Complying with a new standard enabling patients greater control over their health information.
By James E. Grue, OD,
Ronald P. Snyder, OD, FAAO,
and Michael J. Lipson, OD, FAAO, FSLS
Jan. 3, 2024
Many of you have probably never heard of Fast Healthcare Interoperability Resources (FHIR), but it is highly relevant to your practice. Here are the details on what it is and how it affects your patient care and work.
What is It?
FHIR is a new standard that you will be hearing much more about. FHIR is a critical standard for healthcare information exchange, ensuring seamless interoperability between different systems. FHIR-compatible software will have the ability to integrate with a wide range of apps (known as SMART apps) that comply with FHIR data exchange standards.
How Does FHIR Impact My Practice?
Every time you do an exam, your certified EHR is already required to send some of the data you have recorded to a FHIR server. Your patients and other organizations then have access to the information on the FHIR server. It is important that you understand how this standard drives interoperability of healthcare information and the implications for your practice.
Other Articles to Explore
The information blocking rules put in place through the 21st Century Cures Act require every certified EHR to have a FHIR endpoint. Your certified EHR has already created and published the FHIR endpoint for your practice. Whenever you do an exam, data is being pushed to the FHIR server. At this time, you don’t need to be worried because the protocols for patients and organizations to access the data have not been well developed. That will dramatically change over the next few years.
FHIR technology supports the concept that patient healthcare data belongs to the patient and that the patient should have the ability to make sure it is available anywhere they want. The technology is designed to allow either you or the patient to authorize any other provider or organization to access your health information.
What Happens If You Make it Difficult for Patient to Share Their Data?
If either you or your EHR in anyway make it difficult, or prohibit, the patient from sharing their data, it is considered information blocking unless the activity meets one of eight specific safety requirements. For all practical purposes, these eight exceptions rarely impact the type of data collected in eyecare. All information that you record during an exam is required to be shared through the FHIR server, that is, unless the patient has specifically directed you not to share their information or any portion of the information. The 21st Century Cures Act requires that substantial penalties be put in place for providers and EHR vendors that engage in information blocking.
A frequent concern of providers are liability questions related to the security of information. The regulations are written so you, as a provider, are only responsible for the security of the information being placed onto the FHIR server. If the patient authorizes any other provider or organization to access the data, you have no liability for the data once it leaves the FHIR server. It is the responsibility of the patient to assess the risk. The patient can even download the data and post it on the internet without violating any regulations, as patient health information is not protected by HIPAA once it is in the possession or control of the patient.
Who Can My Patient Send Their Information To?
Historically, the provider and patient were limited by their EHR system in how health information could be used. FHIR technology makes the data available to “the world of apps.” Any SMART app will be able to use the data from your FHIR server. There are currently thousands of SMART apps being developed that cover almost every aspect of healthcare. Patients will be able to download these apps just like they do any other app. The patient authorization to access your data will be part of the app.
As a provider, you are accustomed to being in control of who sees your records. You have always filtered what information other providers see by what information you include in the letters and other communications you send out. The information blocking rules and the FHIR server technology change that, so the patient can now decide on their own who sees their information. They can decide to share everything you have recorded with whomever they want.
Key Question to Ask Yourself
It may be a worthwhile exercise for you and your staff to engage in a formal review of what and how you record information in your EHR. Ask yourself: Does what we currently record during an exam reflect the type of exam we complete, and when reviewed by other providers, does it give a favorable impression of the quality of care we deliver?
James E. Grue, OD, is a health-care reform speaker and consultant. To contact him: JimGrue@HealthCareRegistries.com
Ronald P. Snyder, OD, FAAO, is the president and CEO of HealthCare Registries, LLC. To contact him: RonSnyder@HealthCareRegistries.com
Michael J. Lipson, OD, FAAO, is the chairman of the OrthoK Advisory Panel of HealthCare Registries, LLC.