Alix Goss
Bob Dieterle
Ed Martin
Rick Geimer
Tim Young
Jason Walonoski
Tony Little
Alex Kontur
Alix - Anticipate completing work on defining issues, describing landscape of industry efforts, and identifying regulatory barriers by end of April. Next step is solutioning
NCVHS Overview
Statutory public advisory committee on health data, statistics, and health information policy
- Comprised of 18 members w/diverse backgrounds, expertise, and geography
- Statutory obligations, including periodic reports about HIPAA
- Makes recommendations to HHS
- g. work products include report on privacy beyond HIPAA, recommendations on approaches for standards adoption (“predictability roadmap”)
- Domains – population health, privacy/confidentiality/security, standards, and others at the request of HHS Secretary and ASPE
Predictability roadmap:
- Administrative Procedures Act processes are lengthy, which makes it difficult to adopt updates to standards once a base standard is selected
- Need to find a mechanism to enable industry to take the lead on adopting/implementing updates to standards
- Recommendation: promote/facilitate the voluntary testing and use of new standards
- g. entities may request an exception under HIPAA to try new standards, but most aren’t aware
- Recommendation: Upgrade the way industry collaborates to maintain/enhance HIPAA transaction standards and operating roles
- Re-evaluate role of Designated Standards Maintenance Organizations (DSMO)
- Claims
- NUBC (AHA)
- NUCC (AMA)
- Dental Content Committee (ADA)
- SDOs
- Change requests can take years to evaluate (as they move through the various layers from DSMOs to NCVHS to HHS to regulation)
NPRMs
Bob - CMS NPRM sets requirements for HHS-funded payers, based on standards from ONC NPRM (e.g. definition of API, USCDI)
- 119 (Medicare Advantage) – MA payers have to make information available through an open API
- Includes: claims data, encounter data, provider directory data, clinical data, pharmacy data
- Certain types of information must be available within 1 business day
- Stakeholders are free to adopt new versions of standards, contingent on continued support of older implementations & backwards compatibility
- Coordination among payers – enable plans to obtain/incorporate data from a member’s prior plans
- Health plans must participate in a trusted exchange environment
- Plans must inform members about privacy and security protections (including those required by HIPAA, FTC, etc. as appropriate)
Regulatory Barriers & Solutions
Identity:
- May be a need to suggest that while we are constrained from using a deterministic matching approach (i.e. UID), we may need to provide reduced liability from errors caused by accepted matching algorithms
Security:
- Given complexity of existing laws/regulations, may need to suggest reduction in liability when there are errors related to disclosure of protected information
Directory:
- May have to provide CMS the regulatory authority to create a nationally validated data set, as well as incentives/disincentives to participate