• About Us
  • Events
  • Newsletter Sign Up
  • Spotlight Series
  • Webinars
  • WhitePapers
  • Videos
  • Podcasts
    1. News

    Industry Watch

    Jan. 21, 2021
    News Mobile 6008a8853ddeb

    Cybersecurity

    HHS Proposes HIPAA Privacy Rule Changes Related to Care Coordination

    The U.S. Department of Health and Human Services (HHS) has proposed significant changes to the HIPAA Privacy Rule with the goal of reducing impediments to care coordination and case management communications among individuals and providers. HHS is proposing a compliance date of 180 days after the effective date of a final rule, and the Office for Civil Rights would begin enforcement of the new and revised standards 240 days after publication of a final rule.

    Several of the proposals modify provisions related to the individuals’ right of access to protected health information, including strengthening individuals’ rights to inspect their PHI in person, which includes allowing individuals to take notes or use other personal resources to view and capture images of their PHI. Another change shortens covered entities’ required response time to no later than 15 calendar days (from the current 30 days) with the opportunity for an extension of no more than 15 calendar days (from the current 30-day extension).

    The proposed rule clarifies the form and format required for responding to individuals’ requests for their PHI. It requires covered entities to inform individuals that they retain their right to obtain or direct copies of PHI to a third party when a summary of PHI is offered in lieu of a copy. It reduces the identity verification burden on individuals exercising their access rights. HHS claims this will create a pathway for individuals to direct the sharing of PHI in an EHR among providers and health plans, by requiring providers and health plans to submit an individual’s access request to another provider and to receive back the requested electronic copies of the individual’s PHI in an EHR.

    The Notice of Proposed Rule Making (NPRM) also requires providers and health plans to respond to certain records requests received from other providers and health plans when directed by individuals pursuant to the right of access. The NPRM specifies when electronic PHI (ePHI) must be provided to the individual at no charge and amends the permissible fee structure for responding to requests to direct records to a third party. It requires covered entities to post estimated fee schedules on their websites for access and for disclosures with an individual’s valid authorization and, upon request, provide individualized estimates of fees for an individual’s request for copies of PHI, and itemized bills for completed requests.

    The rule would also create an exception to the “minimum necessary” standard for individual-level care coordination and case management uses and disclosures. The minimum necessary standard generally requires covered entities to limit uses and disclosures of PHI to the minimum necessary needed to accomplish the purpose of each use or disclosure. This proposal would relieve covered entities of the minimum necessary requirement for uses by, disclosures to, or requests by, a health plan or covered health care provider for care coordination and case management activities with respect to an individual, regardless of whether such activities constitute treatment or healthcare operations.

    Interoperability

    CMS Proposed Rule to Require API Implementations for Prior Authorization, Data Sharing

    A new proposed rule released by the Centers for Medicare & Medicaid Services (CMS) would require payers in certain federal programs to build application programming interfaces (APIs) to support data exchange and prior authorization.

    The rule, if finalized, would require payers in Medicaid, CHIP and QHP programs to build APIs, which federal officials note “allow two systems, or a payer’s system and a third-party app, to communicate and share data electronically.” Payers would be required to implement and maintain these APIs using the Health Level 7 (HL7) Fast Healthcare Interoperability Resources (FHIR) standard, according to the proposal. On behalf of HHS, the Office of the National Coordinator for Health IT (ONC) is also proposing to adopt certain standards through an HHS rider on the CMS proposed rule.

    The CMS rule proposes significant changes around prior authorization. “Medicaid, CHIP and QHP payers would be required to build and implement FHIR-enabled APIs that could allow providers to know in advance what documentation would be needed for each different health insurance payer, streamline the documentation process, and enable providers to send prior authorization requests and receive responses electronically, directly from the provider’s EHR or other practice management system,” the proposal outlines.

    The proposed rule builds on the CMS Interoperability and Patient Access final rule released last year. For example, in that rule CMS finalized its policy to require a select group of CMS-regulated payers to implement a FHIR-based Patient Access API. In this new proposed rule, starting Jan. 1, 2023, CMS would require impacted payers to include, as part of the already established Patient Access API, information about the patient’s pending and active prior authorization decisions. This proposed rule would also require impacted payers to establish, implement, and maintain an attestation process for third-party application developers to attest to certain privacy policy provisions prior to retrieving data via the payer’s Patient Access API. And, this rule would require impacted payers to report metrics quarterly about patient use of the Patient Access API to CMS to assess the impact the API is having on patients, CMS has outlined.

    While Medicare Advantage plans are not included in these proposals, CMS said it is considering whether to do so in future rulemaking. Industry groups such as the Medical Group Management Association (MGMA) and Premier Inc. have responded to the proposal, contending that by excluding Medicare Advantage plans from new prior authorization requirements, CMS fails to ensure widespread adoption of standards that could have a major impact.

    Healthcare Policy

    Haven Healthcare Joint Venture Disbanded by Amazon, Berkshire Hathaway, JPMorgan Chase

    On Jan. 4, a much-vaunted collaboration among three major U.S. corporations that had initially been touted as a potentially revolutionary new approach to help push the U.S. healthcare delivery system into value was declared disbanded, just under three years after it had been created.

