HHS: Big Projects in Uncertain TimesInsurance Exchanges, HITECH Stage 2 Start Oct. 1
At a time of budgetary and leadership uncertainty, the Department of Health and Human Services plans to launch several key initiatives that have significant privacy and security components.
See Also: HIPAA Audits: A Revised Game Plan
On Oct. 1, state health insurance exchanges - a key element of healthcare reform - are slated to launch their online marketplaces for consumer open enrollment. HHS officials recently announced that a federal data hub that will serve as a critical conduit for sensitive information needed by the exchanges completed security testing.
Among the Stage 2 security requirements: Hospitals and physicians are required to use EHR software that automatically encrypts records if they're stored on an end-user device.
Plus, work on guidelines for Stage 3 of the program, including privacy and security details, is slated to continue this fall and beyond.
Also continuing are efforts to develop an accounting of disclosures rule as mandated under the HITECH Act. An earlier proposal, which called for providing patients with the right to request an "access report" with a complete list of everyone who has electronically viewed their information, proved controversial. Many healthcare organizations and health industry groups expressed concerns that the record access report provision was impractical and technologically unfeasible with most existing EHR systems.
On Sept. 30 ONC's HIT Policy Committee's privacy and security tiger team will host a virtual public hearing on the issue.
Meanwhile, some Republican members of Congress want to pull funding for the Affordable Care Act, better known as Obamacare, or delay the start of the program. And a budgetary stalemate could lead to a partial federal government shutdown on Oct. 1. Plus, the fiscal 2014 budget for the HHS Office of the National Coordinator for Health IT, which crafts the guidelines for the incentive program, and the HHS Office for Civil Rights, which enforces HIPAA, have yet to be approved.
In addition to the financial concerns, ONC faces a leadership transition at a critical time.
The head of ONC, Farzad Mostashari, M.D., and his principal deputy, David Muntz, both will step down on Oct. 4 (see: ONC Names Interim Leadership.) Two ONC insiders, Jacob Reider, M.D. and Lisa Lewis, have been picked to temporarily fill in for Mostashari and Muntz, respectively, while HHS continues to search for permanent replacements.
ONC will have some continuity in one major area: ONC's chief privacy officer, Joy Pritts, is staying.
HITECH Funding Ends
When fiscal 2014 begins on Oct 1, HITECH Act funding for ONC's operations ends. That means ONC's budget - which is part of HHS' budget - must be appropriated by Congress.
Some Republican members of Congress over the last year have questioned ONC's Mostashari and others about the merits of the "meaningful use" financial incentive program, especially when it comes to system interoperability, health information exchange, and whether EHRs make it easier for healthcare providers to submit fraudulent billing.
The billions of dollars in EHR financial incentives to hospitals and physicians are funded separately from ONC; they're paid for under the HITECH Act through 2016 and are administered by HHS' Centers for Medicare and Medicaid Services.
Under the 2014 HHS budget proposal unveiled in April, ONC is seeking $78 million, up $17 million from the pre-sequester level in fiscal 2013. "The budget will enable ONC to address new privacy and security policy issues," the proposal states. "ONC will continue to work alongside industry partners to construct and support innovative frameworks in support of a national cybersecurity program."
While it's not anticipated that the federal budget battles will interfere with the launch of state health insurance exchanges under federal healthcare reform, it's less clear whether a government furlough could impact IT support for the federal data hub or related systems that support the state exchanges. Those online marketplaces will enable consumers to shop for and enroll in health plans offered by participating insurers.
HHS' Office for Civil Rights, which began enforcing the HIPAA Omnibus Rule on Sept. 23, has requested a budget increase for fiscal 2014 to help fund ramped-up enforcement activities as well as the permanent HIPAA compliance audit program that's slated for next year, OCR Director Leon Rodriguez noted in a presentation at a recent privacy and security conference in Boston.
OCR is seeking $42 million in funding for fiscal 2014, up from $38 million it received in 2013. In addition, OCR has authority to "bank" from fiscal year to fiscal year money it collects from its enforcement penalties, Rodriguez noted during his keynote speech. OCR collected about $4 million from its enforcement activities in the last year, he says.