Let’s shift gears to the policy issue of the week: New regs around the use of health information technology and data sharing. As you may know, Congress passed the 21st Century Cures Act in 2016, which, among other things, required electronic health records (EHRs) to be “interoperable”—or in other words, talk to each other. Congress heard the many complaints about EHR products that were not designed to exchange information or hospitals refusing to share data about their patients with other providers. The lack of interoperability and the presence of data blocking makes it extremely challenging for emergency physicians to provide comprehensive care to patients and make potentially life or death decisions. That is why we strongly advocated for the passage of the 21st Century Cures Act and were happy to see the bill signed into law.
In February, the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator (ONC) for Health Information Technology, the agencies responsible for implementing parts of the 21st Century Cures Act and promoting interoperability, released a set of proposed regs, that, if finalized, would dramatically alter how personal health information is exchanged and used, and would have a significant effect on all major health care stakeholders, including EHR vendors, health care plans, hospitals, and physicians. CMS and ONC state that the main purpose of these regs is to make health care data available to consumers.
Under the regs, consumers would be able to use a mobile application on their cell phone (such as Facebook or Google) to retrieve that data. Some of these mobile apps are not considered covered entities under HIPAA, meaning they don’t need to follow important privacy and security laws and regs that most health care entities do. As emergency physicians, we have serious concerns with this. We strongly believe physicians have an ethical and legal duty to guard the confidential nature of patients’ personal information—and if that information is misused, it could have serious consequences for the patients we serve. In our formal response which we submitted last week, we call on CMS and ONC to establish a requirement for third-party mobile apps to fill out a basic questionnaire about how it plans to use the data. Consumers should have access to the answers on this questionnaire before using the app.
CMS is also proposing to require health insurance plans to make information available within one business day after they receive it. We are concerned that health plans will impose short, unrealistic turn-around times for providers to retrieve that information. This could potentially increase administrative costs for emergency physicians, who would be required to update their systems to comply with the demands by the health plans. Furthermore, if providers cannot comply with insurers’ new contractual requirements, they could be forced out of network, making it difficult for patients to access the care they need. We have strongly urged CMS to prohibit insurers from using this new requirement as an excuse to place additional contractual demands on physician groups.
Until next week, this is Jeffrey saying, enjoy reading regs with your eggs!