HIPAA reform on the minds of leaders at AHIMA

Like most healthcare conventions this year, the 2017 meeting of the American Health Information Management Association (AHIMA) featured plenty of talk about healthcare policy coming out of Washington, D.C. With much of the attention taken up by the Affordable Care Act’s future, AHIMA’s leaders were considering the future of a different law: Health Insurance Portability and Accountability Act (HIPAA).

To gain some insight into near- and long-term policy and regulatory concerns for health information management (HIM) professionals, HealthExec sat down with a panel of top AHIMA officials: interim CEO Pamela Lane, MS, president and chair Ann Chenoweth, MBA, president and chair-elect Diann Smith, MS, and Lauren Riplinger, senior director of federal relations.

HealthExec: For HIM professionals, what’s their most pressing regulatory concern?

Ann Chenoweth, MS: I would say MACRA (Medicare Access and CHIP Reauthorization Act). It’s resulting in a transformation on why HIM professionals work. Our profession, as many sectors of the healthcare industry, has been very focused on acute care and inpatient. With MACRA and other payment reform initiatives—bundled payments, population health—the umbrella for HIM has expanded and is continuing to expand very rapidly to alternative care settings, like physician practices, post-acute care, home health. All of these areas are being rolled up under the HIM professional’s responsibility.

You got continuing pressures on cost reduction and how you measure quality, how do you adjust for risk. All of those areas impact HIM. Trusted information to support all of that across the enterprise are key initiatives and it’s all falls under MACRA and the move to value-based payment.

Pamela Lane, MS: I think there’s a lot where we need regulation or further definition. We need more around breach definition, cybersecurity, reporting—it’s just all over the place. There are so many unanswered questions around SAHMSA (Substance Abuse and Mental Health Services Administration) and mental health. HIPAA reform—that’s a term we’re starting to hear. If all health information needs to be protected with high levels of security, then why are we calling out any health information at a different level? Having those things defined is core to what we do and would, for a lack of better term, make it easier and make it clearer so there’d be fewer obstacles, barriers in the way.

Chenoweth: Plus, there’s 21st Century Cures and interoperability. The trusted exchange of data, patient identification and ensuring the electronic health record (EHR) is not contributing to the lack of sharing of data.

HIPAA reform, now that’s something I don’t hear about often. What would changing HIPAA look like?

Lane: That’s as far as it goes. That’s why you only hear inklings of it because there’s always this fear of “careful what you wish for,” because what would it look like when you get to the other side of it? There’s an acknowledgement now because of health information exchange efforts and moving information and segmenting information that it is a barrier, in some cases, to exchange, but how do we fix it without unintended consequences making it worse? There’s an acknowledgment that we need to do something about it, but that’s kind of where everything stops.

Lauren Riplinger: Pam’s exactly on point. Under this administration, there’s been a real focus on regulatory reform. The way that the HHS Office of Civil Rights (OCR) is viewing is when a breach occurs, how do we manage it? I think it’s in this broader discussion of should HIPAA should look more like a data protection act where the data isn’t necessarily treated differently and it’s held to that same standard in the event of a breach or misuse—but that’s really as far as the discussion goes.

Lane: Nobody has one clear answer that everyone can agree on yet. The fact we’re having the conversations is huge because for so long no one would even say “HIPAA reform.” We’re going to get there.

Back to MACRA—we’re inside the final 90-day reporting window, so if an organization is going to participate in the Merit-based Incentive Payment System, it has to have started. What’s the assessment of HIM professionals about the new system in its first, transitional year?

Riplinger: From talking with our members, people are pleased with the flexibility. There’s an acknowledgement from CMS that this transition will take time. A lot of providers are still struggling with what this will look like, particularly for small and rural practices. Certainly, at some point, we’re going to have to advance if we want to get to the goals of the Quality Payment Program of reducing costs and bringing value to the system, so it’s a work in progress.

Bringing value to the system seems to go along with interoperability, but the industry seems to agree that capability is not where it needs to be. Where’s the onus to change that—does it fall on vendors, HIM professionals, providers or regulators?

Diann Smith, MS: It’s going to be all of us. I think we all have to come to the table together. Organizations have a stake in the game because they’re putting forth resources to try to ensure their patients aren’t harmed by not having the right information. I think it’s a partnership. It’s huge and I don’t think one particular group owns it. We all have to own it. A lot of our professionals are concerned about the quality of the information and correct, positive patient identification, especially because there is lack of interoperability. So, they’re starting to do a lot more work in that area.

What’s the regulatory contribution to solving to the interoperability problem—or should regulators let the industry figure it out?

Riplinger: I think it’s a fine line. There needs to be an involvement of federal partners like ONC (Office of National Coordinator for Health IT) and OCR. At the same time, we want to make sure we do it in such a way that it doesn’t crush innovation in the marketplace, so that’s a very fine line we need to walk. I’m not convinced we can regulate our way out of it. I think it needs to be a partnership.

Chenoweth: I just don’t know what is going to truly incentivize the vendors to fully share data other than fines if they don’t.

How about legislative priorities for HIM? Is there room for get anything done while the Affordable Care Act has taken up so much attention when it comes to healthcare policy with the new administration?

Riplinger: We continue to be focused, alongside partners like CHIME and HIMSS, on the patient matching issue. We’re trying to either remove the prohibitory language from the appropriation bills or allow ONC that flexibility to have that conversation with private stakeholder to figure out a national solution to the patient matching solution.

The second issue we’re focused on is 42 CFR Part 2, dealing with substance abuse data. Making sure that data is treated the same way as it could be under HIPAA, where there’s an exception for treatment, payment and operation, so that data can be used for care coordination for treating that patient when they come in.