Podcast

speaker-0 (00:00.898)
This is On Background, a deep dive behind the scenes with Health Policy Insiders. Please note, everyone on this podcast is representing themselves. No one is speaking on behalf of any corporate, academic, or governmental entity. We’re just all nerds talking about healthcare. With Steve Perente, Matt Stoll, and our mystery health policy expert, JJ.

speaker-0 (00:25.024)
And we are back episode two of On Background. For this one, today we have Karen Mandelbaum. She is senior counsel with Epstein Becker Green in Washington, D.C. Karen, thanks for coming on today. Appreciate it.

speaker-1 (00:38.168)
Thanks, Matt. It’s great to be here. Thanks for inviting me.

speaker-0 (00:41.196)
So what did you do in former life in the US government?

speaker-1 (00:45.55)
So back in 2012, when the Affordable Care Act was being established and the marketplaces were being stood up, I went to work at CMS. My plan was to go and work in issuer oversight, which was a part of society that was going to, I was going to be able to utilize my masters in healthcare administration that I had gotten, had just gotten at the University of Minnesota. But when I got there, they decided that I was better suited to stand up the privacy program.

for the marketplaces. And so I was plunged deeply into the world of data and information privacy for the federal government. I stood the program up. We wrote computer matching agreements with seven different federal agencies and state governments. And we put together the minimum acceptable risk safeguards for exchanges. And after that, I went to work for the chief information officer. I was his special assistant for data privacy. And then they asked me to be the

Director of the Division of Security and Privacy Policy for the agency. So for about five years, I helped integrate the cybersecurity program with the privacy program at CMS. And in 2019, I came to Epstein Becker to come back into private practice, which is where I am now.

speaker-0 (02:05.208)
So how did you transition your government experience into private practice?

speaker-1 (02:11.0)
So at Epstein-Becker Green, the Epstein-Becker Green is a law firm of about 300 attorneys. There are about 17 offices across the country. There are two primary practices, healthcare and employment. And there is a cross-practice group called the Privacy, Cybersecurity, and Data Asset Management group within the firm. We’re a group of attorneys that have expertise across both

practice areas. And so part of the time I spend my time working with providers and payers and health IT companies on healthcare related issues. And about half my time I spend working with the employee benefits part of the firm. And I work with group health plans and the HIPAA and privacy requirements that they have to comply with.

speaker-3 (03:01.422)
So that’s a lot. I, Karen, thanks for joining us. So it’s the question I want to get to you, given that broad experience and everything else like that is really related to a lot of the health IT stuff, which going way back, I believe there was a time, I think, I know you were graduated by that point, but I kind of, I’m not sure how we did this, but basically I said like, we need to write an article about all the cost savings that health IT will come up with. And we only have five hours to do it.

Can you help me? And I guess the question I have, cause now interoperability was a term back then. You clearly got involved with all the stuff that was ready to data sharing, but I want to talk about the money that went into high tech, which was, I forget what it was, it 32 billion in the end.

speaker-1 (03:43.064)
So I actually think it was more, I think it was about 30. I’ve seen numbers like 35 billion, 38 billion. It was in the high three billions, but the money keeps on rolling. It’s a great question. So I don’t want to correct my professor, but it was while I was still in school. It was kind of historic what we did. We wrote the, we put together the first cost benefit analysis for David Brailler.

when he took the position as the first national coordinator for health IT after that office was set up at HHS. And I think that there was a larger paper that was prepared for HHS, but we just did the cost benefit analysis on the impact that a national health information network would have on reducing fraud. was probably like, you know, I could probably win an award for being like a health policy wonk. It was probably the most fun I had.

So yeah, it was great. We spent five hours figuring out what the four models of, you know, like, or the four phases of, you know, achieve interoperability would look like and how it would impact and reduce fraud. And we modeled it after the financial services industry. We used that as an example. And it was great fun. And then we got our article published.

It was published in the hymns, I think it was like in 2008. But your question about the money and the HITECH Act is really an important one. I think it’ll get us really deep in the conversation about interoperability. The money that was given to providers to really basically like take up electronic medical or electronic health records, it was a huge incentive. Billions and billions of dollars were poured into it and most

providers, not all providers, most providers. And there are still some providers that never got money, incentive money, and still can’t get incentive money, don’t have the opportunity really to get incentive money, because they don’t have quality measures to report to CMS. So what happened was after the money kind of, you know, that money ended, in 2015, Medicare, there actually was MACRA, it was the

speaker-1 (06:05.996)
Medicare, I don’t remember what it stands for, but MAGRA introduced the quality payments program, which extended those, I guess I’ll say it extended the incentives, but it also got rid of the annual increase to the Medicare fee schedule. Like the fee schedule keeps on getting updated, but the increases, those annual increases that Congress used to have to pass, no longer get

