Launch HN: Metriport (YC S22) – Open-source API for healthcare data exchange

adunsulag · 2024-05-23T18:19:51 1716488391

In your FHIR implementation, what version of USCDI do you support? I'm assuming you're following US Core profile's with your implementation guides? Have you implemented US Core STU 6.1.0? I know I'd be interested in using your converter and your exchange product if it could help facilitate what's required for ONC certification in 2026. I didn't see listed anywhere your capability statement URL that would give insight into what your doing.

I congratulate you on your launch and I'm interested in your converter. I'm surprised you didn't mention the TEFCA effort and wondering if you're planning on becoming your own QHIN (Qualified Health Information Network) or if you just plan on interfacing with all of the major QHIN's?

How are you handling interstate data exchange privacy requirements. Some states have restrictions on what data can be shared across state (thinking about this in terms of things like PDMP queries). I'm also wondering how you are handling the patient data access audit trail as well as information blocking filtering requirements. Perusing your documentation, it looks like you pass along the AuditEvent, does your system create additional audit trails for those who access the patient data? Or is that all being handled upstream w/ your QHINs?

dgoncharov · 2024-05-23T19:22:35 1716492155

Thank you for the detailed questions - lots to dig into:

> In your FHIR implementation, what version of USCDI do you support? I'm assuming you're following US Core profile's with your implementation guides?

We will support USCDI v3 (which is the ONC requirement for 2026), and are following US Core as closely as possible with our FHIR converter.

We're working on improving our FHIR documentation across the board, and have the beginnings of a FHIR-specific IG here: https://docs.metriport.com/medical-api/fhir/overview

> I didn't see listed anywhere your capability statement URL that would give insight into what your doing.

Yes good point - raised an issue for this here: https://github.com/metriport/metriport/issues/2142

Please feel free to raise more issues on our repo if you'd like to see other improvements, and it would be great to get in touch about your use case!

> you didn't mention the TEFCA effort and wondering if you're planning on becoming your own QHIN (Qualified Health Information Network) or if you just plan on interfacing with all of the major QHIN's?

Haha this post was already close to exceeding maximum length, so we had to trim it down a bit - we thought no-one would know what TEFCA/QHINs are, but cool to see that you do.

(For anyone reading this, TEFCA is the the document driving changes for different permitted purposes of use, and general governance of the networks, by the ONC. QHINs are one of the outputs of TEFCA, and are a flavor of HIEs that promise to bring more use cases, such as patient access, to the table)

Unfortunately QHINs aren't very meaningful right now, since patient access queries are not mandated to be responded to by TEFCA. One of the HIEs we connect to, CommonWell, is already a QHIN, so we'll look at leveraging that, or becoming one ourselves, as we see fit.

> How are you handling interstate data exchange privacy requirements.

We handle this on a case-by-case basis based on: (1) what state our customers' patients' are located, (2) what kind of data they can/will be sharing, and (3) state requirements as you mention. For example, there is a new bill in California that will require special care of medical info as it pertains to abortion, contraception, and etc: https://trackbill.com/bill/california-assembly-bill-352-heal...

> also wondering how you are handling the patient data access audit trail

All transactions that interface with our system have audit logs attached to them by default (as per HIPAA/SOC2 requirements).

> Or is that all being handled upstream w/ your QHINs?

Nothing is handled upstream with the HIEs we connect to (note that QHINs are a different subject, and just enable future use cases outside of Treatment) - audit logging is up to each member of the network, including us. For example, Carequality only has a directory that implementers connect to, they don't store any data, and their only service is a directory of endpoints (it's more of a framework in that sense).

nradov · 2024-05-24T02:03:32 1716516212

Is this intended for use by providers or consumers/patients? Authorized providers can use TEFCA through a QHIN to query for treatment purpose of use, which is supported by all participants.

How does your service differ in practice from existing networks of networks like Health Gorilla and Particle Health?

dgoncharov · 2024-05-24T03:03:04 1716519784

> Is this intended for use by providers or consumers/patients?

This currently can only be used by providers, or healthcare IT vendors working with providers. Referring to the post: "using Metriport for patient data exchange today requires a Treatment purpose of use under HIPAA - which means that only Covered Entities, or Business Associates who work with Covered Entities, can use Metriport."

> Authorized providers can use TEFCA through a QHIN to query for treatment purpose of use, which is supported by all participants.

Yes you can query for Treatment, but you won't get meaningful coverage. QHINs do not have nearly enough adoption to be used for Treatment. Essentially the pool of providers using QHINs is insignificant, so you need to go through existing HIEs to get meaningful coverage.

The driving force behind QHINs is to open up new use-cases for accessing patient data, not necessarily to make the Treatment purpose of use better.

> How does your service differ in practice from existing networks of networks

We're the only vendor that's open source, where you can see and trust what's going on under the hood. Ask other vendors how they do record location, patient matching, or data mapping, and they'll just tell you "trust us, we're the best!".

Additionally, we're the only vendor that is confident enough in our solution to work with companies month-to-month, to show them that our product actually brings them value (and works as advertised) in production. Other vendors will lock you into $120k+ yearly contracts before even showing you production patient data. True story: a provider came to us recently after one of the vendors you mentioned locked them into a yearly contract, and only after the lengthly implementation period did they realize the product didn't work well at all - so a bunch of time/money wasted, and they need to migrate now anyways.

