Epic v. Particle

A series of links and context to help understand the current crisis in interoperability (and how we can do better)

The AI generated this when I dropped the article in. What does it mean???

Author’s note: This post will be somewhat atypical in terms of format. In lieu of memes and a ton of humor, it’s intended to offer readers an impartial guide to what’s going on in the murky, confusing, and emotionally charged situation that is the current dispute between Epic Systems and Particle Health. Full disclosure: I'm not entirely impartial, having worked on Epic's Care Everywhere product and helped launch on-ramps at Redox and Zus, I strive to present a balanced view of both sides. I work now at Flexpa, which provides access to claims data with explicit patient authorization.

In the past week, a number of people and organizations across LinkedIn, Twitter, and health technology communities began to discuss rumors that Epic, the country’s largest EHR, had shut off access to Particle Health, a data platform that aggregates health data for digital health companies via an API. Below you can find key definitions and key posts by relevant parties.

Background

America is fairly advanced in terms of health information exchange (HIE), at least in terms of discrete data. As previously posted on Twitter, there are a number of related networks, frameworks, and organizations that are stitched together to allow for exchange of clinical data between providers at a massive scale (generally explained as 70-75% of providers):

1. Care Everywhere is the module in Epic for cross-organization exchange. The user interface offers the ability for providers to query for patient records as well as pushing records.

   1. Care Everywhere is confusingly also used to describe the associated network, an Epic-only network for that querying.

   2. It uses an older standard CDA (and not FHIR yet aside from exchange of notes via DocumentReference resources), offering patient-level summaries, encounter-level summaries, and specialty CDAs. It also exposes non-discrete PDFs and other chart data.

   3. It's on-by-default, so you can safely assume all Epic hospitals innately have the ability to pull from other Epic hospitals. However, some hospitals (not Epic!) chose to limit their trading partners via configuration.

2. Carequality is the equivalent for Epic-to-non-Epic exchange. They position themselves as a nationwide trust framework - a distributed form of exchange like Care Everywhere - and not a network.

   1. The functional outcome of the activity they facilitate is the country’s largest health information network, which you can view here.

   2. It has roughly equal access and features to Care Everywhere (the network), although some features lag due to less mature implementers only making available basic core clinical data.

   3. Contrary to popular narrative of data moats and blocking, Epic (followed closely by Cerner) is leading in the data they expose via these networks, with many document types (patient and encounter summaries, chart documents, specialty documents). Most other EHRs you can name only expose a patient summary (and maybe encounter summaries).

3. Commonwell is a parallel industry group that has a similar mission, but different technical approach.

   1. It is more centralized, taking patient demographics to match across organizations and act as a record locator service. It does not store clinical data beyond those demographics.

   2. For ease of discussion, I’m going to refer to Commonwell and Carequality as Networks for the rest of the article.

   3. It also is primarily CDA-based today, although it has some FHIR APIs to pull those CDAs.

4. Commonwell (founded by Cerner, Meditech, and others in response to Care Everywhere’s success and network efforts) and Carequality (founded by Epic, Surescripts and others as a reaction to that) were somewhat competing for a number of years, but connected in 2018 as Commonwell became a Carequality Implementer.

   1. The union of these two networks and the oldest network, eHealth Exchange, made for the ubiquitous exchange we have today.

5. The combined mega-network primarily facilitates searching for an individual patient at any provider group on the network, receiving back a list of documents related to that patient, and retrieving those clinical documents.

   1. It does not today allow for pushing data. Today, one must use a different network, the DirectTrust network, to push CDAs nationally.

6. While EHRs were the initial organizations that joined and formed Carequality and Commonwell, both networks began to allow “on-ramps” to the network to make implementation easier, especially as Commonwell defined a “Commonwell Connector” in 2020.

   1. These on-ramps insulate their customers from some of the pain points of using the network, much like Stripe makes using credit card networks easier.

