Hither Thither With HTI-5 and OpenAI

With Brad in Mexico, it was left to Pryce and I to “chop it up” and discuss the recent comings and goings of the industry and our regulatory overlords. We kept it nice and tight (at least in terms of topic sprawl, if not length) to the biggies:* The implications of HTI 5* OpenAI’s ChatGPT for HealthTogether, we take stock of how HTI-5 tightens the screws on information access while simultaneously stripping away outdated certification scaffolding and whether the newest tech giant patient-driven aggregation can finally escape the PHR tar pit.Health API Guy is a reader-supported publication. To receive daily content with unfiltered and slightly uncaged memes and takes, consider becoming a paid subscriber.Relevant Articles* Indiana Jones and the Personal Health Record* July Monthly Review: OpenAI Builds a PHR?* HTI-5: When the Scorpion Learns to Swim* The End of the Standalone PHRChapters* 00:00 - Podcast Naming and Introduction* 02:56 - Understanding HTI-5 and Its Implications* 08:51- Deregulation and EHR Evolution* 15:04 - Information Blocking and Its Challenges* 21:00 - Future of Health IT and API Integration* 24:51 - The Future of Healthcare Regulation* 25:51 - Understanding FHIR and Event Notifications* 29:14 - The Developer Experience in Healthcare Data* 31:16 - The Role of EHRs in Healthcare Integration* 32:16 - OpenAI’s Recent Healthcare Innovations* 36:12 - The Implications of ChatGPT in Healthcare* 40:21 - Data Privacy and Security Concerns* 45:31 - The Architecture of ChatGPT for Health* 49:10 - OpenAI’s Competitive Landscape in HealthcareTranscriptBrendan Keeler (00:01): All right, Not A Podcast is back. We need to really think about a name or something here.Pryce (00:06): I know. I just Googled “Not A Podcast” or “The Not Pod” And there’s a thousand of them that are called that. So if we do start a podcast, we have to come up with a real name.Brendan Keeler (00:16): Yeah, for any of the audience, you got good ideas, puns, we’re open for business and we’ll give you credit. But yeah, it’s you and I, we’re in January, Brad is in Mexico, we were with him drinking tequila, but we’re not, we’re instead working. And so, what are you working on? What are you thinking about?Pryce (00:33): I’ve got tequila, but...let’s think. So very exciting week, you know, over the holidays, obviously we had HTI-5 which I want to touch on. Although it almost feels like old news now. and then this week I had, I was just deep, deep in, ⁓ like client systems documentation, which was really fun, but the, the things that kind of pulled me back to the surface of reality were the announcement about OpenAI for Healthcare and ChatGPT for Health and you’ll have to tell me what they released and how they’re different products. Yeah, I even like got on Reddit to read what people were saying about it and then I realized “Maybe that’s a bad idea” because you have like all these emotions but you don’t have anywhere to put them in Reddit. It’s just a bad idea. So we have a lot to talk about.Brendan Keeler (01:24): I’m always surprised when I go to Reddit and I’m like, man, there’s a lot of Luddite behavior here. It was like, on Reddit in particular, we can go down that rabbit hole, it was a lot of negative, extreme negative reactions on the several threads I saw of “Why would you ever do this?” “This is a terrible idea.” Not what I expected. Yeah, yeah, not what I expected.Pryce (01:41): You’re talking about chat GPT. Like, yeah, yeah, yeah.The things that I have to say about it are almost exclusively, I’m tempering expectation. It’s not that exciting yet. And here’s why. And it, they don’t have to be HIPAA compliant and here’s why. And you know, so I have like maybe “detractor” things to say about it, but it’s going to be an incredible tool. We should get into that, but maybe before we get there, because then I think we’ll just go down rabbit holes forever. I would love to hear from you. You’ve written articles about it. You’re already onto almost HTI-6 in your mind, but I want to hear your take on HTI-5. Give me the heavy hitting points. What is the ASCP thinking about writing into. regulation, (as this is this is a proposed rule, so it’s not actually regulation yet)? And how does that affect the industry? Give me your take.Brendan Keeler (02:31): We can’t let that slip that busy December slip by. so HTI-5 the fifth of the heirs of the Cures Act, right? We had the Cures Act in 2016. 2020 - they finalized the ONC Cures Rule. And then as we got past that era the certification criteria in the Cures Rule, information blocking, and TEFCA ASTP, they’re like, “Hmm. We gotta cook some things up.” Under Micky Tripathi, they did HTI-1, iterating, adding more certification criteria and changing some things in the program. And then proposed HTI-2, which was “Let’s balloon this thing up to 11. Let’s expand it to payers and public health. Let’s add tons of criteria and revise tons of criteria. And that got proposed in August of 2024 and...You know, the Democrats did not win that election. With the change of administration, they said, “Okay, let’s push out some of the things. the HTI-2 final rule was just an information blocking exception, the TEFCA, exception. HTI-3 was a Protecting Care Access exception. And then we get to the new admin. All right, what are we going to do? Trump’s in power. As we get through the summer, we actually saw HTI-4 again, another heir of HTI-2 proposed rule that said, “Okay, actually, the prior auth criteria, the electronic prior auth stuff? That’s pretty important to the goals of the CMS because they’ve already regulated it on the payer side. So we’re going to do that piece as part of the IPPS.”Pryce (04:03): CMS 0057 is saying, “Hey, payers, have to make APIs available that help us with prior authorization.” And then the complement to that on the provider side was HTI-4.Brendan Keeler (04:14): Yep. And so was in the summer. They just went straight to