Tip: Prepare now for health IT requirements or risk censure. There’s no denying that data sharing between providers helps improve delivery of care and coordination between organizations and specialists. In the past, definitions of what constituted information blocking were complicated and created confusion in the industry, but a recent rule offers practitioners new standards and clear-cut parameters. Then: Last year, the Centers for Medicare & Medicaid Services (CMS) and the HHS Office of the National Coordinator for Health Information Technology (ONC) published twin interoperability proposals to address data exchange issues in healthcare and act on provisions outlined in the 21st Century Cures Act (see Medicare Compliance & Reimbursement, Vol. 45, No.5). Now: CMS and ONC have followed up their proposals with the “CMS Interoperability and Patient Access final rule” and the “ONC 21st Century Cures Act final rule,” which run the policy gamut and cover a wide range of IT and patient-focused requirements. The long-awaited rules were published in the Federal Register on May 1. “Unfortunately, data silos continue to fragment care, burden patients, and providers, and drive up costs through repeat tests,” acknowledged CMS Administrator Seema Verma in a release. “These rules begin a new chapter by requiring insurance plans to share health data with their patients in a format suitable for their phones or other device of their choice.” Verma added, “We are holding payers to a higher standard while protecting patient privacy through secure access to their health information. Patients can expect improved quality and better outcomes at a lower cost.” Updates Focus on Patient Access and Data Sharing Over the past couple of years, the feds have focused on a central theme in their health IT policy making: Patients, not clinicians or organizations, should have control of patients’ health information. In both the ONC and CMS final rules, the agencies offer guidance on data sharing, IT tools, and regulatory standards, including new patient access applications, enforcement, vendor guidelines, and payer rules on health information exchanges (HIEs).
“The new rules also prohibit certain ‘information blocking’ by providers, health information exchanges and networks, and IT developers,” explains New York-based attorney Ada Kozicz with Rivkin Radler LLP in online analysis. “Practices that restrict access, exchange or use of electronic health information are considered anti-competitive and will not be permitted,” Kozicz stresses. New Policies Promote Value and Quality Initiatives With the advent of MACRA, CMS has endeavored to improve the quality and cost of care for Medicare beneficiaries. Additionally, the agency’s MyHealthEData initiative put more pressure on providers to improve their IT practices and promote patients’ ownership of their health information. “As CMS drives toward a value-based system of care, the rule seeks to make patients more informed regarding their healthcare decision-making and to improve care coordination,” note attorneys Whitney Snow, Nesrin Garan Tift, and Elizabeth S. Warren with Bass, Berry & Sims PLC in online analysis. The final rule also includes a laundry list of data exchange mandates and public reporting actions with the onus on providers, payers, and their associates to implement the requirements along a staggered timeline (see story, p.3). Plus, CMS aims to loop in auxiliary agencies like the HHS Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) to ensure patients’ privacy rights are in check, the final rule fact sheet suggests. For example, while delivering on promises to have patients’ health data at the ready, payers can also “ask third-party application developers to attest to certain privacy provisions, such as whether their privacy policy specifies secondary data uses, and inform patients about those attestations,” CMS says.
With the push to readily exchange patient data through the various avenues between providers, payers, and third parties, it’s still fuzzy how the agency will address HIPAA, state, or other regulatory requirements in its data sharing renaissance. Timeline: “The Interoperability rule was originally scheduled to take effect on June 30, 2020, with varying compliance dates based on the applicable requirements,” Snow, Tift, and Warren point out. “However, in light of the COVID-19 public health emergency, CMS has announced it will delay enforcement or exercise enforcement discretion for an additional six months.” Stay tuned for more analysis on the CMS and ONC rules in future issues of Medicare Compliance & Reimbursement. Resources: See the CMS final rule at https://www.govinfo.gov/content/pkg/FR-2020-05-01/pdf/2020-05050.pdf and find the ONC final rule at www.healthit.gov/curesrule/.