The Final Rule published by the US Department of Health and Human Services on January 18, 2017, largely avoids major modifications to the Common Rule. However, it specifically addresses creation of biospecimen and data repositories and use of those repositories for secondary research. All stakeholders involved in federally funded research should be aware of the Final Rule’s changes and prepare to implement them.
On January 18, 2017, the Department of Health and Human Services (HHS) and 15 other federal agencies issued a final rule overhauling the federal human subjects research regulations known as the “Common Rule.” These are the first revisions to the Common Rule since its original enactment in 1991, and have been in progress since HHS first published an Advanced Notice of Proposed Rulemaking in July 2011. According to the press release accompanying the final rule, HHS made “significant changes” to its most recent proposals (published in September 2015) in response to the 2,100+ public comments they received.
The majority of the Common Rule’s changes and new provisions will go into effect in 2018. We are reviewing the final rule in detail, and a summary of changes and new provisions is forthcoming.
On January 4, 2017, the Department of Health and Human Services (HHS) submitted a draft final rule to amend the federal human research regulations to the Office of Management and Budget (OMB). These regulations, often referred to as the Common Rule, were originally developed in 1991 and have been adopted by multiple federal departments and agencies. OMB review is the last step before final publication and suggests that HHS is trying to release a final rule before President Obama leaves office on January 20, 2017.
Through its Office for Human Research Protections (OHRP), HHS initially published an Advanced Notice of Proposed Rulemaking in July 2011. The Advanced Notice generated significant controversy and OHRP did not publish a notice of proposed rulemaking (Proposed Rule) for over four years, ultimately doing so on September 8, 2015. The Proposed Rule, like its earlier Advanced Notice counterpart, suggested major changes to the Common Rule, including changes to its overall jurisdictional scope, requirements relating to secondary use of biospecimens and individually identifiable information, and the general research review and oversight process.
Since the Proposed Rule’s publication, OHRP has received significant feedback from both industry and expert advisory groups about the proposed changes and their overall impact. While certain proposed changes have been applauded, the Proposed Rule has also generated considerable concern and uncertainty among stakeholders.
The current status of OMB’s review is pending.
The Joint Commission (TJC) recently clarified that licensed independent providers (LIPs) or other practitioners may not utilize secure text messaging platforms to transmit patient care orders. TJC’s earlier position provided that use of secure text messaging platforms was an acceptable method to transmit such orders, provided that the use was in accordance with professional standards of practice, law and regulation, and policies and procedures.
TJC identified the rationale for the reinstated prohibition against secure text messaging for patient care orders as one of patient safety—after “weighing the pros and cons” TJC and the Centers For Medicare and Medicaid Services (CMS) concluded that as the impact of the modality on patient safety remained unclear, and determined that approving its use was premature.
Read more here about how this clarification impacts health care organizations.
Digital health—the intersection of health care related software applications, analytical tools, medical device technology and electronic data assets that are enabled and achieved through the use of the internet and hand-held devices—is empowering the innovation needed to meet the imperative for a transition from payment based on volume to payment based on value that is evaluated in terms of measurable improvements in care delivery and population health.
One prominent example is the use of digital health solutions to implement the payment innovation contemplated by the Medicare Access and CHIP Reauthorization Act (known as MACRA)—which directly ties both payment increases and reductions to various, specific efficiency and value measures. The Merit-Based Incentive Payment System (MIPS), one of the two available payment pathways under MACRA, assigns points to clinicians in different performance categories, several of which promote the adoption of digital health solutions. To illustrate:
- The Quality category requires six measures to be reported, many of which may be leveraged through the use of digital health tools. For example, the Maternity Care: Post-Partum Follow-Up and Care Coordination measure tracks the percentage of patients who were seen for post-partum care within eight weeks of giving birth who received particular evaluations, screening and education. Obstetricians, gynecologists and family medicine practitioners could earn points under this measure by using telemedicine technologies, like videoconferencing platform, to engage in virtual patient visits with post-partum patients to answer the patient’s questions, provide education on the recovery process and assess the patient’s physical and mental health status, including the performance of mandatory post-partum depression screenings.
- The Advancing Care Information category requires the use of certified electronic health record technology to coordinate care through patient engagement (g., secure messaging). The implementation of patient portals with integrated messaging platforms facilitate communication between the patient and health care practitioner, providing additional functionalities like sending reminders, engaging in dialogue about follow-up care, encouraging preventative action and distributing educational materials. These portals typically also give the patient access to timely and informative data, like test results, that allow the patient to play a role in decision making and (hopefully) empower the well-informed consumption of care.
- The Clinical Practice Improvement category is perhaps the best opportunity for digital health integration. Activities that improve beneficiary engagement, population management, expanded practice access and care coordination—among others—are assigned points and weighted. Here, mobile apps have the capability to enable e-visits via videoconference as an alternative method to an in-person visit; facilitate questionnaire reporting; and send reminders, materials and other notifications to alert and educate patients about services due. The apps also provide opportunities to generally inform the delivery of care for the specific patient by sending alerts to providers to indicate that it’s time for a visit or that a problematic symptom was noted on a questionnaire. Further, clinical practices could leverage app-sourced data to gain information about patient trends, clinical areas of concern or successes related to digital health tool utilization.
For additional examples and insights on how digital health tools will be necessary for a successful transition to alternative payment schemes, please read Managing the Transition to Transformation: Digital Health Solutions: Essential Ingredients in Alternative Health Care Delivery and Payment Innovations.