final. They’re like, “All right, it was in the HTI-2. You guys commented. There it is. Da Vinci and NCPDP for medical prior auth and medication prior auth.” Then tick tock, tick tock, we get to December. There’s this rumor of HTI-5 and the rumors are basically “Wow, this is a deregulatory regime, right? Like Trump’s EO Trump’s executive order said deregulate all the things, DOGE was deregulating all the things.” And so finally that impetus spread to ASTP. And so that’s HTI-5, yeah. And so they deregulated, it is a deregulatory rule. So it’s pulling things out. And so know that there’s three prongs. One is deregulating the criteria, get rid of the many criteria, because some of them are old. Part two.Pryce (04:46) Which just to be clear, we’re going to run back here in history from your historical timeline. The criteria were first created by the ACA is what created Meaningful Use which created the ASTP or ONC HITECH and then created criteria. So now we’re going almost back like 10 years ago and we’re saying, “Okay, these were important 10 years ago and ripping some of them out, right?Brendan Keeler (05:30): Yeah, and that’s the thing is like there’s actually our goals back then were “Let’s increase adoption of electronic health records because they’re on paper.” and people can say, “That was a terrible Well, it accelerated the the digitization of that industry. So like you can say, “Should it be digital or not?” Like you’d probably say yes, if you want to do certain things like AI now, but it made the EHRs powerful, which people resent and don’t like. And so.Brendan Keeler (05:56): Many of these criteria are old and have been revised incrementally over time and that there’s new criteria added. But yeah, it starts back then. And they said, let’s rip out anything that’s like workflow oriented, right? Like the things that say “Software vendors, thou shall have a screen that does X.” Anything of that variety? They said, let’s get rid of it by and large where it’s not some of the stuff’s in statute, it’s in the law. And so they have to have criteria that kind of tie back to the law.But anything that wasn’t in that category, they ripped out. And then the other prerogative was “Let’s API all the things!” which as a Health API Guy I’m like, yeah, yeah, let’s do it. ⁓ And you as an API, aficianado, I’m sure are excited about too.Pryce (06:35): I mean, 2010, I was in high school, so sorry to, to anyone who’s listening to this that’s older or younger, but, then, you 2015, I started at Epic. People would say like, oh, ICD-10 is crazy. And I was like, what are you talking about? Right. It was new just after ICD-9 right.I’m trying to think about like what was important back then. Maybe what I’m saying is like, holy cow, it’s crazy how quickly the industry moves, technology moves. And then, you know, government has to move as fast. 10 years ago, we really felt like it was important to say, “This is when the EHR needs to be able to do.” And now it’s almost like, we don’t need to regulate EHRs like the FDA regulates medical devices (although maybe that’s not the right topic right now or the right metaphor). We just need to make sure that they’re playing nicely together.Brendan Keeler (07:34): People... they’re like, oh, why didn’t we do interoperability stuff off the bat? And it’s like, it wasn’t digitized, it was a piece of paper. so like, you know, like we didn’t have the technologies or like, didn’t, had not defined anything, nor have we digitized in a way that we knew what needs to go back and forth. Like what are the workflows between digital systems? So I think rewriting history, could we have moved faster? Sure, maybe, but there’s a push towards API now and the deregulatory pieces do that by removing the cruft and throwing a bone to EHRs and saying, okay, we’re making your lives a little bit easier by getting rid of criteria, by changing the certification program to be less burdensome. And I think EHRs are gonna be, all the comments are gonna be like super psyched about this, that the Insights Condition and these other, not the criteria themselves of “thou shall have this feature”, but how do you report the measures, the metrics to prove it, or “how do you do real world testing”, those things, they’re deregulating and that’s a lot of burden and there’s reasons, know, there’s reasons for it. Right, you’re a big real world stand, right?Pryce (08:29): Hmm. I know. I’m bummed about that. I loved it. Loved searching for a health IT product on the CHPL website, C-H-P-L, and then being like, oh, they are certified. So they must support, you know, CDA exchange. And then looking at the real world testing and being like, oh, they exchanged three charts last year. That’s, uh, you know, noteworthy. Maybe it’s telling about how that system actually exchanged. So I missed that.Pryce (09:06): Okay, so we got HTI-5 and since I’m in the big Star Wars mood today, I decided I just need to be myself. Yeah, I just need to be myself on the podcast and I’m a big Star Wars fan. So I’m gonna call HTI-5 like “The ASTP Strikes Back” or something like that, you know, because it’s, yeah.Brendan Keeler (09:11): We have different aesthetics going on. I love it. And it sets us up for the HTI-6 (which we can get to). The last piece: So EHR are gonna be undoubtedly pysched. They’re going to have letters, the comment letters that say, “We support this so much. We support the ASTP’s deregulatory mission, you know, the criteria removal, the changes to the program.” And then they’re going to have “support” for this last piece. That’s not really support because the information blocking provisions that are in there.They are not deregulating the burden of information blocking, but deregulating the exceptions, removing exceptions, and thus the burden increases. And so they are removing, ASTP is saying, “These pieces? Certified Health IT and other actors were hiding behind them, the manner-exhausted clause, the Manner Exception itself in