HHS’s Substance Abuse and Mental Health Services Administration (“SAMHSA”) proposed updated rules to clarify the scope of perceived barriers to sharing information regarding treatment for substance use disorders (SUDs) among providers, with research entities, and for law enforcement purposes. The proposed changes to the 42 C.F.R. Part 2 (“Part 2”) regulations appear in two Notices of Proposed Rulemaking (“NPRMs”), which are also summarized in a Fact Sheet. These proposals are part of HHS’s Regulatory Sprint to Coordinated Care, an agency-wide effort to remove regulatory obstacles to care coordination and information-sharing. HHS is anticipated to release proposed rules on HIPAA, the Physician Self-Referral Law and Anti-Kickback Statute by the end of 2019 as part of this effort as well.

The proposed Part 2 updates could have significant impacts on how health care providers, researchers, and health technology companies protect and share SUD information with each other, so interested parties should submit comments on the NPRMs before the deadlines, and prepare to submit comments in response to HHS’s other Regulatory Sprint to Coordinated Care efforts in the coming months.

Background


Continue Reading

Electronic health record (EHR) vendor Allscripts recently disclosed on an earnings call that it has reached a tentative agreement with the Department of Justice (DOJ) to pay $145 million to settle an investigation into the regulatory compliance of one of its recent acquisitions, Practice Fusion. This news, combined with DOJ’s other recent successful enforcement actions against EHR companies, represents a trend and should be a warning that compliance is a priority when it comes health IT. We anticipate that there will be more Anti-Kickback, HIPAA, and False Claims Act cases against similar health IT targets in the pipeline.

Allscripts acquired Practice Fusion, also an electronic health record company, in February 2018. According to the company’s public SEC filing from the first quarter of 2019, the investigation “relates to both the certification Practice Fusion obtained in connection with the U.S. Department of Health and Human Services’ Electronic Health Record Incentive Program and Practice Fusion’s compliance with the Anti-Kickback Statute and HIPAA.”


Continue Reading

CMS has issued its 2019 Physician Fee Schedule Proposed Rule, containing highly anticipated new reimbursement policies for telehealth, remote monitoring, and other uses of digital tools, as well as updates to health IT requirements in the Quality Payment Program, with a stronger focus on patient access to health information. Comments are due September 10 at 5pm.

Continue Reading

On March 6, 2018 at the Healthcare Information and Management Systems Society (HIMSS) 2018 conference, Centers for Medicare & Medicaid Services (CMS) Administrator Seema Verma announced a new initiative furthering the current Administration’s focus on value-based care and increasing patient access to healthcare data. The initiative — called MyHealthEData — will be led by the White House Office of American Innovation, in collaboration with the Department of Health and Human Services (HHS), CMS, the Office of the National Coordinator for Health Information Technology (ONC), the National Institutes of Health (NIH), and the Department of Veterans Affairs (VA). (CMS press release here.)
Continue Reading

This morning, the Food and Drug Administration released highly anticipated guidance on clinical and patient decision support that has been in the works at the agency for several years, advising the digital health community about how it plans to regulate software that offers recommendations or feedback to its users—both healthcare professionals, and patients and caregivers. It also provides guidance on FDA’s interpretation of new software provisions in Section 3060 of the 21st Century Cures Act.

Given the explosion of these innovative digital health tools and their strong potential to transform healthcare, this guidance is a significant development for tech companies and investors focusing on this space. Comments will be accepted for 60 days.
Continue Reading

Congress is considering several adjustments to health IT policy which may have significant impact on the Centers for Medicare and Medicaid Services’ (“CMS”) electronic health records (“EHR”) incentives. On July 20th and 21st, Representatives met to discuss bipartisan legislation to improve the Meaningful Use program and introduced legislation that would authorize a CMS Innovation Center (“CMMI”) project to incentivize EHR adoption by behavioral health providers. The bills may be indicative of Congress’ attitude towards the Meaningful Use program, which has garnered criticism from providers for being burdensome.

