Update on Federal HIT Legislation Kirsten Beronio Mental Health America
Hopes for HIT Improved care coordination Ability to assess interventions in real-world settings Increased dissemination of best practices Increased consumer engagement and empowerment
Primary Concerns Existing and increased risks to privacy with increased use of HIT Inadequate consumer access to own medical records Lack of enforcement of rights and responsibilities
Protecting Privacy –New entities (PHR vendors, HIEs, RHIOs) not covered by federal privacy and security rules –Requiring consent not adequate and maybe harmful –Marketing loopholes –Risks of inappropriate disclosure due to health care operations being very broadly defined
Consumer Access Right to access not well implemented Systems should enable consumer interface Concerns about proposals to segregate sensitive information
Inadequate Enforcement Many complaints and numerous violations HHS opted to encourage voluntary compliance Not a single civil penalty imposed
HITECH Act Establishes infrastructure to set federal standards for nationwide, interoperable HIT system Provides incentives for implementation by providers Sets up new privacy protections, consumer access provisions, enhanced enforcement mechanisms
Establishing Federal Standards HITECH Act: Codifies Office of Nat Coordinator for HIT Establishes HIT Policy Committee –To set priorities for areas where standards are needed –To consider technologies to protect privacy among other issues Establishes HIT Standards Committee –To develop standards, implementation specifications, certification criteria Federal agencies required to comply with standards, but voluntary for private sector
Incentives for Implementation HHS to allocate $2 billion for following uses: –Establish an HIT extension program to help providers with implementation –Create HIT research center to provide technical assistance and develop best practices and support regional centers to provide tech assist –Provide grants to states (or qualified state-designated entities) to promote HIT, including in medically underserved communities –Competitive grants to states and Indian tribes for loan programs for providers to purchase HIT, train personnel –Demos to integrate HIT into clinical education
Incentives for Implementation Medicare incentive payments for physicians and hospitals for adoption and “meaningful use” of certified HIT Medicaid incentive payments for certain providers: –Physicians, dentists, nurse midwives, nurse practitioners, hospitals, rural health clinics, FQHCs
Privacy Protections Applies HIPAA privacy and security requirements to personal health record vendors and health info exchange org.s Requires notification of breach w/in 60 days Calls for privacy officer in each regional office and nat pub ed campaign on privacy rights Directs narrowing health care operations defn Prohibits sale of personal health info and further limits use for marketing
Privacy Protections Clarifies right to restrict disclosures of personal health info for payment or health care operations if pay out-of- pocket Preservation of the therapist-patient privilege
Consumer Access Establishes a right to an accounting of disclosures over previous 3 yrs Establishes a right to an electronic copy if maintained as electronic record
Enhanced Enforcement Increased penalties for HIPAA violations HHS required to investigate complaints (no longer discretionary) Fines collected go to Office of Civil Rights GAO to develop methodology for allocating percentage to consumers harmed State AGs authorized to prosecute HIPAA privacy and security violations
Psychotherapy Note Definition Secretary directed to study whether to expand defn to include testing data Psychotherapy notes have special status: consumer authorization required for disclosure except for treatment Consumers do not have access