various ways, the Fees Exception.”And so they’re changing them and we don’t need to get into the details of it. I wrote a pretty long article about it we can link in the show notes.Pryce (10:20): Well, can I ask an example? Can I give you an anecdote and just hear your take? Information blocking is discouraging the exchange of electronic health information. illegal. Basically, if you’re an actor, which is like a developer of certified health IT, so a lot of EHRs, or a provider, or a healthcare information network, then you are an actor who could be blamed for information blocking. It’s discouraging the exchange of information.But of course it’s hard to exchange information because sometimes there’s business agreements and then there’s technical agreement, blah, blah, blah. And so if it smells like information blocking, it’s probably information blocking. But the ASTP said here are 10 or whatever it was, nine reasons that you’re actually allowed to do information blocking. These are exceptions, right? So if Brendan asks you for his chart via carrier pigeon, then you can be like, we don’t support that manner. Can I give you your chart in a CDA doc?There could be an exception that’s like, well, you’re protecting your patient from something by not responding, so then it’s not information blocking. So they’re removing some of these exceptions to your point, which means more things are information blocking.What happens if I go to a site and I say, I want to be able to write notes back to your electronic health record. and then that provider’s like, yeah, I want you to do that too. You’re my business associate and I want you to do that. And then together you go to the electronic health record developer and you say, I want to be able to write notes back to your system. Can you give me an API for that? Like a FHIR API, I’m going to write FHIR DocumentReference resources back to your system. And they say, well, we don’t support that. Okay. So that’s an appropriate response.It’s not a certification criteria to allow notes to be written back to your system, things like that. But we do have an HL7v2 interface that does that. It just takes six months to install and we’re going to charge you 20 grand for that install. How is the requester, the person who wants to exchange health information, like how should they respond to get what they want there? Can they just start breaking rules? Can they start suing people? Tell me how that would play out in your head.Brendan Keeler (12:22): It’s important to note that the actual like buckets of who’s a requester and who’s the actor, those are meaningful. And so a lot of times I’ll be talking about information blocking and people be like, well, I’m a patient and are you saying I can write back? I’m like, well, we should think about them in these categories. So you appropriately said, okay, the requester is a business associate. The requester in this case has the provider’s permission and the developer of certified health IT is the actor.That’s a very common scenario. That’s one of the scenarios we see in the court cases, right? Very clearly. I would say it’s priority number two. The two top priorities in terms of roles within information blocking are the patient access one. So patient is requester, provider is actor. That’s already defined in HIPAA under the HIPAA right of access, but the ASTP is like, make no mistake, that is a priority. We’re gonna double down on this. Pryce (13:06): The first, the number one like most powerful person when it comes to your chart is you. Like you should be able to access it.Brendan Keeler (13:14): And so they’re doubling down on that, but like, it’s not that like intellectually interesting, no offense meant to patients and patient advocates. I’m a patient, and I want that right. But it doesn’t manifest in kind of novel changes to the equilibrium because the HIPAA Right of Access was already there, it just strengthens things. Where it does change things is this scenario you’re talking about, which is business associate with a provider that is blocked access by a developer of certified health IT.It would be burdensome for any vendor if someone could come up with no exceptions and just say like, give me data in this way in a way that they haven’t developed, right? Like it could actually be weaponized that I could say, I wanna take down this vendor and I’m just gonna burden them with requests that they’re gonna spend all their calories fulfilling. And so the exceptions, particularly the Manner Exception gives the ability to negotiate and say, actually the manner you’ve requested? It’s infeasible, there’s a lack of security.So for instance, you come and request via carrier pigeon, I would say both those things. I don’t worry I would source a carrier pigeon. Where do you go and get them from? There’s not a local carrier pigeon store. so it’s infeasible is one possible path. There’s security, Is it really secure for me to send that data over the carrier pigeon where it feels like the man in the middle attack with hawks or something could be in play. And so I would say, okay, let’s go through this list, this pattern that’s defined in a Manner Exception to see if there’s standards based ways of exchange or other computable formats that I can offer you. that is the pattern needs to be followed with a Manner Exception.Pryce (14:49): Mm-hmm. yeah. easy.Brendan Keeler (15:07): There’s a delicate dance underpinning that back and forth where other exceptions get referenced. They say, “Hey, here’s a path, but it’s actually a revenue share.” You would then say, well, that’s actually information blocking because of the fee doesn’t meet the Fees Exception. So suffice to say, like we can go into the, the nuances of this one, but everyone’s individual situation is really important to map to the contours of this and then approach. Yeah. And, but then approach it as a dialogue with the EHR vendor, the certified health IT vendor or other actor and go