Archive for March, 2016

House Oversight Committee Explores Health IT Interoperability, Meaningful Use, and Ransomware

March 24, 2016 2 comments

The U.S. House of Representatives Committee on Oversight and Government Reform held a hearing on March 22 regarding opportunities and challenges in advancing health information technology. Dr. Karen DeSalvo (HHS National Coordinator for Health IT) and Jessica Rich (Director, FTC Bureau of Consumer Protection) served as witnesses alongside representatives of industry (Mathew Quinn, Intel) and stakeholder coalitions (Neil DeCrescenzo, Healthcare Leadership Council; Mark Savage, National Partnership for Women and Families).

Participating committee members focused their statements and questions on data-sharing issues, such as interoperability concerns related to medical devices, mobile applications, patient wearables, and electronic health record technology. Dr. DeSalvo provided an overview of HHS Office of the National Coordinator for Health IT (ONC) initiatives to proliferate interoperability, including the ONC’s recent reports to Congress on information blocking and health IT adoption and exchange.

Dr. DeSalvo and Ms. Rich described recent ransomware attacks on hospitals and related issues as a rising privacy and security threat. Congressman Ted Lieu (D-CA-33) expressed concerns that the HITECH security breach notification requirements do not appear to explicitly address situations in which patient data is frozen in storage by attackers.

Subcommittee on IT Chairman William Hurd (R-Texas-23) asked the witnesses about physician and hospital frustrations with Meaningful Use. The witnesses deflected the question by focusing exclusively on the program’s success in spurring EHR adoption rather than addressing regulatory burdens imposed on MU participants.

Categories: EHR, FDA, meaningful use, Medicare

Reminder: Meaningful Use Attestation Deadline Tonight

March 11, 2016 Leave a comment

The attestation period for calendar year (CY) 2015 participation in the Medicare/Medicaid EHR Incentive Program (Meaningful Use) closes tonight at 11:59PM (Eastern). Participants, or representatives attesting on their behalf, need to finish using the Centers for Medicare and Medicaid Services’ (CMS) registration and attestation system before that deadline.

CMS encourages those with questions to contact the EHR Information Center Help Desk at (888) 734-6433/ TTY: (888) 734-6563 and select option 1. The hours of operation are Monday to Friday between 8:30 a.m. and 7:30 p.m. EST.

Categories: EHR, meaningful use, Medicare

ONC Publishes Proposed Rule to Tighten the Health IT Certification Program

March 2, 2016 Leave a comment

The HHS Office of the National Coordinator for Health IT (ONC) published a Notice of Proposed Rulemaking (NPRM, or “proposed rule”) today to enhance the oversight and accountability of the agency’s voluntary health IT certification program. The rulemaking is a continuation of ONC’s recent efforts to shore up the accredited testing laboratories and post-certification surveillance of health IT products.

ONC proposes to have broad authority to investigate certified health IT products for “non-conformities” with certification requirements as well as problems with security and other issues. Concerns could be brought to ONC’s attention by ONC-Authorized Certification Bodies (ONC-ACBs), the general public, or other stakeholders. If investigated, health IT developers would be required to submit extensive product information to ONC in a timely fashion. If non-conformities with the certification requirements are indeed discovered, developers would need to then submit a corrective action plan. ONC could suspend or terminate the certification status of a product and ban developers from participation in the certification program until the non-conformities are corrected. Strict processes for re-certification of health IT (or replacement versions) have also been proposed, as well as an extensive appeals process for developers.

Beyond non-conformity with a certification criterion, a health IT product’s certification could be suspended if it was found to be contributing to a patient’s health information being unsecured and unprotected in violation of applicable law, increasing medical errors, decreasing clinical effectiveness, worsening the identification and response to public health threats and emergencies, leading to inappropriate care, worsening health care outcomes, or undermining a more effective marketplace. Termination would occur as the next step if the non-conformity could not be cured, the developer failed to respond in timely fashion to ONC, information was insufficient or incomplete, the developer failed to submit a timely proposed corrective action plan that adequately addressed ONC’s concerns, or the developer did not completely fulfill its obligations.

Importantly, the developer would need to address the problem and implement the correction for all affected customers or else the developer would not be able to seek certification for another health IT product (unless said product is the corrected version and would be implemented for all affected customers). In other words, the developer’s future business would be on hold until the problem is fixed.

Beyond expanding ONC’s authority to investigate products, the NPRM would also establish an additional authorization processes for the National Voluntary Laboratory Accreditation Program (NVLAP)-accredited testing laboratories that test health IT products against the certification criteria. Currently, NVLAP accreditation itself is the only way to ensure quality and consistency in the testing labs. By creating the new status of “ONC-Authorized Testing Labs (ONC-ATLs)” for labs with NVLAP accreditation, ONC would then have the ability to give, retain, suspend, and revoke approval. This is a logical improvement to the existing paradigm for the labs that gives ONC more direct control.

Finally, it is worth pointing out that the NPRM would also require several transparency enhancements. For instance, ONC would post information about certification suspensions/terminations on the Certified Health IT Product List (CHPL). Also, ONC-ACBs—the entities that certify all lab-tested health IT products as meeting ONC’s certification criteria—would make identifiable surveillance results available on their websites on a quarterly basis.

It is important to note that this NPRM explicitly does not address the consequences of product certification termination on users (i.e., hospitals, physicians, and other professionals). Substantial costs would be incurred if a provider is forced to switch to a different certified product in order to meet federal regulatory requirements, such as the EHR Incentive Program, Merit-Based Incentive Payment System, etc. These costs are estimated and discussed in the NPRM.  However, developers would not be required by the proposals in this rulemaking to cover any costs suffered by their (ex)customers who are forced to switch products. The NPRM states that ONC does not anticipate many terminations and that most developers would naturally choose to correct non-conformities rather than incur termination and a certification program ban.

The public comment period for the NPRM closes on May 2. American College of Radiology (ACR) members with an interest in providing input for future ACR comments to ONC should contact Michael Peters, ACR Director of Regulatory and Legislative Affairs, at / 202-223-1670.

Categories: EHR, meaningful use, Medicare