   2. They offer value-adds such as an easy Application Programming Interface (API), translation from legacy standards into the more modern FHIR, de-duplication of data, user interfaces, integration of retrieved data into EHRs, and more.

   3. Notable “first generation” on-ramps are Particle Health, Health Gorilla, Kno2, Zus Health, Redox Access, Surescripts RLE, OneRecord, and Intersystems. There are even more now.

7. TEFCA (the Trusted Exchange Framework and Common Agreement) is the metaphor successor to the Networks.

   1. It’s similarly structured to Carequality in terms of decentralization and, to start, exchange of C-CDA documents, although it has a proposed roadmap for FHIR use.

   2. TEFCA’s major proposed update is to open up Individual Access Services, the purpose of use for patients to access their own data after strong identity proofing.

   3. While TEFCA is live as of December 2023, it is not directly in play here. Instead the main impact is on TEFCA’s future - if trust is eroded in Carequality, the growth of TEFCA may be impacted.

Key Concepts

Two main concepts are essential to understand when talking about data exchange: purpose of use and reciprocity.

When accessing health data, the purpose of use has been important since HIPAA. That law and associated regulations recognized that protected health information (PHI) should only be accessed and used for specific, legitimate reasons related to Healthcare Operations, Treatment, Payment, or other permitted purposes. It helps to safeguard the privacy and security of individuals' health information by restricting its use to authorized entities and purposes.

The networks define many purposes of use in the main implementation guide:

However, Treatment is the only purpose of use that organizations are required to respond to.

This is dense, but basically says that beyond those few organizational types that have an exception (government agencies, provider organizations with no clinical data, or EMS providers), groups must respond to queries if they want to query. This principle, while not defined in the Carequality Implementation Guide explicitly, is often referred to as reciprocity.

You can find HIPAA's definition here (45 CFR 164.501 “Treatment”)

Treatment means the provision, coordination, or management of health care and related services by one or more health care providers, including the coordination or management of health care by a health care provider with a third party; consultation between health care providers relating to a patient; or the referral of a patient for health care from one health care provider to another.

They add more color here:

Treatment refers to activities undertaken on behalf of a single patient, not a population. Activities are considered treatment only if delivered by a health care provider or a health care provider working with another party. Activities of health plans are not considered to be treatment. Many services, such as a refill reminder communication or nursing assistance provided through a telephone service, are considered treatment activities if performed by or on behalf of a health care provider, such as a pharmacist, but are regarded as health care operations if done on behalf of a different type of entity, such as a health plan.

Reciprocity and purpose of use are not just random legal jargon and concepts. They are vital to the health of the network. Proper purpose of use ensures that data privacy is not violated by accident or malice. In an era where data privacy laws are increasing fine-grained in regards to things like behavioral health, HIV, and women’s health, ensuring the purposes of use are accurate, such as Treatment actually being patient care, protects the patient. No one wants a world where fraudsters can learn a patient’s health history and use that to steal their identity or, conversely, where police are able to openly to prosecute someone for an abortion across state lines using a network built for treatment. Inappropriate release of information is a data breach and the liability for that inadvertent disclosure is on the health system that releases the data.

More recently, Carequality and Commonwell opened up a limited new avenue for organizations to be query initiator only and not required to practice reciprocity, the “On Behalf Of” exception:

I originally described here, but Business Associate Applications (apps that sell to health systems and clinics) always had a tough time figuring out whether Carequality was usable for them, especially when they had no unique clinical information to contribute back for reciprocity.

OBO was created to allow providers to be able to surface Carequality data in novel ways when their organization was already live on the network and the application is “view only” (i.e. does not produce unique clinical data). This chart helps explain what applications might be able to use this exception, but it’s limited at best (and also somewhat controversial, as we’ll see later).

To sum things up - while these networks allow query initiators to use other purposes of use such as Payment, Operations, Research, or Patient Request, the reality is that only Treatment queries work at scale because it is the only purpose of use organizations are required to respond to.