through those steps, It’s not litigious. It is a collaborative discussion to find a mutual way of exchange, access and use of EHI. And if they are truly blocking, then it’s a problem. They’re gonna be in trouble. You and I have both been on calls and helped customers on both sides of this equation work through these negotiations, and it leads to typically good outcomes in terms of they get the API, or they get the access, and then they can actually go compete. And if the EHR has a competing solution, then it’s co-op petition. I expect this year, bubbling back up, now that we see HTI-5 as it gets cemented. and there’s some like wiggle room on the nuances of what they’ll change, but certainly with between that and the FAQ they put out last month. They’re signaling, “Hey, this is for real, not just court cases, we are for real.” I expect to see EHR vendors release more APIs, I expect to see them set guardrails around RPA, right, robotic process automation, that, is it an alternative integration path that the ASTP has blessed in this rule. They’ve said “AI and RPA?” That’s a pattern of the EHI exchange and access. And so… in lieu of something else, you better be facilitating it. And so you better believe that they’re going to start facilitating it in a way that they can control and monetize to at least get back some reasonable amount for their intellectual property and costs.Pryce (17:05): And to protect their customers. If you start to realize like, I’m not allowed to tell another software system to not log into my EHR and start doing tasks. And pretty quickly you’re like, well, let’s make sure it has user access and audit logs.Brendan Keeler (17:23): I mean, we want to help EHRs with this. if EHRs are interested to partner with a consultancy, come on, come forth, go forth and prosper, we’re help you. But you could imagine in the login experience when it’s you and I, it’s like, all right, here’s Brendan Keeler, here’s my credentials. And then there’s just like a toggle that says, “Is this Brendan Keeler? Or is this Brendan Keeler’s delegated bot?” You could start to track that usage independently about who is it attributed to, monetize it potentially differently in terms of getting back costs associated. But there’s artful ways that are totally unexplored territory that we’re going to see mature very rapidly over the course of this year because of the pressures of information blocking made real by HTI-5.Pryce (17:55): Love it. I love that you’re like, it’s real. real. Cause it, in a way it’s like, it’s been real since the Cures Act, right? But like not, we, should have made t-shirts before it was.Brendan Keeler (18:20): I mean, Lisa Bari and Kat McDavitt have the whole, know, “TEFCA’s not real” So like, we’d be a little too close if we said. But here’s the thing is like, it has been real and I didn’t believe it. Right, like you go back and read the stuff I put on the Substack in 2021 about like, “What is the Cures Act”?” “What is information blocking?” These exceptions feel huge. With PointClickCare you and I and others were like, oh, yeah, now it’s real.Pryce (18:26): I love that joke.Brendan Keeler (18:49): But still people are like, “Well, that’s a court case. Maybe the ASTP will think differently.” No longer, no longer. It’s very clear that the ASTP is like, “Yep, that case? We agree with what they’re saying.” It’s gonna incentivize a different set of behaviors and change the equilibrium in a way that you, if resisted, there’s no better way to be swept aside as a relic, as a legacy vendor. But if you lean in, if these vendors lean in, There’s opportunity in these hills. There’s opportunity in every change.Pryce (19:18): Opportunity, maybe not as a profit center, but at least to like guide the way that your system is going to start getting used by competitors or partners or whomever, If you write the rules and you write them well and they’re conforming to regulation, then all of sudden at least we have policy locally that sort of protects us from how we do those things.All right, well, HTI-5, anything else you want to talk about there?Brendan Keeler (19:45): Well, comment period, we’re in it, we’re in it, and so make your voice heard, whoever’s listening, make sure to comment, it’s not hard to comment. We will link in the show notes a prior little guide I did, but you go on, it can literally be just like typing two sentences in the comment, attribute to yourself, if you’re a little bit more polished, it’s for your org, you write a little PDF doc. Say your lived experience.Brendan Keeler (20:09): What you believe to be true in relation to the changes to criteria. There’s only four thus far that have been submitted as comments. I will continue to live tweet them and analyze them, but they’re thus far not that interesting. The good ones are yet to come. It’s always a spike towards the end. I think it’s like mid February. Yeah, end of February is the end of the 60 day comment period. We’ll finalize that. It’ll take some time for them to parse all those comments. They do read them all.They’ll finalize it in the spring or likely the summer. It’s not summer or fall unless they’re operating at warp speed. And then we’ll see what’s coming next is HTI 6. And that will be, if the rumors are true, all the... 6. And so it’ll be the API criteria. So, EHRs again, a little boned, but it’s gonna be, I think, changed for them in that.Pryce (20:52): Yeah, (counts to six), six, that’s next.Brendan Keeler (21:02): There’ll be API criteria. We’re going to re-criteria. There’s the bulk, slim, bulk, slim. This is the slim phase. We’re bulking back up with APIs. So FHIR subscriptions. Yeah. Yeah, exactly. And so CDS hooks, FHIR subscriptions. What do you want to see in it? What’s missing in, what would you love to see in the world?Pryce (21:08): Mm-hmm. Okay. Like intermittent fasting for healthcare regulation. FHIR subscriptions is so fascinating to me. It’s just like a very memorable moment in my career