You know, that doesn’t get calculated that way anymore. It gets calculated by the providers, the hospitals, and by the providers, the individual providers that report their MIPS and APM measures, and that’s how the money flows still.

speaker-3 (06:48.654)
So I’m to take this opportunity to call out a new co-host for our program here, JJ. JJ is a health policy analyst who’s worked with all of us for a number of years. JJ’s shrouded a little bit of mystery. I’m going to reveal not PHI for JJ, but a question, a hypothetical. So JJ, I just want to say hello to Karen for a second. I know you guys will go way back. We don’t want to say exactly what.

what bar you guys are last in, if you wouldn’t mind.

speaker-1 (07:21.048)
Karen, it’s so nice to see you. It’s great to see you too. It’s really been a long time.

speaker-3 (07:25.422)
So here’s the question I have. know, JJ, your parents still live in upstate New York. And if I recall, they used to go down south as snowbirds from time to time. Was it somewhere in South Carolina, if I recall? I OK. So this is a common question. Here’s a question, like real world stuff, because we’re throwing a ton of acronyms out, know, macro. could talk about the doc fix and societal. I I think, we’re going to have to worry about having like a running glossary that like runs with this thing that goes along.

speaker-1 (07:37.678)
would have Myrtle Beach most consistent.

speaker-0 (07:54.894)
It’s just about to say, yeah.

speaker-3 (07:56.852)
So, but the question, Karen is like, after all this money, billions of dollars spent, lots of investment, everything else like that. If JJ’s parents have to go into an ER in Myrtle beach, can they pull up their records from the city they’re from and upstate New York easily? Or is it all still like the way it was 15, actually 20 years ago is when we actually started working on that stuff. If I recall, Karen, is it better?

speaker-1 (08:22.602)
So the hospital, if it’s connected to an HIE, to a health information exchange, will probably be able to pull up the information through the HIEs. But I don’t think that JJ’s parents would be able to get access to that information themselves. And it’s also possible that if it’s a small or a rural hospital or something like that, that it might not be connected.

to a health information exchange. And so that might not even be able to happen for health care providers. There are some sort of larger networks that connect the various health information exchanges. Every single state at this point has a health information exchange. And there are regional exchanges also that allow providers to share information about patients. But it’s

Primarily providers that share the patient information and not the patients themselves.

speaker-3 (09:23.552)
All right. Well, it sounds like there’s at least hope would be the best way to describe it. So, but I’m going to throw some back, Matt, just to you for a second here. Yeah. You know, I think Matt and I are instructors together for this thing called the medical valuation laboratory. So, and then we just even talked last week about AI and stuff like that with Paul Howard and things like that. I mean, how vital in your role of all the projects we see is everyone makes the assumption they’re going to have access to medical records.

to make their special projects come alive.

speaker-0 (09:55.116)
Well, it’s yeah. we, we see a fair growing percentage of projects involving AI come through or, or training off of medical records or using medical records to make the magic happen. and there is kind of a, a, an assumption that that data is clean and available and accurate. And there’s really no detail on where it comes from or how they’re getting access to it, or if they have to pay someone for it or anything like that.

And then what if they’re looking at competitive products, what their training set for their product is compared to the training sets that other products are using, whether it’s a competitive advantage, whether it brings them to parity, it’s kind of hand-waved to a degree. They just assume they can get it, it works, and it makes their product special somehow or differentiates it in some way.

speaker-3 (10:46.424)
So I’m going to pivot back to Karen. So one thing that you told me about Karen, and you really have been the one really educating me about this, is the 21st Century Cures Act, which I think got passed when President Obama was there. He signed it, but the Trump administration, or Trump won, had to basically put out the rules and regs. But my understanding is that clarified that patients own their own data, all of it. Can you tell us more a little bit about that?

speaker-1 (11:15.96)
So the origins of that start in the High Tech Act from the American Recovery and Reconstruction Act. So when President Obama started his administration and when he ended his administration, he had kind of bookends that dealt with health information technology. And in the High Tech Act, there’s a provision that expands the patient right of access under the HIPAA privacy rule.

and it addresses the electronic health information that a covered entity has about an individual. So any covered entity that maintains information in an electronic format, if the individual requests access to that information, then the covered entity is obligated to make that information available electronically. And they also have to allow the patient or the individual to

direct the covered entity to send that information or to share that information with a third party. As long as the choice that the individual is making is clear, conspicuous, and specific. The High Tech Act is very specific about that language. They’re sort of the magic words that sort of set the data free.

