AHLA's Speaking of Health Law
The American Health Law Association (AHLA) is the largest nonprofit, nonpartisan educational organization devoted to legal issues in the health care field. AHLA's Speaking of Health Law podcasts offer thoughtful analysis and insightful commentary on the legal and policy issues affecting the American health care system.
AHLA's Speaking of Health Law
Latest Developments in Interoperability Litigation
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Melissa Soliz, Partner, Coppersmith Brockelman PLC, speaks with Brendan Keeler, Interoperability Practice Lead, HTD Health, and Amy Bagge-Smith, General Counsel and Head of Regulatory Affairs, Arcadia, about the cases that are currently shaping interoperability law and how the health care industry is responding. They discuss which legal theories are gaining traction and which ones are appearing more fragile, impacts on national frameworks and CMS’ Aligned Networks initiative, and how tech innovators and health care providers can navigate this complex environment. Melissa, Brendan, and Amy spoke about this topic on a recent AHLA webinar. From AHLA’s Health Information and Technology Practice Group.
Watch this episode: https://www.youtube.com/watch?v=WtCQbMudXmU
Learn more about the AHLA webinar that Melissa, Brendan, and Amy spoke on: https://educate.americanhealthlaw.org/local/catalog/view/product.php?productid=1772
Learn more about AHLA’s Health Information and Technology Practice Group: https://www.americanhealthlaw.org/practice-groups/practice-groups/health-information-and-technology
Essential Legal Updates, Now in Audio
AHLA's popular Health Law Daily email newsletter is now a daily podcast, exclusively for AHLA Comprehensive members. Get all your health law news from the major media outlets on this podcast! To subscribe and add this private podcast feed to your podcast app, go to americanhealthlaw.org/dailypodcast.
Stay At the Forefront of Health Legal Education
Learn more about AHLA and the educational resources available to the health law community at https://www.americanhealthlaw.org/.
This episode of AHLA Speaking of Health Law is brought to you by AHLA members and donors like you. For more information, visit AmericanHealth Law.org.
SPEAKER_01I'm Mel Salise, and I'm very glad to be moderating today's AHLA podcast on developments in interoperability litigation. By way of background, I'm a health data privacy and interoperability attorney, and I lead our firm's health data interoperability and technology practice at Coppersmith Brockleman in Phoenix, Arizona. And a significant part of my practice involves helping healthcare organizations, networks, and technology companies understand and operationalize federal interoperability requirements. And that work spans kind of the full technology lifecycle. We help clients design and deploy systems, we launch data governance frameworks, we draft and negotiate contracts. And when disputes arrive, we help clients navigate dispute resolution and litigation. Our conversation today is a follow-up to the AHLA webinar we did in February. And in that webinar, we looked at what happens when disputes over health data exchange move out of the policy rooms and government processes into the courtroom. And since we were all together in February, the board has really moved. A lot of cases have advanced procedurally. Many of them have sharpened the legal theories, and some have raised some really tough questions about things like network governance, data privacy, downstream uses of the data, technical access, and really the practical realities of exchanging health information nationally and at scale. So the point of today's discussion is to not turn every listener into a docket watcher like Brendan. The point is really to step back and ask what these cases are teaching us as the healthcare community, what legal theories are gaining traction, what theories appear more fragile, how are courts translating these information blocking concepts into these traditional litigation frameworks? Is it working? And most importantly, what does this all mean for providers and payers, for networks, for EHR vendors, and for the technology innovators and disruptors who are trying to make data exchange work without becoming the next cautionary tale? So I'm going to moderate today's discussion, but I'll also add some legal framing along the way. We only have about an hour, so we're going to move briskly because there's a lot to talk about. And I'm going to start with introductions and then I'll set the stage with a quick kind of litigation map. And after that, we'll move into our discussion with the panelists. And I'm joined by two very smart people who bring exactly the right mix of legal, technical, operational, and market perspective to this conversation. And first is Brendan Keeler. Brendan is the interoperability practice lead at HTD Health. He is also the author of Health API Guide, where he has been tracking these interoperability disputes with, I think it's fair to say, a very rare combination of technical depth, market awareness, and very readable commentary. It's legal adjacent commentary, but mercifully not written like a legal brief. And Brendan has really worked with a wide variety of stakeholders across the interoperability ecosystem. He spends a lot of time thinking about what actually happens when policy meets the real world. So, Brendan, thank you for being here. And we're also joined by Amy Baggy Smith. Amy is currently general counsel and head of regulatory affairs at Arcadia. Previously, she served as general counsel, chief privacy officer, and VP of regulatory affairs at Zeus Health. And there she built and really led the legal and privacy functions and worked very deeply on interoperability policy, TEFCA, and CMS aligned network issues. Amy brings a particularly important perspective to our discussion today because many of the issues that we're talking about were not theoretical for her. They directly and continue to directly affect the organizations she's working for and led. So, Amy, thank you for being here. Before we get into kind of the discussion of the cases for our listeners, I want to quickly level set what we're talking about when we're talking about interoperability and interoperability litigation and healthcare. Quick reminder that what we're really talking about is the ability of electronic health information to move in usable ways across systems and organizations. And I know that sounds really simple, but it's not. The data we're talking about may sit in electronic health record or other technical system that contains electronic health information that's used to make decisions about individuals, like the care they receive or payment for that care. But the request for this information could really come from anywhere and from anyone. So the operational questions are quite complex and turn on very practical details like, well, who's requesting