• More of our health information is becoming digital every day, as new technology companies enter the health care and wellness markets.
  • Many companies that hold a wealth of consumer health information are not covered by HIPAA.
  • Many consumers may not realize that their health information only is protected and they only have certain rights with respect to that information when it is held by certain entities, but not when it is held by others.
  • The private sector should work with regulators to develop a common sense, appropriate framework for use of health information by non-HIPAA covered entities.

As we await proposed HHS regulations on interoperability and patient access to data, and as more companies than ever before are collecting and using data to power advanced data analytics, artificial intelligence, and machine learning to improve health care quality and delivery, it is important to understand the scope and limitation of protections and the applicability of the HIPAA Privacy Rule.

Patients, providers and caregivers now have access to a wide array of devices and applications to manage and track patient health, improve treatment adherence, and better coordinate care. Large technology companies, athletic gear manufacturers, and others are entering a rapidly growing consumer health technology market. They are developing new technologies including tracking apps, wearables, and social networks that are increasingly integrated into patients’ daily lives. With an estimated 86.7 million U.S. consumers owning wearable devices by 2019, patients are generating billions of data points that provide insight into their health. Yet many of these companies are not subject to existing privacy protections under HIPAA, creating a significant gap in consumer protections.

At the same time, HHS is pushing for greater interoperability and patient access to data to address a challenge that remains widespread even after the investment of billions of federal dollars into the adoption of electronic health records. Agencies are encouraging and mandating easier availability of electronic health data, through current and anticipated CMS and ONC regulations and through a variety of government initiatives such as: 1) Blue Button and MyHealtheData; 2) incentivizing the adoption of open APIs; 3) developing new fee-for-service payment policies regarding remote monitoring and virtual care reimbursement; and 4) launching Sync for Science, a technical standard for facilitating patient-mediated data exchange for research. Consumers and companies alike seek guidance on the implications of collecting, storing, maintaining, and commercializing personal health data. Continue Reading Closing the Health Information Privacy Divide

CMS has issued its 2019 Physician Fee Schedule Proposed Rule, containing highly anticipated new reimbursement policies for telehealth, remote monitoring, and other uses of digital tools, as well as updates to health IT requirements in the Quality Payment Program, with a stronger focus on patient access to health information. Comments are due September 10 at 5pm.

Continue Reading New CMS Incentives for Remote Patient Monitoring and Patient Access

This blog post has been prepared in collaboration with Validic. Mr. Schiller is CEO of Validic. Jodi Daniel is a partner in Crowell & Moring’s Health Care Group in Washington, D.C.


Our healthcare system is in the midst of a fundamental shift toward value-based care to drive down costs and improve the quality of care. We won’t be able to achieve that goal without technology that allows providers to collect and use health data and puts patients front and center. Patient access to clinical and claims data is essential. When patients have access to their own information, they can better understand their condition and feel empowered to ask questions and shape their own care plan.

Congress and the federal government are pushing to liberate data from within the healthcare system and to promote patient access to health information. However, it is equally important to focus on the flow of data from the patient back into the healthcare system. The patient – who is gathering data at home, managing her condition, and making day-to-day decisions that impact her health – holds information that is critical to treatment decisions and outcome improvements. Continue Reading Transforming the Patient-Provider Relationship: A Comprehensive Approach to Patient Access and Patient-Generated Health Data

Building on momentum from Administrator Seema Verma’s announcement of the MyHealtheData initiative at HIMSS 2018, CMS has published more clues as to future action to liberate health information for patients.

In the CY 2019 call letter to Medicare Advantage organizations and Part D programs, CMS describes the Blue Button 2.0 project and its use of the interoperable application programming interface (API) standard Fast Healthcare Interoperability Resources (FHIR). CMS encourages Medicare Advantage plans to adopt “data release platforms” that either meet or exceed the capabilities of Blue Button 2.0, and makes it clear that the agency intends to pursue rulemaking requiring such adoption for 2020.

The FHIR standard is also discussed, although not required, in the 2015 Edition Health IT Certification Criteria for API access, regulations promulgated by the Office of the National Coordinator for Health IT (ONC) that set the rules for functionality and interoperability of electronic health record systems. It seems likely that ONC further promote FHIR for API-based patient access in their upcoming rulemaking updating the certification program, expected this summer.

This move from CMS arrives alongside increased Congressional interest in patient access to information about the cost of healthcare services. This includes a recent Senate price transparency initiative led by Senator Bill Cassidy. Almost 1000 pages of feedback have already been received by Senate staffers, describing why and how payers and providers can make healthcare price and cost information more accessible for individual patients.

Health plans that wish to get ahead of the future regulatory action can check out the developer resources for Blue Button 2.0 to see how CMS envisions API access working for payer data. Plans can also participate in an ongoing ONC Tech Lab project to learn more about on how these standard resources can be used for health plan-specific information and influence standards development.

CMS announced important changes to Medicare reimbursement for remote patient monitoring and telemedicine that can help accelerate adoption and use of these digital health tools. These changes are implemented through two rules released this week that will take effect January 1, 2018. Understanding these rules can help you incorporate these tools into clinical practice and can positively affect the business model for technology developers and innovators.

What are these new rules and do they affect me?

The 2018 Quality Payment Program Final Rule provides policy updates to the Quality Payment Program (QPP), which was established by the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) and will be entering its second year. MACRA offers two “tracks” for eligible clinicians to take as they move toward value-based care:

  • Participation in QPP and its scoring, or
  • Participation in an Advanced Alternative Payment Model (APM).

The majority of Medicare payments are still tied to fee-for-service, but HHS has set a goal of moving to 50 percent of Medicare payments for alternative payment models by 2018. For previous coverage of QPP proposals, visit our summary here.

The 2018 Physician Fee Schedule Final Rule addresses revised payment policies for the Medicare physician fee schedule. Any provisions in the PFS rule typically apply to fee-for-service type providers. Continue Reading New Reimbursement for Remote Patient Monitoring and Telemedicine