• More of our health information is becoming digital every day, as new technology companies enter the health care and wellness markets.
  • Many companies that hold a wealth of consumer health information are not covered by HIPAA.
  • Many consumers may not realize that their health information only is protected and they only have certain rights with respect to that information when it is held by certain entities, but not when it is held by others.
  • The private sector should work with regulators to develop a common sense, appropriate framework for use of health information by non-HIPAA covered entities.

As we await proposed HHS regulations on interoperability and patient access to data, and as more companies than ever before are collecting and using data to power advanced data analytics, artificial intelligence, and machine learning to improve health care quality and delivery, it is important to understand the scope and limitation of protections and the applicability of the HIPAA Privacy Rule.

Patients, providers and caregivers now have access to a wide array of devices and applications to manage and track patient health, improve treatment adherence, and better coordinate care. Large technology companies, athletic gear manufacturers, and others are entering a rapidly growing consumer health technology market. They are developing new technologies including tracking apps, wearables, and social networks that are increasingly integrated into patients’ daily lives. With an estimated 86.7 million U.S. consumers owning wearable devices by 2019, patients are generating billions of data points that provide insight into their health. Yet many of these companies are not subject to existing privacy protections under HIPAA, creating a significant gap in consumer protections.

At the same time, HHS is pushing for greater interoperability and patient access to data to address a challenge that remains widespread even after the investment of billions of federal dollars into the adoption of electronic health records. Agencies are encouraging and mandating easier availability of electronic health data, through current and anticipated CMS and ONC regulations and through a variety of government initiatives such as: 1) Blue Button and MyHealtheData; 2) incentivizing the adoption of open APIs; 3) developing new fee-for-service payment policies regarding remote monitoring and virtual care reimbursement; and 4) launching Sync for Science, a technical standard for facilitating patient-mediated data exchange for research. Consumers and companies alike seek guidance on the implications of collecting, storing, maintaining, and commercializing personal health data. Continue Reading Closing the Health Information Privacy Divide

On March 6, 2018 at the Healthcare Information and Management Systems Society (HIMSS) 2018 conference, Centers for Medicare & Medicaid Services (CMS) Administrator Seema Verma announced a new initiative furthering the current Administration’s focus on value-based care and increasing patient access to healthcare data. The initiative — called MyHealthEData — will be led by the White House Office of American Innovation, in collaboration with the Department of Health and Human Services (HHS), CMS, the Office of the National Coordinator for Health Information Technology (ONC), the National Institutes of Health (NIH), and the Department of Veterans Affairs (VA). (CMS press release here.) Continue Reading Liberating Data to Transform Value-Based Care: MyHealthEData, Blue Button 2.0, and Price Transparency

The FDA is focusing on safety and effectiveness of interconnected medical devices with the issuance of final guidance on medical device interoperability, released last week. As the FDA notes, medical devices are becoming increasingly connected to one another and to other technologies, and it is critical to address their ability to exchange and use information safely and effectively.

For device manufacturers, this guidance provides clarity on how the FDA is thinking about interoperability and patient safety in the premarket submission process and provides considerations for manufacturers in the development and design of interoperability medical devices. It demonstrates the FDA’s focus on the safety and effectiveness of devices as implemented in an interconnected environment and the expectations of FDA on manufactures to anticipate and design for anticipated uses and reasonably foreseeable misuses. Manufactures should consider this guidance in the design, development, and on-going monitoring of connected medical devices.

This guidance may be helpful for other audiences as well:

  • Care providers that frequently interact with medical devices in the course of patient care
  • Hospital IT teams who make device purchasing decisions
  • Vendors of health technologies that frequently exchange data with medical devices

Continue Reading Interoperability by Design: FDA Issues New Final Guidance for Connected Medical Devices

Crowell & Moring and Accenture co-hosted a conference, “Fostering Innovative Digital Health Strategies,” in late-June. The program aimed to provide a broad analysis of the business and legal issues that must be addressed as health care organizations and technology companies consider innovative strategies to use digital health technologies.

The first session of the conference, “Trends in the Health Care Economy’s Internet of Things,” featured the following distinguished panelists: Zane Burke (president, Cerner); Jodi Daniel (partner, Crowell & Moring); Cheryl Falvey (partner, Crowell & Moring); Melissa Goldstein (assistant director, Bioethics and Privacy Office of Science and Technology Policy, Executive Office of the President); and Kaveh Safavi (senior managing director, Global Health Industry Lead, Accenture).

A series of five videos from the session can be watched below:

Here are key health care Internet of Things (IoT) trends discussed in Session 1:

Continue Reading 6 Trends in the Health Care Economy’s Internet of Things

The National Telecommunications and Information Administration (NTIA) is looking for input on federal policy related to the Internet of Things (IoT).  On April 5, NTIA published a request for comment on federal efforts to promote IoT efforts and foster innovation.  The Department of Commerce will use the comments to develop a “green paper” identifying key issues affecting deployment of IoT technologies, potential challenges and opportunities, and possible roles for the federal government.  A “green paper” is typically used as a first step before policy changes are advanced.