the data? For what purpose? Under what agreement? Through what technical pathway, with what authentication, what are the downstream controls, and maybe most importantly, who's responsible if something goes wrong? So the federal information blocking rule or IBR essentially makes it such that certain regulatory regulated actors, and we're talking about healthcare providers, certified health IT developers, and certain offerers of such certified health IT, as well as health information networks and exchanges. These are actors which under the information blocking rule cannot engage in actions or omissions that are called practices that might foreseeably and materially interfere with the access exchange or use of electronic health information unless the interference is explicitly required by law or a regulatory exception applies. And there's also a men's REA requirement that differs depending on an individual's or entity's actor status. Additionally, and separate from the information blocking rule, there are also local, state, regional, and national initiatives to encourage health information exchange, such as the trusted exchange framework and common agreement or TEFCA or care equality before that. And what they're intended to do is to really set the rules for supporting the kind of interoperable exchange we want, but in compliance with the underlying and complex framework of privacy, security, and breach laws. Unfortunately, there has been little to no enforcement of the federal information blocking rule or the contractual rules that underline these initiatives. And that's where the litigation we're going to be talking about today becomes really important. And these cases are not just isolated business disputes, they are truly pressure tests for the entire interoperability ecosystem. And I'm going to briefly talk about seven major cases that our panelists are going to be talking about today. So you kind of understand the background of these cases, and then we'll jump into how they've been developing. The first case that we're going to be spending some time on is, of course, real-time medical systems versus point-click care, or we might call it RTMS versus PCC. This is one of those key early information blocking adjacent cases. RTMS, which is an analytics company that serves skilled nursing facilities or SNFs, they challenged PCC's restrictions on automated access to data to serve their mutual customers. Now, the district court granted RTMS a preliminary junction. The Fourth Circuit firmed it. And the reason RTMS matters is that these information blocking concepts help support state law claims, even though IBR itself doesn't have a private right of action. And that is going to be one of the major things that we are going to return to again and again today as we talk about this, is that information blocking might not always be the claim, but it's increasingly part of the factual and legal vocabulary underlying all the lawsuits we're going to be talking about. The second big case we'll be talking about is Particle Health versus Epic. Particle alleges Epic used its market position and control over access pathways to restrict particles' ability to compete, particularly around payer-facing data products. Now, the motion to dismiss that we talked about last time really narrowed the case, but important claims survived. And since then, as I think Brendan will talk about a bit more, the court has been trying to get clarity around the asserted payer platform market and what do the products actually do. And this case matters a lot because it tests how far antitrust can go in a world where health data access, systems of records, network participation, and competitive strategy all overlap. The third case is CureIs versus Epic. Cure Is is a managed care middleware case. It alleges that Epic used its position in EHR and payer administration systems to restrict data access, to interfere with customer relationships, and to steer customers towards Epic's own products. This case may be underappreciated because it's not only about patient access or treatment exchange, it's about the managed care operational layer and whether interoperability friction can become an exclusionary strategy. Fourth is fine dental, the Henry Shine 1 or HS1. This is one of the most interesting recent developments because the preliminary injunction posture kind of separates read access from write access. As Brendan will talk about a little bit more, the court signaled relief that I think protects certain read pathways while also restricting functionality capable of writing back to the dendrics databases. This distinction matters a lot. It's not just access good or access bad, it's access for what, through what method, and what risk to system integrity. Fifth is Texas vEPIC. The Texas Attorney General lawsuit really combines antitrust style theories under Texas law with allegations about parental access to minor medical records and who is controlling the electronic health record data. This is a really good reminder that interoperability disputes are not just confined to private commercial litigation. They can very quickly become political and a matter of public enforcement. Sixth is, of course, Epic v Health Gorilla. This case is interesting because it flips the usual narrative. Instead of a data access plaintiff accusing an incumbent of blocking access, Epic and other plaintiffs allege that Health Gorilla and its customers enabled improper access to records under an asserted treatment purpose. And this case, I think, puts enormous pressure on network governance, participant vetting, purposes, breach reporting, and downstream accountability. And last but not least is AADJ versus Epic. This case was brought by the American Association for Disability Justice and Individual Plaintiffs. That case alleges that Epic's architecture and access restrictions create barriers for disabled individuals seeking records for Social Security disability benefits. Now, Epic has moved to dismiss this case. It raises antitrust, disability law, and kind of information blocking themes, but it also illustrates, I think, how hard it can be to turn like interoperability frustration into a viable cause of action. So that's the map. The common thread that you'll hear throughout our discussion today is that interoperability is not just a policy goal or technical aspiration. It is becoming evidence. It's becoming a business risk issue, and it's really becoming the backdrop for a lot of different types of state and federal claims. So let's talk with Brendan and Amy about what's changed since our webinar in February. And Brendan, I'd like to start with that map that we displayed in our webinar. In our AHLA presentation, we had that litigation landscape that included RTMS, Particle, Curesiz, Vine, Texas, Health Gorilla, and AADJ. Since then, I'd like you to cover for us what are the three developments that you think have most changed the board?
