CMS has issued its 2019 Physician Fee Schedule Proposed Rule, containing highly anticipated new reimbursement policies for telehealth, remote monitoring, and other uses of digital tools, as well as updates to health IT requirements in the Quality Payment Program, with a stronger focus on patient access to health information. Comments are due September 10 at 5pm.

Continue Reading New CMS Incentives for Remote Patient Monitoring and Patient Access

On March 6, 2018 at the Healthcare Information and Management Systems Society (HIMSS) 2018 conference, Centers for Medicare & Medicaid Services (CMS) Administrator Seema Verma announced a new initiative furthering the current Administration’s focus on value-based care and increasing patient access to healthcare data. The initiative — called MyHealthEData — will be led by the White House Office of American Innovation, in collaboration with the Department of Health and Human Services (HHS), CMS, the Office of the National Coordinator for Health Information Technology (ONC), the National Institutes of Health (NIH), and the Department of Veterans Affairs (VA). (CMS press release here.) Continue Reading Liberating Data to Transform Value-Based Care: MyHealthEData, Blue Button 2.0, and Price Transparency

This morning, the Food and Drug Administration released highly anticipated guidance on clinical and patient decision support that has been in the works at the agency for several years, advising the digital health community about how it plans to regulate software that offers recommendations or feedback to its users—both healthcare professionals, and patients and caregivers. It also provides guidance on FDA’s interpretation of new software provisions in Section 3060 of the 21st Century Cures Act.

Given the explosion of these innovative digital health tools and their strong potential to transform healthcare, this guidance is a significant development for tech companies and investors focusing on this space. Comments will be accepted for 60 days. Continue Reading FDA Issues New Guidance for Clinical and Patient Decision Support Software

Congress is considering several adjustments to health IT policy which may have significant impact on the Centers for Medicare and Medicaid Services’ (“CMS”) electronic health records (“EHR”) incentives. On July 20th and 21st, Representatives met to discuss bipartisan legislation to improve the Meaningful Use program and introduced legislation that would authorize a CMS Innovation Center (“CMMI”) project to incentivize EHR adoption by behavioral health providers. The bills may be indicative of Congress’ attitude towards the Meaningful Use program, which has garnered criticism from providers for being burdensome.

On July 21, 2017, the House Committee on Energy and Commerce Subcommittee on Health held a hearing on H.R. 3120 and featured testimony from Cletis Earle, Chairman-Elect of the College of Healthcare Information Management Executives. The bill, sponsored by a group of bipartisan lawmakers, will allow CMS to modify the requirements of the Meaningful Use program in order to give the Secretary additional flexibility in implementing the program. Currently, providers and vendors must comply with the Stage 3 measures and objectives of the Meaningful Use program starting January 1, 2018 or be subject to Medicare reimbursement penalties. Earle argued that the implementation timeline for Stage 3 of the program is too rigorous for providers to meet and may lead to an increase in hardship exemption applications. Provider and vendor groups across the industry have suggested that the HHS Secretary Tom Price delay the Stage 3 obligations, noting that software implementation and cybersecurity issues have made the 2018 deadline unreasonable. Sponsors of H.R. 3120 note that the bill will reduce the burden on providers’ use of EHR systems, allowing providers to focus on care coordination and patient outcomes. In response, CMS noted that the proposed “Medicare Program; CY 2018 Updates to the Quality Payment Program,” which is open for comment through August 21, 2017, would give eligible providers an additional year to implement EHR technology that complies with the 2014 or 2015 edition of Certified Electronic Health Record Technology (“CEHRT”) and offers the opportunity to apply for hardship exemptions for the Advancing Care Information performance category of the Merit-based Incentive Payment System (“MIPS”). For more information, see our update on key proposals of the 2018 Proposed Rule here. Continue Reading Congress Remains Focused on Electronic Health Records

On September 26, 2016, the Office of the National Coordinator for Health Information Technology (ONC) released guidance, entitled EHR Contracts Untangled, to help providers navigate the complexities of electronic health record (EHR) vendor contracting. The guidance breaks down important considerations for selecting EHR systems, and provides strategic pointers – including sample contract language – to help facilitate the contracting process. While the guidance is largely an attempt to level the playing field for providers in the EHR arena, it also has broader applicability to contract negotiations for a variety of other digital health tools.

For the most critical “need-to-know” points from ONC’s new guidance, see our recent client alert.

