AHA Slams MU Patient Portal Requirement, Pundits Slam AHA

As readers know, CMS is now reviewing comments on the proposed rules for Stage 2 Meaningful Use.  Not surprisingly, one of the reviewers who’s sent in a critique is the American Hospital Association (AHA), which a few days ago sent a 68-page barrage complaining about the burden imposed on hospitals by on Stage 1 MU requirements.

Yesterday, the AHA made another MU move, this time slamming CMS’s Stage 2 proposal that hospitals be required to offer patients access their protected health information via a portal.  As I noted in the previous post on AHA, I’m surprised at how late to the game AHA is — trade groups like these aren’t known for their delicacy — and this notion has been in the air since well before CMS made it an official proposal.

Anyway, in its current letter to CMS on portals, the AHA has given them a big thumbs-down. “CMS’s plan is not supported by current technology, raises significant security issues, and goes beyond current technical capacity,” the group argues in its issue brief.

The AHA argues that with systems integration levels still dicey, hospitals are being asked to offer data in a way that may end up violating HIPAA. (Unspoken additional thought: “And then you’re going to blame us, aren’t ya, huh, you meanies!”)

Since AHA issued the statement, talking heads have popped up to bash the AHA’s position, arguing that the hospital group is dragging its feet just as the most important part of the work has begun, i.e. empowering patients to share, use and benefit from their own health information.

Well, yes and no. While I’m known for ridiculing the trade group talking heads in this business, I’d wait just a minute before we declare the AHA to be the bad guys here.

On the one hand, I can see where people are frustrated with hospitals picking this moment to complain about the task at hand. It’s not as though they’re hearing about it for the first time.

On the other hand, creating a really bulletproof portal is no joke, either, and there’s definitely some truth in the notion that making it everything it should be is very tough.  Hey, there’s no point in denying it; creating a patient portal may remain a part of MU Stage 2 requirements, but it’s not going to be a walk in the garden for hospitals.  Let’s not come down on them too hard if they flinch.

About the author

Anne Zieger

Anne Zieger

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.


  • …creating a really bulletproof portal is no joke, either, and there’s definitely some truth in the notion that making it everything it should be is very tough.

    No, it is not a joke, and it is not core to the business of making people healthy. Hospitals should not be expected to create portals, and arguably shouldn’t be hosting them either. Portal vendors like Healthcare Anytime and Medfusion offer cost effective, hosted solutions that work with virtually all EHR vendors. The effort required for automated delivery of health data to a portal vendor is relatively insignificant while the benefits are likely to be substantial to patient and payor alike. I don’t see a reasonable justification for AHA’s panic and fear. Every other industry seems to understand and embrace the benefits of customer self service and business process automation.

  • I beg to differ. I’ve been a patient often enough to know that as a patient I’m the last person to know what’s going on with me, let alone have useful information after I finally check out. A portal is just an add on to what should be a robust, up to date EHR system. If the data in the system is good, giving ‘me’ a way to see it shouldn’t be a big deal. Mind you, I’m not asking for a terminal attached to every bed, but at least when I leave, I should be able to view and print out what I choose, send that info back to other doctors, save it to my PHR, and even check the billing for the $20 aspirin I was never actually given. And if I have a laptop with me, I should be able to login within the hospital – and maybe, there should even be a terminal here and there around a hospital that patients can use if they’ve established a login.

    The problem here is that hospitals think that patients shouldn’t really know what’s going on. And that’s not acceptable!

    Now mind you, I don’t care who provides the ‘portal’ – as long as I can easily get to my records in real time or very close to real time. Maybe the hospital IT department provides the portal, maybe the EHR vendor supplies it. WHO CARES?

  • The AHA is dead wrong to oppose portals and “Blue Button Downloads” of health data.

    Patients have longstanding rights to obtain complete copies of their medical information (with some exceptions for mental health records), but it was time consuming and expensive in the paper age. There is no excuse now. Technology should be used to make downloads simple for patients.

    MD Anderson Cancer Treatment Center in Texas has been allowing patients and (with consent) referring physicians to download their records via a portal since 2009. The VHA’s Blue Button Initiative is wildly popular and over 1 million records have been downloaded. The ideas that it’s too hard, expensive, or unsafe are nonsense. The Automate Blue Button Initiative (ABBI) is critical to excellent care because patients can correct errors and seek second opinions.

    FYI–obtaining your OWN records does NOT violate HIPAA. As far as the security risks, the hospital industry has been terrible at protecting data security and 80% still do not bother to encrypt data. How about the AHA fixing the terrible track record of hospital data breaches before worrying about whether patients may not secure their PHI?

    Patients also have longstanding, strong rights to control who can see and use PHI—–which the AHA and industry have also opposed.

    Institutions totally control the use of sensitive patient information today, which violates patients’ legal and ethical rights to privacy. This right should be exercised via informed electronic consent–today’s blanket advance paper consents are illegal: you can;t meaningfully consent to the use of health information that does not exist yet.

    It’s time to start building the patient-controlled health IT systems and data exchanges the public expects and has rights to. Corporations and institutions that ignore patients’ rights will fail; over 95% of the public wants to decide who can see and use their health information.

    Deborah C. Peel, MD
    Founder and Chair, Patient Privacy Rights

Click here to post a comment