Timeline

On Friday April 5th, there began to be discussion and rumors that Particle Health had been shut off from Carequality or blocked by Epic, primarily coming from affected customers in health technology Slack communities such as Health Tech Nerds and Product Leaders in Health.

However, the first public discussion of it appears to have been started by Rebecca Mitchell MD on April 8th:

Epic’s behavior would be particularly notable in that “shutting off” traffic of a particular implementer on the networks is both unprecedented and disallowed by network rules except in one specific scenario, as Dave Cassell pointed out:

A Carequality Implementer (e.g. Epic, Particle Health) IS permitted to suspend exchange with another participant if it is has "reasonable and legitimate concerns related to the privacy and security of information that is exchanged". The caveat is that such a suspension can be kept in place for an extended period only if a formal dispute is initiated.

On the 9th, Bobby Guelich and I made a video to discuss the principles of the networks and hypothesize what might be happening.

↳ Why might Epic stop responding?

Access being shut off likely implies Epic believes one of two things was occurring:

1. Data was being requested by entities without a legitimate treatment use case, and/or,
2. Reciprocity of data sharing was not being fulfilled.

Particle Health posted a statement on the same day, confirming the rumors and addressing a significant issue where Epic's cessation of responding to medical record requests through the Carequality network has disrupted healthcare operations, impacting thousands of patients and risking over 6 million patient encounters annually.

Similarly, Troy Bannister, the founder of Particle Health, posted a statement the same day, expressing deep concern about Epic's recent decision to stop responding to certain medical record requests through the Carequality network, which he views as a unilateral action violating critical interoperability rules, jeopardizing the care of thousands of patients and undermining the trust essential to the health exchange framework, prompting him to address this issue publicly and seek a swift resolution.

While Epic did not issue an equivalent statement, the comments of Michael Marchant, the Director, Interoperability and Innovation of UC Davis Health and the Chair of the Care Everywhere Governing Council did show some perspective of why Epic may have taken action - at the behest and request of their health system customers, who felt at risk:

Other comments and perspectives were shared:

• Lisa Bari of Civitas Networks for Health posted on Particle Health's statement about Epic's cessation of responses through Carequality, highlighting challenges in finalizing paths for non-Treatment use cases and urging transparency from Epic.

• Kat McDavitt of Innsena wrote a charged post defending Epic's actions against Particle Health's accusations, highlights the importance of proper use of health data, and urges skepticism and informed decision-making regarding data exchange practices.

• Jean Ross, RN expressed curiosity about all perspectives on Particle Health's statement and shares insights from LinkedIn discussions, including interviews and comments from industry professionals, emphasizing the importance of individual access to health information and the need for trust and collaboration in the healthcare data exchange space.

• Derek Berger of Reimburse RPM commented about their experience raising concerns about the misuse of the "Treatment" use-case for another on-ramp in the past.

• Dave Cassel, Chief Customer Officer of Health Gorilla and former Executive Director of Carequality, underscored the importance of maintaining trust in national health data exchange networks amid current tensions, leveraging his extensive background to advocate for responsible participation and collaborative resolution of issues to ensure effective patient care.

On April 11th, an Issue Notification was released by Epic that details the issues and the steps they had taken over the last couple of weeks to try to resolve the issues. This letter was originally sent to Epic's customers. While unconfirmed, Lisa Bari stated that it has intentionally been made public to help demystify the issue and answer some of the questions raised by the public:

The full notice is worth review, but to summarize, Particle Health is accused in that notice of engaging in practices that potentially compromise the exchange of protected health information (PHI). In particular, this notice calls out a handful of Particle Health customers explicitly:

• MDPortals

• Reveleer

• Integritort

As hypothesized earlier, these groups were accused of not conforming to Treatment Purpose of Use:

The notice also mentions a lack of reciprocity and other potential behaviors in violation of Carequality’s by-laws.

