HHS is seeking comments through the end of this month on a 74-page draft report, “Strategy on Reducing Regulatory and Administrative Burden Relating to the Use of Health IT and [Electronic Health Records] EHRs,” produced as required under the 21st Century Cures Act.
As the report explains, the Cures Act amended the 2009 HITECH Act to add a section titled “Assisting Doctors and Hospitals in Improving Quality of Care for Patients.” Under this, HHS is required to “articulate a plan of action to reduce regulatory and administrative burden relating to the use of health IT and EHRs. Specifically, the Cures Act directs HHS to: (1) establish a goal for burden reduction relating to the use of EHRs; (2) develop a strategy for meeting that goal; and (3) develop recommendations to meet the goal.”
HHS Did Its Homework
The report was written by the Centers for Medicare & Medicaid Services and the Office of the National Coordinator for Health Information Technology. The agencies “reviewed stakeholder input from a wide range of stakeholders (e.g., payers, health care professional societies, health care clinicians, hospital representatives, health IT developers, and health informatics associations).”
Additionally, “HHS received input through a variety of channels, including: in-person meetings with stakeholder representatives; formal written input provided as part of the rulemaking process and in response to specific requests for information; dedicated channels used to receive stakeholder feedback and complaints; literature reviews; virtual and in-person listening sessions; and others.”
The act also “requires HHS to prioritize several areas directly related to health IT, including: the certification of health IT; the implementation of standards within health IT products; how health IT is used to provide individuals with access to their electronic health information; and activities related to the privacy and security of electronic health information.”
The report presents a series of findings about reducing IT burdens and provides recommendations to HHS, some of which touch on HIPAA and related privacy and security issues. For example, the report says the federal government needs to foster adoption of common standards for retrieval of information from controlled substance databases. These databases are operated on the state level under a patchwork of regulations that may conflict with HIPAA.
Others address HIPAA more directly, but these may not go as far as some stakeholders have wanted. It is well-documented that regulations implementing 42 C.F.R. Part 2 , which govern substance use disorder treatment records, create roadblocks to streamline care and sharing information between providers because of complicated consent requirements that do not exist under HIPAA. Many have called for HHS to harmonize the requirements. But the report stops short of endorsing this approach.
Instead, it simply calls for HHS to “provide guidance about HIPAA privacy requirements and federal confidentiality requirements governing substance use disorder health information in order to better facilitate electronic exchange of health information for patient care. Such guidance can facilitate HHS’s goal of promoting electronic exchange of health information for better care coordination.”
Similarly, HHS should “continue to monitor, test, and support the development of technical standards for applying security labels and meta-data (commonly referred to as ‘data segmentation’) to health information in a consistent manner to reflect privacy requirements, and enable health care providers to comply with existing requirements,” the report recommends.
Coordination is also required between “federal agencies to educate health care providers and health IT vendors about 42 C.F.R. Part 2 requirements and provide more clarity on when health care providers and their health IT vendors need to comply with 42 C.F.R. Part 2 patient consent and health information re-disclosure requirements,” the report states.
Providers will also need “technical assistance” to help them “adopt and use existing health IT solutions for protecting patient privacy and managing patient consent.”
The report suggests that HHS “consider ways to engage with stakeholders,” discuss “developing and disseminating best practices for optimizing electronic workflows around prior authorization,” and “health IT-enabled processes that leverage existing data within the record to reduce the total volume of prior authorization requests that clinicians must submit.”
A final report is expected by the end of this year. The comment period ends Jan. 28. To see the report and to comment, visit http://bit.ly/2QkWm1K. ✧