Industry groups voice privacy concerns over health IT proposals

Proposed rules to mitigate one of the biggest obstacles to value-based care––interoperability––and provide patients with access to their own health information for free are being met with privacy and security concerns from industry stakeholders.

In February, CMS, along with the Office for the National Coordinator for Health Information Technology (ONC) proposed new rules to improve interoperability and give patients access to their health records. Among other requirements, the proposal included mandates for healthcare providers to allow patients to access their health information––for free––on digital apps through third parties. The rules would affect all health plans doing business through the federal exchanges, Medicare and Medicaid, about 125 patients overall, according to CMS Administrator Seema Verma. The rules were an implementation of the 21st Century Cures Act.

The proposal comes at a time when only about half of individuals were offered access to their online medical record last year, according to recent data from ONC.

While the aims of the rules are patient-centric, some industry groups, including the American Medical Association, are concerned about privacy of health information, especially if sensitive medical records are given to third-party vendors. Industry stakeholders had an extended comment period to voice their criticisms or praise of the proposed rules posted on the Federal Register. Nearly 3,000 comments were received on the two proposed rules from CMS and ONC.

“The AMA strongly supports patients having access to their own health information, which is a laudable goal of the administration,” AMA President Barbara L. McAneny, MD, said in a statement “At the same time, the proposed rules are complicated, intertwined, and may result in a patient’s information being shared with third parties—including those under no obligation to keep information private—in a way the patient didn’t foresee or want.”

According to the AMA, the rules do not provide enough protections for patients when their health information is shared.

“For example, a patient’s app should have to reveal to the patient that his or her health information will be sold to other companies. And a health insurance company should be prohibited from using a patient’s medical record to increase prior authorization requirements,” McAneny further stated.

Other industry stakeholders voiced concerns about data security, though most are supportive of the direction of the proposed rules to better enable access to health records and improve care coordination through interoperability.

“We are concerned that the pace of implementation and the heavy reliance on third party apps not covered by HIPAA will jeopardize the security of patient information,” Ceci Connolly, president and CEO of the Alliance of Community Health Plans (ACHP), said in a statement about the rules. “We also believe medical providers should be responsible for providing patients accurate, private medical information––and have serious concerns about the unintended consequences of health plans being required to provide that data.”

Despite these concerns, the American Medical Group Association (AMGA) recommended that CMS and ONC use application program interfaces to share claims data to eliminate a major impediment of value-based care.

“Standards and interoperability are important and should not be overlooked, but we can’t lose sight of the why we use such systems,” Jerry Penso, MD, MBA, AMGA president and CEO, said in a statement. “And that’s to ensure our care teams have all the information necessary to provide patients the best care and practices have the data needed to develop population health strategies. That’s the promise of interoperability, but we know these systems are only as strong as the data they transmit, which is why we need real-time claims data.”

Information sharing should be viewed as a top need, AMGA stated.

Amy Baxter

Amy joined TriMed Media as a Senior Writer for HealthExec after covering home care for three years. When not writing about all things healthcare, she fulfills her lifelong dream of becoming a pirate by sailing in regattas and enjoying rum. Fun fact: she sailed 333 miles across Lake Michigan in the Chicago Yacht Club "Race to Mackinac."

Around the web

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."
 

With generative AI coming into its own, AI regulators must avoid relying too much on principles of risk management—and not enough on those of uncertainty management.

Cardiovascular devices are more likely to be in a Class I recall than any other device type. The FDA's approval process appears to be at least partially responsible, though the agency is working to make some serious changes. We spoke to a researcher who has been tracking these data for years to learn more. 

Trimed Popup
Trimed Popup