Federal Interest in Health Information Technology

On February 19, 2020, the Jaharis Health Law Institute (JHLI) was honored to have John Travis, Vice President of Regulatory Research and Strategy at Cerner Corporation, speak during another installment of the JHLI Lunch Lecture Series. Mr. Travis’s presentation focused on the federal interest in health information technology (HIT) and interoperability in compliance with federal health insurance programs.

Cerner is the largest publicly traded HIT and electronic health record (EHR) company, so staying up to date with the ever-changing regulatory environment is a constant priority.  Beginning with the enactment of the Healthcare Insurance Portability and Accountability Act (HIPAA) in the mid-90s, the federal government created major privacy and security elements that impacted HIT. It gave patients more rights with regards to their health records, including the ability to amend and correct their records. Further, it created the need for technical, physical and administrative controls to protect electronic health information (EHI).

With HIPAA as the foundation, the federal government continued to enact more legislation to increase the use of HIT. The government slowly moved away from voluntary compliance, where only entities utilizing HIT had to comply with rules, to actively incentivizing the adoption of HIT. Stark Law and Anti-Kickback Statute safe harbors permitted donations of HIT to physicians so long as the HIT enabled interoperability, privacy and security. The Medicare Improvements for Patients and Providers Act (MIPPA) established the first “use” incentive for physicians relative to HIT by introducing a reduction in payment for failure to adopt. This was a precursor for an even more involved role to come for the federal government.

The HITECH Act was the federal government’s transition from experimenting, encouraging and incentivizing of HIT to a very direct role. It created major changes, most notability Meaningful Use which established penalties for failure to use HIT. HITECH also created HIPAA updates specific to EHR. Further, it changed the legal liabilities for entities in the HIT space by creating the Business Associate (BA) designation. For companies like Cerner, becoming a BA puts them on the same footing as providers in terms of compliance with these federal privacy and security laws.

With so much regulatory change over the last 25 plus years, where is the industry going from here? Mr. Travis highlighted a continued push towards value-based payments and the impact it will have on HIT and interoperability. Further, Mr. Travis said that we could see expansions of HIT use beyond physicians and hospitals along with expansions of federal programs and incentives for adopting HIT. Ultimately, Mr. Travis said, the goal of federal policy in HIT and interoperability is to make EHI access, use and exchange ubiquitous to the point of including for care, consumer use, research, or even population health planning.