SPEAKER_03Well, thank you for that uh intro and uh and for setting the table here. Um the one I'm most excited about because we really haven't seen the decision, is that Vine versus Henry Schein um preliminary injunction decision for months in the lead up in Q1 of this year? The judge was signaling, I'm going to rule at least partially in favor of Henry Schein, the EHR, the largest dental EHR, um, and say that there was sort of this hacking that occurred, uh, that Vine had overstepped. And as a result, it seemed like information blocking would, you know, as the the pattern we've been seeing from real-time medical um into scare and these other cases might be taking, might be hedged in a bit. Uh, but then all of a sudden in May, maybe it was April, we see this uh, you know, the judge actually said, Oh, well, wait, we're gonna split the baby, we're gonna uh say that the read access, well, that was um that might be that that was something that shouldn't have been blocked. Uh, and so I don't think you'll he still has to you know issue the the full decision, but I don't think it'll be so clean as read is good and write is bad. I do think it'll come down to some of the practicalities of mind doing really um wonky things in terms of taking passwords and root credentials and and things like that to override information blocking for the right portion. We've seen regulators already um positive via guidance and the HTI5 proposed rule that right is included in information blocking. But in this case, Bine over may have overridden um that because the exceptions were valid for the right piece of the equation. Um, so it's super fascinating. It'll it's set a lot of precedent, it'll certainly um also set influence things in terms of um Henry Schein being an EHR or being an actor rather, right? They were a certified EHR, one of the three classes of actors under information blocking, and then remove themselves from the certification program. And so, in order to be for information blocking to apply here, the judge must find them to be an actor in some way. And that could be saying, uh, you used to be a certified EHR and that carries, which is somewhat of a high probability, uh, given the timing. But could be that the judge agrees with the logic from Vine that the that they are a health information exchange. Henry Schein was acting um you know as a uh facilitating the flow of health information of EHI. Uh and if that happens, that blows the doors out on who might be an actor and to whom uh information blocking you know will need legal people will need legal counsel for. So that one we shall see this month, most likely, and will be really fascinating to track going forward. Um beyond that, I think the health gorilla case is really interesting. Like you mentioned, they flipped, they flipped it around. Epic went after health gorilla, sort of inverting um the particle case, and said, Hey, in this particular instance, we have really tried via these networks, CareQuality and TEFCA, to get things done and need to go and have uh an injunction to stop this this fraud and abuse that's occurred that's occurring against Health Gorilla, their customers, and their customers' customers, right? There's like 16 defendants named. Uh, and what's so fascinating about that one is um just like uh the way Epic is hitting these defendants against one another to try and you know turn them to get you know, and if we've seen this happen in three cases, right? Once where a defendant tried to sever and threw another defendant under the bus, once where a defendant um admitted to being guilty just to get to get out of the case and threw another defendant under the bus. And then this past week, uh a defendant um saying, Hey, we've been out of business, so we can't possibly have had done the behaviors here, and someone else must have been doing what you're alleging in terms of querying for records. And so uh there's this prisoner's dilemma of these defendants saying, Okay, do I create a unified front and maybe get out of this, or do I turn tail, get out and and move it up the chain to go after unit 387 or health girl themselves? Um the big out here will be procedural, right? Should this even be a case is the the the hurdle that's really just looming in the next couple weeks or months. Um but if they do make it over that hurdle, it's gonna be really interesting to watch the continued games here between defendants and uh in the way that Epic's architected things. Um the last one I think is really interesting because it's just again so recent is the particle case. We had the wonkiest stuff happen in terms of antitrust. It made it through the motion to dismiss last fall. Um, it got a few counts got dropped, but the meet some of the major antitrust terming claims made it through, and then a tortuous interference claim made it through. But the judge said, Hey, hey, hey, wait, wait, wait. We're gonna have a very focused phase one discovery, which is like, what is this? Um, it's just around the market definition. And so for the since then, she's been hedging them in on what that discovery, this phase one discovery looks like. We're wrapping it up. They submit their what they want to do next, and Epic says, Hey, we want to go for summary judgment. And then uh particle says, Hey, we're ready to go to full discovery. And the judge said, You guys haven't figured it out. You have five pages, we call it the take-home exam, like where she said you have five pages, you know, double spaced that you can go and write up your answers to. What is treatment? What is operations? What is uh a payer, what's a pay bider, these core definitions that everyone's debating, but we get to see two of these people forced to concisely answer those uh questions. And so we got those last week, and it's um as you might expect, they don't agree because their whole case is predicated on not agreeing about about market definition. So um where this goes next, whether we see summary judgment, a shot for summary judgment, uh at least on the antitrust claims, or if we just proceed straight on into full discovery, um, will matter a lot for particle in terms of uh the damages and in terms of you know the things they can uncover and discover a fuller discovery.
