A Look Ahead to 2021
The new year has much in store for electronic health information exchange compliance! Today’s post provides an overview of anticipated changes to the health information regulatory landscape in 2021, including increased interoperability efforts and telehealth expansion due to the coronavirus pandemic. It is not surprising that many of the topics discussed below are a direct result of the interoperability requirements created by the 21st Century Cures Act (“Cures Act”) enacted in December 2016.
Our Stockings are Stuffed with Compliance Tools
Seasons Greetings to all of our readers! First, we want to wish you and yours a holiday season filled with health, happiness and hope! We also want to thank you all for continuing to make Legal HIE such a popular and highly visited blog! It puts a smile on our face seeing so many of you enjoying our posts and returning to our site often!
As stockings are being hung by chimneys with care, we want to make sure you know that Legal HIE’s stockings are absolutely stuffed to the brim with tremendous tools, sample forms, polices and turn-key solutions that can help your organization stay on top of the most pressing compliance challenges, and ever-changing healthcare regulatory landscape. 2021 promises to be a year with many new and final regulations going into effect, and being released. The Legal HIE compliance library was created specifically for this purpose – to help busy and overwhelmed compliance officers and attorneys keep up with these changes by offering turn-key samples and solutions as a solid starting point.
OCR Publishes New Guidance on Sharing PHI through HIEs for Public Health Purposes
Last Friday, the Office for Civil Rights (OCR) issued new Guidance on how HIPAA permits covered entities and their business associates to use health information exchanges (HIEs) to disclose PHI for the public health activities of a Public Health Authority (PHA). Specifically, it provides examples relevant to the COVID-19 public health emergency. OCR Director, Roger Severino, specifically notes that the Guidance was issued:
“to highlight how HIPAA supports the use of health information exchanges in sharing health data to improve the public’s health, particularly during the COVID-19 public health emergency.”.
Although much of the Guidance document simply reiterates the controlling HIPAA Privacy Rule provisions and definitions which have always afforded a mechanism through which covered entities (CE) and their contracted business associates (BA) can share ePHI with a public health authority for public health purposes, there are a few notable new take-away nuggets.
A “Double-Double” Set of Proposed Rules from CMS & OCR Affecting Data Sharing & HIPAA
Late last week, two new proposed rules were released which will affect the exchange of health information and HIPAA, among other things. The CMS and OCR proposed rules come in at over 347 and 357 pages respectively – so that’s a lot of meat to digest! At a high level, the CMS Proposed Rule aims to “improve the electronic exchange of health care data among payers, providers, and patients,” and “streamline processes related to prior authorization to reduce burden on providers and patients.” The OCR proposed changes to HIPAA take a bite out of patient access, minimum necessary, the HIPAA NPP and more . . .
ONC Releases Answers to Frequently Asked Questions to Information Blocking
On Monday, ONC posted a new Information Blocking Frequently Asked Questions resource! Here are a few of the highlights from all of the FAQs responded to by ONC:
Q: Are health plans or other payers subject to the information blocking regulation?
Q: For the period of time when Information Blocking is limited to USCDI data, how is an Actor expected to fulfill a request for USCDI data if they do not yet have certified health IT in place that includes an API with the USCDI standard?
Q: Is an Actor required to fulfill a request for access, exchange or use of EHI with all the EHI they have for a patient or should the amount of EHI be based on the details of the request?
Halloween Treat! HHS Delays Information Blocking Compliance Deadline to April 5, 2021!
Interim Final Rule with Comment Period Responds to COVID-19 Pandemic. Responding to public health threats posed by the coronavirus pandemic, today the U.S. Department of Health and Human Services’ (HHS) Office of the National Coordinator for Health IT (ONC) released an interim final rule with comment period that extends the compliance dates and timeframes necessary to meet certain requirements related to information blocking and Conditions and Maintenance of Certification (CoC/MoC) requirements.
Who is on the “Hook” for Information Blocking?