and allow an individual to access their information but also share it at the same time with a third party. So that was really the beginning of this expansion of information sharing. And then the 21st Century Cures Act in the interim, there was this sort of moment, not a moment, but like a few years where the certification program for electronic health records

made data so proprietary and made information in those systems so proprietary that it became really difficult for providers to switch from one EHR to another EHR. It made it difficult to get data out of an EHR and to share with a patient. there was this, ONC ended up submitting a report to Congress about the problem of information blocking, which triggered the 21st Century Cures Act laws.

speaker-1 (13:35.392)
about prohibiting information blocking and mandating interoperability.

speaker-3 (13:40.632)
So that’s, so thanks for that. mean, again, a little bit of all the national coordinator, all the other pieces that go together, but let’s, let me break it down. So covered entity, if I’m right, is that could be a provider. That mean a physician, a hospital, it could be an insurance company too. Right. So does that mean now with that new provision that information blocking is now a thing of the past or is it, or is there. Well, you tell me or tell us.

where it dealt with or is it still in play?

speaker-1 (14:12.846)
I don’t think it’s over yet because number one ONC only had the or they took the authority They established the authority to say that health care providers health information exchanges and certified health IT developers were considered actors when it came to information blocking and information blocking means an interference with the exchange use or access to electronic health information

So it only applies to three categories or groups of entities. So we can take each one quickly, one by one, right? So let’s start with the certified health IT developers. Those are primarily the EHR developers that providers, hospitals use. And what the requirements in the information, in the interoperability rules that ONC passed were that they had to do basically two things.

They had to agree to take out any gag clauses about the usability and the capabilities and the way that the systems that they were using operated. And they had to also, there were two certification requirements for the health IT and that one, they were to design and implement APIs, application programming interfaces, fire-based APIs, that would allow for individual

transport of data and population-based transport of data. Those two APIs were designed to solve the sort of information trapping problem that EHRs kind of put providers into. Has it worked? Yeah. I mean, the APIs are available for the most part. If you didn’t…

keep up your certification as a certified health IT developer, you lost your certification and you’re kind of out of the game at this point. But any health IT developer that remains certified has to have those APIs available for providers to be able to purchase. So it was another way to license health IT to providers. So the health IT developers had another revenue stream and have another revenue stream because they can charge

speaker-1 (16:35.63)
for using those APIs.

speaker-3 (16:38.846)
Let me make sure, just stop for a second. So I mean the API stuff, I forget what says, Advanced Programming Interfacer. What does API even stand for? forget now.

speaker-1 (16:46.974)
programming interface. really what they are, they’re the things that make the apps on our cell phones work. They’re the things that move data.

speaker-3 (16:57.014)
Right. But so here’s the, this is the key that sort of, think I want to pivot now to the most recent announcement that came about Stargate, right? And so, and by that, mean, know JJ and I are very excited because Stargate Atlantis ended too soon. I think they really should have gone forward and made a really connected Stargate Atlantis with the original show. And then we really would have gotten a better, a better answer to that whole, to that.

speaker-0 (17:26.818)
You know, anytime I, anytime I think I’m a nerd, I just, yeah, that’s, yeah, we’re good. Yeah.

speaker-3 (17:37.646)
Well, mean, it’s, it’s, look, I’m more of a Trek guy, honestly. I mean, I, someone asked me today, like how can, can you share information about that? And I basically said like, you know, I’m like that Taylor Garrick in season in Steve space nine, you know, and like part of the obsidian order, but really just a Taylor. And I lost everybody. It’s just like, lost everybody on this podcast, except like, like three people that are suddenly going, I dig big digression.

So here’s the thing, Stargate as proposed as an idea by President Trump and others in the Roosevelt room, sorry, not the Oval. My question is, does all the stuff that’s happened now with 21st century cures, APIs, make the large data models required for AI that’ll find cancers possible?

Or is it still, is there still lots of abrasive qualities left to really make that work? Cause it sounds great. You know, it’s like now we have EMRs, all this stuff’s there. But what you’ve just described, Karen, just sounds like it’s just so still messy, complex and abrasive to make this happen.

speaker-0 (18:46.742)
And just to follow up on that, yeah, because my question was, it sounds like there’s the vision and then there’s what is the current reality of what it actually looks like today.

speaker-1 (18:55.246)
So I don’t want to discount the progress that has been made. And I want to remind our listeners that health care is complex and health data is really complex. And not to oversimplify it, but it’s a really big undertaking. And the siloed nature of health care in this country in particular makes it a little more complicated. But at the end of the day, the fact that

most healthcare providers have access to and use electronic medical record systems and the fact that we’re moving towards and thinking about standardization. So one of the ONC’s projects through both the HITECH Act and the 21st Century Cures Act was to start standardizing data in a sort of a different way than the way that HIPAA standardized data and data transactions. So ONC is

working and developing what’s called the United States Core Data for Interoperability. And it has an annual updating cycle. are advisory committees that allow developers to contribute to the development of those standards. The more standardized data becomes in this country, the easier it’ll be to achieve the Stargate goal that you’re talking about, Steve.

