Epic Systems has introduced a new data-sharing feature aimed at enhancing patient access to health information and improving interoperability for healthcare providers.
Launched on August 1 for Epic clients, the feature allows patients using applications such as health coaching or medication reminder apps to import their health records directly into these platforms using their Epic login credentials. When patients release data to an app using their Epic credentials, they see an educational screen detailing the information being disclosed, ensuring they are comfortable with their decision.
Given the sensitivity of patient data and HIPAA protections, it's crucial for patients to know where their health data is going and if it will be protected. While some apps comply with HIPAA, many do not. To address this, the HHS allows apps to voluntarily participate in the Trusted Exchange Framework and Common Agreement (TEFCA), a national health exchange framework promoting interoperability and patient care by agreeing to comply with HIPAA. Qualified Health Information Networks (QHINs) like Epic, part of TEFCA, can inform users whether an app is a HIPAA-covered entity, part of the federally endorsed network, or neither.
However, this isn't a completely new venture for Epic. Matt Doyle, a software developer on Epic's interoperability team, told Becker's that a few years ago, Epic introduced API services that allowed individuals to connect MyChart, its patient portal, to various apps. The challenge with this approach was scalability.
"As a patient, you need to connect each MyChart app individually, which can be cumbersome if you have multiple apps," he said. "For instance, if you receive primary care at one location and hospital care at another, you must remember and manage these connections separately."
This new feature simplifies the process. TEFCA provides a directory of participating providers and hospitals and a record locator service. For consumers, the system can automatically find the locations where they've received healthcare and prompt them to link data to the app.
"Instead of remembering and managing each connection individually, the app can notify you, 'We found records at these locations. Would you authorize them to share data with the app?' This significantly reduces the cognitive burden on you as a consumer," Mr. Doyle said.
For hospital and health system executives, this new feature promises to streamline IT workflows and enhance data privacy.
"TEFCA offers a single legal agreement and framework, reducing the complexity of managing multiple data-sharing requests," Rob Klootwyk, Epic's director of interoperability, told Becker's.
He also emphasized the importance of privacy, noting that apps participating in TEFCA voluntarily comply with HIPAA standards, even if they are not covered entities.
Mr. Doyle agreed stating that TEFCA is normalizing patient privacy and making it a priority.
"This standardization is reassuring for privacy officers at hospitals and provides patients with greater transparency and control over their health data," Mr. Doyle said.