March 19, 2020
Maverick's Update
Only What Matters in Health Information Policy
With all attention on the COVID-19 crisis, Maverick Health Policy is going to focus on the intersection of health information policy and the coronavirus outbreak.
Delayed Compliance Dates? It seems possible that the interoperability final rules, and maybe several others, will have delayed compliance dates due to the diverted attention and funds necessary to address COVID-19.
Interoperability More Necessary Than Ever. There are a number of organizations arguing that the immediate exchange of accurate information is critical in a public health crisis. See here, here.
Big Tech Is In Health Care Deep (Still / Again). With their unique ability to “speak” to all Americans, big tech is driving our health care crisis messaging (see also here) and are helping to track the pandemic.
Extra Federal Funding. There are three congressional funding packages (either complete or in the works) to address public health and economic problems resulting from the coronavirus outbreak. The first funding bill signed into law by President Trump on March 6, 2020, will disburse $8.3 billion for state and local health departments, the purchase of vaccines and treatments, global containment efforts, but also $3.1 billion for the HHS Secretary’s discretion. One item is an extra $21M for the Office of the National Coordinator for Health Information Technology to support the emergency expansion of a “patient lookup system” to help medical response teams access critical patient information to enable care coordination, an expansion of PULSE, a health IT disaster response platform.
One Thoughtful Paragraph
In the middle of a crisis, regular order goes out the window. This may bring much-needed speed to modernize health care delivery and supply chain initiatives. A good example is the quick move to increase the widespread use of telehealth services and allowing doctors to practice wherever they are most needed and not according to arcane state restrictions. Of course, dramatic policy changes may also come with increased risk (which may be most obvious in the FDA arena). For instance, the Office of Civil Rights is relaxing HIPAA enforcement for the use of non-HIPAA compliant telehealth videoconference platforms. Of course, health care providers will exercise caution and are encouraged to warn people, but in this urgent situation, is the matter of who-has-my-data-and-what-are-they-doing-with-it really top of mind? And isn’t this an excellent time for bad actors to act? A cyberattack on HHS was responsible for the spread of misinformation about the government response to COVID-19 this week, which does not bode well for the security of data if federal workers are ordered to telecommute. For its part, the ONC is pushing back on the premise that data is at risk. Even with the final version of the interoperability rules requiring health plans to educate people about the potential dangers of third party apps, the industry has repeatedly noted that an inability to protect the privacy of sensitive health data beyond HIPAA-compliant organizations remains a serious consequence of opening the floodgates to the exponential increase of data access and exchange. Still, there are no lack of players willing to help: here, here and here.