Transparency websites give health IT purchasers clear view of products

Purchasers of certified health information technology (IT) have access to information about health IT products’ costs and limitations via two new websites maintained by the HHS Office of the National Coordinator for Health Information Technology (ONC). The 2015 Edition Health IT Final rule required developers to disclose information about known material limitations and types of costs associated with their products and to make an attestation as to whether they will voluntarily take additional actions to increase transparency regarding their products and business practices. The information is available on the ONC’s Certified Health IT Developer Transparency website, as well as on the upgraded health IT product list.

Mandatory disclosures

The Final rule (80 FR 62602, October 16, 2015) mandated developer disclosures so that purchasers could better understand obstacles and costs that they might face, allowing them to compare and knowledgeably select products. Statements must be written in detailed, plain language. Because customers can make more informed choices based on the disclosed information, developers have more incentives to improve upon their products and to refrain from engaging in information blocking, which is deliberate or unreasonable interference with the exchange of electronic health information.

Voluntary attestation

Earlier in 2016, companies that provide 90 percent of electronic health records (EHRs) used by hospitals nationwide made an interoperability pledge, agreeing to improve consumer access, refrain from blocking and ensure transparency, and implement federally recognized interoperability standards. “Nearly all developers” who made the earlier pledge have voluntarily attested, pursuant to the requirement set forth in the Final rule, that they will take additional actions to promote transparency, including making information about their business practices available to potential customers and requestors. The Final rule also allowed developers to attest that they will not take additional voluntary actions.

ONC-Authorized Certification Bodies (ONC-ACB) will monitor developers to ensure that they are “reporting accurate and compliant disclosures.” Developers who fail to do so will be subject to corrective action, including potential termination of certification.

EHR adoption up, ONC discussing further plans at national convention

Almost all hospitals have implemented certified electronic health record (EHR) systems, a notable increase from 2008 survey data. In order to further the efforts to ensure transmission of health information between providers, the Office of the National Coordinator for Health Information Technology (ONC) will convene with public and private sector parties at its 2016 annual meeting, where sessions will educate those attending on current advancements and future plans.

Increased adoption

According to the ONC’s May data brief, 96 percent of reporting non-federal acute care hospitals had certified EHR systems in 2015. Eight of 10 small, rural, and critical access hospitals possessed at least basic EHR technology, although only about half of children’s hospitals and 15 percent of psychiatric hospitals had done so. Across all states, at least 6 out of 10 non-federal acute care hospitals had adopted basic EHR, a significant increase since 2008 when most either reported none or less than 20 percent.

Future of health IT

The annual meeting’s agenda includes presentations on the federal government’s commitment to better health, advances in interoperability, research, and health innovation. The government is particularly interested in precision medicine, which ensures that treatments are individualized to each patient’s needs. The presentations also cover the health IT response to the Zika virus, advancing health IT for Medicaid programs, and cybersecurity.

Hearing asks experts how to HIT health care into the future

Lawmakers and experts evaluated innovative ways to use health information technology (HIT) to improve health care and health care delivery at a March 22, 2016, hearing held by the House Committee on Oversight and Government Reform Subcommittee on Information Technology and Subcommittee on Health Care, Benefits, and Administrative Rules. The hearing addressed positive HIT capabilities, including medical devices, electronic health records (EHRs), patient monitoring, and improved outcomes, as well as the barriers that hinder adoption of effective HIT, such as a lack of coordination and interoperability.


Dr. Karen DeSalvo, the HHS National Coordinator for Health Information Technology testified that since the Office of the National Coordinator (ONC) was established in 2004, great strides have been taken towards adoption of HIT. For example, by 2014, 97 percent of hospitals reportedly possessed certified EHR technology and roughly three-quarters of physicians reported the same. DeSalvo acknowledged, however, that there is still work to do to reach interoperability. She testified as to efforts the ONC is undertaking to incentivize providers to move towards interoperability, including the Interoperability Roadmap, and the Interoperability Proving Ground website, which promotes sharing and learning regarding interoperability programs across the country. DeSalvo also urged the importance of alternative payment models which use payments to push providers towards interoperability by rewarding value over volume.