Both developers and users of digital health solutions face both immense opportunities and daunting challenges. One key challenge is compliance with the often complex state and federal laws and regulations adopted by the numerous regulatory bodies responsible for overseeing different aspects of digital health. The following illustration identifies the numerous regulatory bodies that have been increasingly focused on the use of technology in healthcare and are expected to continue their focus and enforcement activities in the coming years.
Because innovation is moving faster than the law in this area, in-house counsel and compliance officers must be prepared to identify and manage the myriad compliance and liability risk considerations arising from participation in and use of digital health tools. This will require an understanding of how each of these regulatory bodies oversees and regulates digital health today and close monitoring of how that evolves and changes in the future.
Health care providers, patients and consumers should approach the selection and use of digital health advancements with a reasonable degree of caution. As AMA CEO James L. Madara, MD, advised in his address at the recently concluded 2016 AMA Annual Meeting, “…. Appearing in disguise among these positive products are other digital so-called advancements that do not have an appropriate evidence base … or that just do not work well or that actually impede care, confuse patients and waste our time … from ineffective electronic health records to an explosion of direct-to-consumer digital health products to apps, some of which are of poor quality.” In this regard, providers would be well served by performing sufficient “due diligence” to determine whether the functionality of the digital health tool effectively meets their specific clinical and operational needs, as well as the needs of their patients, and to evaluate the developer’s compliance with applicable laws and regulations.
On December 7, 2016, the US Congress approved the 21st Century Cures Act (Cures legislation), which is intended to accelerate the “discovery, development and delivery” of medical therapies by encouraging public and private biomedical research investment, facilitating innovation review and approval processes, and continuing to invest and modernize the delivery of health care. The massive bill, however, also served as a vehicle for a variety of other health-related measures, including provisions relating to health information technology (HIT) and related digital health initiatives. President Barack Obama has expressed support for the Cures legislation and is expected to sign the bill this month.
The HIT provisions of the Cures legislation in general seek to:
- Reduce administrative and regulatory burdens associated with providers’ use of electronic health records (EHRs)
- Advance interoperability
- Promote standards for HIT
- Curb information blocking
- Improve patient care and access to health information in EHRs
As public and private payers increasingly move from fee-for-service payments to value-based payment models, with a focus on maximizing health outcomes, population health improvement, and patient engagement, HIT—including EHRs and digital health tools—will be increasingly relied upon to collect clinical data, measure quality and cost effectiveness; assure continuity of care between patients and providers in different locations; and develop evidence-based clinical care guidelines.
On December 6, 2016, the House passed the Expanding Capacity for Health Outcomes Act (S. 2873) (the ECHO Act), which was unanimously passed by the Senate on November 29, 2016. The ECHO Act seeks to expand the use of health care technology and programming to connect underserved communities and populations with critical health care services.
The ECHO Act builds upon the University of New Mexico’s world-renowned Project ECHO by encouraging the broader development and use of technology-enabled collaborative learning and care delivery models by connecting specialists with multiple other health care professionals through simultaneous interactive videoconferencing for the purpose of facilitating case-based learning, disseminating best practices, and evaluating outcomes.
The ECHO Act requires the Secretary of the Department of Health and Human Services (HHS) to study technology-enabled collaborative learning and capacity building models, and the impact of those models on (1) certain health conditions (i.e., mental health and substance use disorders, chronic diseases, prenatal and maternal health, pediatric care, pain management, and palliative care), (2) health care workforce issues (e.g., specialty care shortages) and (3) public health programs.
Within two years of the enactment of the ECHO Act, the Secretary of HHS must submit a publically available report to Congress that:
- Analyzes the impact of technology-enabled collaborative learning and capacity building models, including, but not limited to, the impact on health care provider retention, quality of care, access to care and barriers faced by healthcare providers;
- Lists the technology-enabled collaborative learning and capacity building models funded by HHS over the past five years;
- Describes best practices used in adopting these models;
- Describes barriers to adoption of these models and recommends ways to reduce those barriers and opportunities to increase use of these models; and
- Issues recommendations regarding the role of technology-enabled collaborative learning and capacity building models in continuing medical education and lifelong learning, including the role of academic medical centers, provider organizations and community providers in such education and lifelong learning.
The recommendations made in HHS’s report may be used to integrate the Project ECHO model into health systems across the country.
Collaborative efforts between congressional offices and various health care stakeholders, as well as the feedback provided in response to the Bipartisan CHRONIC Care Working Group Policy Options Document released in December of 2015, have driven the Senate Finance Committee to introduce a draft of bipartisan legislation known as the CHRONIC Care Act, which seeks to modernize Medicare payment policies to improve the management and treatment of chronic diseases using telehealth.
In its tenth OCR Cyber Awareness Newsletter of the year (Newsletter), the Office for Civil Rights (OCR) reminded HIPAA-covered entities and business associates of the importance of selecting an appropriate authentication method to protect electronic protected health information (ePHI). Authentication is the process used to “verify whether someone or something is who or what it purports to be and keeps unauthorized people or programs from gaining access to information.” The Newsletter notes that the health care sector has been a significant target of cybercrime and that some incidents result from weak authentication methods.
Authentication methods can consist of one or more factors and are often described as: (1) something you know, such as a password; (2) something you are, such as a fingerprint; or (3) something you have, such as a mobile device or smart card. Single-factor authentication requires use of only one of the methods. Multifactor authentication requires use of two or more methods (for example, a password prompt followed by an additional prompt to a mobile device). Continue Reading