Alix Goss

Bob Dieterle

Ed Martin

Rick Geimer

Tim Young

Jason Walonoski

Tony Little

Alex Kontur


Alix - Anticipate completing work on defining issues, describing landscape of industry efforts, and identifying regulatory barriers by end of April. Next step is solutioning


NCVHS Overview

Statutory public advisory committee on health data, statistics, and health information policy

  • Comprised of 18 members w/diverse backgrounds, expertise, and geography
  • Statutory obligations, including periodic reports about HIPAA
  • Makes recommendations to HHS
    • g. work products include report on privacy beyond HIPAA, recommendations on approaches for standards adoption (“predictability roadmap”)
  • Domains – population health, privacy/confidentiality/security, standards, and others at the request of HHS Secretary and ASPE


Predictability roadmap:

  • Administrative Procedures Act processes are lengthy, which makes it difficult to adopt updates to standards once a base standard is selected
  • Need to find a mechanism to enable industry to take the lead on adopting/implementing updates to standards
  • Recommendation: promote/facilitate the voluntary testing and use of new standards
    • g. entities may request an exception under HIPAA to try new standards, but most aren’t aware
  • Recommendation: Upgrade the way industry collaborates to maintain/enhance HIPAA transaction standards and operating roles
    • Re-evaluate role of Designated Standards Maintenance Organizations (DSMO)
      • Claims
        • NUBC (AHA)
        • NUCC (AMA)
        • Dental Content Committee (ADA)
      • SDOs
        • X12
        • NCPDP
        • HL7
      • Change requests can take years to evaluate (as they move through the various layers from DSMOs to NCVHS to HHS to regulation)


NPRMs

Bob - CMS NPRM sets requirements for HHS-funded payers, based on standards from ONC NPRM (e.g. definition of API, USCDI)

  • 119 (Medicare Advantage) – MA payers have to make information available through an open API
    • Includes: claims data, encounter data, provider directory data, clinical data, pharmacy data
      • Certain types of information must be available within 1 business day
    • Stakeholders are free to adopt new versions of standards, contingent on continued support of older implementations & backwards compatibility
    • Coordination among payers – enable plans to obtain/incorporate data from a member’s prior plans
    • Health plans must participate in a trusted exchange environment
    • Plans must inform members about privacy and security protections (including those required by HIPAA, FTC, etc. as appropriate)


Regulatory Barriers & Solutions

Identity:

  • May be a need to suggest that while we are constrained from using a deterministic matching approach (i.e. UID), we may need to provide reduced liability from errors caused by accepted matching algorithms

Security:

  • Given complexity of existing laws/regulations, may need to suggest reduction in liability when there are errors related to disclosure of protected information

Directory:

  • May have to provide CMS the regulatory authority to create a nationally validated data set, as well as incentives/disincentives to participate
  • No labels