ONC’s final rule on Information Blocking implements the 21st Century Cures Act and fleshes out what is and is not a prohibited information blocking practice. However, not all health care organizations and their vendors are on the hook for complying with this new regulation. In my post today, I want to drill down on the scope of health care providers that must comply with the Information Blocking Rule.
Per ONC, Lab Results Generally Cannot be Delayed to “Prevent Harm” (unless threat to life & physical safety)
As the November 2nd deadline for compliance with ONC’s Information Blocking Rule nears, many health care providers – which are “Actors” subject to the Rule – are scrambling to reexamine their default settings for sharing various types of data, including lab results. In ONC’s Final Rule preamble, several commenters indicated that providers’ current organizational policies call for practices that delay the release of laboratory results so that the patient’s clinician has an opportunity to review the results before potentially needing to respond to patient questions, or has an opportunity to communicate the results to the patient in a way that builds the clinician-patient relationship.
Info Blocking Rules have you STRESSED?!! Join Helen O. for Two Not-to-Miss Workshops for Help!
Join me for a pair of 1.5hr Information Blocking Workshops designed to work thorough the nitty-gritty details of the Information Blocking Rule. The first Workshop will take place WEDNESDAY (9/30) so don’t delay! Workshops will include use cases and scenarios aimed at real challenges faced by health care providers looking to comply with these new regulatory standards for access and sharing of electronic health information. Registrants will receive 2 sample P&Ps, and much more!
Is Your Organization Ready for an OCR HIPAA Compliance Review re: Use of Online Tracking Technology?
On December 1, 2022, OCR released a “guidance” Bulletin re: “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.” From it, we learned (among other things) that OCR believes that an individual’s IP addresses and geo location, collected by a regulated entity’s website, is protected by HIPAA. Now, we have come to learn that HIPAA compliance investigations by OCR are already underway concerning this topic. Are you ready?
HAPPY NEW YEAR! A LOT will be happening in 2023!
The New Year is finally here, and I believe that there will be a LOT going on in 2023! Here are just a few of the things that Legal HIE is looking to stay on top of for our readers this year . . .
Are We Getting Closer to Alignment of 42 CFR Part 2 & HIPAA?
SAMHSA finally fulfilled its duty under the CARES Act & releases a Proposed Rule “Confidentiality of Substance Use Disorder (SUD) Patient Records” amending the Part 2 rules in line with the CARES Act’s requirements. This is the 4th overhaul of the Part 2 Rule in 5 years…
Information Blocking is No Longer Limited to USCDI
Today, the Information Blocking spigot has officially opened. The Content & Manner Exception no longer applies; now, all electronic health information (EHI) cannot “blocked” if requested (unless another exception applies).
Summary List Update of COVID19-related Federal Actions Relevant to Healthcare
As efforts at the federal and individual states level evolve every day at almost a breakneck pace to address challenges and needs related to the COVID-19 outbreak, here is a updated running list of some of the top actions taken at the federal level that we thought would be helpful to the healthcare industry (Caveat, this is not an exhaustive list):
CMS Releases Hospital COP Event Notification FAQs; Interpretive Guidance
On May 1, modifications to the Medicare Conditions of Participation (“CoPs”) went into effect, requiring certain electronic event notifications for admissions, discharges and transfers (“ADTs”) to and from hospitals, critical access hospitals and psychiatric hospitals. To provide guidance to hospitals and state surveyors, CMS released several FAQs as well as interpretive guidance last week to be published in the State Operations Manual.
Hospitals are required to make a “reasonable effort” to ensure that notifications are sent to post-acute care services providers and suppliers, and other practitioners and entities, which need such notifications for treatment, care coordination or quality improvement. Under the new CoP, ADT notifications must be sent for all emergency department and inpatient patients where the hospital, critical access hospital or psychiatric hospital maintains an electronic medical record or administrative system.
Subscribe & Survive the onslaught of new healthcare regulations requiring updates to affected compliance programs.
Get access to exclusive subscription-only access to resources, tools, industry analysis and other valuable solutions.