We have many advantages feature-wise as well, feel free to compare our dev docs!

rqtwteye · 2024-05-24T03:12:31 1716520351

We are paying 60k for Health Gorilla and I am not sure it’s worth it. I think you can distinguish yourself by providing by excellent consulting services helping your customers to implement solutions. Without help the learning curve with health data is not enormous and everything is very complex and opaque.

dgoncharov · 2024-05-24T15:37:06 1716565026

Feel free to get in touch with us - we've migrated others of HG, and they can vouch that they get better data density, coverage, quality, and speed with Metriport.

> distinguish yourself by providing by excellent consulting services

We actually work very closely with companies month to month during a pilot period to implement an MVP integration to show them the value of the product for both data pulls, and contribution - consultant-style.

We'd love to chat if you're up for it: https://calendly.com/colinelsinga/metriport-intro

nradov · 2024-05-24T03:13:28 1716520408

Sounds good. Most traditional provider orgs don't care about open source and lack the IT resources to look under the hood. But some newer digital health companies do care and will see that as an advantage.

dgoncharov · 2024-05-24T15:40:07 1716565207

> Most traditional provider orgs don't care about open source

Depends who you're talking to - from our experience CTOs of large provider orgs love the open source aspect (generally anyone with a tech team). Smaller orgs with no tech team don't care as much, you're right, but we also support them through a no-code provider dashboard.

dariosalvi78 · 2024-05-23T18:58:50 1716490730

Thank you for this, so much needed. I hope that you are going to come to Europe soon.

Honest question, how was your experience with getting funding on an open source product within healthcare? My experience so far is that the field is, as you put it, 30 years back, also in terms of business models.

dgoncharov · 2024-05-23T20:27:18 1716496038

Europe is its own beast of healthcare data problems for sure - perhaps one day.

We get asked the fundraising question a lot, especially since we're open source. Once investors understood that we still have a hosted product we charge for, and that we have a large moat since someone could fork our code but it'd be very difficult to run the business (compliance, getting access to the different networks, understanding the niche space, etc) - open source wasn't a hinderance to raising.

One thing we learned though, is that even though every human interacts with the healthcare system in some capacity - very few people know how things actually work. So, we had to tailor our pitches to make investors understand why our product matters, since generally even people that have healthcare experience, have no idea what the hell an HIE is.

That, and our GTM allowed us to sell quickly, without needing to wait for slow moving hospital contracts, as are typical in healthcare - so some decent traction definitely helped.

ChrisMarshallNY · 2024-05-24T14:20:01 1716560401

I suspect that having a hosted solution -one that is very secure, could be quite lucrative.

This, on its own, is probably not something that folks could just throw onto any server, and expect reputable heath providers to use (at least, I hope not). Auditing and validation ain't cheap.

I applaud the idea, and hope that it works out. Most health providers still require faxes, which is a huge pain in the butt.

I have also heard many complaints about Epic Systems.

dgoncharov · 2024-05-24T16:08:54 1716566934

> one that is very secure

Another reason we're open source - better security.

> Most health providers still require faxes, which is a huge pain in the butt.

Yes indeed - mindblowing how such critical data still relies on faxes in 2024.

> I have also heard many complaints about Epic Systems.

Yeah, Epic is not perfect, but they are ubiquitous in healthcare - and Metriport provides a nice interface to pull/push data to their EHRs!

ChrisMarshallNY · 2024-05-25T10:19:46 1716632386

I wish you great luck. I sincerely hope it works out.

> Epic is not perfect

They have managed to do great consolidation, but the people that I hear complaints from, are the end-users (doctors, nurses, and first-line medical admins). They are a tough crowd to please (most of the medical folks I know personally, are technophobes), but I have seen some of the Epic interfaces, and they could use improvement; even for a techie, like me.

It appears as if Epic is pretty good at marketing to decision-makers (high-level administrators), and maybe have been a bit less diligent on UX design. Good money-making policy, but it also means that an open API opens the field to competitors that do a better job of serving end-users. That could give Epic a reason to throw up roadblocks. Incumbents don't like upstarts.

dariosalvi78 · 2024-05-30T09:43:45 1717062225

it's a case where the payer is different from the user. Payer wants to tick boxes, user wants to be efficient. I see this in education for example, where platforms like Canvas are ubiquitous (not implying that Canvas is not usable, they do a good job IMHO, but it must be like hell for them!).

pelagicAustral · 2024-05-23T15:47:58 1716479278

Congrats on the launch, the site it's quite nice and informative...

"Access comprehensive EHR data for your patients in seconds, with FHIR R4...", I got Vietnam flashbacks from building an app to interface with the NHS Covid Vax certificate, that was my first encounter with FHIR... And honestly, all I wanted by the end of the day was to set myself on FHIR! Such a complex abstraction. Anyway, Godspeed!

dgoncharov · 2024-05-23T16:09:16 1716480556

Hahaha definitely feel you there - also see you're a seasoned healthcare vet with the FHIR puns!

Integrating with vaccine registries is another unique beast, and we haven't had the pleasure of doing that yet. Each state has actually has its own registry, they don't even use FHIR, and instead use an even older standard than C-CDAs - CAIR2 HL7v2: https://www.cdph.ca.gov/Programs/CID/DCDC/CAIR/CDPH%20Docume...

We don't support this yet - but we'll get there.

nradov · 2024-05-24T03:26:09 1716521169

CAIR2 is specific to California. Every state registry has some technical differences in HL7 V2 Messaging support but most are reasonably close to the CDC/AIRA spec.

https://repository.immregistries.org/resource/hl7-version-2-...

