Photo of Jodi G. Daniel

Jodi Daniel is a partner in Crowell & Moring's Washington, D.C. office and a member of the firm's Health Care Group, where she provides strategic advice to clients navigating the legal and regulatory environments related to technology in the health care sector. Jodi is the former director of the Office of Policy in the Office of the National Coordinator for Health Information Technology (ONC), U.S. Department of Health and Human Services (HHS). She served for a decade as the director at the ONC and 15 years at HHS, where she helped spearhead important changes in health information privacy and health information technology to improve health care for consumers nationwide.

For more than a decade, Jodi has been responsible for thought leadership, policy development, and identifying policy drivers for health IT activities within the federal government, and ultimately established the HHS' national health IT policy. As former director at the ONC, she addressed privacy and security issues to ensure that there was clear guidance on how the initial Health Insurance Portability and Accountability Act of 1996 (HIPAA) rules applied to health IT. Jodi set the strategic direction and set policy on consumer e-health and health IT safety. She is also credited with establishing the ONC’s regulatory capacity and led the development of all ONC regulations on health IT standards and certification.

As the first senior counsel for health information technology in the Office of the General Counsel (OGC) of HHS, Jodi developed HHS's foundational legal strategies and coordinated all legal advice regarding health IT for HHS. She founded and chaired the health information technology practice group within OGC and worked closely with the Centers for Medicare and Medicaid Services in the development of the e-prescribing standards regulations and the Stark and anti-kickback rules regarding e-prescribing and electronic health records.

In order to move health care organizations towards consistency in mitigating important cybersecurity threats to the health care sector, the Department of Health & Human Services (HHS) published multiple guidance documents on best practices for health care organizations to reduce cybersecurity risks (“HHS Cyber Guidance”). The HHS Cyber Guidance is the result of HHS’ public-private partnership with more than 150 cybersecurity and health care experts. While compliance is voluntary, this guidance serves as direction to health care entities on important practices that should be considered and implemented to reduce risk.

Why HHS has published this guidance

Continue Reading HHS Releases Voluntary Cybersecurity Practices Guidance

 

  • More of our health information is becoming digital every day, as new technology companies enter the health care and wellness markets.
  • Many companies that hold a wealth of consumer health information are not covered by HIPAA.
  • Many consumers may not realize that their health information only is protected and they only have certain rights with respect to that information when it is held by certain entities, but not when it is held by others.
  • The private sector should work with regulators to develop a common sense, appropriate framework for use of health information by non-HIPAA covered entities.

As we await proposed HHS regulations on interoperability and patient access to data, and as more companies than ever before are collecting and using data to power advanced data analytics, artificial intelligence, and machine learning to improve health care quality and delivery, it is important to understand the scope and limitation of protections and the applicability of the HIPAA Privacy Rule.

Patients, providers and caregivers now have access to a wide array of devices and applications to manage and track patient health, improve treatment adherence, and better coordinate care. Large technology companies, athletic gear manufacturers, and others are entering a rapidly growing consumer health technology market. They are developing new technologies including tracking apps, wearables, and social networks that are increasingly integrated into patients’ daily lives. With an estimated 86.7 million U.S. consumers owning wearable devices by 2019, patients are generating billions of data points that provide insight into their health. Yet many of these companies are not subject to existing privacy protections under HIPAA, creating a significant gap in consumer protections.

At the same time, HHS is pushing for greater interoperability and patient access to data to address a challenge that remains widespread even after the investment of billions of federal dollars into the adoption of electronic health records. Agencies are encouraging and mandating easier availability of electronic health data, through current and anticipated CMS and ONC regulations and through a variety of government initiatives such as: 1) Blue Button and MyHealtheData; 2) incentivizing the adoption of open APIs; 3) developing new fee-for-service payment policies regarding remote monitoring and virtual care reimbursement; and 4) launching Sync for Science, a technical standard for facilitating patient-mediated data exchange for research. Consumers and companies alike seek guidance on the implications of collecting, storing, maintaining, and commercializing personal health data. Continue Reading Closing the Health Information Privacy Divide

CMS has finalized the adoption of multiple CPT codes in the CY 2019 PFS that create more opportunities for providers and digital health companies to collaborate on chronic care management business models in the fee-for-service market.

Virtual Check-Ins

CMS finalized the creation of a new code to reimburse providers for brief “check-in” services conducted using communications technology by creating HCPCS code G2012, defined as “[b]rief communication technology-based service, e.g. virtual check-in.” Continue Reading Digital Health Updates in the 2019 Physician Fee Schedule (PFS) Rule

Yesterday, the FDA released draft guidance on the management of cybersecurity in medical devices submitted to the agency for premarket review. Noting that cybersecurity threats to the healthcare sector have increased in number and severity, the FDA offered new recommendations for device design, labeling, and documentation that medical device manufacturers will need to consider during premarket submission processes.

The guidance comes shortly after the FDA’s launch of its Medical Device Cybersecurity Playbook, which provides a framework for healthcare delivery organizations to use in preparing for and responding to cybersecurity threats against patient medical devices.

