The Stage 3 proposed rule for meaningful use is set to be released in March. It will likely be the final incentive-driven phase of the controversial program and many are wondering what it will entail.
Deven McGraw, a Washington D.C.-based partner in the healthcare practice of Manatt, Phelps & Phillips and a member of the Office of the National Coordinator for Health IT’s (ONC) Health IT Policy Committee (HITPC), has her finger on the pulse of major policy happenings in healthcare IT. Healthcare Informatics Senior Editor Gabriel Perna recently spoke with McGraw in a two-part interview series to see if she’d offer some predictions for our readers.
In part one of the interview, McGraw focused on interoperability and how it would be a focus of Stage 3. In part two, she talks about the privacy and security elements of Stage 3 and whether some of the criticisms lobbed at the meaningful use program are fair or not. Below are excerpts from the interview.
From a privacy perspective, what are some of the challenges of interoperable systems and how can those be overcome within the framework of Stage 3?
The reality is if you’re exchanging data to treat a patient, in most cases and in most states, you can do that and presume that it’s legally allowed on the presumption that most patients would consent if asked. You don’t need to get an authorization from the patient and translate that authorization for the next provider in the case of most data sets. That’s true under HIPAA [Health Insurance Portability and Accountability Act] and many state privacy laws—a lot are built like HIPAA in that the ability to exchange data is permitted without the need to get specific authorization from patient.
There are exceptions. If you’re trying to share information that’s covered by federal substance treaty laws you’d need a specific authorization to share it and you’d need to put that recipient provider on notice that data was protected by additional privacy requirements. It’s not a technical capability that exists in most EMR systems today. Similarly, under some state laws, particularly for specific types of data, you need consent from the patient to even exchange the data. That creates a circumstance where it’s up to the originating provider to get consent from the patient and store that consent.
The ability to [pursue] consent isn’t quite there from a technical capability standpoint, in terms of widespread availability and use. But that doesn’t apply in most circumstances of exchange. There have been questions raised about the type of really robust exchange, where you need to have a digital address of the provider you’re sending it to and digital certificates, the same way it’s done on the Internet, and there needs to be trust when you’re making that exchange that the information is going to the right place. The obligation is on the providers to properly have secure ways to exchange data. There was indication on the policy committee, when we looked into this, that some of that infrastructure isn’t always there. As part of a health information exchange…you may have that infrastructure. If you’re using Direct and have a Direct address, and the recipient has Direct, you should be able to complete the transaction. But you can see several places where that might break down if that infrastructure isn’t there.
Meaningful use has never been more scrutinized than it was last year. What is your take on some of the criticisms aimed at the program? (Editor’s note: This was interview was conducted before the Centers for Medicare and Medicaid announced projected changes to meaningful use that would address many of the criticisms)
The criticisms need to be taken seriously. It is not easy to do this. That’s the reason for the incentive dollars. If we were just giving people money for doing something easy, we would probably have not gotten this to Congress. There was recognition that the dedication of a fairly significant number of tax payer dollars to achieve true meaningful use of electronic health records was not going to be easy, so money was put on the table. Is it enough money to reflect the amount of work that’s needed? Probably not but it’s still a dollar amount that is a more than necessary shot in the arm to propel this program forward. We’ve seen from the results, with how many people have signed up and been paid, this program was seen as valuable by provider community. But it’s not easy for them to do this.
Now that I’m sitting on the side of healthcare entities and helping them work through the struggles to achieve Stage 2, I get an even bigger dose than by virtue of just being in the policy committee of what a big challenge this can be. That means it is important to take these concerns seriously. Having said that, from a policymaker’s standpoint, CMS and ONC need to have their eyes on the ultimate goal of all this and keep pushing towards that. The only way we’ll get the progress is to be pushy and push them past the comfort zone and make the next leap. How much we push and how quickly we require come into compliance with those objectives, we do need to pay attention and appreciate the enormous challenge and how much effort it takes.
Running in D.C. circles, do you have a sense that this is it with Stage 3? That it almost has to be knocked out of the park because meaningful use is near the end? What’s the feeling there?
Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.