The CDC IZ Gateway can make it somewhat easier to work with multiple state registries.

https://www.cdc.gov/vaccines/programs/iis/iz-gateway/overvie...

In practice the C-CDAs obtained from providers sometimes include immunization section entries so you can pick up some records that way as well

dgoncharov · 2024-05-24T15:22:44 1716564164

> CAIR2 is specific to California. Every state registry has some technical differences in HL7 V2

Didn't know CAIR2 was only used in CA - I guess a correct statement would be every state has an offshoot of HL7v2, with CAIR2 being one of them, as you mentioned.

> In practice the C-CDAs obtained from providers sometimes include immunization section entries

Yes for sure - we get a lot of those from C-CDAs already, these registries would be just another way to make the data even more authoritative/accurate.

gip · 2024-05-23T18:33:51 1716489231

Congrats on the launch. I work in healthtech and I'm always shocked by how fragmented and siloed the technology is in my industry. Both at the application level (EHR) and data level, leading to general inefficiency, high costs and innovation that do not always benefit the patients.

Glad Metriport is addressing this! I hope you will drive a new level of standardization on an open and modern data exchange protocol.

One question: at the product level, would it make sense to go one step further and bet on the future being the cloud - and start supporting existing cloud solution like Google Healthcare (FHIR) API (and others) as storage layers?

dgoncharov · 2024-05-23T18:58:03 1716490683

Thank you - glad to see there are others that are aware of the mess of healthcare data!

> Would it make sense to go one step further and bet on the future being the cloud - and start supporting existing cloud solution like Google Healthcare (FHIR) API (and others) as storage layers?

Oh for sure - to clarify, we're open-source, but we definitely have a managed cloud solution. For our backend, we currently self-host the OSS version of HAPI FHIR on AWS: https://github.com/metriport/fhir-server. It works pretty well for our purposes, and we'd prefer to not use a managed solution like the Google FHIR storage for this. Mainly for customizability, control, and to keep things OSS.

With that being said, people using Metriport can store the FHIR data and raw docs coming from our API in whatever solution they wish - including the Google FHIR storage! Everything is standardized to FHIR R4, so syncing to another backend is straightforward.

In fact, a customer of ours recently used this OSS solution to sync Metriport data to their Google cloud: https://github.com/google/fhir-data-pipes

gip · 2024-05-23T19:05:38 1716491138

> With that being said, people using Metriport can store the FHIR data and raw docs coming from our API in whatever solution they wish - including the Google FHIR storage! Everything is standardized to FHIR R4, so syncing to another backend is straightforward.

Great. What I was trying to say is that there may be some value for larger customers if your company were building and managing something like it (basically a Fivetran for FHIR).

whoomp12342 · 2024-05-23T19:19:12 1716491952

more data does not always mean good data. Health systems have varying level of quality and accuracy and in some cases, wrong information affects patient outcomes. The idea of connecting sparse systems has pros and cons.

Consider someone who is misdiagnosed and switching doctors because they can't get the medical staff to believe them. They would be served by a fresh set of data and if re-diagnosed, so be it.

Logingarrett · 2024-05-23T23:02:53 1716505373

Interesting case, inaccurate data aside, I imagine medical staff form diagnoses objectively.

nradov · 2024-05-24T02:48:55 1716518935

In more complex cases, diagnosis is as much art as science. There aren't always evidence-based clinical practice guidelines to follow so clinicians often have to rely on experience and intuition. Subjective judgement is a factor.

Under HIPAA, patients do have the legal right to correct errors in their medical records.

https://www.hhs.gov/hipaa/for-individuals/medical-records/in...

whoomp12342 · 2024-05-28T14:50:20 1716907820

they do, culturally. However, data does influence their decisions. Appropriately diagnosis are probability based and is an art. Its not perfect, but currently it is good

superchris · 2024-05-23T19:53:18 1716493998

This sounds like a really excellent product, and I really love the description in this post of how you got there. Not working on anything just this minute that needs it, but I will definitely keep an eye out for opportunities.

dgoncharov · 2024-05-23T20:04:13 1716494653

Glad you enjoyed the read - we're happy that we landed at a domain/space that we're both passionate about, and is impactful. Pretty great outcome as far as pivots go!

lazyasciiart · 2024-05-23T19:58:23 1716494303

If I understood correctly: it sounds like HIEs were supposed to solve this problem but just duplicated it, so you’re hoping to actually solve it this time?

dgoncharov · 2024-05-23T21:26:03 1716499563

Pretty much! We're essentially building a service that leverages multiple networks - from a modern healthcare engineer's perspective, and focusing on product/data usability.

nradov · 2024-05-24T04:10:29 1716523829

Best of luck to Metriport. I've worked for years in the healthcare interoperability space and there are still a huge number of unsolved problems impacting cost and patient care.

There actually is a standard for converting C-CDA records to FHIR. It isn't 100% complete but serves as a useful starting point. If you find problems with it you can feed those back into the standards process.

http://hl7.org/fhir/us/ccda/

Microsoft has an open source library which works pretty well and I think implements at least part of that standard, although I haven't used it lately.

https://github.com/microsoft/FHIR-Converter

FHIR also includes unstructured narrative text so it isn't necessarily better than C-CDA in that regard. You'll find that data quality problems come down more to provider systems configuration and charting policies rather than data formats.

moneywoes · 2024-05-24T13:44:42 1716558282

Based on your experience , what do you think is the biggest pain point?

nradov · 2024-05-24T15:36:32 1716564992

The biggest pain point isn't technical, it's misalignment of incentives in provider organizations. Interoperability standards have existed for years and are widely implemented in commercial and open-source products and online services. Some of these may be a bit expensive or difficult to use but they work well enough, at least for common use cases.

