Posts Tagged electronic

HHS Proposes New Rules to Improve Interoperability of EHI

HHS Proposes New Rules to Improve Interoperability of EHI
Could new innovations in technology promote patient access and make no-cost health data exchange a reality for millions?

The U.S. Department of Health and Human Services (HHS) has proposed new rules to support seamless and secure access, exchange and use of electronic health information. The rules, issued by the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC), would increase choice and competition while fostering innovation that promotes patient access to and control over their health information. The proposed ONC rule would require patient electronic access to this electronic health information (EHI) be made available at no cost.

“These proposed rules strive to bring the nation’s health care system one step closer to a point where patients and clinicians have the access they need to all of a patient’s health information, helping them in making better choices about care and treatment,” said HHS Secretary Alex Azar. “By outlining specific requirements about electronic health information, we will be able to help patients, their caregivers, and providers securely access and share health information. These steps forward for health IT are essential to building a health care system that pays for value rather than procedures, especially through empowering patients as consumers.”

CMS’ proposed changes to the health care delivery system support the MyHealthEData initiative and would increase the seamless flow of health information, reduce burden on patients and providers, and foster innovation by unleashing data for researchers and innovators. In 2018, CMS finalized regulations that use potential payment reductions for hospitals and clinicians to encourage providers to improve patient access to their electronic health information. For the first time, CMS is now proposing requirements that Medicaid, the Children’s Health Insurance Program, Medicare Advantage plans and Qualified Health Plans in the Federally-facilitated Exchanges must provide enrollees with immediate electronic access to medical claims and other health information electronically by 2020.

In support of patient-centered health care, CMS would also require these health care providers and plans to implement open data sharing technologies to support transitions of care as patients move between these plan types. By ensuring patients have easy access to their information, and that information follows them on their health care journey, we can reduce burden, and eliminate redundant procedures and testing thus giving clinicians the time to focus on improving care coordination and, ultimately, health outcomes.

“Today’s announcement builds on CMS’ efforts to create a more interoperable healthcare system, which improves patient access, seamless data exchange, and enhanced care coordination,” said CMS Administrator Seema Verma. “By requiring health insurers to share their information in an accessible, format by 2020, 125 million patients will have access to their health claims information electronically. This unprecedented step toward a health care future where patients are able to obtain and share their health data, securely and privately, with just a few clicks, is just the beginning of a digital data revolution that truly empowers American patients.”

The CMS rule also proposes to publicly report providers or hospitals that participate in “information blocking,” practices that unreasonably limit the availability, disclosure, and use of electronic health information undermine efforts to improve interoperability. Making this information publicly available may incentivize providers and clinicians to refrain from such practices.

ONC’s proposed rule promotes secure and more immediate access to health information for patients and their health care providers and new tools allowing for more choice in care and treatment. Specifically, the proposed rule calls on the health care industry to adopt standardized application programming interfaces (APIs), which will help allow individuals to securely and easily access structured and unstructured EHI formats using smartphones and other mobile devices. It also implements the information blocking provisions of the 21st Century Cures Act, including identifying reasonable and necessary activities that do not constitute information blocking. The proposed rule helps ensure patients can electronically access their electronic health information at no cost. The proposed rule also asks for comments on pricing information that could be included as part of their EHI and would help the public see the prices they are paying for their health care.

“By supporting secure access of electronic health information and strongly discouraging information blocking, the proposed rule supports the bi-partisan 21st Century Cures Act. The rule would support patients accessing and sharing their electronic health information while giving them the tools to shop for and coordinate their own health care,” said Don Rucker, M.D., National Coordinator for Health IT. “We encourage everyone – patients, patient advocates, health care providers, health IT developers, health information networks, application innovators, and anyone else interested in the interoperability and transparency of health information – to share their comments on the proposed rule.”

Policies in the proposed CMS and ONC rules align to advance interoperability in several important ways. CMS proposes that entities must conform to the same advanced API standards as those proposed for certified health IT in the ONC proposed rule, as well as including an aligned set of content and vocabulary standards for clinical data classes through the United States Core Data for Interoperability standard (USCDI). Together, these proposed rules address both technical and health care industry factors that create barriers to the interoperability of health information and limit a patient’s ability to access essential health information. Aligning these requirements for payers, health care providers, and health IT developers will help to drive an interoperable health IT infrastructure across systems, ensuring providers and patients have access to health data when and where it is needed.

