Building on momentum from Administrator Seema Verma’s announcement of the MyHealtheData initiative at HIMSS 2018, CMS has published more clues as to future action to liberate health information for patients.

In the CY 2019 call letter to Medicare Advantage organizations and Part D programs, CMS describes the Blue Button 2.0 project and its use of the interoperable application programming interface (API) standard Fast Healthcare Interoperability Resources (FHIR). CMS encourages Medicare Advantage plans to adopt “data release platforms” that either meet or exceed the capabilities of Blue Button 2.0, and makes it clear that the agency intends to pursue rulemaking requiring such adoption for 2020.

The FHIR standard is also discussed, although not required, in the 2015 Edition Health IT Certification Criteria for API access, regulations promulgated by the Office of the National Coordinator for Health IT (ONC) that set the rules for functionality and interoperability of electronic health record systems. It seems likely that ONC further promote FHIR for API-based patient access in their upcoming rulemaking updating the certification program, expected this summer.

This move from CMS arrives alongside increased Congressional interest in patient access to information about the cost of healthcare services. This includes a recent Senate price transparency initiative led by Senator Bill Cassidy. Almost 1000 pages of feedback have already been received by Senate staffers, describing why and how payers and providers can make healthcare price and cost information more accessible for individual patients.

Health plans that wish to get ahead of the future regulatory action can check out the developer resources for Blue Button 2.0 to see how CMS envisions API access working for payer data. Plans can also participate in an ongoing ONC Tech Lab project to learn more about on how these standard resources can be used for health plan-specific information and influence standards development.

On March 6, 2018 at the Healthcare Information and Management Systems Society (HIMSS) 2018 conference, Centers for Medicare & Medicaid Services (CMS) Administrator Seema Verma announced a new initiative furthering the current Administration’s focus on value-based care and increasing patient access to healthcare data. The initiative — called MyHealthEData — will be led by the White House Office of American Innovation, in collaboration with the Department of Health and Human Services (HHS), CMS, the Office of the National Coordinator for Health Information Technology (ONC), the National Institutes of Health (NIH), and the Department of Veterans Affairs (VA). (CMS press release here.) Continue Reading Liberating Data to Transform Value-Based Care: MyHealthEData, Blue Button 2.0, and Price Transparency

This morning, the Food and Drug Administration released highly anticipated guidance on clinical and patient decision support that has been in the works at the agency for several years, advising the digital health community about how it plans to regulate software that offers recommendations or feedback to its users—both healthcare professionals, and patients and caregivers. It also provides guidance on FDA’s interpretation of new software provisions in Section 3060 of the 21st Century Cures Act.

Given the explosion of these innovative digital health tools and their strong potential to transform healthcare, this guidance is a significant development for tech companies and investors focusing on this space. Comments will be accepted for 60 days. Continue Reading FDA Issues New Guidance for Clinical and Patient Decision Support Software

On September 26, 2016, the Office of the National Coordinator for Health Information Technology (ONC) released guidance, entitled EHR Contracts Untangled, to help providers navigate the complexities of electronic health record (EHR) vendor contracting. The guidance breaks down important considerations for selecting EHR systems, and provides strategic pointers – including sample contract language – to help facilitate the contracting process. While the guidance is largely an attempt to level the playing field for providers in the EHR arena, it also has broader applicability to contract negotiations for a variety of other digital health tools.

For the most critical “need-to-know” points from ONC’s new guidance, see our recent client alert.

The HHS Office of Civil Rights published a new FAQ response (OCR FAQ) detailing the agency’s position that generally information blocking will violate the HIPAA Privacy and Security Rules if it affects a covered entity’s access to its own protected health information (PHI) or its ability to respond to requests for access to PHI from patients. This follows a series of similar policy documents from HHS over the past 18 months that focus on preventing business arrangements or practices that would be defined as information blocking, and thereby, frustrating the goal of interoperability. Specifically, according to the OCR FAQ:

  • An electronic health records (EHR) vendor or cloud provider’s actions to terminate a covered entity’s access to its own electronic PHI (ePHI) (e.g., in a payment dispute) would violate the HIPAA Privacy Rule because those actions would constitute an impermissible use of PHI.
  • An EHR vendor or cloud provider’s refusal to ensure the accessibility and usability of a covered entity’s ePHI upon demand by the covered entity or to return a covered entity’s ePHI upon termination of the agreement, in the form and format that is reasonable in light of the agreement, would violate the HIPAA Security Rule.
  • A business associate may not deny a covered entity access to the PHI the business associate maintains on behalf of the covered entity if necessary to provide individuals with access to their PHI under the HIPAA Privacy Rule.
  • A covered entity that agrees to terms within a business associate agreement (BAA) that would prevent the covered entity from ensuring the availability of its own PHI as required would not be in compliance with the HIPAA Privacy and Security Rules.

OCR has increasingly ramped up its enforcement of violations of the HIPAA Privacy and Security Rules related to noncompliant BAAs, so the new OCR FAQ signals that information blocking provisions could be the source of future enforcement actions.