SPEAKER_01Yeah, and I'm sure you'll keep us up to date when those when those decisions come. I'm curious, are there any cases that you think um the industry is underestimating or should be more closely following?
SPEAKER_03Yeah, I think the curious case is interesting just because it's the intersect of you have the antitrust claims, like that they did everything that um you might expect in terms of uh levying Sherman claims against Epic, but they also did information blocking claims. And so this case is of the same variety as QuinClick care or real-time medical, the same variety as Vine, right? This point solution alongside VHR that was foreclosed and um from competition from you know and forced not out of business, but like they lost all their Epic customers. And so uh with antitrust, there's some weaknesses because of Trinco and do the deal, uh, they make it hard, make it really hard to use a tool. But the information blocking, you know, that that's made that's proving very effective, as we've talked about with real-time medical, with Intuscare, with um Bine versus Henry Shine. And so that could be a biggie because this is that is proving quite strong across those cases, and this is the nation's largest CHR. And um, the brief doesn't have all the details of their behaviors, and so as that comes out, uh they could be in deep trouble.
SPEAKER_01Yeah, well, and that's super helpful and it actually leads us really nice to the next question, and that is really what are these cases doing to the law and how the law is developing in this area? And I'd like to frame it up a bit from a legal perspective, and then I would like both of you to react. So, one of the oddities in this area, of course, is that the information blocking rule itself doesn't create a private right of action. But of course, that doesn't mean that the information blocking rule doesn't matter. It's it's almost the opposite, right? What we're seeing is that these information blocking concepts are migrating into other legal theories, and they can show up in unfair competition claims, tortuous interference, contract, antitrust theories, um, and even like disability access theories, and of course, disputes over network governance. So I think the question is not really you know, can a private plaintiff sue directly under the information blocking rule? The more practical question is can the facts that look like information blocking support some other cause of action? So, Brendan, with that frame up, I'm curious from your perspective, what legal theories are proving the most powerful so far from an industry perspective?
SPEAKER_03I mean, the state torts of the unfair competition claims are proving extremely powerful, right? see with real-time medical, they got through the district court, they went up on appeal, they got through appeal, and now they're in, you know, are they gonna sell or not? They've been sort of dancing around that for a while. But like, you know, it's a it's affected real change. Like Point Click Care has gone and changed their development programs in the past couple weeks to allow for um authorized screen scraping that is a direct response and like a pot in some ways a positive response. They're acknowledging an integration pattern. There's debate about whether it's price right and other things, but like stuff is to say there's been real effects on the market for implementers for operators. And so you see that and so if you choose the right venue and you choose the the right states right because not all state laws created equal. So if you're in Maryland or California or Tennessee, which now has real um teeth in terms of legislation that tie information blocking to unfair competition, well you you have real legs there. You can really um you really have a chance. Now if you do it in states where it's weaker like a Utah or Texas uh not weaker but just you know less uh far reaching you're gonna have a tougher look but still you know uh I think uh it's more powerful there's there's definitely more upside to it than other theories we're seeing.
SPEAKER_01Yeah and and that's my read too and I would say for I think a lawyer is advising clients in this space I think the important point is to not overcomfort yourselves or your clients with the absence of a direct private right of action because courts are still going to consider federal interoperability policy when evaluating whether conduct was unfair, unjustified exclusionary pretextual or just contrary to recognized industry obligations. And that doesn't mean that every denied access request becomes liability but it does mean that you know the reason behind these denials and these practices matter and the documentation matters and the technical facts matter and whether or not you know your client has a real privacy or security concern mattered. And it needs to be well supported. I think that's one of the things we're learning from cases like RTMS and from Vine and these other cases.