Updates:

• On Friday, April 12, CNBC published an article on the dispute

• On Sunday, April 14, Particle posts a follow-up response to Epic’s summary, disputing several actions and timelines and stating that both the federal government and Carequality have failed to define Treatment sufficiently.

• On Monday, April 15, Fierce Healthcare published an article going a bit deeper on the dispute

• On Monday, April 15, Matthew Holt of The Health Care Blog wrote an opinion piece on the ongoing controversies in the American healthcare system regarding data access and power struggles between large health systems, regulators, and tech companies.

• On Tuesday April 16, Bill Russell discussed the topic on the Today in Health IT podcast, advocating strongly for more of a focus on patients in the process.

• On Wednesday April 17, Gabe Perna of Modern Healthcare wrote about the issue with some deeper commentary on broader issues of trust and interoperability in healthcare data sharing.

• On Thursday April 18, Commonwell notified members of their decision regarding Particle, stating that they would not be removed due to the actions they had taken to remove customers already. The article also highlights some of the structural benefits of Commonwell’s approach in terms of reducing OBO entries and preventing gateway level queries.

What Comes Next

The general consensus of the next immediate actions is that Epic and Particle will complete the negotiations and resume exchange in the next few days. There are many bad things that could happen - formal Carequality complaints, lawsuits, Epic customers leaving the network, customers fleeing Particle, and outright network failure.

I’m forever the optimist. I believe both these companies and their customers want what’s right: to help patients. These events will certainly have ripple effects in terms of both Epic and Particle customers’ trust in the networks, but my main take is that the tactical actions and who’s right or wrong really isn’t that important. Instead, they can serve as a catalyst and accelerant for the change needed. These events occurred because fraud and abuse are happening because the status quo of the networks only working for Treatment leads to the worst possible incentives. Health data is needed by a broader set of stakeholders in order to serve the patient:

• Payers need health data to effectively manage care, reduce costs, ensure appropriate medical billing, and optimize patient outcomes.

• Health navigators and insurance brokers need health data to help patients choose the right providers and plans

• Life sciences need health data to maximize success of clinical trials, develop new drugs, and accelerate novel care

• Public health organizations and other researchers need health data to track and analyze trends in health and disease, develop public health policies, evaluate the effectiveness of interventions, improve community health outcomes, and support epidemiological studies.

• Life insurers need health data to underwrite the insurance patients want and need

• Most importantly, patients have a right to their own data

The interoperability crisis of our time is for Carequality, Commonwell, the Sequoia Project, the Office of the National Coordinator, and all involved to navigate how we build paved paths for these and so many other valid use cases.

The challenge for on-ramps is to continue to resist the temptation for growth at all costs. Your biggest TAM is when we open up the broader use cases fully. It is a lack of foresight on the scale of outright mismangement and neglience to not be doing everything you can towards that outcome, which includes allowing iffy Treatment use cases. With every mental backflip pushing us further down the slippery slope of the grey area of Treatment, the demand of the potential coalition of the willing is eradicated and we step backwards away from a future of data exchange that balances patient privacy and data liquidity. The arbitrage of risk is not a sustainable product or moat - this week has shown it to be a temporary gain. Simply put, with even cursory review, so many on-ramps have questionable entries. The best possible action is to act with increasing unfettered transparency - publish your customers’ use cases, make their directory entries granular and clear, and communicate the intended purposes of use.

The challenge for Epic is to not settle for the status quo and have this situation repeat. The stick has been used, but it is time for soft words. They have shown they are capable of policing to the extent that no one else was willing to do, but policing of a Treatment-only network will not be enough. The unfortunate intersection of the incentives of underserved use cases needing health data and on-ramps needing growth to fulfill venture capital expectations is doomed to repeat itself. Epic must use their power and stature to make the paths for the other Purposes of Use real.