The problem is that most providers still work on a fee-for-service basis, billing payers (insurers) and patients for individual line items. There's no line item billing code for improving clinical data quality or sharing patient records with other authorized organizations. So they mostly do the bare minimum necessary to comply with government regulations and payer coverage rules.

For example, every doctor is supposed to have a Direct Secure Messaging address listed in NPPES by now so that they can securely email patient records to each other. Every major EHR supports this standard and it can also be used through HISP online portals. But a lot of doctors still have no clue how to do this and haven't registered their address in NPPES (or misunderstood the instructions and put in their own personal Hotmail email address or something). So, they still end up sending faxes.

The situation may eventually improve with the shift to value-based care but this will be a slow process.

robertlagrant · 2024-05-23T20:26:32 1716495992

Well done with the launch. This is a tricky space, but if successful you will be very successful.

A health platform I helped build was open sourced[0] (the apps built on it are closed source and deployed in NHS trusts). Feel free to dig around for any inspiration :-)

[0] https://github.com/polaris-foundation

dgoncharov · 2024-05-23T20:46:02 1716497162

Thank you! Glad to see more open-source in healthcare - was the idea here sort of like a reusable EHR backend for building digital health products? I see some mention of HAPI FHIR in the repo as well.

robertlagrant · 2024-05-23T21:13:38 1716498818

Yes it was - it was internal to our company, but the apps got sold off when the business downsized. The engineering team lobbied to have the main backend open sourced, partly because it made the divestment of the apps built on it easier.

The architecture was that that was a backend for apps, and the individual apps would host a stateless BFF service to translate the backend into what they needed, and then the web/mobile apps would talk to that. HAPI FHIR was integrated for testing reasons; it also spoke HL7v2, for our sins.

adwf · 2024-05-24T00:26:34 1716510394

Was there anything else at Sensyne that could have been open-sourced and/or of value to the community?

I may be in a position to open some of that up before it's lost.

robertlagrant · 2024-05-24T09:44:10 1716543850

I'm curious :-)

I think the only other useful thing that wasn't added to the Foundation was some HL7 integration code that would sit in a customer environment and forward on requests to that backend securely. I believe that moved on with the software that it was primarily developed for, though, which is an in-hospital tablet based system for recording patient observations.

erkok · 2024-05-23T21:28:19 1716499699

I commend you trying to tackle such a challenging domain, something that feels should be handled on state level.

As a citizen of Estonia, we pretty much have any government service available over the web, and yes, we also get to enjoy state provided health care, which makes things simpler when it comes to having a single unified system for all health care workers, which we have, have had for quite a while, probably for a decade or more. And it works, including patients who can also log into the system to check any data that is collected on their behalf.

dgoncharov · 2024-05-23T23:41:53 1716507713

Thank you - it's a difficult problem for sure, but that makes it all the more fun and rewarding.

> should be handled on state level

Many of the aforementioned HIEs in the US are actually offshoots of state, or federal, government initiatives like TEFCA. We didn't go into details in the post, but the main HIEs are definitely not privately held startups - mostly nonprofit state sponsored organizations.

> we pretty much have any government service available over the web, and yes, we also get to enjoy state provided health care

There are pros/cons of state run centralized government systems for sure - with Metriport as a communication layer, we're hoping to bring providers in the US the best of both worlds for data exchange.

checkoutmygenes · 2024-05-23T21:07:21 1716498441

Nice work on the pivot + launch, team! You mention that IAS "may open up in the future." Does that mean I am not currently allowed to request my own record from an HIE?

dgoncharov · 2024-05-23T21:33:55 1716500035

Thank you!

That's right, we can't even request our own records using Metriport - this currently can only be done for a Treatment purpose of use (and opens up a lot gray area of what that means, as you can imagine).

The promise of TEFCA, and QHINs, is to open up more use cases for data access, like individual access, payment/operations, and etc. We're optimistic that eventually this will become a thing, but there are a lot of politics around this, and full implementation of these use cases has been getting delayed for some time now. It's technically possible today, but responding to requests outside of Treatment is not a MUST, so essentially nobody (namely the big EHRs) will actually respond to IAS requests.

In the meantime though, we're sprinting to hook as many providers up to the networks as possible, which then can share records with their patients.

analogj · 2024-05-24T19:47:59 1716580079

As the Metriport team mentions HIEs/TEFCA don't realistically allow patients to request their own medical records at the moment. However it is possible to request your individual medical records using the Cures Act Final Rule mandates -- it's what powers Fasten Health's Open Source PHR[0] and our B2B Fasten Connect service. The trade off is that patients need to remember & search for each of their health systems & then login to each of their individual patient portals. It's a pretty high friction experience.

- [0] https://www.fastenhealth.com/ - [1] https://www.fastenhealth.com/connect/

Teleoflexuous · 2024-05-24T10:58:25 1716548305

Is there/do you plan on creating in foreseeable future post mortem of the tracking app beyond the note on your reddit?

ajimix · 2024-05-24T11:10:32 1716549032

Very sad to see this company greedy move. From an excellent unique B2C app which could have got an excellent future, to a B2B API. Worst thing is that they ignored the loyal users and they didn’t say anything about the future of the app or cared about the people who already paid

Teleoflexuous · 2024-05-24T11:54:40 1716551680

I wouldn't blame anyone for deciding that the point of a company is to maximize shareholder value, especially here, but that's not what I mean at all.