SPEAKER_03So now let's talk about uh some of the weaker theories so Brendan where are plaintiffs having the hardest time antitrust is just a hard look for not just EHRs but systems of record right in any industry these these brains of an organization since Oracle since Microsoft like these cases like the way you segment the market they're not hitting the market penetration that you get the sort of like Dorkian levels of um market uh dominance that you're getting 70% or 80% uh and so that's hard it's hard because um so market definition becomes hard in terms of like segmenting and gerrymandering the market to get to where you need to um and then duty to deal becomes hard right you have API programs and things like that are you know collaborating with competitors and so so in the antitrust world you don't have a duty to deal and so we've seen information blocking inserted to some of these antitrust claims as like okay well this may mean that you actually have to play ball with us but I I don't think that stands up to black letter um you know duty to deal and and trinko style precedent. So I I think for those reasons even though you look at these markets and you're like the incredible market power that EHRs have because of the way that this type of software is almost indispensable to businesses means that the they fail the S NF test like even if Epic Athena Eclinic works you just want you you can change you can raise prices nobody's gonna switch so like in that way you look and you're like this should be antitrustable but then these other measures make it really really challenging versus you know I like the cleaner more novel information blocking via state's work book.
SPEAKER_01Yeah and I I think all attorneys kind of know antitrust is a slog it is uh dense and complicated and there's a lot to do there. Amy I want to bring you in here so what are the implications of courts recognizing violations of the information blocking rule or you know using information blocking conduct as the basis for other state and federal claims on you know companies who are operating in the space how how are companies thinking about this I think the the first thing is that it's talked about a lot more so everyone is aware of information blocking and and you know some generally aware of it at least and and some of the the requirements some of the exceptions and I think when you see what we're finding is with a with the introduction of these state claims you're having people say oh wow okay on one end you have have a government that has not historically enforced uh the rights that they have to enforce information blocking um but you are now then looking at active cases within the legal system.
SPEAKER_00So I do think it has organizations being very mindful of this concept in a way that prior to these these state proceedings, um you know it there just there was there was less concern, there was less attention. Because it is another avenue and it is a direct avenue it's a private right of action um and if some of these cases end up being successful based and which we've seen um we can expect that this to be continue to be something um that is used in in a variety of different claims going forward. So I think generally speaking it's just saying hey you know this is this is real we need to pay attention to it in a way that presumably will also happen if the government starts enforcing um this regulation. But I think that that's probably the biggest takeaway for me.
SPEAKER_01Yeah it's not just a regulatory or compliance risk anymore it's a very real litigation and business risk. But let's uh switch gears a little bit and talk a little bit about the national frameworks for our listeners can you briefly remind us what we mean when we say national frameworks and how those frameworks are designed to handle disputes over is the information sharing appropriate?
SPEAKER_00Sure. So uh interoperability is kind of a small area of healthcare that a lot of a lot of attorneys, a lot of organizations don't know much about and so when we're talking about national interoperability, these national data networks we're talking about networks that have been put together in a variety of different ways and briefly talk about the different types of networks, but really they sit at the national level and allow for organizations to connect to each other in a way that allows an epic provider to get uh to get access to a patient's medical history that may have, they may also see doctors that use Athena. So really think of it as instead of picking up the phone and requesting a fax for those medical records, that you have the ability to procure that information electronically. So when we're talking about national networks we're talking about Commonwealth which supports Athena and and other types of organizations smaller EHR organizations. You have care equality which is something that was spun up and supported by Epic and then you have the trust uh you have TEFCA which is the trust exchange the trust exchange framework and common agreement which is the government endorsed framework that was contemplated by by the Cures Act. All of these function to provide access to this data with one very clear limitation which is that this data can be pulled from these networks for treatment purposes only. So if you think about HIPAA, HIPAA allows for use of this data for treatment, healthcare operations and payment purposes but these networks operate on a level right now hopefully there's expansion you know in the future but right now they operate where you can only pull this data for treatment of a patient. So if you have an upcoming appointment for example and you would like to do you'd like to understand as a primary care provider what has what has your patient been doing in the last nine months to understand what they're doing and be able to just you know kind of hit the ground running is an example of how you'd use it. Value-based care organizations, it's very important for them to to understand where their patients are and that longitudinal record becomes really critical. So those are just some examples of of how these these networks are useful. These networks have an overarch each of them have overarching terms and conditions that govern the use of their networks and there's a variety of different terms and conditions. If you take a look at TEFCA you'll see not only are is there a common agreement but there are handfuls of standard operating procedures that sit underneath that common agreement all of which are are there are a lot of words um that's the most legal way I can use to describe it. And so one of one of those areas so you step back and you think okay well how how what happens in these networks if something goes wrong and one of those things is a dispute resolution process. And so each has their own process it could be you know it they all operate a little bit differently but it really is something that there is supposed to be mechanism in place that if something goes wrong on these networks, there is the ability to handle it at the network level um and and so that that exists uh and I think that is used with varying degrees today.
