Statutes Governing Health Data

The following statutes govern federal activity related to health information technology and data. Descriptions of each statute are general snapshots and are not intended to be fully inclusive explanations of each statute’s relevant provisions.

1996

HIPAA – Health Insurance Portability and Accountability Act. Requires
the HHS Secretary to publish standards related to the privacy and
security of medical information used and disclosed by health plans,
providers and clearinghouses.

2009

HITECH - Health Information Technology Economic and Clinical Health. Authorized CMS to spend $38 billion on EHR Incentive Programs to promote the adoption and meaningful use of HIT, statutorily authorized the ONC, established the Health IT Certification Program.

 

  • 2010: Meaningful Use Stage 1

  • 2012: Meaningful Use Stage 2

  • 2018: Inpatient Prospective Payment System (IPPS) and Long-Term Care Hospital (LTCH) Prospective Payment System includes policies that rebrand the meaningful use programs as the promoting interoperability (PI) program

2012

FDASIA- Food and Drug Administration Safety and Innovation Act. Directs the FDA, with the FCC and ONC, to draft a report that proposes a regulatory framework for health IT, including medical mobile applications.

2015

MACRA - The Medicare Access and CHIP Reauthorization Act of 2015.
Requires HHS to outline a national objective of widespread exchange of health information through interoperable certified EHR technology by December 2018 (if not, HHS must submit a report highlighting barriers to this goal and outlining federal plans to achieve the objective by December 2019).

2016

21st Century Cures Act . The Cures Act defines interoperability, setting an expectation that all patient information stored electronically can be exchanged, and mandates specific federal agencies (FDA, AHRQ and ONC) to act to implement this goal. The Act states, “In order for health information technology to be considered interoperable, such technology must satisfy the following criteria: secure transfer, complete access to health information, no information blocking.”

 

It also:

  • Creates a stakeholder reporting system to review EHR usability, interoperability and security

  • Combines ONC's Health IT Policy and Standards Advisory Committees into one “HITAC

  • Gives HHS OIG authority to investigate and penalize information blocking

  • Requires HHS to educate providers about data sharing

Want to know more?

 

Contact Julie Barnes at julie.barnes@maverickhealthpolicy.com​

Text or call 703-304-1756

It has been more than 2 years since the 21st Century Cures Act was passed.

Julie Barnes, J.D. 

Phone: (703) 304-1756 

Email: julie.barnes@maverickhealthpolicy.com

P.O. Box 7117 2200 N. George Mason Drive, Arlington, VA 22207

Internship Opportunities

In-White-66px-TM.png