those goals? Exceeded those goals? Where do we still have work to do?
Micky Tripathi, PhD, HHS:
Yeah, so if you look back and think that in 2010, we had maybe 10% of providers using electronic health records, and many of them were custom home-built electronic health records, so not standardized in any way, and now we’re at the point a short 10 to 12 years later from the HITECH Act where we have 97% of hospitals and almost 80% of physician offices using certified electronic health records. That’s just an amazing change in a relatively short period of time. I like to think of it as raising kids. The days are long,g and the years are short. So it was a ton of work, but now that’s in place, we have this digital foundation that we can now start to build upon.
So I think that if you just take that as one key success metric, it’s been just overwhelmingly successful. Now, certainly we have more work to do in interoperability. We have more work to do in the greater data liquidity that we want to be able to have, and that’s the work that we’re doing now. But I think it’s important for us to recognize that that kind of change in a very fragmented healthcare delivery system, the most complex sector of the most complex economy the world has ever seen, doesn’t happen overnight. And so just transforming it from paper to digital in that period of time is an amazing change and achievement. And now we have the opportunity to say, all right, how do we build on that digital foundation to think about what it is we want to do with all that digital information and that digital ecosystem that we have?
Carol Vassar, host/producer:
I want to pull on the thread of interoperability. Still some work to do, as you aptly pointed out, we’ve made some strides there, but let’s dig a little into what still needs to be done. The dream was if I’m in California and my records are in Connecticut, and I’m in an accident, then the doctors in California would be able to access all of my records back in Connecticut. Are we at that point? Are we close to that point?
Micky Tripathi, PhD, HHS:
It depends. I mean, in some ways, we are at that point. So, if you look at the private sector networks that have been built, I mean, we have many state and local health information exchanges that aren’t really connected with each other very well. So, those are islands that we want to be able to work to connect with a nationwide network that we call TEFCA. But there are some nationwide networks now that do have that connectivity that do billions and billions of transactions every single year.
So, in your particular case, it might depend on, well, which EHR you are on and which network, but the odds are that there is a connection there that you would get that information. I’ll only point out that as we’ve entered this very difficult world of the change in our perspective on reproductive health information, one of the things we keep hearing over and over again is people are concerned because their information is being shared just the scenario you’re talking about. They’re in Boston, and all of a sudden, their information goes back to their PCP, who is in a state that perhaps has different rules around reproductive health, and they themselves wanted to be a part of. And so, in a way, you’re pointing out that, wow, interoperability is actually working, and people are concerned about the other end, which is I wasn’t expecting my information to be shared so readily.
Carol Vassar, host/producer:
Well, let’s talk about the patient perspective. This ultimately, all of this transformation, all of these very detailed and nuanced transformations that have been taking place in the digital space, ultimately, are to benefit the patients and to serve the patients. Are patients really making use of the online MyCharts and similar EMR availability? Do they have to check their records to make certain that they’re up-to-date on their immunizations and on their medications and order their prescriptions? How much uptake do we have from the patient perspective?
Micky Tripathi, PhD, HHS:
Yeah, I mean, think, and certainly, the pandemic contributed a lot to the uptake in the use of these kinds of patient-facing applications, whether it’s a portal itself or whether it’s your being able to use an app of your choice and connect to a system for it to be able to, via an API, send you your information in the health record or something like that. So, I think that the main point is that that availability and accessibility is now widespread. It’d be hard to find a provider organization that doesn’t make that available to patients. The second question, to your point of how much do patients do it is almost like a deeper cultural kind of thing of well, all we can do is make sure the information’s available to them in as easy a manner as possible, and then it’s really up to them to decide how much of that access do they want?
I know in my own life, it’s only around my visits because I’m fortunately healthy right now, generally healthy. It’s around my visits, like my physical, things like that, that I log in, I schedule an appointment, I do a prescription refill, I look at my lab results, and then it’s like, all right, well see you next year. But if I had a chronic condition, I think I’m probably using it much more. I will say one of the things that we are hoping for, and the reason that we need to think of this in a stepwise manner, is they’d first need to create the access. So you have to create digital information, electronic health records, HITECH, all of that. Second, make sure that patients have access to it, so now they’ve got access to that digital information. But third is how do you make that access useful to them?
Because, right now, if I can just look at my record, well, great. What else can I do? But this is where I think we start to think about AI-enabled capabilities and making the AI-empowered patient, which I think could be really powerful. So if I have the ability to have AI-based, consumer-facing AI-enabled tools that allow me to take that information and actually do some analysis, do other things that are important to me as a patient, and bring in other parts of my life, like my diet, and things like that, that the provider doesn’t know, maybe now all of a sudden that’s really valuable to me and allows me to be much more directly involved in my care and more of a direct participant in that, which has I think been the biggest struggle for us in the healthcare delivery system.