For a fact sheet on the CMS proposed rule (CMS-9115-P), please visit: https://www.cms.gov/newsroom/fact-sheets/cms-advances-interoperability-patient-access-health-data-through-new-proposals

For fact sheets on the ONC proposed rule, please visit: https://healthit.gov/nprm

To receive more information about CMS’s interoperability efforts, sign-up for listserv notifications, here: https://public.govdelivery.com/accounts/USCMS/subscriber/new?topic_id=USCMS_12443

To view the CMS proposed rule (CMS-9115-P), please visit: https://www.cms.gov/Center/Special-Topic/Interoperability-Center.html

Posted in: Technology

Leave a Comment (0) →

Two-Minute Primer on Electronic Prescription of Controlled Substances

Two-Minute Primer on Electronic Prescription of Controlled Substances

The contents of a recent Drug Enforcement Administration policy statement on electronic prescriptions for controlled substances sound simple enough—you can use a mobile device for EPCS if it meets the latest Federal Information Processing Standards security requirements (FIPS 140-2), and you can use it as a “hard token” if it is separate from the device used to create the EPCS. But what does that mean? Are there any more limitations?

The Controlled Substances Act regulates drugs and other substances that have a potential for abuse and psychological and physical dependence, i.e., “controlled substances.” Controlled substances are organized into five schedules. Schedule I drugs have a high risk of abuse and no current accepted medical uses in the United States. Drugs in Schedules II through IV have currently accepted medical uses, but they also have a high potential for abuse. Drugs in Schedule II can only be issued pursuant to a written prescription, whereas drugs in Schedules III and IV may be issued pursuant to written or oral prescriptions.[1] The written prescription may be an electronic one, if it satisfies certain requirements.

An EPCS may be created with input and data entry from the DEA registrant (the prescribing practitioner) or his or her agent, provided that only the registrant can actually sign the prescription using the EPCS application.[2] To sign the application, however, the registrant has to complete a two-factor authentication process while at the same time viewing certain information about the EPCS (date of issuance; full name of patient; drug name; dosage strength and form, quantity prescribed, and directions for use; number of refills authorized; earliest date on which a pharmacy may fill each prescription; name, address and DEA number of the registrant)[3] and a statement of acknowledgement[4] regarding the EPCS, as prescribed by regulation. The provider’s completion of the two-factor authentication process in the EPCS application is the equivalent of signing a hard-copy paper prescription.[5]

The two-factor authentication process includes the use of two of the following authentication factors: (1) something only the practitioner knows (e.g., a password or response to a challenge question); (2) biometric data (e.g., a fingerprint or iris scan); or (3) a device, known as a hard token, which is separate from the computer or other device used to access the EPCS application (i.e., the hard token could be your phone, as long as you are not electronically prescribing the EPCS through an EPCS application on your phone).[6] The hard token is subject to FIPS 140-2 Security Level 1 requirements,[7] and the system used to validate biometric data must comply with other regulatory requirements,[8] all of which are beyond the scope of this article and beyond this author’s expertise.[9] Whichever factors are used in the two-factor authentication process, the prescribing practitioner/registrant must not share the authentication factors with any other person or allow it to be used to electronically sign an EPCS.[10] Additionally, if a practitioner/registrant loses his or her hard token (if applicable), he must notify the appropriate access control managers for the EPCS application (either in his/her individual practice or through an institutional provider such as a hospital) within one business day of the discovery, or he or she may be held responsible for any controlled substances written using his or her two-factor authentication credential.[11]

In addition to the requirements above and the responsibilities the practitioner normally has when issuing paper or oral prescriptions for controlled substances, there are more practitioner responsibilities when it comes to EPCS.[12] To the extent an EPCS is not successfully delivered, the practitioner must ensure that any paper or oral prescription issued as a replacement for a failed EPCS indicates that the prescription was originally transmitted electronically to a particular pharmacy and that the transmission failed. The practitioner must also exercise certain reasonable precautions to ensure that the EPCS application complies with all applicable regulatory requirements, especially if the practitioner is on notice that the EPCS system may not meet all the requirements.[13]

An exhaustive discussion of all the applicable requirements for EPCS is beyond the scope of this article. However, practitioners should be thinking about the vendors they are using for their EPCS system, the system’s capabilities and process control limitations, and the information security or physical safeguards they must maintain to ensure their two-factor authentication credentials are secure. In addition, it should be noted that EPCS are subject to other laws, such as the Ryan Haight Online Pharmacy Consumer Protection Act of 2008, which generally requires a practitioner to conduct at least one in-person medical examination for a patient if they are prescribing controlled substances for the patient.[14]

From a process standpoint, EPCS may be easier to work with, but it implicates substantial compliance concerns with a variety of laws. Practitioners should carefully consider the volume of legal and regulatory requirements applicable to EPCS and ensure their operations conform to all applicable requirements.

Article contributed by Christopher L. Richard with Gilpin Givhan, P.C. Gilpin Givhan, P.C. is an official partner with the Medical Association.

 

Resources

[1] Drugs in Schedule V may only be distributed or dispensed for medical purposes, but are not grouped in with either Schedule II or Schedules III and IV for purposes of the prescription requirements. See 31 U.S.C. § 829.