There's a lot of similar apps, people seem to use and like all of them, I'm just curious how it looked from the inside of this one.

hakanderyal · 2024-05-24T09:16:32 1716542192

Where I live we have a centralized system run by government that all healthcare providers are required to integrate with. You can access & manage all your data & healthcare history from a single location, for free.

I know this wouldn't fly in the US, but it is a very convenient system for people.

doubleg72 · 2024-05-24T13:11:32 1716556292

We are working towards that right now in the US at more of the state/regional level. In fact, NYS is providing funding for all of Western New York to move to an integrated EMR, which is looking like it will be Epic. My current director will actually be one of the project leads.

qxfys · 2024-05-24T09:39:58 1716543598

I guess it's somewhere in the EU?

sgoose_ · 2024-05-24T12:25:44 1716553544

OmaKanta-system in Finland is an example of such.

kakoni · 2024-05-24T12:51:31 1716555091

OmaKanta is nice but these days it costs tens of thousands of euros for app developer to be compatible due to the high certification costs.

sgoose_ · 2024-05-24T12:29:11 1716553751

Also healthcare providers must ask for consent if they want to access your OmaKanta.

nmitchko · 2024-05-23T18:07:58 1716487678

How does this compare to ehealthexchange or other qhins that have many years of experience and charge lower costs?

dgoncharov · 2024-05-23T18:50:19 1716490219

> How does this compare to ehealthexchange

Good question! eHealth Exchange (eHEX) is one of 3 national HIEs that we connect to (currently through Carequality). eHEX is mainly focused on connecting to state-level regional HIEs, which cover a different portion of providers than CommonWell, or Carequality do.

For example, Cerner is a major EHR vendor (used by the VA and others) whose data can only be accessed through CommonWell, since they don't participate in other HIEs.

> that have many years of experience

Relatively speaking, modern HIEs are a relatively new concept (Carequality was founded in 2014) - so extra years of experience doesn't necessarily add any value, and usually just results in more legacy tech to deal with!

> charge lower costs?

This isn't necessarily true - since you brought up eHEX, see their pricing page: https://ehealthexchange.org/pricing-payers-vendors-and-for-p...

TL;DR just to get started it's going to cost you $20k + some months to integrate, $12.5k/yr as the base membership fee (up to $400k if you make a lot of money!), and they charge a per-query price.

The caveat here is per-query in eHEX, isn't what a query is in Metriport. They literally mean every single query (remember the HTTP requests to thousands of endpoints to find patient records, each one of those would be a query). So, if you want to integrate with eHEX only to get limited, messy C-CDA data, then you're looking at paying ~$0.80 per full record retrieval for a patient with 2k documents.

adamstecklov · 2024-05-23T19:39:04 1716493144

When you say that you can use the HIE's to contribute new data to the providers in the network, is that data actually going into the EHR's as if it was a record added in the EHR directly? If not, where are these contributed documents being stored?

dgoncharov · 2024-05-23T19:55:09 1716494109

Yes!! A lot of folk think that the only way to get data into EHRs is by writing one-off integrations with a specific hospital IT system - but you can achieve the same thing using a single Metriport integration.

We support 2 methods: (1) uploading FHIR data: https://docs.metriport.com/medical-api/api-reference/fhir/cr..., or (2) uploading documents like C-CDAs, PDFs, and images: https://docs.metriport.com/medical-api/api-reference/documen....

If you send Metriport FHIR data we'll convert it to C-CDAs under the hood when responding to providers in the HIEs, and this data is parsed and integrated as structured data directly in the EHR in the patient's chart. Same thing goes if you upload C-CDAs to Metriport yourself.

You can also share binary docs like PDFs and images, those will also be included in the patient chart in the EHR, but not parsed to discrete structured fields for display.

So concretely, by using Metriport you can pull data from EHRs connected to the HIEs we connect to (like Epic or other major EHRs like Cerner, Athena, etc), and send data back, so that the provider using the EHR can see the updated patient data directly in the chart in the UI.

adamstecklov · 2024-05-23T21:37:39 1716500259

Thanks for your response, going to play around with your API in the next few days. This sounds like its exactly what we've been looking for.

justanotheratom · 2024-05-23T20:37:52 1716496672

Can I make an App that can show a person their own medical data? i.e, user-provisioned access.

legionof7 · 2024-05-23T23:14:51 1716506091

I'm working on something in this space right now, would be really interesting to use Metriport for this. Though I believe that it's currently outside scope

>Additionally, using Metriport for patient data exchange today requires a Treatment purpose of use under HIPAA - which means that only Covered Entities, or Business Associates who work with Covered Entities, can use Metriport. This means that companies doing things such as clinical trials recruitment, for example, can’t use Metriport, but a primary care provider, or a clinical decision support vendor, can. This is due to current requirements set forth by HIEs, which may open up to support alternative use cases in the future, such as Individual Access Services (IAS).

Would love clarification.

dgoncharov · 2024-05-24T00:07:02 1716509222

What're you working on in specific? Can help provide clarification if you're able to describe the use case.

legionof7 · 2024-05-24T00:39:13 1716511153

Agent-based healthcare concierge basically (agents constantly trawling literature for ways to optimize your health, doing scheduling/appointments for you, moving data to new doctors when needed, etc.)