On July 21, 2017, the House Committee on Energy and Commerce Subcommittee on Health held a hearing on H.R. 3120 and featured testimony from Cletis Earle, Chairman-Elect of the College of Healthcare Information Management Executives. The bill, sponsored by a group of bipartisan lawmakers, will allow CMS to modify the requirements of the Meaningful Use program in order to give the Secretary additional flexibility in implementing the program. Currently, providers and vendors must comply with the Stage 3 measures and objectives of the Meaningful Use program starting January 1, 2018 or be subject to Medicare reimbursement penalties. Earle argued that the implementation timeline for Stage 3 of the program is too rigorous for providers to meet and may lead to an increase in hardship exemption applications. Provider and vendor groups across the industry have suggested that the HHS Secretary Tom Price delay the Stage 3 obligations, noting that software implementation and cybersecurity issues have made the 2018 deadline unreasonable. Sponsors of H.R. 3120 note that the bill will reduce the burden on providers’ use of EHR systems, allowing providers to focus on care coordination and patient outcomes. In response, CMS noted that the proposed “Medicare Program; CY 2018 Updates to the Quality Payment Program,” which is open for comment through August 21, 2017, would give eligible providers an additional year to implement EHR technology that complies with the 2014 or 2015 edition of Certified Electronic Health Record Technology (“CEHRT”) and offers the opportunity to apply for hardship exemptions for the Advancing Care Information performance category of the Merit-based Incentive Payment System (“MIPS”). For more information, see our update on key proposals of the 2018 Proposed Rule here.
Continue Reading

On September 26, 2016, the Office of the National Coordinator for Health Information Technology (ONC) released guidance, entitled EHR Contracts Untangled, to help providers navigate the complexities of electronic health record (EHR) vendor contracting. The guidance breaks down important considerations for selecting EHR systems, and provides strategic pointers – including sample contract language

The HHS Office of Civil Rights published a new FAQ response (OCR FAQ) detailing the agency’s position that generally information blocking will violate the HIPAA Privacy and Security Rules if it affects a covered entity’s access to its own protected health information (PHI) or its ability to respond to requests for access to PHI from patients. This follows a series of similar policy documents from HHS over the past 18 months that focus on preventing business arrangements or practices that would be defined as information blocking, and thereby, frustrating the goal of interoperability. Specifically, according to the OCR FAQ:

  • An electronic health records (EHR) vendor or cloud provider’s actions to terminate a covered entity’s access to its own electronic PHI (ePHI) (e.g., in a payment dispute) would violate the HIPAA Privacy Rule because those actions would constitute an impermissible use of PHI.
  • An EHR vendor or cloud provider’s refusal to ensure the accessibility and usability of a covered entity’s ePHI upon demand by the covered entity or to return a covered entity’s ePHI upon termination of the agreement, in the form and format that is reasonable in light of the agreement, would violate the HIPAA Security Rule.
  • A business associate may not deny a covered entity access to the PHI the business associate maintains on behalf of the covered entity if necessary to provide individuals with access to their PHI under the HIPAA Privacy Rule.
  • A covered entity that agrees to terms within a business associate agreement (BAA) that would prevent the covered entity from ensuring the availability of its own PHI as required would not be in compliance with the HIPAA Privacy and Security Rules.

OCR has increasingly ramped up its enforcement of violations of the HIPAA Privacy and Security Rules related to noncompliant BAAs, so the new OCR FAQ signals that information blocking provisions could be the source of future enforcement actions.


Continue Reading

Earlier this month, the Office of the National Coordinator for Health Information Technology (ONC) released a report to Congress on the feasibility of creating tools to help providers compare and select certified health IT products. As part of the Medicare Access and CHIP Reauthorization Act (MACRA), Congress required ONC to conduct a study to examine the feasibility of establishing mechanisms to assist providers in comparing and selecting certified EHR technology products. Congress suggested that ONC consider mechanisms like establishing a website of aggregated survey results that would allow meaningful EHR users to directly compare the functionality of certified health IT products. Congress also suggested compiling information from vendors of certified health IT products, and making that information publicly available in a standardized format.

In response to its Congressional directive, and drawing upon recommendations from the Certified Technology Comparison (CTC) Task Force, public input, and its own market analysis, ONC’s report focused on two subgroups of the health care community – providers and comparison tool developers – and identified specific problem areas in the comparison tool marketplace. Ultimately, the report proposed four mechanisms to improve the health IT comparison marketplace:


Continue Reading

On March 30, the Centers for Medicare & Medicaid Services (CMS) published a proposed rule (CMS Proposed Rule) detailing the policies it will introduce during Stage 3 of the Medicare and Medicaid Electronic Health Record (EHR) Incentive Program. In tandem with CMS’s publication, the Office of the National Coordinator for Health Information Technology (ONC) also published a proposed rule (ONC Proposed Rule) providing a new edition of health information technology (HIT) certification criteria. The proposed rules are intended to work together in streamlining the establishment of an interoperable nationwide health information infrastructure.
Continue Reading