Somebody was teaching about FHIR subscriptions at FHIR Dev Days. And I was like, why do we still have HL7? Like what the heck is going on? And a mentor of mine, Nick McKenzie, love you, Nick, you’re out there. was like,Nobody’s going to build this until it’s regulated. So it’s kind of crazy. Now I’m like, regulation might be coming. It is going to be very interesting to see how that stuff gets implemented. I’m curious to see the nuances of the rules because that’s a very new concept being able to dynamically subscribe to event notifications. if you’re super familiar with event notifications.Brendan Keeler (22:04): Maybe someone doesn’t know what they are, maybe explain what they are.Pryce (22:07): So FHIR at the moment is this huge standard of how you should exchange healthcare data. There’s actually lots of written rules about here’s how FHIR does XYZ that’s completely unused in the real world. It’s purely academic and people who are thinking about how healthcare data should be exchanged are writing these implementation guides or profiles or whatever. But nobody uses them.And so subscriptions is one of the examples where like pretty much every FHIR server nowadays or FHIR facade is query based. Like if you want information, come and ask for it, which makes it really hard to say “Tell me when I should start caring about Brendan” because you can’t just poll someone’s EHR server every day. Event based notifications are still largely HL7v2This person was admitted. So I’m going to proactively push out a notification to all the systems that care about my registration information or my admission information. We’re going push you in order and you’re going to push me back a lab result, et cetera. And the idea of FHIR subscriptions is okay. Well, the FHIR server could also have this pub sub sort of architecture where if someone tells me that they want to hear about these event notifications, I don’t necessarily have to push them a pipe delimited text file over MLLP using a VPN as the authentication method. Maybe I should just like. use OAuth and the internet like HTTPS. The rest is internet too. So FHIR subscriptions would be crazy because it’s sort of the first time that we’ve as an industry would be saying, “Hey, EHRs, You need to develop a manner to push like JSON, FHIR payloads to other systems. So that they hear about events in basically virtual real time, near real time. And you can dynamically register and subscribe to these things. so instead of having like a little construction crew get together and build this HL7 feed, it’s gonna be a little bit more like the modern internet. And a lot of EHRs are probably like, “Shoot, that’s gonna make it easier for other people to get the information that’s valuable to our system.”Brendan Keeler (24:13): People see EHRs and they’re like, oh yeah, there must be these like evil villains like up in the lair or something. That’s not it. They’re just like, well, we built something that kind of does that. Can you go use that? Cause we got to go build something for our providers over here. Like they are product managers. And so like when there are underserved needs, a lot of times they’ll be like, oh yeah, let’s go do CDS hooks. We don’t have anything like that. But if when it’s like replacing, you see this resistance because they’re saying, well, what’s missing here? From my vantage point, and I think you’ll agree with me, HL7 can convey an event, right? It can say, here’s a new order, here’s an admission, but it is not the developer experience that is expected, right? Times have changed. And now I expect documentation I can go and test and play with. I expect JSON and not pipe delimits.That’s an arbitrary thing that we’ll probably grow out of it because we’ve grown out of EDI and pipe delimitation into XML. And then we grew out of XML and brackets into curly braces and like maybe Language First Interoperability is next. our little, favorite tongue de jour changes, but it doesn’t mean that’s not what’s popular right now. And so the expectations are a format, but also an experience.Brendan Keeler (25:29): By virtue of having to make this new thing, an experience comes with it that is more beneficial for creating alongside EHRs. And so that is the raison d’être, you know, know, let’s do some French here. ⁓Pryce (25:41): I thought I was working with the French companies, but you’ve been just rattling it off. You were saying “Why have these things that have been developed yet?” The answer is a customer of an electronic health record sometimes is like, Hey, electronic health record of whom I am a customer. Will you help me integrate our systems? But most of the time the people that are mad about how an EHR does or does not integrate aren’t even the customer of the EHR. So why would the EHR go develop new things? Why would they spend money and capital and calories, on developing these new things for other people to be able to join their ecosystem and potentially compete with them, but more importantly, just like not really pay them. It’s like a profit, it’s not a profit center for these EHRs to be like, Hey, let me figure out how my system, which I spent 40 years developing, can talk to every other system in the world. That’s not a priority most of the time. And so when it’s regulation and when the customer’s asked for it, it becomes a priority. They’re not evil. I agree with you.Brendan Keeler (26:45): I mean, they’re just doing what every bit, every system of record business does it. Every one operates this way. People think that healthcare is uniquely has a bunch of evil masterminds. That’s not it. It’s like your system of record. I could spend money building the APIs or I could go build the next module to serve the needs directly in a way that I can actually control the experience of. In that trade off, most product managers are like, I’m going to do that thing. unless they’re particularly API minded or open minded or using openness as a differentiator. That’s