Thinking is: this was a massive tar pit in the past, new interop laws and AI tooling makes it possible now.

nradov · 2024-05-24T11:49:08 1716551348

Health optimization based on literature searches is a fool's errand. A certain niche segment of the "worried well" is constantly reading studies (often of questionable quality) and chasing marginal gains with the latest drugs, supplements, recovery modalities, or whatever. Meanwhile they still have poor sleep hygiene, insufficient exercise, and unresolved emotional problems. Major in the major, minor in the minor.

Those other agent features could be useful, though.

legionof7 · 2024-05-24T18:07:26 1716574046

Interesting yes, we've seen demand for the optimization stuff but admittedly I am in a bubble here (close with the biohacking community).

It may turn out to be the case that more banal cases (I have a cold, what's the fastest way for me to get symptomatic treatment?

I have X symptom, what's the fastest way to be routed to the right specialist, etc.

The doctor told me XYZ, how do I remember that and what's the best way to do all the steps required to fulfill? )

is the better play. Still doing a lot of exploration here for sure. Appreciate the insight.

nradov · 2024-05-24T22:45:03 1716590703

No offense but the whole "biohacking" and "quantified self" community is mostly a clown show. It might be a fun hobby but there's little or no reliable evidence that any of that stuff actually leads to improved outcomes in terms of lifespan or healthspan or performance or whatever. Any business built around that community might get a few early adopters but won't cross the chasm to the mainstream market.

And I write this as someone who has personally wasted money on stuff like genetic tests for athletic performance. Interesting, but not actionable.

For common symptoms, conditions, and medications consumers mostly just rely on WebMD or similar sites.

cfu28 · 2024-05-24T19:06:22 1716577582

Guessing you’re building off of US Core patient facing API’s for this use case? That’s what I ended up doing for www.meremedical.co

adolph · 2024-05-23T22:49:19 1716504559

Yes. In the US, this is part of the EHR push, each EHR is supposed to accept any outside application. Here are some docs on how it works with Epic: https://open.epic.com/Home/InteroperabilityGuide?whoAmI=deve...

A big tricky part is understanding all the different health systems that have part of the patient's record. Typically speaking you can scrape all health system FHIR access point's and perform some geo matching to offer the ones they likely have seen. From there you do the Oauth2 dance with each health system where the patient authenticates (if they remember their login) and your app gets a token good for a certain time period after which the patient has to log in again.

The advantage of Metriport's approach is that they are getting a hook into the vendor operated HIEs. The patient doesn't have to remember/select which health care systems that have records for them since the VOHIEs have all that. The big hurdle is managing some authentication on behalf of the patient to a third party that they don't have a direct relationship to, the VOHIE. I suppose the VOHIE can pass the patient off to one of the member health systems and do the same Oauth dance but instead of just getting one health systems data, you get the whole enchilada.

The evil part of the operation is that now Metriport has proxy access to the data and eventually will get hacked and bought by private equity that will sell the data to TransEquirian Insurance Score agencies.

dgoncharov · 2024-05-23T23:23:16 1716506596

> In the US, this is part of the EHR push, each EHR is supposed to accept any outside application

To be explicit for readers here, outside applications can connect to some EHR systems using SMART on FHIR, but not all (this is what Apple Health supports in their PHR) - and this is separate from HIEs. For reasons OP mentioned, this is impractical for treatment at scale, but is currently the best way to get your health records in your pocket, or to insurance companies, for example.

Fasten is a great OSS project that facilitates this flow for individuals, and I'd suggest you check them out: https://github.com/fastenhealth/fasten-onprem

> getting a hook into the vendor operated HIEs

This is a only part of the equation - for example, one of the biggest networks we connect with is Carequality, and this is more of a framework that's not operated by any vendors. Rather, vendors connect to a shared directory and speak the same language for medical data exchange.

> The evil part of the operation is that now Metriport has proxy access to the data and eventually will get hacked

This just speaks even more volumes to our open source approach - we're not hiding behind obscurity for security.

> and bought by private equity that will sell the data to TransEquirian Insurance Score agencies.

Only if someone wants spend a long time in prison! We can not legally do anything with the data we have proxy access to, except deliver it to the healthcare organizations we work with that are involved with treating the patient - nor would we want to. There are acquisition events with healthcare organizations all the time, and the HIPAA rules protecting the data do not change.

Hopefully you can agree that, especially with us being the only vendor in the space that's open source, there is no evil at play.

adunsulag · 2024-05-24T14:42:27 1716561747

>To be explicit for readers here, outside applications can connect to some EHR systems using SMART on FHIR, but not all (this is what Apple Health supports in their PHR) - and this is separate from HIEs. For reasons OP mentioned, this is impractical for treatment at scale, but is currently the best way to get your health records in your pocket, or to insurance companies, for example.

Just a minor detail here. My understanding from my attendance at some of the ONC Information Blocking seminars is that if the EHR is ONC certified, they are required to provide access to a patient using any app of the patient's choice. The rules are very different if its a provider app or an app that can provide access to data for multiple patients. Unfortunately, not all EHRs are certified (looking at you mental/behavioral health sector, and cash-only EHRs).

We continue to struggle with this in our own EMR implementation as app providers constantly complain that provider/system level access to the data requires manual human intervention, which we aren't going to change anytime soon. Things like Unified Data Access Profiles (UDAP) Dynamic Client Registration are looking to mitigate some of these problems.

What I'm intrigued about with Metriport is that app providers could connect directly to them to get the patient data as long as our EMR feeds data into the HIEs they work with.

analogj · 2024-05-24T19:52:18 1716580338

As the Metriport team mentions HIEs/TEFCA don't realistically allow patients to request their own medical records at the moment. But there are definitely examples of PHRs that leverages the Cures Act Final Rule mandates around individual patient access.