Carol Vassar, host/producer:
And I definitely want to get back to AI, but I want to ask this question: What are some of the challenges, if you will, in balancing that accessibility with privacy concerns and security concerns, given that we’re hearing about cyber threats and actual breaches of some EMRs or some healthcare system data?
Micky Tripathi, PhD, HHS:
Yeah, no, I think it’s a great point. So the breaches have certainly been at the organization level, I’ll point out, just as we think about that.
Carol Vassar, host/producer:
Correct.
Micky Tripathi, PhD, HHS:
Now, of course, that doesn’t mean that we aren’t just one day away from some other type of breach, but I think that is one of the biggest challenges that we have is that in our country, the way that privacy laws are written as it relates to health data, HIPAA has certain boundaries that a lot of patients I think don’t fully appreciate and understand, which is to say that HIPAA protects your data, protected health information, it’s called, only when it’s in an application or when it’s in the control of a covered entity like a health insurer or a provider organization. So, like your MyChart app, for example, that many people are familiar with, that’s provided to you by your provider.
So that’s actually covered by HIPAA and that’s protected by the HIPAA privacy rule, HIPAA security rule. But if you use an app of your own choice, which ONC has done a lot to say, you ought to be able to do that. One of the things that patients need to understand is that if that’s something that you yourself have brought to the table and you’re downloading that information into it, it has crossed the wall of HIPAA protection, so it’s no longer protected by HIPAA-
Carol Vassar, host/producer:
Oh, my goodness.
Micky Tripathi, PhD, HHS:
And now, you are taking full responsibility for the protection of that data.
Carol Vassar, host/producer:
That’s a very important point.
Micky Tripathi, PhD, HHS:
Yeah, that’s a really subtle nuance, and I think that that’s something that I know that organizations like Apple and Epic and others I think have been very good at putting up warnings to let the patient know, just remember the minute you push that button is the minute that you are now taking full responsibility for it. They don’t block people from doing that, but they do want to make sure that people are aware that they are now taking full responsibility for that. That’s something we need to figure out as a country of a general privacy law that would cover things that fall outside of HIPAA.
Carol Vassar, host/producer:
I’m curious, and I do want to get to the AI that we spoke about earlier: what efforts are made to ensure that areas that are rural, areas that are underserved, benefit from the advancements that we’ve been talking about thus far in health IT and in EMR accessibility and what obstacles are in the way?
Micky Tripathi, PhD, HHS:
Yeah, so I mean, I think that one really great and important thing about the HITECH Act and the $35 billion in federal incentives that went out is that it did establish a floor that cut across geographies, cut across rural, urban, well-resourced, less well-resourced, so that those organizations who might typically be underserved were given incentives that allowed them to rise up to meet that floor. So you do see adoption of certified electronic health record systems in rural settings, in safety net hospitals, federally qualified health centers, which of course are very important in rural settings, as well, are some of the greatest adopters of certified technology and using that technology in really creative and innovative ways. So I think that that floor has been great and has done the nation a great service. I will say, though, that as you start to move to maintenance of those systems, well, all of the issues that have created that disparity start to come into play.
So you find that there are organizations in rural settings or in safety net hospitals or underserved areas where they don’t have the resources to keep up with the latest version of the software, for example. So they’ve got the software, that’s great, but are they able to keep pace with the more well-resourced organizations? That’s a challenge. That’s an ongoing challenge. We in the department are trying to do everything we can to say how can we direct more resources to providing incentives for them to be able to do that, but we’re limited by the funds that are available to us from Congress.
Carol Vassar, host/producer:
I’m also curious, when patients are trying to access information, medical information, especially if they don’t have broadband in their area, is that continuing as an issue for accessibility?
Micky Tripathi, PhD, HHS:
I mean, it’s less and less of an issue for sure, and if you look at the infrastructure law that explicitly works on making broadband more accessible in those areas, though that wasn’t specifically a healthcare provision, I think all of us appreciate that giving more broadband in parts of the country that don’t have it is fundamental to healthcare and the basic social determinants of health. I think we all recognize that broadband internet capability is almost like a basic utility now.
Carol Vassar, host/producer:
It is.
Micky Tripathi, PhD, HHS:
Right?
Carol Vassar, host/producer:
Absolutely.
Micky Tripathi, PhD, HHS:
Yeah. So I think that there’s been a lot of progress there, but it’s still always startling to find areas that don’t have broadband capability. We need to do more on that front for sure.
Carol Vassar, host/producer:
Let’s get to the AI conversation. You alluded to this earlier: how do you envision AI enhancing EMRs to benefit the patient overall and AI benefiting the healthcare system in general? We’re here at a healthcare innovation conference. AI is the talk of the town. How does AI play a role in your job and in accessing data that patients might need?
