COVID-19 may have stalled a lot of governmental work over the past two years, but regulations surrounding information blocking, interoperability, and health data privacy/patient access have been steadily proposed, finalized, and implemented. A lot of these regulations have now at least partially gone into effect. The headlines are not as splashy as those related to the global pandemic, but the significance of these efforts to many health tech companies is enormous.
In this post, we provide a quick reference list of four of the major events for health tech companies to pay attention to in the coming year.
- By now, health tech businesses know whether they are—or intend to become—certified by the Office of the National Coordinator (ONC) through the Health IT Certification Program. Businesses falling under this umbrella should have recently completed their first attestation to the conditions of participation, and should now be looking ahead to a large-looming year–end deadline to make the new HL7® FHIR® API capability available as their standard for health care data exchange. Not to be overlooked in the interim is another significant change coming this fall—as of October 6, 2022, the definition of Electronic Health Information (EHI) is transitioning from the data elements represented in the USCDI to the entire HIPAA data set, a much larger suite of information.
- Companies supporting payers in the medical space were given a reprieve at the end of 2021 when CMS formally announced its decision to exercise discretion in enforcement and no longer take action against certain payer-to-payer data exchange provisions in the Interoperability and Patient Access final rule. Over the past few months, CMS has further memorialized this intent by indicating that they will be soon be releasing new rulemaking with regard to payer-to-payer data exchange, so stay tuned for more information on that as it becomes available.
- The Office of the Inspector General (OIG) is the HHS agency tasked with issuing enforcement guidelines and setting monetary penalty standards for entities which violate HHS regulations. As of the date of publication, we are still waiting on the Final Rule from OIG on penalties for information blocking. However, the Proposed Rule indicated fines up to $1 million dollars per instance of information blocking, which could be especially devastating for startup health tech companies. While no fines are being handed out just yet, OIG has signaled that it intends to focus on selecting cases for investigation that are consistent with enforcement priorities, such as conduct that: (i) resulted in, is causing, or had the potential to cause patient harm; (ii) significantly impacted a provider’s ability to care for patients; (iii) was of long duration; (iv) caused financial loss to federal health care programs, or other government or private entities; or (v) was performed with actual knowledge.
- Finally, in December 2020, the federal government proposed several updates to HIPAA to require better data sharing between health care providers and health tech companies that empowers patients, improves coordinated care, and reduces regulatory burdens. These proposals have yet to be finalized, but should serve to streamline exchange of health data by enforcing important data exchange among payers and providers. The updated HIPAA rule is also expected to take a step in the direction of encapsulating social determinants of health by treating community–based organizations providing auxiliary support to patients (transportation, food, housing services, etc.) in essentially the same way as medical care providers with respect to health data privacy and sharing.
Is your health tech company ready to achieve compliance with these upcoming rule changes? Do you need help getting there? Enforcement and heavy fines are just around the corner, but Elevation is here to help you navigate these rules and stay off OIG’s radar. We work with your business every step of the way, from attaining and maintaining compliance with currently enacted regulations to predicting and monitoring new regulations coming down the pike.