April 23, 2020
Maverick’s Update
Only What Matters on Health Information Policy
Maverick Health Policy is realizing (again) just how much COVID-19 is changing almost everything, including the forward momentum on the interoperability of health data.
1. Wait a little longer. You do not have to be a health policy expert to know that it would nice to have better access to your own health records. On March 9, HHS finalized two rules that would require hospitals and health plans to release information so that people could see at least five years of their medical history, including how much they paid for services, on their smart phones. But hospitals and health plans (and the people and businesses that help them) are so under water with COVID-19 problems, that on Tuesday, April 21st, HHS eased the timing of compliance with the new rules. See articles here, here, here, here.
2. Good cop, bad cop. While the CMS and ONC are allowing more time to implement the interoperability rules, the HHS Office of Inspector General issued a 72-page new rule explaining how it intends to apply civil monetary penalties for anyone (i.e., health care providers, health IT developers, HINs/HIEs) found to be violating information blocking rules. “The proposed rule would incorporate statutory changes in three areas: (1) new authorities for CMPs, assessments and exclusions related to HHS grants, contracts and other agreements; (2) new CMP authorities for information blocking; and (3) increased maximum penalties for certain violations.” See the OIG announcement here. The OIG is asking for comments by June 24, 2020, including comments about whether $1 million max penalty for each violation of information blocking seems right, and when enforcement should start exactly -- October 1, 2020, or some other time.
3. So, when are compliance dates?
ONC issued a helpful new timeline to help health IT vendors and hospitals understand how the enforcement discretion will change the compliance deadlines. Bottom line, E.H.R. vendors have until February 1, 2021 (assuming a May 1st Federal Register publication date) to comply with the first set of new certification criteria. ONC’s announcement here.
CMS announced its changes for health plans here, explaining that the new open API requirements for patient access and provider directories won’t be enforced until July 1, 2021. The CMS rule also requires hospitals to send a notice of patient admissions, transfers, and discharges, but now hospitals have until May 1, 2021 to comply with that rule.
One Thoughtful Paragraph
Information blocking is when someone or some organization has a patient’s health information and refuses to share it when they should. (See the official definition here.) The whole point of dumping all of the HITECH money into electronic health record systems (all the way back in 2009) was to allow the immediate flow of health information to wherever it needed to go (see official purpose here) -- but that didn’t happen. Why? Organizations, who had a financial and cultural interest in not sharing, refused to share their electronic health information with anyone outside their system, which is described by Harvard Medical School professors here. So, will the threat of $1 million per information blocking violation work? Probably, but it is important to be cognizant of the “little guys” who are not as technically sophisticated. Entities like Sequoia are trying to help.