Alix Goss

Bob Dieterle

Patrick Murta

Danielle Friend

Rick Geimer

Jason Walonoski

Dan Chaput

Alex Kontur


Regulatory Barriers

What industry efforts to manage/reduce the barrier are we aware of?

HIPAA minimum necessary

  • Bob – recent congressional hearing about privacy and security changes (broadly about protection of patient information and need for access to information, e.g. how do you ensure information is only used for the purpose requested)
  • Alix – NCVHS hosted a half day working session (~late 2017) about HIPAA (beyond privacy considerations), however it was a bit dated considering transition to API environment. No currently active NCVHS work/projects about HIPAA minimum necessary requirements
  • Alex – OCR RFI about modifying HIPAA to improve coordinated care (https://www.federalregister.gov/documents/2018/12/14/2018-27162/request-for-information-on-modifying-hipaa-rules-to-improve-coordinated-care)
  • Alix – could California’s new privacy law have an impact?
    • Bob – state laws are important if we expand this barrier to include consideration of specially/additionally protected data

Regulatory mandated standards

  • Bob – ONC/CMS NPRMs propose a process for updating standards
  • Alix – NCVHS’s Predictability Roadmap – recommendations for improving “cadence” associated with planning upgrades and advancing industry oversight

Patient identifier

  • Alix – CMS NPRM request for information, industry efforts (e.g. CHIME, HIMSS, ONC)
  • Murta – really a “person matching” issue, not healthcare specific
    • Bob – are there better solutions for person matching in other industries?
    • Murta – yes, other industries have more advanced algorithms (can’t provide specifics)
    • Dan – public health has dealt with matching in a sophisticated manner for immunizations and biospecimens (e.g. tumors)

Cost of accessing data via FHIR API

  • Bob – ONC NPRM
  • Jason – consider transaction costs for API calls in other industries (e.g. Amazon, Azure, Google)
    • Bob – healthcare costs are probably only marginally based on the actual technical cost. Do we know of any other examples where transaction costs are regulated?
    • Jason – phone companies? Utility companies
    • Dan – virtual remote interpreting for telephone calls is highly regulated
  • Bob – unclear how proposed rules relate to intermediaries, e.g. a covered entity may only charge a small fee for access, but require the user to use the services of an unregulated third party that charges substantially more. Are pass through charges regulated in the telecommunications industry?
    • Jason – probably, so that smaller carriers won’t be priced out of networks

Use of NPPES as endpoint repository

  • Bob – CMS NPRM and 21st Century Cures Act; DirectTrust, Carequality, other industry directories

HIPAA transactions require X12

  • Alix – from NCVHS perspective, trying to find a way to converge administrative and clinical data. People aren’t aware of the exceptions process (162.940)
  • Bob – using FHIR on either end of an X12 transaction (e.g. Da Vinci prior authorization work). Likewise, clearinghouses do this all the time
  • No labels