Continue Reading Blocking Access to Health Information May Violate HIPAA

On July 19th, the Office of the National Coordinator for Health Information Technology (“ONC”) released a report expressing concerns about major gaps in policies and oversight surrounding the access to, security, and privacy of health information held by certain mobile health (“mHealth”) technology companies and health social media.  While the report frames the issue well, it largely punts to the private sector to develop solutions.  For recommendations on how to address the oversight gaps identified by ONC, see our recent article in Bloomberg BNA’s Health Care Policy Report.

 

Earlier this month, the Office of the National Coordinator for Health Information Technology (ONC) released a report to Congress on the feasibility of creating tools to help providers compare and select certified health IT products. As part of the Medicare Access and CHIP Reauthorization Act (MACRA), Congress required ONC to conduct a study to examine the feasibility of establishing mechanisms to assist providers in comparing and selecting certified EHR technology products. Congress suggested that ONC consider mechanisms like establishing a website of aggregated survey results that would allow meaningful EHR users to directly compare the functionality of certified health IT products. Congress also suggested compiling information from vendors of certified health IT products, and making that information publicly available in a standardized format.

In response to its Congressional directive, and drawing upon recommendations from the Certified Technology Comparison (CTC) Task Force, public input, and its own market analysis, ONC’s report focused on two subgroups of the health care community – providers and comparison tool developers – and identified specific problem areas in the comparison tool marketplace. Ultimately, the report proposed four mechanisms to improve the health IT comparison marketplace:

Continue Reading The Rise of the One-Stop Shop? ONC Outlines Four Mechanisms to Help Providers Compare Certified Health IT Products

Congress set its sights on achieving the widespread exchange of health information through interoperable-certified electronic health records (“EHR”) by declaring it a national objective in the Medicare Access and CHIP Reauthorization Act of 2015 (“MACRA”). To accomplish this goal, MACRA directs the Department of Health and Human Services (“HHS”) to establish metrics in consultation with the health information technology (“health IT”) community. The Office of the National Coordinator for Health IT (“ONC”), the division of HHS responsible for advancing connectivity and interoperability of health IT, has issued a request for information (“RFI”) seeking input on how to measure “interoperability.” Interoperability refers to the ability of systems to exchange and use electronic health information from other systems.

The RFI presents an opportunity for stakeholders and the public to weigh in on how policy makers understand interoperability. Congress and HHS likely will make both policy and funding decisions based on the goals and measurements that are established in response to feedback received through the RFI. Specifically, ONC seeks advice regarding the following:

  1. What populations and elements of information flow should HHS measure?
  2. How can HHS use current data sources and associated metrics to address the MACRA requirements?
  3. What other data sources and metrics should HHS consider to measure interoperability more broadly?

The public comment period closes on June 3, 2016. Take a look at the RFI here for more specific questions.

The Office of the National Coordinator for Health Information Technology (“ONC”) began the month of March and the HIMSS Annual Conference with the announcement of an unexpected proposed rule, the Enhanced Oversight and Accountability Rule (the “Oversight Rule”). The Oversight Rule would expand ONC’s role in the ONC Health IT Certification Program (“Program”). Specifically, the Oversight Rule provides ONC with express powers to directly review health IT certified under the Program and employ review, suspension, and termination processes to address “non-conformities” found in certified health IT.  The ONC is seeking comment on key issues such as the scope of ONC’s proposed direct review authority, its processes for reviewing certified and uncertified health IT capabilities, and the agency’s potential overlap with the authority of other agencies.  All public comments will be due to ONC on or before May 1, 2016.

As stated in the ONC’s press release, the Oversight Rule focuses on three areas: Direct Review, Enhanced Oversight, and Greater Transparency and Accountability.

Continue Reading The ONC Proposes the Direct Review of Certified Health IT in Oversight Rule

The federal government has spent billions to promote adoption and “meaningful use” of health information technology (HIT). There is growing government interest in ensuring that HIT is used to support patient care, but doing so requires electronic exchange of information. Congress, the Department of Health and Human Services (HHS), and States have taken action to identify and prevent “information blocking”—interference with the exchange or use of electronic health information—by health care providers, hospitals, technology developers, and service providers. And there likely will be more guidance, statutory and regulatory changes, and enforcement by federal agencies and states in the coming year.

Congress Requests Information and Takes Action

On December 21, 2014, Congress raised concerns about health information blocking, claiming that such activities “frustrate Congressional intent” under the Health Information Technology for Economic and Clinical Health (HITECH) Act, “devalue taxpayer investments,” and make HIT “less valuable and more burdensome” to hospitals and health care providers. Congress urged the Office of the National Coordinator for Health Information Technology (ONC) at HHS to certify only HIT that does not block health information exchange. Congress also requested ONC publish a detailed report on the scope of health information blocking and a strategy to address it, within 90 days.

Continue Reading Health Information Blocking Leads to New Requirements and May Lead to Enforcement Actions