TRENDING:

Electronic Healthcare Records , Healthcare Information Exchange (HIE) , HIPAA/HITECH

Bill Proposes EHR Interoperability Plan

Measure Would Terminate Federal Advisory Panels Marianne Kolbasuk McGee (HealthInfoSec) • March 12, 2015    
Bill Proposes EHR Interoperability Plan
Rep. Michael Burgess, M.D.

Some Republicans in Congress have said that the billions of federal HITECH dollars spent to implement electronic health records have not yet resulted in systems interoperability that paves the way for secure national data interchange, which can improve treatment based on timely access to information. Now, Rep. Michael Burgess, M.D., R-Texas, is drafting legislation that calls for devising new methods for measuring whether EHR vendors are compliant with interoperability standards.

See Also: OnDemand | Making the Connection Between Cybersecurity and Patient Care

Based on the perceived lack of progress on interoperability, Burgess' proposal also calls for dismantling the federal advisory committees currently in charge of developing recommendations for health IT standards and policies, including privacy and security measures, and replacing them with a new bipartisan panel that would be appointed by Congress.

Burgess' draft bill, Ensuring Interoperability of Qualified Electronic Health Records, was unveiled days after other GOP lawmakers questioned in a blog whether American taxpayers are getting a return on the $35 billion investment that the HITECH Act has made in promoting the adoption of EHRs (see GOP Senators Raise HIE Security Concerns).

"There is widespread consensus among healthcare leaders that the interoperability of health records is the leading health IT problem in America for doctors and patients alike," Burgess tells Information Security Media Group. "Billions of taxpayer dollars have been spent to incentivize the integration of EHR systems, yet the federal government has failed to ensure that providers and patients can efficiently operate within them.

"The ultimate goal is to provide private sector-centered mechanisms that will accelerate innovation and make meaningful improvements to the overall quality of care. I am optimistic that this blueprint will spur progress to bring our healthcare industry into the 21st Century in a way that will preserve doctor-patient privacy standards and the security of data."

Measuring Progress

The draft calls for establishing a Congressionally appointed committee, to be known as the "Charter Organization," that would recommend methods for measuring whether EHR systems that qualify for the HITECH Act incentive program satisfy key interoperability criteria. The bill says that in order to be qualified as interoperable, an EHR must:

  • Provide authorized users with "open access" to the entirety of a patient's data from any qualified electronic health records without restriction;
  • Give authorized users access to the entirety of a patient's data in one location, without the need for multiple interfaces;
  • Permit users to interface with other qualified EHRs.

Charter Organization

The draft proposes that the Charter Organization that will make recommendations to the Department of Health and Human Services about EHR interoperability criteria be composed of at least 12 individuals appointed by Congress.

Those members would be representatives from healthcare providers, qualified EHR developers, health insurance issuers and group health plans, "and other appropriate stakeholders," according to the draft bill.

Additionally, the Charter Organization would also include "one representative from each of the standards development organizations accredited by the American National Standards Institute, appointed by the Committee on Energy and Commerce of the House of Representatives and the Committee on Health, Education, Labor, and Pensions of the Senate."

The bill also calls for the "sunset" of the health IT policy and standards committees that currently advise HHS' Office of the National Coordinator for Health IT, or ONC. The HIT Policy Committee would "terminate" upon enactment of the legislation, and the HIT Standards Committee would terminate 6 months after enactment.

The draft legislation also calls on HHS to issue a report by the end of 2017 on "whether the goal of widespread interoperability has been achieved." That includes listing whether particular EHR vendors, and other entities offering EHRs, meet the various interoperability compliance criteria.

Those vendors that do not meet the criteria would be no longer be considered as offering a "certified" EHR as of Jan. 1, 2019. They would be subject to civil monetary penalties if they had earlier attested that they qualified as compliant under the HITECH incentive program.

Reaction to Proposals

EHR vendor Athenahealth is "hugely supportive" of the bill, says Dan Healy, the company's vice president of government and regulatory affairs and assistant general counsel.

"We are thrilled that Burgess's bill focuses on the bipartisan, bicameral goal of actual interoperation in healthcare, which is distinct from the theoretical 'interoperability' that has been stressed by past, failed policy efforts to spur patient information fluidity," he says. "Today, far too many health IT vendors engineer their systems to enable theoretical interoperability, but then erect technical and/or financial barriers to actual information sharing between and among disparate vendor platforms."

"This rare convergence of far-sighted federal policy with crucially important private sector efforts has the potential to radically accelerate progress in the health IT industry toward the day when health IT finally catches up with the rest of the information economy."

But David Holtzman, vice president of compliance at security consulting firm CynergisTek, is unconvinced that a Congressionally appointed committee would do a better job sorting through issues of EHR data interoperability, including security and privacy matters, than the current HIT standards and policy committees that advise ONC.

"Generally, Congress trying to micromanage these processes never ends well," says Holtzman, who was a senior adviser at HHS' Office for Civil Rights before joining CynergisTek in 2013. "I am tremendously wary when Congress attempts to put its imprint on the creation and adoption of technology standards. In my experience, these approaches often have unintended consequences due to the 'sausage making' that goes into the passage of legislation."

Holtzman says that the draft bill is missing elements to help ensure patient privacy and security. That includes giving patients input in how their individual health records are shared, "as well as addressing meaningful, effective security safeguards to be baked into electronic health record technology," he says.

"This proposal would put the responsibility for finding 'interoperability' into a group appointed by Congress but would not include a seat at the table for the voices of consumers or patients," he adds. "Cutting out these important stakeholders, in my view, is of great concern."

Roadmap Potholes

Burgess' draft, which is dated March 6, comes just after a March 4 blog appearing in Health Affairs, co-written by Republican Senators Lamar Alexander of Tennessee, Richard Burr of North Carolina, Mike Enzi of Wyoming, Pat Roberts of Kansas and John Thune of South Dakota. In that piece, the senators complain about a lack of details from ONC for "practical and actionable steps to ensure a proper return on the American people's investment," including achieving secure national health information exchange to improve the quality of care based on timely access to information.

ONC - which oversees standards and policies for the HITECH Act's EHR financial incentive program - recently released a 10-year plan that includes a roadmap for interoperable health data exchange. However, the senators complain ONC's proposals are "high-level goals for how to achieve interoperability, like building on existing infrastructure and empowering individuals, but the roadmap fails to outline real and actionable next steps."

ONC is accepting public comments on its draft roadmap until April 3, with plans to release a final version later in this year. An ONC spokesman tells Information Security Media Group that ONC doesn't comment on draft legislation.

Previous
Apple, Microsoft Issue Freak Flaw Fixes
Next
Verizon: Breaches Under-Reported Globally

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.