Micky Tripathi, PhD, HHS:
Yeah. I think there’s actually so many areas that it’s hard to just tick them off. So if you’re going to break them up into categories, one is if we just think about the administrative overhead of healthcare delivery, talk to any clinician, physician, nurse, staff at any provider organization, [inaudible 00:14:34] a hospital or a physician office, and they will tell you the amazing administrative overhead that they have to go through to just get through the day. They’re seeing patients, and then they have to do documentation, and then they have to do prior auth, and they got claims denials and all of that administrative overhead. The ability for AI-enabled technologies to ease that burden, I think, is enormous. And there’s a tremendous amount of potential there that can improve productivity. And one of the challenges is, well, how do you make that something that actually relieves the burden and doesn’t pile more on? So that’ll be one of the challenges. It’s like, well, great, I freed up some time for the doctor. Now, you can see two more patients an hour. That’s not the solution that we’re looking for here.
Carol Vassar, host/producer:
And that was the feedback when EMRs started to come into play.
Micky Tripathi, PhD, HHS:
Absolutely.
Carol Vassar, host/producer:
On a massive basis.
Micky Tripathi, PhD, HHS:
Yeah. Yeah. So we need to recognize these things always have a little bit of a downside, but the potential for that to be able to alleviate some of that administrative burden is huge. I mean, if you just think about prior authorization, for example, if you then think about more things in clinician workflow of how does it improve my ability to summarize the vast troves of information that are in my electronic health record now where I may literally just have a hard time saying, what’s the bottom line? This is a complicated patient. EMRs have all sorts of data and all sorts of places with more interoperability. You’ve got records from the outside. Those are in a different place in your EHR. How do you summarize that? Basically, how do you get more signal from the noise? And so much of it is unstructured data or narrative notes, which no one has the time to spend 90 minutes before every patient visit to say, all right, I’ve got the key elements.
The ability for AI-enabled technologies to be able to summarize that information and create actionable kinds of advice and augmentation for physician decision-making, I think is also huge. Let’s not forget also that our system, though every single provider, does everything they can to provide high-quality, safe care. They are humans. And going all the way back to (the book) “To Err is Human,” and the year 2000, which pointed out the systematic errors that occur on a day-to-day basis, the ability for AI-enabled technologies to be able to spot diagnostic errors, for example, to be able to have better, more nuanced ways of identifying safety issues is yet another dimension, which I think is really important. And then the last one that I talked about, which is the AI-empowered patient. I think that bringing together some of what we just talked about, the electronic health records and patient access. In our regulations, patients now, as of April 5th, 2021, have the right, I’ll put that in quotes, but provider organizations are required to make available to them all of their electronic health information. All of it.
You can go to your provider and say, I want all of my electronic health information, and that would be text notes, structured data, whatever it is. And we did that with an eye towards saying, and this is before ChatGPT, but we did it with an eye towards saying, you know what? Though it may be hard for people to synthesize that information right now, we need to take the step to make it all available first off because we’re confident that technologies will develop to allow people to make better use of that information. Little did we know the ChatGPT was just on the horizon around the corner. Now you have the opportunity for a patient to go and say, I want all my electronic information, and then be able to say, I have a safe version of ChatGPT that’s secure, privacy-protecting. Let me run all that through that and summarize for me what I should be thinking about for my next visit with my provider. I think that’s just enormous, and it’s going to be transformative.
Carol Vassar, host/producer:
It’s also important to point out that the health records of an individual belong to that individual, don’t they? They don’t belong necessarily-
Micky Tripathi, PhD, HHS:
They don’t.
Carol Vassar, host/producer:
They don’t? I stand corrected. Tell me more.
Micky Tripathi, PhD, HHS:
In the US, actually, patients do not own their medical records.
Carol Vassar, host/producer:
Who owns the medical records?
Micky Tripathi, PhD, HHS:
In one state in New Hampshire, as a legal matter, the patient owns the medical record. I live in Massachusetts and spend a lot of time in New Hampshire. I can assure you they don’t behave any different in New Hampshire than they do in other parts of the country. The provider organizations and the payers, they actually own the record. I mean, they’re the custodians of that record.
Carol Vassar, host/producer:
Okay.
Micky Tripathi, PhD, HHS:
So they actually own the record, depending on your definition of own. But an important thing in the US is we have HIPAA, where what HIPAA says is you don’t own the record. What I mean by own is that I would define own as I can say, I have control of this information, and you don’t, and you do, and you do, right? You don’t have that ownership right of your data or of your medical record information. However, under HIPAA, you do have a right of access to it. So you do have the ability to go to every provider organization and payer and say, I have a right of access to all of my information, to essentially a copy of it, and you’re obligated to make that available to me under certain terms. And then we up that to say, with your electronic health information, they’re required to provide that to you in near real-time.