Fasten Health's PHR[0] and MereMedical[1] are both great examples of this. The trade off is that patients need to remember & search for each of their health systems & then login to each of their individual patient portals. It can be a pretty high friction experience.

- [0] https://www.fastenhealth.com/ - [1] https://meremedical.co/

cfu28 · 2024-05-24T19:04:57 1716577497

You can build directly with patient facing API’s (USCDI) directly with a patient’s EMR if you’re working with patient data/ building a patient app.

popupeyecare · 2024-05-24T03:11:53 1716520313

Congratulations!

I’m a huge fan of Metriport, Dima, and the whole team! I’m constantly impressed by the strides you are making in addressing this significant problem. I often brainstorm company ideas just to have the opportunity to use Metriport.

- Amit

zaking17 · 2024-05-23T16:02:23 1716480143

Congrats Dima & Colin! We’ve been greatly impressed with Metriport. If there was ever a place that needs tons of well-designed & open-source software, it’s medical records.

dgoncharov · 2024-05-23T23:44:59 1716507899

Thank you!!

pk-r · 2024-05-23T20:34:46 1716496486

Apart from your new product, the old metriport app I found very intresting. If you ever considered to make it opensourced, I would be glad to contribute.

dgoncharov · 2024-05-23T23:44:21 1716507861

We'd love to open source it - but are too strapped for time to do so. Perhaps one day in the future.

chrisfrantz · 2024-05-23T17:49:00 1716486540

Congrats Dima and team, it's been cool watching you build this over the last couple of years.

dgoncharov · 2024-05-23T23:44:37 1716507877

Thank you!

awendland · 2024-05-24T02:47:53 1716518873

What percentage, or how many millions, of patients are accessible on the network today?

dgoncharov · 2024-05-24T03:06:31 1716519991

Roughly 93% of the US population, so just north of 300 million.

moneywoes · 2024-05-24T13:43:52 1716558232

what is blocking the remaining 7%?

Joel_Mckay · 2024-05-24T02:52:14 1716519134

While any XSLT/XML based interface can act as middle-ware for such a messy ecosystem. There are several problems with touching medical data:

1. Some governments require ISO certifications for security

2. Some standards bodies require commercial accountability (FDA), data site redundancy, and company inspection by a standards body.

3. The ecosystem for the insurance documentation is never open source. It is not only prohibitively expensive, but comes with legal strings in the EULA.

Good luck, but please read the slicer.org story before committing too much time to the project. =)

nradov · 2024-05-24T12:48:34 1716554914

In principle XSLT can be used to convert between HL7 V2 Messaging, CDA, and FHIR formats. I have actually done this to an extent. But it's a huge mess and difficult to maintain or even understand. Most implementers have now moved on to other technologies for healthcare data mapping and transformation. And format conversions are only one minor piece of the interoperability puzzle.

The standards bodies in the clinical interoperability space aren't accountable to the FDA (although the FDA is a registered organizational member of HL7 and contributes to standards development as a peer to other members). Services like Metriport aren't FDA regulated medical devices. The standards bodies don't inspect implementers.

There are open source libraries for dealing with the data formats used for interactions between providers and health plans (insurers), primarily ASC X12N and NCPDP. The standards documents themselves are somewhat expensive. But Metriport doesn't appear to be playing in that space so it's a moot issue.

Joel_Mckay · 2024-05-24T13:24:08 1716557048

Interesting, up north the ISO 13485 certification etc. is required to even deploy an App, as your phone would be considered a medical device under the rules if used for diagnostics and or reporting.

Don't get me wrong, I am sure people have no issue paying the $84k each release cycle to be cleared as compliant. Notably, our health authority legally can't buy software without these certifications, and for the past 6 years only Microsoft offers a framework through their partner for the e-records exchange systems.

There is zero "open" anything in this ecosystem, as commercial insurance won't cover mystery commits.

Best of luck, =)

nradov · 2024-05-24T17:34:54 1716572094

I'm not sure what you mean by "mystery commits". Health plans are legally required to accept transactions that conform to CMS adopted standards. They don't know or care what software is used to generate those transactions.

https://www.cms.gov/priorities/key-initiatives/burden-reduct...

Joel_Mckay · 2024-05-25T01:56:32 1716602192

For regulatory reasons, the slicer.org team found out after the software was written... that it was illegal to deploy in a medical context within the US.

The reason was you can't legally use software with patchwork origins and licenses to cobble together something where the authors are not able to be found/held liable for damages if they accidentally injure someone.

If the data is not being used in _any_ way for patients diagnostics/e-record roles, than your team might get away with just clearing HIPAA rules in the US (not sure how each state would handle that exception.)

You have been warned about the historical rules, but if something changed since I was last in that Circus... than I hope the project does well.

It is always wise to talk with a local legal specialist to clear up current rules. I'd wager people had a billion reason$ to keep things as they were... =)

adunsulag · 2024-05-25T12:52:29 1716641549

OpenEMR is an OSS practice management system and is certified for medical use by ONC in the USA. It has been deployed in the medical context in many jurisdictions in the USA. There are some government agencies / larger organizations that require 'sole-sourcing' which I think is what you are referring to, it varies by jurisdiction, but I've never heard of anything at the federal level and widespread state level that 'requires' this. If this was the case I doubt we'd have made it through the many times we've been certified.