[2] 21 C.F.R. § 1311.135.

[3] 21 C.F.R. § 1311.120(b)(9).

[4] “By completing the two-factor authentication protocol at this time, you are legally signing the prescription(s) and authorizing the transmission of the above information to the pharmacy for dispensing. The two-factor authentication protocol may only be completed by the practitioner whose name and DEA registration number appear above.” 21 C.F.R. § 1311.140(a)(3).

[5] 21 C.F.R. § 1311.140(a)(5).

[6] 21 C.F.R. § 1311.115.

[7] Incorporated by reference in 21 C.F.R. § 1311.08.

[8] See 21 C.F.R. § 1311.116.

[9] This author suggests consulting with information technology experts in order to verify applications meet regulatory requirements, or at least include in agreements with vendors that the service they are providing complies with the applicable regulatory requirements.

[10] 21 C.F.R. § 1311.102(a).

[11] 21 C.F.R. § 1311.102(b).

[12] See 21 C.F.R. § 1311.102.

[13] 21 C.F.R. § 1311.102.

[14] See 21 U.S.C. § 829(e).

Posted in: Legal Watch

Leave a Comment (0) →

What Can Physicians Charge for Medical Records?

What Can Physicians Charge for Medical Records?

The State of Alabama Board of Medical Examiners amended its rules that govern the fees physicians may charge to provide patients with copies of their medical records.2 The rules are set forth in Section 540-X-9-.10(2) of the Alabama Administrative Code, and the new rules became effective April 13, 2018.

Here are the key dos and don’ts physicians should take into account to determine how much (and whether) they should charge patients for copies of their records.

Don’t charge anything other than a “reasonable, cost-based fee” for necessary supplies, labor and postage.

As in the past, the new rules permit a physician to recover a reasonable, cost-based fee to comply with a patient’s request for copies of his medical records, subject to the prohibitions, requirements and recommendations below. Federal law and applicable U.S. Department of Health and Human Services (“HHS”) guidance specify that a reasonable, cost-based fee may include (i) certain costs for the labor required to copy the medical record (subject to certain limitations, as noted below); (ii) the physician’s costs reasonably incurred for supplies (e.g., costs for paper, toner and the like for paper copies, or for CDs, USB drives, or similar electronic media, if requested); and (iii) the physician’s costs reasonably incurred for postage, if the patient requests mail delivery to him or his designee. Only charge postage if the patient specifically requests mail delivery (and agrees to be responsible for the cost).

Don’t charge a “search” fee or other labor costs not specifically authorized by law.

Physicians may recover only certain, limited costs for labor required to copy a patient’s record. The fee may not include the physician’s costs, if any, to verify or document the patient’s request, costs to search for or retrieve the record, or costs to access, store and maintain electronic or paper records, or similar infrastructure costs. Among other things, this means that “search fees,” authorized by state law, are prohibited following the issuance of the new ALBME rules.3

In determining a reasonable, cost-based fee, labor generally may be calculated using either of two methods: (a) the physician’s actual labor cost to respond to the patient’s request; or (b) the average cost to respond to a similar request, based on a schedule.

Don’t charge more than the statutory limits, no matter what.

In contrast to prior rules, the new rules include additional nuance pertaining to the permissible charge for copying electronic medical records.

If the patient requests a paper copy of his medical record, whether the record is maintained in electronic or paper form, or an electronic copy of his paper record, the physician may charge a reasonable, cost-based fee, calculated using the factors listed above. The fee may be a per-page fee, so long as it is a reasonable, cost-based fee.4 As in the past, the new rules limit the amount a physician may charge for copies to $1.00 per page for the first 25 pages and $.50 per page for additional pages, plus the actual cost of mailing the record.5

However, if the patient requests an electronic copy of his electronic record, (i) the physician may not charge a per-page fee (regardless of amount); and (ii) the physician may either charge (a) a reasonable, cost-based fee, as determined above (subject to the prohibition on per-page fees) or (b) a flat fee of $6.50.

Don’t charge patients for copies if they can’t afford it.

Significantly, recent changes in federal and Alabama laws (i.e., HIPAA and the new ALBME rules) prohibit a physician from charging any fee to make copies of the medical record of a patient who is not able to pay.6 Unfortunately, there is no specific guidance to help physicians determine whether a patient is able to pay a reasonable, cost-based fee. The new rules indicate that, in making this determination, physicians “should give primary consideration to the ethical and professional duties owed to other physicians and to their patients.”

Don’t charge for access via an online patient portal.

Likewise, physicians may not charge a fee to a patient to access his electronic health record. Specifically, HIPAA precludes physicians and other covered entities from charging a fee to the patient to access his record using the View, Download and Transmit functionality of a certified electronic health record (“CEHRT”).

Notify the patient about any charges in advance.