Carol Vassar, host/producer:
That is excellent information to have. Even I wasn’t aware of that. Thank you so much for that.
Micky Tripathi, PhD, HHS:
It’s a subtle nuance.
Carol Vassar, host/producer:
It is.
Micky Tripathi, PhD, HHS:
But yeah, yeah, yeah. I know.
Carol Vassar, host/producer:
Let’s talk briefly. I know we’re coming to the end of our time together, but let’s talk briefly. We’ve seen some cyber attacks or ransomware attacks on healthcare systems. Does ONC play any role in supporting healthcare systems as they look to make decisions on what they’re going to do or to shore up the privacy or the security of their health data when something like this occurs?
Micky Tripathi, PhD, HHS:
We play a little bit more of a supporting role. So, in this department, under the leadership of Deputy Secretary Palm, we’ve got a cybersecurity strategy, a proactive cybersecurity strategy that we published last year where ASPR, the Assistant Secretary for Preparedness and Response, is our one-stop shop for cybersecurity resources and initiatives for the healthcare sector. And so we’re consolidating across the department their ability to be able to be that one-stop shop to help provide organizations, payers, others who suffer from cybersecurity attacks and incidents. We support, just like the Office for Civil Rights, which is working on an update to the HIPAA security rule, which I think has been made public. And so they’re working really hard on that because that establishes the floor for security rules that most covered entities follow. So it’s really important for us to up that. Our part in that is working on the certification of electronic health record systems to make sure that they’ve got what we call the privacy and security framework.
So there are certain things that a certified electronic health record like Oracle Health or Athena Health or eClinicalWorks, or Epic are required to have in their systems, certain types of encryption, for example, certain types of multifactor authentication, for example, a wide variety of things that they’re required to have in their EHR system in order to be certified. We’re looking really hard at do we add additional data elements to that or criteria to that to beef up their security capabilities?
I think it’s important for us to recognize, though, that cybersecurity is really complicated because every provider organization is different in their landscape. You go to one children’s hospital, one Nemours hospital, or another one, they’re really, really different in terms of, well, this one’s got Epic. And then they have a different system for their imaging, a different system for their medication administration, a different system for their emergency department. And then in this hospital, they’ve got Oracle Health, and they’ve got a different system for labs. So it’s not as if you can say, everyone do this, and then we have better cybersecurity.
So I think that we need to take into account that usually they live in a security environment, and the EHR is just one part of that security environment, so we need to take that into account as well. And then, like all cybersecurity, it’s about people, processes, and technology. So you can have the most up-to-date technology in the world, but if you have bad implementation and rogue actors, internal rogue actors, or bad policies, you’re going to have just the same thing as if you just left the door wide open.
Carol Vassar, host/producer:
Real quick, what are the growth opportunities over the next five years in this area in health technology, in AI, in your estimation?
Micky Tripathi, PhD, HHS:
I mean, again, I think it’s just across the board. Certainly right now, there is a tremendous focus on being able to reduce the administrative overhead on the healthcare delivery side. But I will point out that as a part of the AI strategy that we’re working on, we’re looking at what we think of as five primary domains of life sciences and healthcare that are under the umbrella of the Department of Health and Human Services.
So you just think about research and discovery. All of the preclinical research and basic research that gets us from an idea or a thought that turns into trying to identify what’s the next drug or biologic or therapy or diagnostic or device that then goes through preclinical testing that then we’re able to identify, oh, there’s one that looks like it has promise, now let’s put it into clinical testing with clinical trials and all of that, and let’s actually turn that into now a drug or a device that’s made available on the market that goes into healthcare delivery, human services, public health, looking across all of those areas. And I think there’s opportunity in every one of those spaces. If you just look at research and discovery, anything we can do to shorten the time between an idea and an actual product and/or reduce the cost of that is a win for the American people.
Carol Vassar, host/producer:
Dr. Micky Tripathi is the National Coordinator for Health Information Technology, Assistant HHS Secretary for Technology Policy, and Acting HHS Chief Artificial Intelligence Officer.
MUSIC:
Well Beyond Medicine.
Carol Vassar, host/producer:
Thanks to Dr. Tripathi for sharing his insights on health information technology and AI. And thanks to you for listening. We love to hear from our listeners. Just head on over to NemoursWellBeyond.org to give us your feedback on the podcast or ideas for future guests or topics. You can leave a voicemail, subscribe to the podcast, leave a review, or listen to previous podcast episodes at NemoursWellBeyond.org. Our production team for this episode includes Cheryl Munn, Susan Masucci, Lauren Teta, and Sebastian Riella. Join us next time for our conversation with the Chief Purpose Officer of Headspace, Dr. Wizdom Powell. I’m Carol Vassar. Until then, remember, we can change children’s health for good, well beyond medicine.
MUSIC:
Let’s go, oh, oh.
Well Beyond Medicine.