SPEAKER_01But ideally um when there is a dispute about like whether you're accessing it for treatment right or another permitted purpose should they expand the first line of response is not necessarily a public lawsuit right it's supposed to be about governance under these frameworks and their standard operating procedures like the idea is you report it there's an investigation maybe escalation maybe there's suspension cure period maybe there's some dispute resolution that goes on I know we saw a little bit of that happening before Particle ended up filing a lawsuit against Epic. Is that kind of like a fair description of what is supposed to happen?
SPEAKER_00Yeah so I think um and I'm I'm happy to go into some of the the the results of having some of these things be so public. But yes first and foremost there's supposed to be a dispute resolution mechanism as I mentioned each is slightly different but they all operate under the same concepts where you really are resolving these disputes amongst participants in a way that you know keep things legitimate, continues to instill trust, but also gets to a resolution of potential issues. And so that's what it's set up for and that's how it is intended to be used.
SPEAKER_01So what happens when I guess maybe people get impatient or don't want to use that process and instead of going through framework governance we end up with public litigation.
SPEAKER_00What's kind of like the outcome or impact on the industry of that it's been a bumpy two years since uh the particle ethic uh lawsuit came out I I think um you know Googling interoperability uh for anyone who's not familiar with it is going to at some point run into one of these lawsuits and and the potential ramifications that these lawsuits have had on this particular industry. So if we take a step back and think about okay what has this done so one it has increased caution I think that goes directly with um I collectively uh organizations people that are part of these organizations and converse conversations talking about a degradation of trust so when you when you see these things in uh you know so publicly you assume that there are lots and lots of bad actors that exist out there and and don't get me wrong there you know allegedly uh there are some of those bad actors on these networks um but it's really increased the amount of participant onboarding and betting that is required to participate in these networks and I'm not saying that that necessarily is entirely a bad thing but what it does do is it really slows down that access. It really pushes some of those organizations to expend additional time, energy, money to try to get themselves up and running on these networks in a way that wasn't required earlier. In TEFCA you're seeing a lot of these SOPs take very aggressive positions on how you deal with the purpose in which people are using it. You're seeing a revisiting of what it means to provide treatment what does treatment mean? Those types of conversations are coming up and and you have a lot of people with a lot of opinions um you know of a variety of different kinds but it it it opens the door to a lot more interpretation and discussion. More attention to suspension uh more pushing the button on whether or not an actual treatment relationship exists. I'm not again I think some of this stuff is great. We're doing a better job of understanding who are our participants on these networks and why are they participating. But at the same time it's also catching some of these providers in the fray and it's causing a lot of angst and stress and and I think frustration across the board. I also think you know it's it's causing a lot of confusion from a legal perspective on what happens if something goes bad. So or not bad something goes wrong if if if you run into someone who has misused the network either because of it's a contractual um it's a violation of the contract that they committed to when they onboarded to the networks or if it's something where they're using it outside um of of those per those allowed um uh HIPAA those allowed uses under HIPAA. So suddenly you're talking about breach reporting you're talking about potential um reputational exposure i mean certainly if you've if you read the complaint um the the epic health girl a complaint you you have a variety of different callouts about health girl as an organization but then also you know the the uh co-defendants that are their customers um all of which is a lot of information about organizations um that is all in pub in the public record uh and then finally i i think it it leads to a lot of questions and how do how can we do this better what are we doing where are we going forward from this um you know you have a certain you have your providers that are worried about the liability risk and exposure they have you have other organizations that are getting caught off from access um to information that are critically important to serving patients um right now you have in TEFCA you have organizations that are free clinics that cannot access uh data so you're you're we're having to walk a really fine line um about what it means to to transact safely on these networks while also making sure that patient care isn't uh isn't impacted.
SPEAKER_01That was a really long uh answer is that what you were looking for there's a lot of notes hit there but I think that's true. And there's a lot of soul searching going on right now for the national frameworks. And I think one reaction to that as you were pointing out is like well let's really lock it down. But that has negative impacts on interoperability. So I kind of wanted to bring CMS into the picture here because while we have this angst going on and this kind of lockdown on who can participate in these networks and for what purposes and what are we going to do to make sure that this is all true. We have CMS announcing you know the digital health technology ecosystem it's built around strictly voluntary alignment around data networks, EHR systems, app developers, providers and innovators and it specifically includes folks who are not regulated by HIPAA, right? And CMS describes this as being market friendly and is designed to advance data access without creating the type of regulatory structures or barriers to making this data interoperable. And I'm curious if you're seeing or not seeing how these litigation developments are affecting the CMS align network initiatives as compared to what we're seeing on TEFCA and Carry Quality.
