The Federal government is looking for ways to put the hammer down on health care data blockers and data hackers.
Karen DeSalvo, National Coordinator of Health Information Technology, told committee members at a March 22 congressional hearing that she has called for funding to “put some teeth around” going after data blockers. Until now, the Federal government has mainly been hoping for voluntary compliance, requesting pledges from health care organizations and others to refrain from data blocking.
At the hearing, DeSalvo told committee members that data blocking has been one of the barriers that has prevented electronic health data exchange, but it has not always been intentional. Doctors, hospitals, and other health care organizations do not always understand HIPAA, the Health Insurance Portability and Accountability Act, and often choose to err on the side of patient privacy protection, she said.
Yet others are not so innocent. Some in the health care industry are blocking the flow of data for competitive reasons, for example, to make it more difficult for patients to switch to a competing provider for care.
Data blocking was not the only issue of top concern at the hearing. Rep. Ted Lieu, D-Calif., called for some form of “enforceable guidance” to protect the public from health information privacy breaches. He is concerned about preventing more ransomware attacks, as have taken place twice in his state already, involving hackers holding an entire hospital’s electronic health records (EHRs) hostage for a multimillion-dollar ransom.
DeSalvo said ONC, the National Coordinator for Health Information Technology, is working with the Office of Civil Rights to address cybersecurity issues, such as ransomware attacks. The two agencies recently formed a cybersecurity task force, which met for the first time last week.
Members of the committee and witnesses recognized the progress being made on EHR adoption, but agreed that barriers still exist regarding the exchange of a very rich data supply that is growing by leaps and bounds every day. The addition of new wearable and monitoring technology, large human genome files, and extensive use of digital imaging is further changing this landscape on a daily basis, they said.
Members of the Oversight Committee called for the updating of an “outdated and inconsistent regulatory framework” currently in use for health IT. They were particularly interested in the ways that Federal, state and local regulators could coordinate their efforts and in the ways that interoperability might be achieved.
Rep. William Hurd, R-Texas, chairman of Oversight’s Subcommittee on Health Information Technology, said progress will be made only if stakeholders come together to update what he considers to be antiquated laws, referring partially to the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.
The sheer number of Federal agencies involved in the oversight of health information exchange is resulting in conflicting rules that are putting “a chill on entrepreneurship,” he said. The situation “places patients at the fringe of the process; not at the center.”
“We must destroy the silos to make this work,” he said.