This past year, it probably lasts two years, Mickey Tripati, I’m sorry, he introduced the USTDI Plus, it’s called, for things like cancer and behavioral health, public health, maternal health, and quality. It’s kind of a haphazard group of things, like when you think about it, like there’s no like uniformity to sort of what those topics are. But you know, when I, when I put all that

sort of like, you know, sort of accomplishments and like getting sort of roadmap to trying to get to standardization together. I then think to myself, okay, Stargate could really jumpstart what that is. And what do I mean by that? Give me just a minute to get there. Okay, Steve.

speaker-2 (21:00.654)
you

speaker-3 (21:09.902)
No, you’re good, you’re good. It’s a good pivot.

speaker-1 (21:13.526)
About a year ago, I introduced you to some people that use standards and really use modern technology, like a modern platform technology, but not in this country. But they use it for research and for public health in other countries. And the standards that they use are much more mature than the standards that we use in this country. For research and for public health, the…

thing that sort of gets in the way or that gums up being able to use those open air standards isn’t there, and that is the payment piece of it. So to me, the opportunity for Stargate for there to be investment in trying to kind of use what they’re using, just as an example. Premier Cancer Hospital in England is called the Christie.

And the Christie has a cancer research and treatment program where they use this platform using open air standards to learn from the treatment of the patients. And they’re able to feed into the artificial intelligence that tells them what treatments will be the best for patients now and in the future. me, Stargate is an incredible opportunity to take

Take a look at what USCDI Plus is asking of us and saying, here, infuse it with some significant resources to be able to do this off of a platform that’s actually doing exactly that, either at the Christie, like I mentioned. There is also work being done in Sweden that is groundbreaking on other types of diseases.

There’s even the opportunity to think more broadly about ways that Medicaid agencies could implement maternal health programs in that US-CDI vein. I think there needs to be government involvement. So Stargate is a perfect opportunity. And I kind of feel like there are corollaries that are working in these other places that we could learn from.

speaker-0 (23:35.95)
So if this is a dumb question, Karen, I’m going to blame it on the flu. Why are other countries having more success with standards development than the US?

speaker-1 (23:47.918)
That’s a good question. And I do think that it has a lot to do with the payer component to it. It can’t be completely that it’s the payer issue because there are countries like Switzerland and Australia that are using those technologies, open air standards that also have insurance, you know, products that people buy and have.

I mean, in Switzerland, it’s mandatory to have insurance. it’s not like those countries don’t have those challenges. But there’s a bit of a difference in terms of the way that, I guess, the way that health care is more universally required. I think the ACA went part of the way to solve the problem. And I think that we need to sort of figure out that last part of it. There’s still a piece of this puzzle to solve.

But again, I think that we can learn from what they’re doing in other countries in these sort of like spaces where we can really make some difference in terms of using really clean data like you’re talking about, Matt, knowing that the data is standardized and uniform and that it’s ready to be used for artificial intelligence purposes. It really is the foundation. You can’t really talk about using artificial intelligence.

or building artificial intelligence tools until you really understand the data that you’re using or that you

speaker-3 (25:21.164)
But this is like strategic important stuff though, because I mean, if you think about it, so I mean, okay, the UK, which we have evaluation lab in and Karolinska we’ve had for 10 years, those are friendly places and we see these things there. There are other places that are less friendly where a standard data can move more easily. So I mean, I think this is a really, really vital issue because it sounds to me, I’ll grant you progress has been made.

Karen, so that is, and you were part of that progress to really make it happen. So thank you for your service for that. At the same time, you know, there, I can not help but think, you know, this is just me, not professor had or anything else like that, that just the proprietary nature of the vendors that are in this space and the fact that they are very well capitalized, just still continue, even with all of the standardization we’re talking about, the fragmentation has a reward.