changed now with information blocking. And you know what? It allows new AI forward solutions that sell to healthcare systems to enter the scene. And so what’s happened this week, Pryce?Pryce (27:14) Segue! So, man, everyone is in a tizzy, at least on my LinkedIn, about ChatGPT having released ChatGPT Health. I mean, that’s the thing that I’ve just got in on the wait list for. But there are several things being released by OpenAI right now that have to do with healthcare. We’ve seen it coming for a while, at least you have. People who read between the lines have seen it coming for a while.I generally don’t care until things happen. It’s probably just my ADHD. But tell me, what did OpenAI release in the past week? And then we’ll start digging into that.Brendan Keeler (28:07): Yeah, I I’m not reading between lines. They signed a pledge that they were going to do this in July. Pryce (28:12): Well, yeah, yeah. A pledge, a pledge, which at the time I was like, a pledge means nothing. Nobody is on the hook to do these things. And all those companies that had signed the pledge, was thinking, I bet it looks really good for your CEO to be shaking hands with RFK right now. But you were right. They’re, they’re doing things. A lot of these companies are doing things. And, and one of them was OpenAI. So tell me what they released.Brendan Keeler (28:37): They had a big week ChatGPT Health, which is ChatGPT, the chat interface for consumers, patients to interact with health data. It is very akin to a personal health record, the PHR. It is that, right? They are housing the information. You can do a nifty thing with it. You can interact in an AI native way with it, but.It’s the personal health record that Google or that Microsoft Health Vault or that Google Apple Health Record. The first time anyone enters health, what if you could own your data? Like it’s the most popular idea, think Out of Pocket called the tar pit, right? You know, and it is because as a standalone idea, it’s not a good vehicle to gain distribution. Historically, the access methods were really friction filled.Brendan Keeler (29:22): But now we’re in an era where that’s changing for this next, the fifth iteration of patient access, the fifth generation is pretty good. And so we see them embed via an aggregator. They didn’t spend a ton of calories going doing healthcare specific work. They spent the calories to integrate with someone who’s done the hard work, b.well as an on-ramp to nationwide networks like TEFCA as a aggregator of patient access APIs, generation four, patient access ⁓ APIs, (TEFCA IAS is generation five)Yeah, TEFCA strikes back. They’ve embedded it. So the other things in this announcement, the other apps, they developed up to the app framework, the app SDK that OpenAI makes available similar to like Expedia or Booking.com. That’s out there. Both you and I got access to it. How’s it been?Pryce (29:52): Patient access APIs: I just want to really simplify that for everyone. I can download ChatGPT on my phone, which I have done. I don’t really like the LLMs, but they’re really useful. I just don’t like the fact that the rich are getting richer. That’s what I don’t like about them. But super useful, especially if you take everything you hear from ChatGPT with a grain of salt. Like you would a Google search or whatever. But it doesn’t have your healthcare data until it partners with, in this case, b.well which we love. And b.well it’s basically like Plaid in a way that they say, okay, well, you have the rights to your healthcare data. b.well doesn’t, ChatGPT doesn’t. But if ChatGPT partners with b.well, who’s already gone and fetched every year, 90 % of the country’s health systems, patient access APIs endpoints, which is to say like hit this endpoint, tell me who you are. And then I will verify if I think you are who you’re saying you are. And then if you are indeed who you’re saying you are and I have your chart, I will give it back to be well, be well, get, we’ll give the ChatGPT. Right? So that’s what’s happening is healthcare data is federated patients are becoming more and more powerful and being able to access that healthcare data in the same way that we do with Plaid. But people are freaking out. I think sort of rightfully so. There’s two main themes that I’m seeing and I want to talk through these. One of them is everyone’s like, can’t believe this isn’t regulated. ChatGPT is going to kill a ton of people who upload their charts and listen to ChatGPT for healthcare advice. And my response to that is we need to teach people to think critically. It is good for me to be able to ask my friends about like why my knee hurts. And it’s good for me to be able to ask Google. And now it’s good for me to be able to ask a ChatGPT. But if the first response is like your knee hurts, you’re probably dying of a heart attack. I should take that with a grain of salt. Like I would when I talk to anyone.And then the next step is diagnosis or treatment. should talk to a doctor. So I kind of don’t feel like people need to freak out about ChatGPT giving healthcare advice because nobody should treat it like a doctor. What’s your take on that?Brendan Keeler (32:21): Look, the balance of it is where there’s potential harm, people can think in two ways, right? One is paternalism. Let’s stop it because then we’ll stop any potential harm. But they miss the trade-offs of the potential good. The other is sort of like a market-oriented approach of, if this is not a substandard tool, then people will stop using it very rapidly. And there will be also the optics. This is a big company. If they mess up, is pretty catastrophic to their ambitions here. The idea that they’re kind of fast shooters from the hip. I don’t see that, like everyone assumes Amazon or Google or OpenAI are gunslingers - no, those are the startups. Startups are the gunslingers because they don’t have the same pressures of The Information and The Verge up their bums