Skip to content Skip to navigation

D.C. Report: The Coming and Going of SCOTUS, HIPAA Anticipation

April 5, 2012
by Jeff Smith, Assistant Director of Advocacy at CHIME
| Reprints
Click To View Gallery

SCOTUS Comes and Goes – What’s Next? If you’ve been listening to the gurus and talking heads of Washington this week, you were probably shocked to learn the Supreme Court struck down the individual mandate.  Or, if you were paying attention, you learned that not much has really changed since last Friday.

The Supreme Court did hear oral arguments this week on the Anti-Injunction Act, the individual mandate, severability and Medicaid expansion, but nothing will be known about the Justices’ decision until June.  In the mean time, States, insurance companies, employers and providers are moving ahead as they have been since the Affordable Care Acts passage in 2010. According to a story in Politico, states that have been dragging their feet to implement exchanges and other parts of the ACA are still dragging and states that are moving aggressively to implement key pieces of the law aren’t showing any signs of slowing.

However, this is not to say that the health IT world has nothing to fear.  Depending on if the Justices strike the mandate, and depending on how they decide what parts of the law stay, several programs using health IT to guide new healthcare delivery reforms would be subject to the same uncertainty.  As reported in last week’s Advocacy Corner, two areas that we’ll be watching closely include the Medicare Shared Savings Program, which created the regulatory guidelines for Accountable Care Organizations, and the CMS Innovation Center, which oversees multiple initiatives ranging from Bundled Payments to Patient Centered Medical Homes. 

Industry Awaits HIPAA Updates Several pieces of HIPAA – many of which stem from the 2009 HITECH Act – are likely to come together soon, observers in Washington note.  Four long-awaited final rules have been sent from HHS to the Office of Management and Budget as a “HIPAA Omnibus Rule.”  The final rules include:

·         Changes to HIPAA's privacy and security rules mandated by the HITECH Act;

·         New enforcement requirements and higher penalty requirements;

·         Final regulations of HITECH's breach notification rule; and

·         Changes to HIPAA to incorporate the Genetic Information Nondiscrimination Act (GINA). 

OCR also will release guidance to help entities implement the changes, including an updated business associate agreement. Some of the major changes expected in the rule could include eliminating or amending the controversial “harm threshold” provision that currently enables covered entities to not report on breaches determined to not be harmful, making business associates and subcontractors liable for breaches as covered entities are, and requiring some degree of data encryption.

And for anyone out there asking themselves how they’re going to handle all the new HIPAA changes, NIST has developed a HIPAA Security Toolkit Application that is meant to “help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environment.”

StateNet Community Talks Advocacy at the Statehouse in Latest Meeting During its bi-monthly meeting this week, CHIME members joined a broader group of health IT stakeholders for the year’s second StateNet Community Meeting & Webinar.  Attendees heard from four health IT advocacy pros who talked about their experiences working with state legislatures in Colorado, Maryland and Virginia.  The range of issues facing these three states included a Medicaid payment reform program, all-payer claims database legislation and telemedicine reimbursement. 

The presentations were timely as National Coordinator Farzad Mostashari and CMS Acting Administrator Marilyn Tavenner this week published a blog on the subject of state-level policies having an impact on health IT.  They noted correctly that several states have already set ambitious targets, mentioning states like Ohio, Washington, California and New York who have set targets for having providers receive EHR incentive payments in 2012.

By working with local HIMSS and AHIMA chapters stakeholders in all three states convened for a HIT Advocacy Day in their state capitols that included CIO Panels (Virginia) joint panels with legislators and health IT practitioners (Colorado) and a panel of HIT experts focused on the consumer experience (Maryland). 

The states also shared “lessons learned” in making sure a HIT Advocacy Day is successful.  Among those was the idea that Advocacy is a year-round effort and that health IT experts need to volunteer with state boards and commissions whenever possible.  Nearly all the states said there’s a need to get started early and keep a watchful eye on legislation.  Colorado suggested that states even consider hiring a consultant to organize and do press outreach.

An archive and slides of the presentation