And that, you know, the data people don’t necessarily want to share their data if they can avoid it. it’s, but we are, this is probably a conversation we need to come back to because I think Stargate really, I think you framed it right, Matt and Karen, that this is, it’s going to be a motivator for this thing. JJ agrees because she’s shaking her head and she’s about ready to launch into a riff probably. want to, man, I’m going to turn it over to you, but just to…

wrap the question up with Karen, the whole, we have a lessons learned segment that we’re trying to pioneer and Matt has the much better radio voice. Do I? AJ specializes in the cackle of dissension. So go ahead, Matt.

speaker-0 (27:06.926)
I’ve learned new ways to swear from JJ. It’s been very instructive. So, Karen, what takeaways from government will go with the top three have you brought to private practice and to this field?

speaker-1 (27:18.562)
You know, it’s kind of a weird time because, you know, the government, you know, actually my office is just a few blocks away from CMS and the government is going back to work. People are having to go back to their office and work in the office. I actually never stopped working in the office even during COVID. So I was always a work at work person and I found that going, first of all, I loved working at CMS.

It was really like the experience of a lifetime. I gained a tremendous amount from the people there. And what I found was that a lot of the leadership there that showed up were really exceptional people. And they worked super hard, totally dedicated, and really engaged. And we’re not unapproachable. So it’s a really, it’s an important time right now, I think.

Because even though I think it’s going to be a big transition for a lot of people to go back to the office and to go back into work, I think it’s really important to do that. I think that we were able to accomplish so much because we were there. We were on site. We were there. And we showed up.

speaker-0 (28:33.368)
Steve and I have this conversation every once in a while when COVID hit and we took the lab remote. And as we kind of go back and forth between hybrid and in-person and fully remote models, and just there’s a bit that’s lost not being present with students, with instructors, with administrators. And I just think about how much I’ve learned just crashing people’s offices and asking dumb questions. it’s, yeah, it’ll be interesting to see how that develops.

speaker-1 (29:02.178)
Yeah. But I think that, know, when, so CMS has their location here in Woodlawn, Maryland, like which is just outside of Baltimore, but then they also have offices in Washington, D.C. at the Humphrey Building. And what was really special about working at CMS here in Baltimore was that there were, you know, like the administrator has an office here, not, doesn’t always work out of the administrator’s office here in Baltimore.

but the deputies and then the center heads. So like the heads of the center for Medicare and the center for Medicare and Medicaid innovation and center for Medicaid, you know, I’d bump into them in the hallways. And it was just, you know, it’s just an amazing experience to be able to ask questions and share ideas and, you know, and it really was very special. When the administrators would come, it was also a really

great experience. I think that that’s something that the employees in general do miss out on when they don’t have that opportunity. And I would just say this. Seema Verma was the last administrator that I worked under. And it was interesting because she told a very personal story to the people at CMS about…

interoperability. Her husband needed his medical record when he was traveling and he couldn’t get it. To her, was interoperability was a really personal thing. what she allowed me to do as the Director of Security and Privacy Policy was I worked on the interoperability work group across the federal agencies to make sure that when the Trusted Exchange Framework and Common Agreement was ready to be released and ready to be operationalized,

which is happening now, right? The federal agencies would be able to and willing to share their data and allow data sharing to happen through TEFCA at the federal level. So we had an interoperability work group across CMS that I co-led and it was just really an exceptional experience. So it’s those kinds of things that you learn about leadership that really make the experience special.

speaker-3 (31:20.91)
Well, thanks, Karen, for sharing that. And thanks, JJ, Matt, for engaging in a conversation. think this is, it’s a complex, complex topic, but it’s like, it’s absolutely vital. And again, thank you for your service. Cause I mean, you said it so well. I mean, it’s not easy to do this, but it’s vital to make sure that it happens if we expect to have all these cures accelerate and move forward. And it’s probably a national strategic priority to make sure that if we have the money for making the cures.

we want to make sure we can accelerate the studies to find them. and data is required. I think it is the last word. think for now.

speaker-0 (31:54.774)
at the last word Steve.

speaker-1 (31:59.692)
I just say remember in his power.

speaker-3 (32:02.648)
the words of our old friend.

speaker-0 (32:05.614)
You shall remain nameless.

speaker-3 (32:07.212)
Yeah, there’s a lot of mystery and we include, we will continue to have JJ shrouded in mystery and all her connections and how they all relate together. It’ll, you’ll see by season four, it’ll make more sense. It’ll make more sense. And we’re going to get to a better ending than Lost Ever Had. I guarantee you that. That’s, we will commit to that. I don’t know. And we’ll make this, unlike Battlestar Galactica, Matt, we have a plan.

speaker-0 (32:32.93)
gonna say I don’t know I don’t know if it’s gonna be hard to come to a better better ending than lost but yeah.

All right, I do the radio voice outro. Karen Mendelbaum, thank you so much for coming on today. Appreciate it.

speaker-1 (32:45.772)
Thank so much for having me.