Given the breadth of industries affected by IoT, including health care, transportation, and energy, and the vast number of issues that industry and government are grappling with, it is important to ensure that NTIA hears from a variety of sectors and experts on the impacts of IoT and where government can be helpful or interfere with innovation.  The NTIA poses 28 questions for comment including questions about technology, policy, infrastructure, economic impact, and international engagement.  The deadline for filing comments is May 23, 2016.  Crowell & Moring is available to assist in preparing comments.

Congress set its sights on achieving the widespread exchange of health information through interoperable-certified electronic health records (“EHR”) by declaring it a national objective in the Medicare Access and CHIP Reauthorization Act of 2015 (“MACRA”). To accomplish this goal, MACRA directs the Department of Health and Human Services (“HHS”) to establish metrics in consultation with the health information technology (“health IT”) community. The Office of the National Coordinator for Health IT (“ONC”), the division of HHS responsible for advancing connectivity and interoperability of health IT, has issued a request for information (“RFI”) seeking input on how to measure “interoperability.” Interoperability refers to the ability of systems to exchange and use electronic health information from other systems.

The RFI presents an opportunity for stakeholders and the public to weigh in on how policy makers understand interoperability. Congress and HHS likely will make both policy and funding decisions based on the goals and measurements that are established in response to feedback received through the RFI. Specifically, ONC seeks advice regarding the following:

  1. What populations and elements of information flow should HHS measure?
  2. How can HHS use current data sources and associated metrics to address the MACRA requirements?
  3. What other data sources and metrics should HHS consider to measure interoperability more broadly?

The public comment period closes on June 3, 2016. Take a look at the RFI here for more specific questions.

The federal government has spent billions to promote adoption and “meaningful use” of health information technology (HIT). There is growing government interest in ensuring that HIT is used to support patient care, but doing so requires electronic exchange of information. Congress, the Department of Health and Human Services (HHS), and States have taken action to identify and prevent “information blocking”—interference with the exchange or use of electronic health information—by health care providers, hospitals, technology developers, and service providers. And there likely will be more guidance, statutory and regulatory changes, and enforcement by federal agencies and states in the coming year.

Congress Requests Information and Takes Action

On December 21, 2014, Congress raised concerns about health information blocking, claiming that such activities “frustrate Congressional intent” under the Health Information Technology for Economic and Clinical Health (HITECH) Act, “devalue taxpayer investments,” and make HIT “less valuable and more burdensome” to hospitals and health care providers. Congress urged the Office of the National Coordinator for Health Information Technology (ONC) at HHS to certify only HIT that does not block health information exchange. Congress also requested ONC publish a detailed report on the scope of health information blocking and a strategy to address it, within 90 days.

Continue Reading Health Information Blocking Leads to New Requirements and May Lead to Enforcement Actions

On April 10, ONC released its Report to Congress on Health Information Blocking (the “Report”).  Here is a brief summary of the report, the full text of which is available here.

ONC has stated that its views health information blocking as frustrating the goals of HITECH and the Meaningful Use initiative.  ONC defines information blocking as conduct which:

  1. Interferes with the ability of authorized persons or entities to exchange electronic health information; and
  2. is done knowingly with the intent to block information exchange; and
  3. is not justified by reasonable business, technological, or public policy reasons.

ONC recognizes that there may legitimate reasons why EHR systems are not interoperable.  The Report focuses on the non-legitimate reasons, and highlights the following behavior:

  1. Contract terms which restrict individuals’ access to their EHR;
  2. Charging prices or fees for data exchange, portability, and interfaces which make exchanging EHR cost prohibitive;
  3. Developing health IT in “non-standard” ways which may increase the costs of sharing health information (particularly when interoperability standards have been adopted);
  4. Developing health IT in ways which may “lock in” users or their data, leading to fraud, waste or abuse, or otherwise impede innovation in health information exchange.

The Report is careful to explain that ONC would weigh such practices against legitimate considerations whether they are technological, regulatory, or economic in nature.

Continue Reading ONC Releases Report to Congress on Health Information Blocking

On March 30, the Centers for Medicare & Medicaid Services (CMS) published a proposed rule (CMS Proposed Rule) detailing the policies it will introduce during Stage 3 of the Medicare and Medicaid Electronic Health Record (EHR) Incentive Program. In tandem with CMS’s publication, the Office of the National Coordinator for Health Information Technology (ONC) also published a proposed rule (ONC Proposed Rule) providing a new edition of health information technology (HIT) certification criteria. The proposed rules are intended to work together in streamlining the establishment of an interoperable nationwide health information infrastructure.

Continue Reading CMS and ONC Announce New Proposed Rules for Stage 3 of the Medicare and Medicaid EHR Incentive Program and HIT Certification Criteria