Health Information Compliance Alert

Published on Mon Jul 13, 2020 PDF

Check out the health IT requirements sooner rather than later.

Even before the pandemic put a spotlight on the importance of technology in healthcare, the feds were shifting their policies to promote patient-focused data sharing. A recent rule updates federal patient access standards for providers that tie in value and cost-saving ideologies.

Reminder: Last month, we looked at the data blocking specifics of the HHS Office of the National Coordinator for Health Information Technology (ONC) “21st Century Cures Act final rule” published in the Federal Register on May 1 (see Health Information Compliance Alert, Vol. 21, No. 6).

Now: Released in tandem with the ONC final rule, the Centers for Medicare & Medicaid Services (CMS) followed up its past data sharing proposals with the “CMS Interoperability and Patient Access final rule,” which runs the policy gamut and covers a wide range of IT and patient-focused requirements.

“Unfortunately, data silos continue to fragment care, burden patients, and providers, and drive up costs through repeat tests,” acknowledged CMS Administrator Seema Verma in a release. “These rules begin a new chapter by requiring insurance plans to share health data with their patients in a format suitable for their phones or other device of their choice.”

Verma added, “We are holding payers to a higher standard while protecting patient privacy through secure access to their health information. Patients can expect improved quality and better outcomes at a lower cost.”

Value and Quality Are at the Heart of New Rule

With the advent of MACRA, CMS has released a plethora of patient-centered programs to improve the quality and cost of healthcare. Additionally, the agency’s MyHealthEData initiative put more pressure on providers to improve their IT practices and promote patients’ ownership of their health information.

“As CMS drives toward a value-based system of care, the rule seeks to make patients more informed regarding their healthcare decision-making and to improve care coordination,” note attorneys Whitney Snow, Nesrin Garan Tift, and Elizabeth S. Warren with Bass, Berry & Sims PLC in online analysis.

The final rule also includes a laundry list of data exchange mandates and public reporting actions with the onus on providers, payers, and their associates to implement the requirements along a staggered timeline.

Plus, CMS aims to loop in auxiliary agencies like the HHS Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) to ensure patients’ privacy rights are in check, the final rule fact sheet suggests. For example, while delivering on promises to have patients’ health data at the ready, payers can also “ask third-party application developers to attest to certain privacy provisions, such as whether their privacy policy specifies secondary data uses, and inform patients about those attestations,” CMS says.

With the push to readily exchange patient data through the various avenues between providers, payers, and third parties, it’s still fuzzy how the agency will address HIPAA, state, or other regulatory requirements in its data sharing renaissance.

Timeline: “The Interoperability rule was originally scheduled to take effect on June 30, 2020, with varying compliance dates based on the applicable requirements,” Snow, Tift, and Warren point out. “However, in light of the COVID-19 public health emergency, CMS has announced it will delay enforcement or exercise enforcement discretion for an additional six months.”

Resources: See the CMS final rule at https://www.govinfo.gov/content/pkg/FR-2020-05-01/pdf/2020-05050.pdf and find the ONC final rule at www.healthit.gov/curesrule/.