For a change, there was a bipartisan bill passed with some big impacts on healthcare.  HIPAA 21st Century Cures Act implications are, of course, our focus.  Today, we review some thoughts on the bill that was signed into law this week.

HIPAA For MSPs HIPAA 21st Century Cures Act
00:00:00 00:00:00

Interesting other points

  • Due to the way a previous law was written, if one was covered by Medicaid, he or she could not see a primary care physician and a mental health care professional on the same day. While both services could bill Medicaid, only one of them would get paid.HIPAA 21st Century Cures Act
  • some of the sections of this new bill actually cut authorization funding for their respective programs (such as grants for substance abuse prevention and treatment, treatment and recovery for homeless individuals, transition from homelessness, and jail diversion programs, as just a few examples).
  • Lots of stuff for FDA approvals
  • Funding is authorized but it would still have to be approved in the budget each year
  • Workgroups required to include experts in data privacy and security or specifically security experts (security mentioned 188 times in the law)
  • ONC gets a Health Information Technology Advisory Committee (HIT Advisory Committee) to unify the roles of, and replace, the HIT Policy Committee and the HIT Standards Committee
    • Setting priorities for standards adoption.
      • including related to the privacy and security of electronic health information

HIPAA 21st Century Cures Act Specifics

Research privacy changes to be studied

  • The original HIPAA 21st Century Cures Act issues involved expansion of disclosures allowed for research purposes without further patient authorizations.
  • Lots of controversy in that original text.  So….. it will be studied for changes

Blocking info exchange is now an abuse with big penalty options

  • Sharing information has been a significant point for many discussions by the ONC, HHS and OCR in 2016.  Interoperability and information sharing issues has been seen as a major road block to improved patient care with all this new technology.  Many mentions of putting it in place or they would need to “do something”.  Well, now they have had to do something.
  • Imposing civil monetary penalties for organizations that participate in intentional and inappropriate information blocking – preventing or materially discouraging access, exchange or use of electronic health information as permitted by law;
    • OIG can investigate and fine up to $1m

Mental Health Focus

  • Improving the sharing of mental health data, including requiring HHS’ Office for Civil Rights to issue new guidance related to the disclosure of mental health and substance abuse protected health information under HIPAA;

Find patient matching methods

  • Requiring that the General Accountability Office study the issue of matching all patient data obtained from various sources, such as through health information exchange, to the correct individual to help ensure appropriate treatment decisions are made.

HIPAA Training Funding

  • Development and dissemination of model training programs.
    • regarding the permitted uses and disclosures, consistent with the standards governing the privacy and security of PHI of patients seeking or undergoing mental or substance use disorder treatment.
    • $4m for FY 2018
    • $2m each for 2019 and 2020
    • $1m each for 2021 and 2022
  • Other education mentioned
    • Educate providers on use of HIEs
    • Educate individuals on their rights to access of their medical records