HHS’ Office of the Inspector General (OIG) recently added some teeth to the anti-information blocking regulations laid out in the 21st Century Cures Act. The office finalized penalties to enforce these rules, including fines of up to $1 million for health IT companies found blocking the electronic flow of health data.
Enforcement of these penalties is anticipated to begin later this summer, following the 60-day compliance period that started on June 27, the day the rule was published. Healthcare interoperability expert Troy Bannister said that these fines are a good starting point for ensuring greater interoperability, but he isn’t too sure the OIG will be able to effectively enforce its rule. Other entities might have more heft to promote the kind of data sharing the OIG wants to see, he said.
Health Executives on Digital Transformation in Healthcare
Hear executives from Quantum Health, Surescripts, EY, Clinical Architecture and Personify Health share their views on digital transformation in healthcare.
Bannister is the founder and chief strategy officer of Particle Health, a healthcare API platform.
The U.S. healthcare system’s journey to achieve better interoperability has been a long and winding one, Bannister pointed out. In fact, last year at the annual HLTH conference, he said that interoperability “literally means nothing, because no one can agree on what it means.”
Nonetheless, the industry’s interoperability efforts began in 1996 when President Bill Clinton signed HIPAA into law.
Bannister said that he asks every new Particle employee what they think the “P” in HIPAA stands for. Most people answer privacy, but it’s actually portability. HIPAA’s full title is the Health Insurance Portability and Accountability Act, he explained.
Reducing Clinical and Staff Burnout with AI Automation
As technology advances, AI-powered tools will increasingly reduce the administrative burdens on healthcare providers.
“The whole point of HIPAA when it was created was to create easy ways for data to be exchanged,” Bannister declared. “But then it got mangled and twisted, and it gave way to this privacy friction — it actually got really hard to share information in healthcare all of a sudden.”
Next came the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was passed in 2009 to promote the widespread use of electronic medical records (EMRs). When the law was enacted, the healthcare industry was hopeful that more electronic data would lead to easier information sharing.
“Obviously, that didn’t really turn out well. No one is sharing information today in the U.S. between EMRs. The reason for this is that it’s competitively advantageous to have data that is not shared with other EMRs — because if the data lives in one EMR, then you have to buy everything from that EMR vendor because the data can’t come in and out of it easily. It’s advantageous to have all the data locked up in one system from a money standpoint,” Bannister said.
The 21st Century Cures Act, which was passed in 2016, has many different elements — one of which is imposing monetary penalties to ensure EMR vendors stop data hoarding. These regulations were created to bolster health data sharing and discipline organizations that uphold barriers to easy information exchange.
The recently finalized penalties for information blocking apply to health IT developers, health information exchanges and health information networks. EMR vendors are the entities that are most at risk of being fined for information blocking, Bannister declared.
The OIG’s newly finalized penalties are designed to put pressure on EMR vendors so that patients can enjoy better access to their health information. However, Bannister expressed concern about the potential for these companies to exploit vague liability explanations within the rule and possibly finding loopholes to evade the intended impact.
He is also worried that EMR vendors simply might not care very much about the fines.
“If it’s a million-dollar-per-penalty maximum, that’s not very much money for some of these big companies. They’re going to just plan that into their budgets,” he explained.
Providers probably don’t have too much to worry about, given that the OIG’s finalized penalties don’t explicitly apply to them, Bannister declared. Since the rule’s language is a bit unclear, he isn’t completely certain whether or not providers will be liable to pay a fine if they use an EMR application found to be in violation of the 21st Century Cures Act. However, he said that it’s difficult to imagine that providers will end up paying fines in this situation.
“If you work in a hospital or practice or clinic, and all of a sudden you have this open pipe of data that can easily be accessed by other third parties, you’re worried about malpractice, HIPAA breaches and cybersecurity attacks. There’s just a lot of liability that you now have as a provider, and you get no benefit from it. You’re not getting paid for this or getting anything new in exchange. [The anti-information blocking regulations] is just really trying to solve the data access problem for the patient,” Bannister explained.
Overall, he said the recently finalized penalties are a “good start,” but the success of HHS’ interoperability efforts depends on the OIG’s ability to enforce these fines. Bannister recommended that the industry keep a close eye on funding for the OIG — if it’s underfunded, it will lack the resources it needs to enforce this rule at scale.
He also encouraged health data exchanges and health information networks to enact policies of their own that penalize organizations for limiting data access.
“If Carequality and CommonWell and eHealth Exchange, say ‘A person requested a record. You have to respond or you’re gonna get kicked out of the network.’ Now we have meaningful progress made, and it seems like we’re in the early phases of that happening,” Bannister declared.
Photo: Filograph, Getty Images