The HHS Office of Civil Rights published a new FAQ response (OCR FAQ) detailing the agency’s position that generally information blocking will violate the HIPAA Privacy and Security Rules if it affects a covered entity’s access to its own protected health information (PHI) or its ability to respond to requests for access to PHI from patients. This follows a series of similar policy documents from HHS over the past 18 months that focus on preventing business arrangements or practices that would be defined as information blocking, and thereby, frustrating the goal of interoperability. Specifically, according to the OCR FAQ:

  • An electronic health records (EHR) vendor or cloud provider’s actions to terminate a covered entity’s access to its own electronic PHI (ePHI) (e.g., in a payment dispute) would violate the HIPAA Privacy Rule because those actions would constitute an impermissible use of PHI.
  • An EHR vendor or cloud provider’s refusal to ensure the accessibility and usability of a covered entity’s ePHI upon demand by the covered entity or to return a covered entity’s ePHI upon termination of the agreement, in the form and format that is reasonable in light of the agreement, would violate the HIPAA Security Rule.
  • A business associate may not deny a covered entity access to the PHI the business associate maintains on behalf of the covered entity if necessary to provide individuals with access to their PHI under the HIPAA Privacy Rule.
  • A covered entity that agrees to terms within a business associate agreement (BAA) that would prevent the covered entity from ensuring the availability of its own PHI as required would not be in compliance with the HIPAA Privacy and Security Rules.

OCR has increasingly ramped up its enforcement of violations of the HIPAA Privacy and Security Rules related to noncompliant BAAs, so the new OCR FAQ signals that information blocking provisions could be the source of future enforcement actions.

Continue Reading Blocking Access to Health Information May Violate HIPAA

Earlier this month, the Office of the National Coordinator for Health Information Technology (ONC) released a report to Congress on the feasibility of creating tools to help providers compare and select certified health IT products. As part of the Medicare Access and CHIP Reauthorization Act (MACRA), Congress required ONC to conduct a study to examine the feasibility of establishing mechanisms to assist providers in comparing and selecting certified EHR technology products. Congress suggested that ONC consider mechanisms like establishing a website of aggregated survey results that would allow meaningful EHR users to directly compare the functionality of certified health IT products. Congress also suggested compiling information from vendors of certified health IT products, and making that information publicly available in a standardized format.

In response to its Congressional directive, and drawing upon recommendations from the Certified Technology Comparison (CTC) Task Force, public input, and its own market analysis, ONC’s report focused on two subgroups of the health care community – providers and comparison tool developers – and identified specific problem areas in the comparison tool marketplace. Ultimately, the report proposed four mechanisms to improve the health IT comparison marketplace:

Continue Reading The Rise of the One-Stop Shop? ONC Outlines Four Mechanisms to Help Providers Compare Certified Health IT Products

On March 30, the Centers for Medicare & Medicaid Services (CMS) published a proposed rule (CMS Proposed Rule) detailing the policies it will introduce during Stage 3 of the Medicare and Medicaid Electronic Health Record (EHR) Incentive Program. In tandem with CMS’s publication, the Office of the National Coordinator for Health Information Technology (ONC) also published a proposed rule (ONC Proposed Rule) providing a new edition of health information technology (HIT) certification criteria. The proposed rules are intended to work together in streamlining the establishment of an interoperable nationwide health information infrastructure.

Continue Reading CMS and ONC Announce New Proposed Rules for Stage 3 of the Medicare and Medicaid EHR Incentive Program and HIT Certification Criteria

In a March 2014 report, the United States Government Accountability Office (GAO) identified major and on-going challenges with the practical implementation of the Health Information Technology for Economic and Clinical Health (HITECH) Act.

The HITECH Act provides funding to promote the adoption and “meaningful use” of health information technology (HIT), as well as certified electronic health record (EHR) systems. While the Act itself provides the funding and statutory framework, the Department of Health and Human Services (HHS) and two of its subsidiary agencies—the Centers for Medicare and Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC)—have also developed and issued strategic guidance in order to promote and advance the exchange of electronic health information under the Act.

Unfortunately, to date, many providers and stakeholders have reported difficulties with implementing the exchange and those difficulties have yet to be remedied. Based on in-depth interviews with providers and stakeholders across four states, the GAO report cites four major issues that continue to plague the electronic health information exchange (HIE):

Insufficient Standards for Electronic Health Information Exchange. Providers cited compatibility problems when exchanging certain types of health information with other providers that have different EHR systems, primarily due to a lack of sufficient standards supporting the exchange. The most common example included differing standards in the terminology, definitions, and classifications of certain health information (e.g., whether an allergic reaction should be classified as a side effect or an allergy). In response to this concern, HHS now requires participating providers use the 2014 edition of HHS-certified technology when exchanging health information. This technology now: (1) identifies certain vocabularies to be used by providers; (2) provides a structured format/template for patient care summaries (referred to as continuity of care documents (CCD)); and (3) defines a standard format for the transmission of secure health messages (called the Direct Protocol). Despite this move towards standardization, however, providers remain concerned by the standards’ sufficiency, the inability to measure the standards’ success, and the limited capabilities of the Direct Protocol system.