    Haven Healthcare had been inaugurated on Jan. 30, 2018, as a not-for-profit joint venture by Amazon, Berkshire Hathaway, and JPMorgan Chase. Though it was not named for more than a year, the joint venture was hailed as a breakthrough at the time. The initial focus of the new company was stated to be on “technology solutions that will provide U.S. employees and their families with simplified, high-quality and transparent healthcare at a reasonable cost,” according to the Haven announcement three years ago.

    At the time, Berkshire Hathaway chairman and CEO Warren Buffett stated in the press release that “The ballooning costs of healthcare act as a hungry tapeworm on the American economy. Our group does not come to this problem with answers. But we also do not accept it as inevitable. Rather, we share the belief that putting our collective resources behind the country’s best talent can, in time, check the rise in health costs while concurrently enhancing patient satisfaction and outcomes.”

    But on Jan. 4, the leaders of the three corporations essentially threw in the towel and conceded that the experiment had not worked out. A very brief statement on Haven’s website read: “In the past three years, Haven explored a wide range of healthcare solutions, as well as piloted new ways to make primary care easier to access, insurance benefits simpler to understand and easier to use, and prescription drugs more affordable. Moving forward, Amazon, Berkshire Hathaway, and JPMorgan Chase & Co. will leverage these insights and continue to collaborate informally to design programs tailored to address the specific needs of their own employee populations. Haven will end its independent operations at the end of February 2021.” As the Associated Press’s Tom Murphy wrote in a report covering the development, a company spokeswoman gave no reason for the dissolution of the venture.

    As Murphy noted in his report, “The independent company was created to focus on improving the care delivered to employees of those businesses while doing a better job of managing the expense. But benefits experts expected any plans developed by Haven to become widely adopted by other companies if they proved effective in controlling costs. News of the venture’s creation nearly three years ago sent a brief shudder through the stocks of health insurers that manage employer-sponsored coverage,” Murphy added. “But the Boson-based venture has been largely silent since naming a high-profile CEO — Harvard professor, author and surgeon Dr. Atul Gawande — and then announcing its name in 2019. Gawande departed last May.”

    In another story, Business Insider noted, “Haven was supposed to use the combined companies’ resources to get costs under control and improve care for the member companies’ employee populations, but it struggled to find an identity. It began by tackling primary care pilots that it couldn’t market widely to employees in an effort to maintain secrecy,” the story stated, referencing The Information’s Paris Martineau’s July piece on the venture.

    The BI report continued, “The pilot connected employees to primary care teams, similar to Amazon’s app and service Amazon Care.” Amazon Care, as Business Insider reported, was underway at the tech giant before Haven got started. “Haven lost financial backing, The Information reported, as well as key leaders. Tensions escalated between Haven and the founding companies as the upstart struggled to come up with ideas quickly, and Amazon in particular has been the most reluctant to make commitments to Haven, according to The Information and a person close to Amazon,” as reported by Business Insider. 

    The following is an accompanying analysis from Editor-in-Chief Mark Hagland, who further opined on this development:

    Inevitably, as Business Insider reported, the leaders of the Haven joint venture got tangled up in the complexity of the healthcare delivery system. What might have seemed rather self-evident to the CEOs of three of the most powerful and influential corporations in America actually turned out to be endlessly complicated in reality, when approached on the ground level. As that report noted, the theory was that the combined strength of the three corporations as healthcare purchasers should have worked to the venture’s advantage, but in the end, Haven turned out to produce only small-ball pilot projects, and began by “tackling primary care pilots that it couldn’t market widely to employees in an effort to maintain secrecy.” And then, in retrospect, one can see that bringing in a superstar like Atul Gawande, M.D., likely only added to the challenges, as, one surmises, clashes of egos began to infiltrate the initiative.

    So what the Haven people discovered was the problem that so many other internal system reformers have discovered: the “Goldilocks problem” of internal health system reform. Either one tries to boil the ocean, or one ends up creating teensy pilots that don’t really move the needle at all. It is in that vast conceptual space between teensy-pilot-launching and ocean-boiling that genuine internal health system reform is happening, and happening now, most clearly among the pioneers of value-based and risk-based contracting, including among the leaders of ACOs (accountable care organizations). But it’s really hard work, and takes years.

    One gets the very strong sense here that these titans of industry—golden wizards of big business Jeff Bezos, Warren Buffett, and Jamie Dimon—simply lacked the patience to actually plunge headlong into the unending complexity that is healthcare delivery. The simple truth turns out to be one around complexity: there is no quick, easy way to reform and reengineer the U.S. healthcare delivery system, certainly not from the outside. It involves hard work, tremendously complex work, and an acceptance of healthcare’s endless complexity.

    Continue Reading

    Sponsored Recommendations

    Enhancing Healthcare Through Strategic IT and AI Innovations

    Learn how strategic IT and AI innovations are transforming healthcare - join Tomas Gregorio as he explores practical applications that enhance clinical decision-making, optimize...

    The Intersection of Healthcare Compliance and Security in the Age of Deepfakes

    As healthcare regulations struggle to keep up with rapid advancements in AI-driven threats like deepfakes, the security gaps have never been more concerning.

    Increasing Healthcare Security Behind and Beyond the Firewall

    Read how 5 identity security solutions can help you protect against these threats while improving user experience and reducing costs.

    Improve and Secure Healthcare Delivery with Digital Identity

    Get a deep understanding of how Digital Identity can help secure your healthcare organization while offering seamless access to your growing portfolio of apps and APIs.