Laws also prohibit a physician from charging a fee for copies unless the physician notifies the patient about the fee in advance (i.e., when the patient makes the request). The physician must also provide the patient with a breakdown of the fee, upon request. In fact, HHS recommends the physician make its normal charges for copies available to the public on its website or by other means.

Discussion

The new ALBME rules include some limitations not before instituted in previous rules. It is important to note the limitations discussed in this article only apply to a request made by the patient.7 So, for example, if a patient needs to provide copies of his medical record to an attorney, a physician may be permitted to charge a different (read: greater) fee if the attorney makes the request (by subpoena, for example), as opposed to the patient requesting the physician transfer the records to the attorney.

The new rules also include provisions intended to bring the Alabama rules into compliance with applicable provisions of the federal HIPAA rules.8 While the new rules provide needed clarity as to certain matters, questions remain. Likewise, HIPAA imposes certain additional limitations on permissible charges that must be taken into account, even though they are not mentioned in the ALBME rules.

In any event, the fact is, as in most legal and regulatory matters, the answer to the seemingly simple question, “What can I charge to make a copy of the patient’s record?” is it depends on a number of factors. In addition, federal and State of Alabama authorities have made it clear they intend to target physicians who charge excessive fees in future enforcement actions. Consequently, it is vital physicians have a proper understanding of the issues addressed above and promptly take appropriate action to comply.

Nothing in this article should be considered legal advice. In the event you need legal advice in respect to the matters above, or other matters, please contact appropriate legal counsel.

Article contributed by D. Brent Wills, Esq., and Mazie Bryant1 of Gilpin Givhan, PC. Gilpin Givhan, PC, is an official partner with the Medical Association.

References
1 Ms. Bryant is a Juris Doctor candidate at the University of Alabama School of Law.

2 See Ala. Admin. Code § 540-x-9-.10(2).

3 Note Section 12-21-6.1 of the Alabama Code still permits a $5.00 “search fee” to be charged. HIPAA explicitly pre-empts Alabama law on this issue. It is not clear whether or when the Alabama Legislature will update the statute.

4 Although HIPAA does not specify a per-page fee that constitutes a reasonable, cost-based fee, there is no indication that the (maximum) per-page fees specified in the new ALBME rules would not pass muster.

5 See Ala. Admin. Code § 540-x-9-.10(2).

6 Ala. Admin. Code 540-X-9.10(2).

7 Note HIPAA treats a request by the patient’s personal representative (as defined in the Privacy Rule) as a request made by the patient.

8 “HIPAA” means, in this context, the federal Health Insurance Portability and Accountability Act, together the privacy, security and breach notification rules promulgated thereunder, as set forth at 42 CFR Part 160 and Part 164, as modified by the Health Information and Technology for Economic and Clinical Health Act of 2009 (“HITECH”).

Posted in: Legal Watch

Leave a Comment (0) →

STUDY: Independent Practice Declines Due Partially to EHRs

STUDY: Independent Practice Declines Due Partially to EHRs

A new study conducted by the Trump Administration suggests electronic health records are currently failing at reducing the cost of billing for medical facilities, especially for independent practices.

“Small physicians’ groups and solo providers could not afford to purchase and maintain electronic medical records and comply with government reporting requirements,” the White House report stated. “As a result, hospital mergers are booming, leading to horizontal integration, and large hospitals are buying up physicians’ practices and outpatient service providers to form large, vertically integrated health care networks.”

A study published in the Journal of the American Medical Association shows that billing costs consumed significant chunks of revenue even at a large academic center with a fully implemented EHR system. They represented about 14.5 percent of costs of primary care visits and 13.4 percent of costs for ambulatory surgical procedures. “These findings suggest that significant investments in certified health information technology have not reduced high billing costs in the United States,” the authors state in the report.

Independent physicians have also commented on the burdens of the EHR system. Three out of four physicians believe electronic health records (EHRs) increase practice costs, outweighing any efficiency savings, and seven out of 10 think EHRs reduce their productivity, according to a Deloitte’s recent 2016 Survey of U.S. Physicians.

The results of the survey also indicate physician satisfaction with EHRs varies by practice characteristics. About 70 percent of employed physicians are more likely to think that EHRs support the exchange of clinical information and help improve clinical outcomes compared to 50 percent of independent physicians. The results also revealed 72 percent of independent physicians are more likely to think that EHRs reduce productivity compared to 57 percent of employed physicians. Additionally, 80 percent of independent physicians think that EHRs increase practice costs, compared to 63 percent of employed physicians.

The federal government has financial interests in making it easier for physicians to cope with EHR requirements, according to President Trump’s 2018 Economic Report. As part of its 2018 economic report, released Feb. 21, the White House drew a direct connection between physicians’ struggles to purchase and operate EHR systems and the increase in consolidation among hospitals.

Posted in: Advocacy

Leave a Comment (0) →