The challenge for Epic and Particle’s customers is to build the coalition of the willing. If you are not served by Treatment today, you need to stop searching for the solution that does not yet exist and instead join the discussion and movement to make change happen. If you are a hospital, now is not the time to shelter in place, but to develop the cure by pushing your EHR vendor to make the paved paths you need to help your patients and ensure you are not liable when this happens again.

There are a number of ways we can make things better:

1. Fraud and abuse are functions of any network and will continue to happen at massive scale without paved paths. Removing grey area means there’s less room for mistake. We need to create working paths for at least Payment, Operations, and IA.

2. Transparency engenders trust. Carequality applications, decisions to remove vendors and pending investigations should be publicly available. They should be in the directory structure for programmatic use by implementers. Entries in the directory should be listed with intended Purposes of Use. This would allow responders to reject queries for entities that don't match their approved PoUs. This is already possible if all implementers would switch to Carequality’s newest directory version.

3. Observability, auditing and control by patients. Organizations policing one another is a blunt object that fails at the scale of exchange we’re at. In payment networks, I can see who charged my account and dispute transactions I feel are wrong. If all participants are required to make available a clear audit trail of which organizations/providers claimed Treatment and pulled their data, we have that same power in healthcare and delegate oversight to those who are impacted. As Michael notes, we could even alert patients when their data is accessed.

4. Treatment queries by Treatment orgs only. Entries in the directory that are software vendors should not be issuing Treatment queries. Their Carequality Connections (or their customers' CCs) should.

5. Carequality should re-evaluate secondary use. I think it's clear that's causing the "pseudo provider / employ one provider" circumvention that on-ramps are accused of promoting. I don't have a solution here, aside from disallowing secondary use by OBO organizations.

6. Reciprocity can be measured. Queried organizations should be able to reverse query to build their patients' record and confirm reciprocity. Building the longitudinal record and also creating a programmatic reciprocity check is an easy two-birds-one-stone situation.

7. The gatekeeping process can be improved. Organizations with multiple business units should be held to a higher standard. They should have to attest to intended secondary use. All participants should have to identify if they are deidentifying and selling data. Their executives should have to attest that they will not misuse Treatment or another Purpose of Use.

If you’d like to read more, a follow-up to this post exploring the concept of secondary use and how it clouds health information exchange can be found here.

Comments

[Jill DeGraff]

Brendan, repeating the comment I posted in LinkedIn, but don't feel obliged to post your response in both places...

thank you for this analysis, and links to resources.

You didn't open a can of worms all the way re secondary uses, but I will.

Your recommendation is for Carequality to prohibit "secondary uses" by "on-ramps". Shouldn't that prohibition extend to HINs/HIEs/QHINS? I have a problem with any entity sitting in the middle of an end-to-end data transaction conditioning service on a license grant (or reservation of rights) to reuse data transacted through their service 'for any lawful purpose'.

[Dan Munro]

Great summary - with 2 takeaways:

1. "These events occurred because fraud and abuse are happening because the status quo of the networks only working for Treatment leads to the worst possible incentives."

2. Highlights the David Brailer quote I still use from Dr. Bob Wachter's book - The Digital Doctor:

Dr. Bob Wachter: I asked Brailer an unfair question: Given his well-known skepticism about too muscular a federal role, if he had still been ONC director in 2008, would he have turned down the $30 billion?

Dr. David Brailer: No, but I would have spent the money on standards, interoperability, a ‘Geek Squad’ to help with training and implementation, and creating a cloud-based ‘medical Internet.’ I never would have spent money on direct subsidies to providers. We’ve built the Frankenstein I was most afraid of.

Everything we've done since are really technical hacks designed to avoid the regulations (with teeth - not just a "coalition of the willing") that are needed for patient SAFETY, quality and equality. Revenue and profits still rule - and that (sadly) applies just as much to interoperability as it does to the larger EHR world. “Plus ça change, plus c'est la même chose” - Jean-Baptiste Alphonse Karr 1849