I have been really excited over the last few weeks as our national discussion around healthcare standards and data exchange have taken on a real world quality that has felt lacking in the past. But change is hard to make stick, and John Halamka's blog today about audit trails is a reminder that we all need to stay engaged in the process.
To be clear, I'm not going negative here --- John and the committee are being super-thoughtful and we completely need to have the discussions about, for example in this case, what level of auditing is required to enable useful exchange.
The right starting place for that discussion, though, is to go back to the "start simple" mantra: what is the minimum set of requirements necessary to enable useful exchange? Any given requirement should start with NO and prove its way to YES, rather than the other way around. "It seems useful and doesn't seem that hard to implement" should never be a reason to add a requirement.
I have made a career out of building things that are step in front of what people are asking for. It turns out that the trick to doing this well is to implement things a little at a time - explicitly not trying to solve the entire problem with the first bite. This makes two things happen that otherwise simply don't:
The way I measure success in these situations is when people tell me that something I've built is "totally broken" because it needs to be improved or extended --- especially when I can say, "Yep, here's the roadmap we've been thinking about for that." This outcome means that I have made it around the first corner --- people now "get it" and understand the value of something new.
Data exchange in health is going to be the same way. The best, most important, incredibly great thing we can do is get real data moving for real patients. THAT legally-tractable audit trails exist is critical. But HOW those audit trails are captured and formatted is simply not a prerequisite. All we need to know is --- per John's option #3 --- if there is a breach, investigators will have the raw material they need to conduct an investigation.
If we do this --- I will with some admitted arrogance predict the pattern that will ensue. First, we will get to real exchange more quickly, and we will see real benefits to the nation. Second, people will start saying, "This sucks! Every time I have to coordinate audits it's totally manual --- why can't we have some kind of integrated repository?" And that argument MAY justify the costs of consensus and implementation. At the very least, we will have more information in front of us to make the call intelligently and an easier discussion about what the right approach is.
This is a drum I will keep beating - start with NO, implement incrementally, and keep learning. There will always be folks wanting to add more to the pot, using "not that hard" and "solve it now so you don't have to revisit it later" as their arguments. All advancement leaves a little legacy and the world is always a little messy - that's OK!