Consumers are changing the HIT landscape by taking a more active role in managing health data through the growing variety of health-related apps, devices, and services according to the testimony of Jessica Rich, the Director of the Bureau of Consumer Protection at the Federal Trade Commission (FTC). She also noted that while the advancements are improving health outcomes, because much of the consumer related activity is happening outside of physician offices, the products and services are raising novel privacy and security concerns. Rich testified that the FTC’s efforts to protect consumer privacy include settlements, enforcement actions, consumer education, and business guidance.


Matthew Quinn the Federal Managing Director of Intel’s Healthcare and Life Sciences division testified as to how Intel works with public and private partners to advance HIT. Quinn highlighted Intel’s interoperability-focused Connected Care Program and efforts related to precision medicine, collaboration through use of cloud-computing, and employee wellness programs. He stressed that interoperability must be the foundation of individualized care. He also noted that increased reliance on consumer-generated health data will be an important component in the advancement of HIT.

A means to an end

Interoperability of electronic health information will make health care more affordable, according to Neil DeCrescenzo, the President and CEO of Change Healthcare, a software, analytics, network solutions, and technology company. However, DeCrescenzo testified that achieving interoperability necessitates a discussion that is grounded in real-world applications of technology. He warned that interoperability should not be discussed as an end in itself but rather as a means to achieving other goals for the health care system. He also stressed the importance of reducing legal barriers to interoperability by eliminating inconsistent legal requirements across state lines and by incentivizing value oriented, coordinated services.


Patient and Consumer interests were the focus of the testimony of Mark Savage, the Director of Health IT Policy and Programs at the National Partnership for Women & Families. Savage noted that patients understand the importance of reliable HIT and believe EHRs are crucial to avoid duplication of tests and to avoid medical errors. He testified that health care organizations should strive to engage patients as partners in their own care through advancements like electronic information access and online communication.

ONC blog series tries to bust HIPAA information-sharing myths

The Office of the National Coordinator for Health Information Technology (ONC) is trying to shake the Health Insurance Portability and Accountability Act’s (HIPAA’s) (P.L. 104-91) image as a roadblock to information-sharing. In a four-part blog series, Chief Privacy Officer Lucia Savage, J.D., and Privacy Analyst Aja Brooks, J.D. described HIPAA’s promotion of interoperability through permitted uses and disclosures that do not require covered entities (CEs) to first obtain written authorization from the patient.  The posts provided real-life examples of permitted uses and disclosure involved in exchanges for both treatment and health care operations.


If an individual authorizes a release of protected health information (PHI) in writing, including when she requests that the PHI be sent directly to a third party, a CE or business associate (BA) must generally comply.  However, CEs and BAs are often uncomfortable releasing PHI when such authorization has not been given.  The blogs emphasize that HIPAA provides for the release of PHI for treatment and health care operations of either the disclosing CE or the recipient CE (45 CFR 164.506(c)). Treatment is defined pursuant to 45 C.F.R. 164.501 and includes, in addition to traditional treatment, referrals, coordination of health care services with a third party, and consultation between providers. A disclosing provider is responsible for disclosing the information in a  permitted and secure manner, such as via certified electronic health record technology (CEHRT), but will not be liable for any actions that the recipient takes with that information.

Health care operations

Covered entities may also disclose information to other CEs or their respective BAs without authorization in certain circumstances related to health care operations, including those involving case management and quality assessment and improvement.  In all instances, both CEs involved in the exchange must have an existing or previous relationship with the patient, the requested PHI must pertain to that relationship, and the disclosing CE must release only the minimum necessary information.  For example, a physician may disclose minimum necessary PHI related to diabetic and pre-diabetic patients to a health management company that is a BA of a health plan (CE) so that the health management company can, at the health plan’s request, provide semi-monthly nutritional advice to members. The ONC also indicated that providers who are part of an accountable care organization (ACO) and operate as an organized health care arrangement (OHCA) may provide PHI to the ACO’s quality committee for quality assessment purposes if, for example, the ACO is looking to improve its rate of hospital-acquired infections.  Similarly, a provider may provide PHI about a current patient to the patient’s former provider if the former provider needs that information for quality assessment.

HIPAA: a tool for sharing?

The blog authors explained that HIPAA is not only a tool to protect PHI, but can be used to enable access to that same information when necessary for patient care. They hoped that the posts “shed some light on how HIPAA supports the goal of nationwide, interoperable exchange of health information for patient care and health.”  Perhaps wary providers will take note.