Given rapid changes in technology and increasing innovation in the digital health market, the guidance intends to decrease the risk of cyberattacks that could render medical devices inoperable and potentially harm patients. Comments on the draft guidance are due on March 18, 2019. Continue Reading FDA Issues New Guidance for the Management of Cybersecurity in Medical Devices

On October 15, 2018, the Centers for Medicare & Medicare Services (“CMS”) in the Department for Health and Human Services proposed a rule to require prescription drug manufacturers to post the Wholesale Acquisition Cost (“WAC”) for drugs and biological products covered by Medicare or Medicaid in direct-to-consumer television advertisements. The WAC reflects the manufacturer’s list price for a drug to direct purchasers, not inclusive of any discounts or rebates. CMS is proposing this rule in the context of broadcast advertisements, an area in which the Supreme Court has recognized that the government may take special steps to help ensure that viewers receive appropriate information.[1]

CMS stated that 47 percent of Americans have high-deductible health plans and that many patients may pay the list price of the drug until they meet their deductible. The proposed rule aims to provide greater transparency into the prices charged by prescription drug manufacturers. The theory is that markets operate more efficiently with greater transparency, and that increased exposure of the list price will also provide a moderating force to discourage price increases. While wholesale prices do not equate to the patient’s out-of-pocket obligation, CMS asserts that benefit designs are impacted by WACs, and patients in high-deductible plans may pay the full list price until meeting their deductible – thus, the WAC may still be relevant to many patient and impact their decisions and market dynamics. The price required to be posted would be for a typical course of treatment for an acute medication like an antibiotic, or a thirty day supply of medication for a chronic condition that is taken every month. The posting would take the form of a legible textual statement at the end of the ad and would not apply where the list price for a thirty day supply or typical course of treatment of a prescription drug was less than $35. Continue Reading CMS PROPOSES RULE TO REQUIRE PRESCRIPTION DRUG MANUFACTURERS TO DISCLOSE DRUG PRICES IN TV ADS

CMS has issued its 2019 Physician Fee Schedule Proposed Rule, containing highly anticipated new reimbursement policies for telehealth, remote monitoring, and other uses of digital tools, as well as updates to health IT requirements in the Quality Payment Program, with a stronger focus on patient access to health information. Comments are due September 10 at 5pm.

Continue Reading New CMS Incentives for Remote Patient Monitoring and Patient Access

This blog post has been prepared in collaboration with Validic. Mr. Schiller is CEO of Validic. Jodi Daniel is a partner in Crowell & Moring’s Health Care Group in Washington, D.C.


Our healthcare system is in the midst of a fundamental shift toward value-based care to drive down costs and improve the quality of care. We won’t be able to achieve that goal without technology that allows providers to collect and use health data and puts patients front and center. Patient access to clinical and claims data is essential. When patients have access to their own information, they can better understand their condition and feel empowered to ask questions and shape their own care plan.

Congress and the federal government are pushing to liberate data from within the healthcare system and to promote patient access to health information. However, it is equally important to focus on the flow of data from the patient back into the healthcare system. The patient – who is gathering data at home, managing her condition, and making day-to-day decisions that impact her health – holds information that is critical to treatment decisions and outcome improvements. Continue Reading Transforming the Patient-Provider Relationship: A Comprehensive Approach to Patient Access and Patient-Generated Health Data

On April 17, 2018, the Food and Drug Administration (FDA) released its Medical Device Safety Action Plan which outlines FDA’s intended steps to address medical device safety while preserving enough space for innovation in the market.

The FDA’s plan is the latest effort by the FDA on medical device safety, including a recent budget request seeking $70 million to create a Center of Excellence on Digital Health that would, among other things, craft new regulations for third-party certification for developing medical devices. This comes as FDA is pushing guidance and innovative approaches for oversight of digital health (see our blog).

According to FDA Commissioner Scott Gottlieb’s announcement, the FDA’s plan organized into five points that seek to balance patients’ timely access to devices and safety and effectiveness. Continue Reading FDA’s Medical Device Safety Action Plan

The Food and Drug Administration (FDA) has announced several new initiatives that reflect its ongoing commitment to maintain patient safety, while also championing the need and opportunity for health care innovation.

During opening day of Health Datapalooza, FDA Commissioner Scott Gottlieb highlighted the critical import of novel digital health tools in achieving patient-centered care, and outlined how the agency is committed to moving the ball forward in health care innovation through the following initiatives: Continue Reading FDA Advances Flexibility-Based Framework for Digital Health and AI

Despite the Trump Administration’s declaration of a state of emergency on October 26, 2017, the federal response to the opioid crisis largely languished on the back burner—much to the chagrin of states in the trenches of the opioid epidemic. However, based on the flurry of activity over the past several weeks, the federal government response now seems to be gathering substantive momentum, with various agencies and government actors launching attacks on all fronts—administrative, legislative, and enforcement alike. The federal government’s recent efforts present opportunities for health care organizations, life sciences companies, and health tech companies to get involved at the ground level to help influence opioid policy and provide needed products, services, and support to reduce the incidence of opioid abuse and address the health care needs of patients.

Continue Reading The Freight Train Gathers Steam: An Update on the Federal Response to the Opioid Crisis