Washington Debrief: Medical Identity Theft a Concern for Congress; CMS Releases New FAQs on MU

Nov. 16, 2015
Leaders of the Senate Finance and Health, Education, Labor and Pensions committees last week sought answers from the Obama administration on what’s being done to assist victims of medical identity theft.

Federal Affairs

Key Takeaway: CMS releases new Frequently Asked Questions (FAQs) on meaningful use (MU).

Why it Matters: The newly released document further clarifies critical elements of the MU program.

  • Health Information Exchange (FAQ 12817): For the health information exchange objective in 2015 through 2017, may an eligible professional (EP), eligible hospital or critical access hospital (CAH) count a transition of care or referral in its numerator for the measure if they electronically create and send a summary of care document using their CEHRT to a third party organization that plays a role in determining the next provider of care and ultimately delivers the summary of care document? Read the answer here.
  • Patient Education and Electronic Access
    • (FAQ 12821): If multiple eligible professionals or eligible hospitals contribute information to a shared portal or to a patient's online personal health record (PHR), how is it counted for meaningful use when the patient accesses the information on the portal or PHR? Read the answer here.
    • (FAQ 12825): In calculating the meaningful use objectives requiring patient action, if a patient sends a message or accesses his/her health information made available by their eligible professional (EP), can the other EPs in the practice get credit for the patient’s action in meeting the objectives?  Read the answer here.

Key Takeaway: The White House released Privacy and Trust Principles for the President’s Precision Medicine Initiative last week. Many agree that interoperable electronic health records (EHRs) will be pivotal to this efforts success.

Why it Matters: In January 2015, President Obama launched the PMI, which aims to launch new research models in the hopes of revolutionizing how we improve health and treat disease. The idea is to tailor treatment to the individual patient based on their genes, environments, and lifestyles. The project’s mission is to “enable a new era of medicine through research, technology, and policies that empower patients, researchers, and providers to work together toward development of individualized treatments.” The project aims to create a research cohort of more than 1 million American volunteers who will share genetic data, biological samples, and diet/lifestyle information, all linked to their electronic health records if they choose. This is a perfect use case from CHIME’s perspective for why a unique patient identifier is critical, as it will help match patients across the care continuum to their records. 

The White House released their Privacy and Trust Principles to guide PMI activities. The principles are organized into 6 broad categories:

  1. Governance that is inclusive, collaborative, and adaptable;
  2. transparency to participants and the public;
  3. respecting participant preferences;
  4. empowering participants through access to information;
  5. ensuring appropriate data sharing, access, and use;
  6. maintaining data quality and integrity.

The White House received more than 100 comments to inform the principles. Commenters reinforced the need to ensure a robust data security framework. The White House is also leading an interagency group to develop a security framework.

Congressional Affairs

Medical Identity Theft on Radar for Key Senate Leaders

Key Takeaway: Leaders of the Senate Finance and Health, Education, Labor and Pensions committees last week sought answers from the Obama administration on what’s being done to assist victims of medical identity theft.

Why It Matters: Senate leaders continue to evaluate the readiness of healthcare industry and the federal government to assist consumers, in our case patients, in following data breach. The letter, addressed to Acting Administrator for the Centers for Medicare & Medicaid Services (CMS), Andy Slavitt and Jocelyn Samuels, Director of the Office for Civil Rights (OCR), posed a dozen questions on the subject of medical identify fraud.

The bipartisan group of committee leaders — Lamar Alexander (R-TN), Orrin Hatch (R-UT), Patty Murray (D-WA) and Ron Wyden (D-OR) — called on the Department of Health and Human Services to explain how medical identity theft is tracked and questioned how existing federal privacy laws combat medical identity theft.

This isn’t the first time Senate leaders have taken an interest in the current state of privacy and security of electronic personal health information (ePHI). Earlier this year, Alexander and Murray requested that the Government Accountability Office (GAO) examine a number of issues relating to privacy laws and the security of electronic health record systems.