about every single little update. The scrutiny on big tech is immense. OpenAI for better or worse is now in the big tech leagues, they’re not startup, little scrappy startup. That scrutiny, as well as the processes of like, enterprise, big tech mean that you go through a lot of checks and balances to ship these sorts of products. I agree. Like, look, if you want to stop the harm - you could cut it off. That’s one, but two, it underestimates that most transformative change comes from something that underperforms an existing incumbent. If you imagine AI in that paradigm, like it’s going to start buy underperforming, but will rapidly. overperform at a cost benefit that is dramatic. So all this to say is like the HIPAA right access means patients can get access to data and upload it anyway. The intentionality of a separate sandbox, like separate data area for health of a model trained for it of guidance in there, like actual product management thought towards this versus people just uploading to the raw like regular ChatGPT? That’s a good iteration that we should be, you know, like happy about.Pryce (34:27): I’m like, you can decide how you want to care for yourself, but people were already using the internet and they’re already using LLMs. So now it’s a little bit more official and hopefully the LLMs understand the shape of the data that they’re seeing a lot better and maybe the security is better and things like that. But speaking of security, that’s the second thing that I feel like everyone’s in a tizzy about is that they’re like, you think I’m going to hand my data over to Sam Altman? And first of all, yeah, Sam Altman is definitely reading your vitals. He’s reading through every single one of your vitals. Okay. Like if you give you, if you give your healthcare data to open AI, I think Sam Altman is personally sitting at his computer, probably making fun of you for all of the conditions on your problem list. No, that’s not happening. Right. Like, but, but what is happening is OpenAI gathering a lot of healthcare information from people who are willingly giving it to them. And then.They’re keeping it secure, I’m sure, because they’re a huge tech company and they have a privacy policy that they, you know, that they’re probably legally obliged to follow, but they are not regulated by HIPAA. And, and I’m not freaked out by that because I understand the implications. but my expectation is also that, that they would, for every bit of data that they gather, like, why would they not de-identify it and use it in some, you know, way that’s beneficial to them commercially. Selling it.Brendan Keeler (35:50): Well, they said they’re going to use it for model training, but yeah, they did say.Pryce (35:52): They did? Well, not model training. But why would they not say, I have a million charts that I can de-identify, do I want to sell them to Optum Life Sciences? Is that not something that they could do?Brendan Keeler (36:07): There’s two things here. One is de-identified data sales, right? Is one angle and the other is identified data sales. De-identified data sales, your provider sells your charts. Like the naivety of people thinking that, oh, we don’t give it to OpenAI, like they’ll sell my charts, it’s like - your provider is selling your charts, your EHR is selling your charts. If you have problem with that, we need to go back to the legislative drawing board and change HIPAA, which allows for the sale of deidentified data. So even with HIPAA, deidentified data is a process and certainly you could imagine them monetizing this way. I think more broadly, what I saw missing from the announcement, and I haven’t gone spelunking through the privacy policy in terms of service, is like, how are they monetizing?This is something that could drive new subscriptions. Great, sure, but are they selling this in an identified fashion to parties like that scary to people? And they could be a lot crisper about what they are going to do here in a way that, you know, like every Reddit comment was like, healthcare insurers would love to get their hands on this. As a consumer company, you need to go way beyond in terms of saying what you’re going to do here. But I imagine they don’t know yet. They don’t fully know. They’re paying b.well something. They’re not paying as much as TEFCA IAS would cost. There’s a significant cost there in terms of the credential service provider costs are pretty high. And so that would trickle down into fees to open AI. And so people just rightfully are like, okay, how do they monetize this? And it scares them.We can kind of poke at the Redditors, but like, think there’s something real, realer than the other considerations to parse out there for OpenAI to be just like over communicate intentional intentionality here.Pryce (37:58): I love what you’re saying in the sense that if you’re surprised that this commercial company that’s giving you free or cheap access to almost infinite knowledge is going to try to make money off of you using it, if that surprises you, then you should reconsider how you interact with the economy. How they do it, think they need to outline clearly. Like, just as an example,You’re talking about it as a PHR and I’m kind of like, is it a PHR? I don’t know. So far the interface that I’ve used, it had access to my data. Where is it storing it? What does it look like? And I know for a fact that the data was just garbage. I don’t know if that was the EHR that responded that had garbage data. I don’t know if it was a query that was bad. don’t know if chat GPT got it and then did something wrong with it, but theThe data was bad and all that to say, does OpenAI have like a FHIR store for this information or some sort of database that they’ve created? Or is it, I don’t know, does B-well persist data and open AI is just sort of in a business relationship with them where they are using that like a clinical data repository for individuals. I didn’t even get that far with