By Tony Schueth, Editor-in-Chief
In one of his last official acts, President Obama signed the 21st Century Cures Act into law on December 16, 2016. The health information technology (health IT) community may have overlooked this bipartisan, $6.3 billion piece of legislation. The name doesn’t sound like it involves health IT and large portions are devoted to more mainstream health issues, such as expanding medical research, speeding approval of new drugs and medical devices, addressing the opioid epidemic and expanding access to mental health services. Many people may recognize the act due to considerable press coverage of its $1.8 billion in funding for the cancer research “moonshot” championed by former Vice President Joe Biden.
What many health IT stakeholders may have missed is Title IV of the act, which is devoted almost exclusively to health IT. Our blog (click here) summarizes the numerous relevant sections of Title IV. Here’s our take on some of the provisions.
Vendors ultimately will have to address requirements for developing products for pediatrics, other specialties and sites of services “for which no such technology is available or where more technological advancement or integration is needed.” The law requires the Secretary of the Department of Health and Human Services (DHHS) to consult with stakeholders and make recommendations within the next 18 months for voluntary certification of health IT that meets the requirements of pediatricians across various sites of care. The statutory language is vague as to whether this applies to all EHRs or some subsets. Does it mean that those EHRs not offering a pediatric-specific version of their software would be required to build one? In terms of voluntary certification, pediatric-focused products certainly will have to meet specific criteria — such as a meaningful use (MU)-like certification for a specialty. This indeed would be uncharted territory, which could pave the way for future certifications for other specialties down the road. That said, specialties have discrete requirements, so one size will not fit all. It also remains to be seen whether there would be penalties for vendors who choose to ignore ensuing voluntary certification requirements.
It also is unclear whether the statutory language means only EHRs or includes various modalities, such as mobile health, depending on how DHHS interprets the statute. Health IT is a broad term, after all. To ensure their voices are heard, we recommend that vendors monitor and participate in the stakeholder group that will be convened to address those requirements for pediatric health IT. These recommendations undoubtedly will form the basis of future rule making, which will lock down requirements to which the industry will have to conform.
The act’s requirements could hasten further consolidation of the EHR market with additional functional and certification requirements, over and above those required for MU and the Medicare Access and CHIP Reauthorization Act (MACRA). Piling on these 21st Century Cures Act requirements might prove too burdensome for smaller vendors.
In an unusual move, this legislation creates “teeth” for enforcement against information blocking. It establishes authority for the DHHS’ Office of the Inspector General to investigate claims of information blocking and fine those found to be in violation. That appears to include developers, networks and exchanges. Those fines can be substantial — up to $1 million per violation. It also appears that enforcement actions also may be taken against noncompliant providers; forthcoming notice and comment rule making will provide details. All of this is rare, indeed. Stakeholders have been put on notice.
That said, ONC-related regulations for 21st Century Cures Act implementation currently are on hold due to an across-the-board freeze placed in effect by the Trump administration. One would have created authority for ONC to oversee health IT certification, the EHR reporting program and the newly created Health IT advisory committee. A second was to begin the process of renewing the contract for ONC’s approved accreditor. That job of overseeing the EHR certification program currently is held by the American National Standards Institute (ANSI), whose three-year term expires in June.
The new law also requires the General Accountability Office to study challenges related to patient access to health information. These include barriers to access, complications health care providers experience when providing access and methods patients may use for requesting their personal health information. If the past is prologue, this study will be used as the basis for future rules making to address issues that haven’t been covered.
This article only touches the surface of what the 21st Century Cures Act means for health IT. Point-of-Care Partners can help you perform a deeper dive of its provisions and their impacts on various stakeholders. Drop us an email or give us a call.