On December 19, 2022, the U.S. Department of Health and Human Services (“HHS”) through the Centers for Medicare & Medicaid Services (“CMS”) issued a proposed rule to adopt standards for certain electronic health transactions.  Specifically, the proposed rule would adopt standards for health care attachment transactions (e.g., medical charts, x-rays, provider notes) and electronic signatures to be used in conjunction with health care attachments, and modify the standard for referral certification and authorization transaction.  The proposed rule would apply to entities regulated by the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, “HIPAA”), and would implement certain requirements of the Administrative Simplification subtitle of HIPAA and the Patient Protection and Affordable Care Act (“ACA”) that require the Secretary of HHS to adopt and update standards for electronic health transactions, code sets, unique identifiers, as well as the electronic exchange for health information.

The proposed rule is primarily focused on creating standards for health care attachment transactions for three general use cases related to the submission of electronic documentation: (1) prior authorization; (2) solicited documents; and (3) unsolicited documents.  According to the proposed rule, nearly every health plan requires that providers submit additional information and/or documentation beyond that contained in a HIPAA transaction; however, while there is currently an adopted HIPAA transaction standard for the prior authorization request and response, there is no way for the provider to submit documentation to support a prior authorization electronically using HIPAA standards.  As a result, providers are often forced to use manual processes, such as physical mail, fax, or internet web portals to submit this information. 

In addition, the proposed rule would create a standard for an “electronic signature,” which is intended to accompany health care attachments transactions.  An electronic signature is meant to serve as the indication to health plans and providers that attachment information has been reviewed and approved by the appropriate entity that is supervising care.  The proposed rule also would adopt a modification to the standard for referral certification and authorization transaction with the aim to, among other goals, reduce the barriers related to adopting value-based payments.

More broadly, the proposed rule raises strategic considerations for companies partnering with regulated stakeholders to ensure electronic health information technologies are able to meet these and other requirements while navigating other legal issues presented by health technologies, such as:

  • Balancing security and standard transaction requirements of HIPAA while simultaneously meeting increasing interoperability requirements focused on providing patients with greater access to and control over their health data (e.g., prohibitions related to information blocking);
  • Managing product liability risks related to defective hardware or software, or incorrect data input;
  • Implementing controls to ensure that certain processes, such as automated prior authorization systems, do not present fraud and abuse risks, particularly given increased scrutiny of electronic health record systems.

Comments on the proposed rule are due by March 22, 2023.

Photo of Rujul Desai Rujul Desai

Rujul Desai advises clients on drug pricing, market access, reimbursement, strategic contracting, and regulatory solutions for drugs, biologicals, devices, and diagnostics. He brings deep experience with biopharma, specialty pharmacy, and pharmacy benefit management (PBM) companies.

Rujul has held a number of leadership roles…

Rujul Desai advises clients on drug pricing, market access, reimbursement, strategic contracting, and regulatory solutions for drugs, biologicals, devices, and diagnostics. He brings deep experience with biopharma, specialty pharmacy, and pharmacy benefit management (PBM) companies.

Rujul has held a number of leadership roles in the biopharma, PBM, and specialty pharmacy industry, including with CVS Caremark, UCB, and most recently as Vice President at Avalere Health. He has led engagements across a wide range of U.S. and global market access and reimbursement issues, including optimizing new product launches, pricing, PBM and payer formulary access, value-based contracting, distribution network design, patient access and hub services, affordability programs, e-prescribing, digital health, and the use of health economic data and modeling.

Rujul is an author of the U.S. chapter of a global treatise on drug pricing and reimbursement.

Rujul was a Captain in the Medical Services Corps of the U.S. Army Reserves, and served in active duty in Iraq.

Photo of Stefanie Doebler Stefanie Doebler

Stefanie Doebler is co-chair of the firm’s Health Care Practice Group, and a member of the Food, Drug, and Device Practice Group. Her practice focuses on health care compliance matters for pharmaceutical, biotech, and medical device clients. She provides advice related to advertising…

Stefanie Doebler is co-chair of the firm’s Health Care Practice Group, and a member of the Food, Drug, and Device Practice Group. Her practice focuses on health care compliance matters for pharmaceutical, biotech, and medical device clients. She provides advice related to advertising and promotion, fraud and abuse, transparency requirements, state law compliance and reporting regulations, interactions with health care professionals, Medicaid price reporting, and other aspects of federal and state regulation of pharmaceuticals, biologics, and medical devices. Stefanie also advises on the development and implementation of health care compliance programs.

Photo of Anna D. Kraus Anna D. Kraus

Anna Durand Kraus advises on issues relating to the complex array of laws governing the health care industry. Her background as Deputy General Counsel to the U.S. Department of Health and Human Services (“HHS”) gives her broad experience with, and valuable insight into…

Anna Durand Kraus advises on issues relating to the complex array of laws governing the health care industry. Her background as Deputy General Counsel to the U.S. Department of Health and Human Services (“HHS”) gives her broad experience with, and valuable insight into, the programs and issues within the purview of HHS, including Medicare, Medicaid, fraud and abuse, and HIPAA privacy and security. Anna is co-chair of the firm’s Health Care Industry practice group.

Anna regularly advises clients on Medicare reimbursement matters, particularly those arising under Part B and the Part D prescription drug benefit. She also has extensive experience with the Medicaid Drug Rebate program. She assists numerous pharmaceutical and device manufacturers, health care providers, pharmacy benefit managers, and other health care industry stakeholders to navigate the challenges and opportunities presented by the Affordable Care Act.

Anna is a trusted adviser on health information privacy, security and breach notification issues, including those arising under the Health Insurance Portability and Accountability Act (“HIPAA”) and the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. Her background in this area dates back to the issuance of the original HIPAA privacy regulations.

Anna’s clients depend on her to guide them through compliance with the Anti-Kickback statute, the Stark regulations, and other laws preventing fraud and abuse in the health care industry. Her deep knowledge of these laws has made her an important component of the firm’s representation of pharmaceutical companies and health care organizations under federal investigation or facing allegations under the False Claims Act. In addition, clients contemplating acquisitions in the health care sector rely on her to guide due diligence efforts.

Photo of Elizabeth Brim Elizabeth Brim

Elizabeth Brim is an associate in the firm’s Washington, DC office, where she is a member of the Data Privacy and Cybersecurity and Health Care Practice Groups and advises clients on a broad range of regulatory and compliance issues related to privacy and…

Elizabeth Brim is an associate in the firm’s Washington, DC office, where she is a member of the Data Privacy and Cybersecurity and Health Care Practice Groups and advises clients on a broad range of regulatory and compliance issues related to privacy and health care.

Elizabeth’s practice includes counseling clients on compliance with the complex web of health information privacy laws and regulations, such as HIPAA, the FTC’s Health Breach Notification Rule, and state medical and consumer health privacy laws as well as state consumer privacy and genetic privacy laws. She also advises clients on health care compliance issues, such as fraud and abuse, market access, and pricing and reimbursement activities.

Elizabeth routinely advises on regulatory compliance as part of transactions, clinical trial programs, collaborations and other activities that involve genetic data, and the development and operation of digital health products. As part of her practice, Elizabeth routinely counsels clients on drafting and negotiating privacy and health care terms with vendors and third parties and developing privacy notices and consent forms. In addition, Elizabeth maintains an active pro bono practice.

Elizabeth is an author of the American Health Law Association treatise, Pricing, Market Access, and Reimbursement Principles: Drugs, Biologicals and Medical Devices and the U.S. chapter of the Global Legal Insights treatise, Pricing & Reimbursement Laws and Regulations.