regards to the architecture,Brendan Keeler (39:07): I think from an architecture, all we know, you know, they didn’t give deep architectural nuance of like how B-well is like, well, they said it’s separate. They said it’s a separate data partition within a chat GPT. So it’s not commingled with the broader part. It’s like, it is separate. I think to your point, two points, one is they intentionally did not make a standalone personal health record. It is just a novel way from a user interface perspective in ChatGPT. That is incredibly smart. That is using the distribution advantages they have to have it as a feature. That is embedded health versus a personal health record. Embedded health, embedding these capabilities, B-Well, patient access aggregation, TEFCA IAS into existing experiences that do jobs to be done for consumer patients is the right way to approach this thing. It’s what I wrote about in Indiana Jones and the PHR back in the day is like the failure of PHR is like to imagine that “I can aggregate all my data” is actually that interesting to most people. It’s interesting to sick people and then like Whoop junkies,Pryce (40:05): And dozens, at least dozens of health tech nerds will also find it interesting. There are dozens of us.Brendan Keeler (40:22): I try every single one. I’ve tried all the apps in ChatGPT, the general purpose ones, and they all break and they all are wrong and they don’t work. And I was like, God, don’t let that happen here. And I will say that they spent calories to make it work a little bit better. The linking experience and provider search is quite nice. But to your point, the clinical data stuff’s not working for me, for my dermatologist on ECW, for my Epic site. They gotta resolve that because that’s going to really, really undermine the whole thing. the coverage that’s surfaced there, which is the leading coverage that b.well has... if it’s undermined by it not working and then people are like, all right, see you. And they won’t trust it.Pryce (41:01): When I was young and impressionable at Epic, I still, I actually love that one of whatever the first commandment or is the commandment of Epic is like software must work. And at the time I was like, what the hell? Like, kind of rule is that? Right. And now I’m 10 years in, I kind of understand the industry and monetization and, and I’ll use something that doesn’t work. I’m like, damn it.Just like get rid of it. I’ll never use it again. And so I do kind of feel bad for OpenAI. I feel bad in the sense that like, this is a good product to launch, but like, what if just low adoption of nationwide networks like TEFCA and Carequality or poor implementation by random electronic health records is creating the sense that like they’ve released this terrible productAnd that was my experience so far is that like, I didn’t get real healthcare data in there. Not that I had burning questions to ask it, That’s my take on that front. ⁓Brendan Keeler (41:59): At least we’re in the beta or the pilot or whatever, right? We got in a wait list and hopefully they haven’t rolled it out fully so they can resolve some of these issues before it goes, it gets more widely, more widespread. But we’re wrapped, we’re coming up on time here. And so we won’t even get to the other announcement from OpenAI, which were ChatGPT for healthcare. So ChatGPT is a interface for providers, competing with sort of UpToDate as a main competitor. And then OpenAI for healthcare, which is just them saying, our APIs, those are HIPAA compliant. You know, both these products are less interesting. They’re interesting because they’re pushing in, but they’re doing what traditionally horizontal tech companies always do, which is put up the shingle and say, yep, we’re HIPAA compliant with SSO. There’s the features that aren’t actually all that HIPAA is healthcare specific, but more security flows elsewhere. SSO is not healthcare specific. These features are all like reusable value add. Where horizontal tech companies struggle is to actually do the non reusable stuff. Like do the HL7v2 or maintain certain compliance rules. Always there’s this tension as a horizontal company that they struggle to resolve.Pryce (43:21): That’s why we see many iterations of failures coming from Apple, Google, Microsoft in dethroning an electronic health record or creating a PHR that’s meaningful for people.Brendan Keeler (43:33): They’ve got good leadership, right? Nate Gross from Doximity, someone else from Instagram are the two of the leaders of the healthcare unit. They’re pretty consumer focused. just, do they have the wherewithal, specifically for ChatGPT for providers to like do the things? I’m excited to see the next set of announcements of they’re using Redox, they’ve done some HL7, they’re starting to actually do a workflow that shows some true investment into the particularities of the vertical versus the things that look like they’re vertical specific that are actually just reusable across all industries.Pryce (44:09): You said you feel like this is maybe competing with UpToDate. Is it not competing with OpenEvidence as well? Like, it’s the same kind of concept.Brendan Keeler (44:17): Same job to be done, different go-to-market motions. I cannot go pick up ChatGPT for providers or ChatGPT for healthcare. I have to go sign the BAA. It’s an enterprise go-to-market motion, which puts them more into the realm of UpToDate to start until they change that.Pryce (44:20): Okay, that makes sense. was actually with my psychiatrist this morning and talking about Doximity and She wanted all the tea and I was giving it her, which is why I’m so antsy and excited right now.Brendan Keeler (44:45): We’ll have to go back to revisit that while we expect to see some updates on that court case coming up. But, Pryce have a great Friday. I’ll talk to you soon.Pryce (44:51): Love it. Thanks for hanging out. See y’all. Get full access to Health API Guy at healthapiguy.substack.com/subscribe