Varying Privacy Rules Across States and Lack of Clarity. Providers and stakeholders also expressed concerns about variations in state privacy laws, particularly where those laws vary significantly from or are stricter than federal or other state privacy laws. This issue is especially vexing for providers that border other states and serve a large number of patients across state lines. ONC has responded by offering high-level guidance directing providers to seek state privacy law information from state agencies, regional extension centers (RECs), and other professional associations. ONC also implemented the Data Segmentation for Privacy Initiative to develop and pilot test standards for managing patient consents and data segmentation (e.g., sharing some, but not all, of a patient’s health information). Despite these efforts, providers have requested additional training and suggested that HHS focus its resources on consent policies and electronically-obtained consents to address some of these challenges.

Difficulties Matching Patients to their Records. Providers and stakeholders noted difficulties with accurately and efficiently matching patients to their records when exchanging health information. Inaccurate matches naturally raise safety concerns, and inefficient matching processes are time-consuming and deter participation in the exchanges. To address these concerns, HHS implemented the Patient Matching Initiative (officially launched in September 2013) to: (1) asses the current approaches used; (2) identify key attributes and algorithms; and (3) define best practices. HHS also sought recommendations from the two federal advisory committees established by the HITECH Act, and HHS is currently working to respond to the recommendations. Providers themselves have suggested alternative methodologies, such as algorithms, and the creation of a national patient identifier for matching patients to their records.

Difficulties Regarding the Cost of Exchanging Health Information. Finally, providers identified financial concerns based on the costs of upfront expenses associated with purchasing and implementing EHR systems, as well as establishing the additional interfaces needed to fully utilize the exchanges. Providers also noted that limited participation by other providers in state or regional exchanges has created fewer opportunities to exchange health information, and therefore do not justify the costs associated with joining the exchange.

Based on the aforementioned challenges, the GAO recommended that HHS: (1) develop and prioritize specific actions that it will take to advance the health insurance exchange, and (2) develop milestones and timeframes for the completion of these actions. While these solutions are both practical and relevant to the concerns raised by providers, the on-going and fairly basic nature of the challenges has the potential to significantly slow the use of HIEs. Moreover, as providers move forward in an effort to embrace the Act’s mandate, the fact that many of the costs currently outweigh the benefits could chill and perhaps even deter full-scale implementation of the HITECH Act in the immediate future.

On March 20-21, 2014, the Federal Trade Commission (FTC) held a public workshop, “Examining Health Care Competition,” to discuss trends and developments in the health care industry that may affect competition. Specifically, the workshop used five panels of industry participants and experts to study professional regulation of health care providers, innovations in health care delivery, advancements in health care technology, measuring and assessing health care quality, and price transparency of health care services.

The following are key takeaways from the workshop:

  • The panel on innovations in health care delivery focused its discussion on the implementation of regulatory and policy options regarding telehealth services and retail clinics, such as “minute clinics.” The panel noted that new forms of health care delivery can improve access and care, while decreasing spending. But new delivery options also face significant obstacles, like state licensing requirements that hamper efforts to help patients across state lines.
  • Some industry participants claimed that electronic health records (EHRs) make it easier for hospitals and health technology companies to limit competition improperly. Though EHRs may lower costs and improve quality by improving care coordination, EHRs might also create barriers to competition by forcing hospitals and physicians to deal with only one vendor or Accountable Care Organization (ACO). For example, an EHR vendor may charge a premium to send data out-of-network or to a new vendor.
  • One panel discussed the delicate balance between increased price transparency and antitrust concerns. Meaningful price transparency may assist consumers, payors, and providers increase quality of care while controlling costs by leading to more informed consumer decisions and more competitive market prices. But it could also lead to collusion among payors or providers.

The workshop reinforces that competition in the health care industry is a major focus for the FTC at this time. The investigation into potential antitrust issues in health care supplements the recent, vigorous enforcement of the antitrust laws in this area by the FTC. And that vigorous enforcement shows no signs of abating.

The FTC will accept public comments regarding the workshop until April 30, 2014.