SPEAKER_00They definitely are um so you have uh a large EHRs that are also participating in the CMS Align network that have customers that are are are data holders that want to participate in CMS Align network because it expands the use cases beyond the treatment requirement that I talked about with other national networks. The problem being is with that expansion or even just you know with the same types of use cases, the question is is how do how do providers get comfortable with participating in CMSNLA networks knowing that it is set up to be different than the national networks and how they operate today. So the trust piece for example CMS is really pushing for a lot of technical trust um and so that's it's been interesting to see how providers have responded to this concept of technical trust as opposed to you know the manual vetting processes and the the additional required pieces of information that are required for onboarding to for example TEFCA. What I do see is you know CMS wants to move fast and they they want this to work and they want to expand the use cases and I think generally everyone's aligned on that. You know there's a there is a lot of litigation in this space right now. And so it is really difficult for organizations to feel fully comfortable moving forward at this speed without wanting to involve their legal teams to make sure they understand what the risks are of the approach the CMS is taking. And I think that's currently where we're at in trying to get this off the ground is how can you do this and ensure that organizations that you know specifically those data holders of patient patient data feel like they can use this in a way where they're not um they're not gonna end up like they see publicly where they're not going to end up with that breach exposure where they're not going to end up with with bad actors accessing that data. And so the the thought processes the fears that are that are that you're seeing in the national networks are are all they're also finding their way into CMS line network just I mean just because of of the realities of of the extent of the litigation um right and and that breach risk is real right I think sometimes people don't pay attention to some of the data breach litigation that was the fallout of Epic suing health gorilla like after all that happened and then we have guard dog admitting to certain actions on the network we see a number of plaintiff based class actions of patients you know suing not just health gorilla but Epic and the healthcare providers saying these were data breaches and you didn't tell us about it and you didn't protect our information.
SPEAKER_01So that that breach concern is very real for healthcare providers. And I think the takeaway is this picture is exceedingly complicated both legally and from business perspectives technically and operationally I think litigation is is helping to clarify some rules especially when we don't have any regulatory enforcement I think it is making everybody more careful more contractual I think in some ways and and honestly more afraid. So I do want to try to close out from here with some practical guidance for the industry kind of some takeaways on on what we're seeing coming out of the litigation.
SPEAKER_03And Brendan I wanted to start with you and with technology innovators I think it's fair to say that for smaller innovators this environment can feel pretty pretty brutal you know they need access to the data to build their products and they may be viewed by suspicion by incumbents and by providers and by networks but you know a lot of them are coming from wanting to solve some real workflow problems be it for a provider or for a payer or for a patient but a lot of them probably don't have the leverage or the legal budgets or the institutional trust of our large incumbent market players right so what are some of your suggestions to innovate innovators who are operating in the space or looking to kind of enter these waters I mean I see optimism in all of this right like you got two classes of cases you have the HIE cases you have particle health guilla and uh dj that's a messy little sequence right there and you're bound by those network rules and the networks can't really figure it out and we have to think that's hard. I don't but like the optimism is the other the other side of the point is like if you're building four providers in cool solutions and innovative solutions, you have a superpower that no other industry has. If you're building a point solution in construction technology or property management Or um, you know, cemeteries, like whatever. Like there's always an EHR-esque solution, a system of record, and they just say, get the hell out of here, right? You go to a restaurant and Toast says to you, Hey, point solution, you can't connect to my API unless you pay me a million dollars. That and there's no duty deal. That's that's that's every other industry's status quo, and was healthcare's until two years ago, until real-time medical made shit real. And so the reality is now point solutions innovators have the superpower to go and ask for and demand the access when they have providers on board. And so I've I've seen tremendous success like in point solutions utilizing that to get permission to do RPA, to get private APIs, to get a technical how so that they are not foreclosed from competition with the bundled solution. So for the innovators doing on that side of the house, like there's never been a cooler moment to go build and compete. Um on the HIE side, I don't know. I'd probably stay away from all that. That's my uh rah-rah optimism.
SPEAKER_01I love that. Uh it it definitely does, I think, feel like a super power for those folks. Um, but Amy, let's let's move on to providers who I doubt see it maybe as a superpower, but maybe they do. Um, I personally think providers are in a more difficult position because they're the ones whose patient data is being exchanged and they are the ones who are subject to a lot of these very stringent privacy laws like HIPAA and the state privacy laws. But they also have those information blocking obligations. So when somebody comes knocking on the door for the data and they're holding their IBR sword, uh, you know, providers have to, they're regulated by this and have to respond. And, you know, I think it's fair to say that a lot of them are relying on their EHR vendors and their participation in networks and exchanges to help them meet these requirements, right? But they the providers might not fully understand how those networks work. So this is complicated for providers, and we have to remember they're supposed to be here to do patient care, right? They're not here to solve interoperability for us. What should providers be doing now, Amy?
