On December 19, 2022, the U.S. Department of Health and Human Services (“HHS”) through the Centers for Medicare & Medicaid Services (“CMS”) issued a proposed rule to adopt standards for certain electronic health transactions. Specifically, the proposed rule would adopt standards for health care attachment transactions (e.g., medical charts, x-rays, provider notes) and electronic signatures to be used in conjunction with health care attachments, and modify the standard for referral certification and authorization transaction. The proposed rule would apply to entities regulated by the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, “HIPAA”), and would implement certain requirements of the Administrative Simplification subtitle of HIPAA and the Patient Protection and Affordable Care Act (“ACA”) that require the Secretary of HHS to adopt and update standards for electronic health transactions, code sets, unique identifiers, as well as the electronic exchange for health information.
The proposed rule is primarily focused on creating standards for health care attachment transactions for three general use cases related to the submission of electronic documentation: (1) prior authorization; (2) solicited documents; and (3) unsolicited documents. According to the proposed rule, nearly every health plan requires that providers submit additional information and/or documentation beyond that contained in a HIPAA transaction; however, while there is currently an adopted HIPAA transaction standard for the prior authorization request and response, there is no way for the provider to submit documentation to support a prior authorization electronically using HIPAA standards. As a result, providers are often forced to use manual processes, such as physical mail, fax, or internet web portals to submit this information.
In addition, the proposed rule would create a standard for an “electronic signature,” which is intended to accompany health care attachments transactions. An electronic signature is meant to serve as the indication to health plans and providers that attachment information has been reviewed and approved by the appropriate entity that is supervising care. The proposed rule also would adopt a modification to the standard for referral certification and authorization transaction with the aim to, among other goals, reduce the barriers related to adopting value-based payments.
More broadly, the proposed rule raises strategic considerations for companies partnering with regulated stakeholders to ensure electronic health information technologies are able to meet these and other requirements while navigating other legal issues presented by health technologies, such as:
- Balancing security and standard transaction requirements of HIPAA while simultaneously meeting increasing interoperability requirements focused on providing patients with greater access to and control over their health data (e.g., prohibitions related to information blocking);
- Managing product liability risks related to defective hardware or software, or incorrect data input;
- Implementing controls to ensure that certain processes, such as automated prior authorization systems, do not present fraud and abuse risks, particularly given increased scrutiny of electronic health record systems.
Comments on the proposed rule are due by March 22, 2023.