I will mention that the certification process is expensive. It ranges in the 100K-250K range each time we go through it in fundraising and to go through the certification process.

Joel_Mckay · 2024-05-25T15:08:35 1716649715

In general, up here the 3 relevant ISO certifications (around $45k to $80k each) that apply to e-record and diagnostic systems are required, or software cannot be legally purchased by the health authority. For many reasons, the e-record system software was written in partnership between a large telecom and Microsoft.

slicer.org has their detailed story why "3D Slicer is NOT FDA approved", and its unfortunate given the transient nature of volumetric imaging data formats.

My point was this area is a mine-field of regulation. Generally, the above rules trip the instant a doctor uses something to diagnose or communicate patient data. Notably, the same software is deployed across provinces and states... but will obviously have different certification requirements in each locale.

Some people seem to get really rude over the most mundane details. =3

nradov · 2024-05-26T17:32:31 1716744751

It's kind of hilarious how some people with no real industry experience aren't able to do a simple search on the CHPL. Obviously, there's nothing illegal about using OpenEMR regardless of who wrote the code. And certification isn't even necessarily required. Providers who don't participate in certain federal or state programs are free to use non-certified software as long as they're able to comply with applicable interoperability and privacy/security regulations; regulatory compliance and enforcement for that stuff is at the provider organization level, not at the product level.

Joel_Mckay · 2024-05-26T19:38:54 1716752334

"there's nothing illegal about using OpenEMR regardless of who wrote the code"

Indeed, in your area this may be true. However, the health authority can't legally purchase or use these projects without the ISO certs, and thus it is a moot point.

I think we will have to agree to disagree, as there are two truths here. And people seem to be getting emotional about their egos. =)

nradov · 2024-05-25T04:45:55 1716612355

Wrong. Merely storing clinical data or providing it to clinicians who use it for diagnostics isn't sufficient for software to be considered an FDA regulated medical device. I have actually built such software and was careful to avoid adding any features that would make it a medical device. Open source software has being used legally by provider organizations for decades.

Instead of remaining ignorant and spreading secondhand misinformation you can literally just go read the federal regulations and supplementary guidance. Or just ask the FDA for a formal opinion letter if you're in a gray area. This is basic stuff, not hard to find or understand.

Joel_Mckay · 2024-05-25T04:55:35 1716612935

I too have written software for both Canada and the US markets.

Don't YOLO this one kid.

(the fact you didn't mention the 2 other common ISO standards I omitted on purpose, means you have not done your work properly for "years" as you put it.)

nradov · 2024-05-26T17:21:55 1716744115

It's always disappointing to see such ignorance in HN comments like this. While there are some relevant technical standards cross listed with ISO, adherence to ISO standards isn't legally required for products like Metriport. Seriously buddy, you can just go read the FDA regulations instead of making a fool of yourself. But if you'd like to keep looking silly then feel free to have the last word.

Joel_Mckay · 2024-05-26T20:14:17 1716754457

It is ok to disagree kid (I often make mistakes), but asserting your locale's rules are somehow international is a nonsense argument for your own ego.

I would recommend considering programs compatible with your obvious temperament:

https://www.youtube.com/watch?v=XUAsU_zQVMo

Feel free to append any additional off-topic nonsense below if it makes you feel better. I still like you. =3

moneywoes · 2024-05-24T13:50:42 1716558642

Can you elaborate, aren’t there cheaper cloud based hosting solutions e.g. aws?

Joel_Mckay · 2024-05-24T14:07:49 1716559669

AWS is usually not compliant, and thus likely prohibited as well. Microsoft partnered with a large local telecom company to provide the NOC.

It is 100% a monopoly, and thus why we left a competing firm a long time ago. =)

Logingarrett · 2024-05-23T23:15:15 1716506115

Gods work!

dgoncharov · 2024-05-23T23:42:23 1716507743

moneywoes · 2024-05-24T13:40:48 1716558048

why not integrate with the EHR vs the HIEs

analogj · 2024-05-24T19:56:30 1716580590

That's exactly what we're doing with our Fasten Health PHR[0] & with our Fasten Connect[1] product. The biggest issue is that there are 250,000 registered health systems in the US. That's a massive long-tail to support and integrate with (we only support 30,000 at the moment). It requires a ton of time and effort, and at the end the Patient experience is still... mediocre. Patients need to search for each health system, then login to their individual patient portals -- it's pretty high friction. And thats even before you discuss all the barriers that EHRs put up to make it difficult for app developers to register and get production access to EHR systems.

- [0] https://www.fastenhealth.com/ - [1] https://www.fastenhealth.com/connect/

nradov · 2024-05-24T15:44:40 1716565480

It's certainly possible to integrate directly with EHRs. Most now have pretty good implementations of the interoperability standards, at least for reading data. The problem is that to get access to that data you typically have to establish agreements with individual provider organizations, which is difficult to scale. Many provider organizations also run their own EHR instances rather than using SaaS so for those you also have to deal with all of the endpoint discovery and directory issues.

Working through aggregators such as HIEs eliminates some of those issues.

moneywoes · 2024-05-24T13:35:25 1716557725

how do you make money?

dgoncharov · 2024-05-24T15:08:50 1716563330

See the bottom of the post: "We charge per full medical record retrieval for a patient (which we call a query). This starts at $1 per query (with a monthly minimum), and scales down from there based on volume. We only charge for queries that return at least one record (and even if a query returns 1000 documents for a single patient, we still count that as a single query) - no charge is incurred for sharing data back to the networks, or making API calls to generate medical record summaries, for example."