SPEAKER_00Uh learn the ins and outs of interoperability. Just kidding. Uh I I think um it's a great question because it's a hard question. Uh, you're right. I I do think there is reliance on EHRs. Um, and I think that there is, you know, as I as I stated earlier, this is a pretty niche area of healthcare in a way that and and frankly is pretty, pretty complex. So um, you know, ideally these providers are supported by legal teams that understand how complex this is and have the ability and hopefully the resources to be able to go out and and truly be able to understand what's going on in this industry and figure out exactly where those risks and rewards lie. Um, and so that would be, you know, obviously someone like you uh that they you should be able or hopefully would turn to to be able to understand and really be able to navigate uh some of the challenges that are happening in this this industry. I, you know, I think about my time at Nebraska Medicine as um as an in-house uh attorney. And um if I would have known what I know today, I I really feel like I could really would have been able to help provide you know guidance. Um, but it is it is a complex area and there is just a lot going on right now. So I don't know, Brendan, what do you think?
SPEAKER_03I just uh the I think there's an optimum uh silver lining uh optimist thing here for providers too, which is if we believe that the point solutions now can compete with EHR's bundled offerings, that means more choice, more competition, lower prices, more innovation for providers to choose from from their tech vendors. So that's cool, all all while they're they're getting hammered from information blocking requests from patients. Like that's not great, or you know, but like more choice in terms of technology is the pro-competitive dream, like viva America, like yeah, let's like let's go. Like that that should be the the cool part of us all.
SPEAKER_00I mean, that is true. The one thing this is what I will say, you know I started becoming intimately involved in this area of law about I don't know, three years ago, let's say. So um come a long way since then and and what I know. What I can tell you is when I started in this area three years ago, there wasn't there were there were experts, but there wasn't this driving need to understand that you're seeing. I mean, there is a massive increase in interest and knowledge in this space in a way that's being it is being driven by uh you know more more organizations than ever are on these national networks. You have CMS aligned um or the CMS Hell Tech ecosystem is driving interest in a variety of different ways that just you know by default makes people think about interoperability. So um that doesn't necessarily help, you know, the provider, you know, the question, answer the question, what is what does the provider need to think about moving forward? But I do think we see a lot more interest in this area and we see a lot more knowledgeable people in this area. And so hopefully that just, you know, that knowledge permeates across the industry in a way that I think hopefully will really help providers in the long run.
SPEAKER_01Yeah, and that knowledge is both of you. And that's why like these webinars and these podcasts are so important. And I want to thank you both for sharing your knowledge because this has been terrific. And I think to sum it up, it's fair to say that all of this is happening not in a straight line. It's coming from all over the place. And from a litigation perspective, this is not as simple as courts are enforcing this or they're not. What we're seeing is a very nuanced approach with court decisions that are very nuanced. And that, you know, Amy, to your point, is gonna make all of this more complicated as regulated actors are gonna have to not only pay attention to what's happening by our regulators, but also what's happening in the courtroom. Because these information blocking concepts are fueling the litigation. The courts are paying close attention to the technical facts and it's driving their decisions. Um, and I think it's important for us to take away, you know, Brenda, to some of your points, that the antitrust component of this is important, particularly as it as it relates to promoting innovation here. But boy, it's hard, right? These cases involve market power and platform control, but the plaintiffs still have to prove things like markets, exclusionary conduct, and harms in ways that courts can actually understand. And our environment doesn't necessarily lead itself to traditional antitrust perspectives. And the other big takeaway, I think, for our listeners today, based off this discussion, is our national frameworks are under a lot of stress. Amy, you really helped to illustrate that and what's happening. Yes, litigation can expose bad behavior and it can clarify obligations, but it is also chilling legitimate exchange if our participants, particularly the data suppliers, are too afraid of the downstream risks. So, what is the practical path forward? It might end up being things like better data governance to make data exchange not only more trusted, but let's be honest, it needs to be more explainable. We should be able to explain this in plain language to courts when courts ask, but also to the folks who are using this, right? Um, we need it to be accountable, but we need it to be accountable in ways that is not freezing the very access that the no information blocking rule and these CMS initiatives are trying to end, right? They're trying to end information blocking and make it so that this data is shared when it's when it's supposed to be. So, Brendan and Amy, uh, thank you both for your time today and for this discussion. You brought very thoughtful perspectives. And I also want to thank um the podcast listeners. We hope this will help orient you to where the litigation stands and really to watch for what happens next. So thank you.
SPEAKER_02If you enjoyed this episode, be sure to subscribe to AHLA Speaking of Health Law wherever you get your podcast. For more information about AHLA and the educational resources available to the health law community, visit American Health Law.org and stay updated on breaking healthcare industry news from the major media outlets with AHLA's Health Law Daily Podcast, exclusively for AHLA comprehensive members. To subscribe and add this private podcast feed to your podcast app, go to americanhealthlaw.org slash daily podcast.