There are a lot of rules and regulations in place in the world of healthcare. These are put into place in order to protect patients and organizations. However, the world of healthcare is constantly changing and evolving as we come up with new ideas and solutions. Have the regulations done the same though? Or are there areas that are missing regulations? Or are there areas in healthcare where past regulations are now too restrictive and are holding us back?
In search of answers to these questions, we reached out to our incredibly beautiful Healthcare IT Today Community to see what areas they would add, remove, or update regulations. The following is what they had to say.
Amanda Heidemann, CMIO, CMO at KeyCare
Many physicians find the information-blocking provisions of the 21st Century Cures Act to be challenging. Although they respect the right of patients to receive their information via patient portals, there is tremendous concern for the emotional distress caused when patients receive potentially life-altering test results before they’re reviewed by the ordering physician. Patients receive these on evenings and weekends, resulting in delays until a patient can speak to their physician. Preventing information blocking is important, but we have to find a way to get systems in place so that patient needs are met without asking clinicians to review results and call patients 24×7.
Lesley Berkeyheiser, CCSFP, CHQP, Senior Assessor at DirectTrust
I often see organizations spending so much time trying to discern which regulations apply to them, and which requirements create gaps that need to be addressed. I hear patients discouraged and disgusted when they can’t get access to their own data even in 2023! Hearing about these pain points from stakeholders is why I’d “repackage HIPAA” if I were a regulator for a day. While the key components of privacy (administrative, uses and disclosures, individual rights, and general security) are all necessary today, I would put privacy, security, breach – and relevant 21 Century Cures Interoperability topics – all together and make sure everyone handling any type of sensitive information be subject to these rules. The information would be covered in all forums, hard copy/paper, electronic, and spoken.
That would mean there would be one standard for privacy which would encompass the basic components of the numerous states with specific healthcare/data privacy laws. It would include overall transparency and robust patient/individual rights to opt in or out, to understand how data is handled, and to have the ability to provide consent for any marketing/sales to take place. In general, the end individual (patient) would have access and restriction processes, but such that they are practical and administered in the same way across the industry. All types of organizations would have to comply – not limited only to those, “subject to the rule as covered entities or business associates.” In that manner, businesses that remained “outside of the purview of HIPAA” would be impacted. Conversely, people wouldn’t spend time trying to remain “outside of regulations.” The topic of incidents, cybersecurity, and breach requirements would also be included and consistently applied across all types of entities.
I’d further expand the basics of HIPAA to catch up to today’s Interoperable technical environment so that technical app (API) developers and all gateways and endpoints along the continuum where healthcare data moves would follow the same rules along the way. Increased controls for identity, registration, and authentication in the technical environment would be included. A “repackaged” HIPAA that trended forward to today’s technical and cybersecurity environment would go a long way to create a more seamless and efficient patient care experience for us all.
Eden Avraham-Katz, VP of Legal & Compliance at 1upHealth
While I appreciate the efforts to simplify the prior authorization process with FHIR APIs, the underlying issues with prior authorization are fundamentally systemic. Instead of responding to each individual request, the provider should submit a set of clinical data elements, and the payer should respond with a list of all potential services/medications, allowing the provider to select multiple within one request, thus streamlining the request process.
G. Cameron Deemer, CEO at DrFirst
I would remove commercial incentives to restrict clinicians’ access to clinical data, so they have the information they need to make more informed care decisions for their patients. Certain pieces of clinical data, such as medication history, are not available to all healthcare providers in the same way, often locked away behind commercial models that are not logical where health is at risk and which can lead to serious patient harm. For example, depending on whether physicians are sitting in their hospital office or their clinic office (and many doctors work in both), the insights they have into the medications their patients take can vary greatly. For first responders, access to medication history is often denied altogether. This critical information can help identify or avoid serious adverse events, including hospital readmissions. There shouldn’t be winners or losers when it comes to access to this data, especially when patients are ultimately the losers.
Gregg Church, President at 4medica
While those of us in healthcare like to complain about current regulations, I’d like to advocate for one that doesn’t exist, but should: the Universal Patient ID. The lack of a universal identifier is a major barrier to the adoption of emerging technologies. Without a single, consistent way to ID patients, it’s difficult to ensure the security and privacy of their data, and it puts people at unnecessary risk. It’s past time.
Andrew Norden, MD, MPH, MBA, Chief Medical Officer at OncoHealth
With nationwide shortages of inexpensive chemotherapy drugs that serve as the backbone of many commonly used regimens, there needs to be more regulatory oversight to prevent shortages of these life-saving drugs. The shortages are very scary for patients because, with the standard-of-care treatment for their condition unavailable, they are offered a modified version of treatment with a higher degree of uncertainty around benefits and potentially increased risk of side effects. For example, a patient who receives cisplatin instead of carboplatin can likely expect similar efficacy of the treatment, but the risks of side effects like hearing loss and peripheral neuropathy are increased. As an industry, we need to work together across traditional boundaries (e.g., providers, payers, vendors) to lobby for policy interventions that will reduce the frequency of cancer drug shortages going forward, especially low-cost generic chemotherapeutic drugs that may be overlooked in the general marketplace.
Cheryl Cheng, Founder and CEO at Vive Collective
If I could be a regulator for a day, I would focus on two areas. First, I would establish reimbursement pathways for aspects of women’s health that do not currently exist and obstruct innovation and investment. For example, menopause care management currently does not have a viable reimbursement pathway. From provider visits that are lightly reimbursed to hormone therapy that is rarely covered, the abysmal lack of coverage for menopause care is appalling and has created barriers to innovation and investment. Second, I would realign policy to incentivize payors and providers to prioritize the use of technological tools that can improve patient outcomes, provider workflow, and access to care. Given the costs associated with deploying next-generation digital solutions, we cannot afford incremental steps towards adopting next-generation tech solutions given the skyrocketing costs and deteriorating outcomes we face. Richer data models, more fluid data and workflow exchange, and process transformation could all be accelerated by a policy that encourages wider technology adoption through equal or even higher reimbursement rates (in fee for service and VBC).
Michael Poku, Chief Clinical Officer at Equality Health
Many of our Federal and state regulations — particularly those focused on driving the transformation of our healthcare systems to value-based care — are headed in the right direction. There is still much to be done to fully realize the potential of value-based care in enhancing outcomes and eliminating unnecessary costs. If I were a regulator for a day, I would focus my attention on a full-steam-ahead, unwavering approach toward value-based care and bolstering the surrounding infrastructure to support entities in this transformation. I would continue to advance CMS’ directive that by 2030 all Medicare and the bulk of Medicaid beneficiaries be in care engagements governed under a value-based contract.
The value-based care movement is a crucial force in our nation’s healthcare system today, and it’s making fantastic strides to enhance patient care, drive better outcomes, and lower healthcare costs. It’s the most powerful directive in the industry with a broad-sweeping impact because it’s about putting patients at the center of care. It’s no longer built on volume services but rather creates a focus on driving enhanced health for all. The transformation is happening, and care management technology is a powerful mechanism, but it alone can’t make this shift, especially for primary care practices and those on the front lines caring for underserved communities with some of the most complex patients.
As a regulator for a day, I would prioritize initiatives that promote standardized data-sharing protocols and incentivize healthcare and human services organizations to invest in interoperable technologies to complement interconnected initiatives like the 21st Century Cures Act and ONC rules on information blocking. Moreover, I would strive toward enabling holistic value-based care innovation with new financial incentives and payment models for providers to move away from the fee-for-service grind, new proactive clinical workflows, community education, culturally competent care delivery including in-home care — virtual and in-person — and access to services to address SDoH and more.
Olivia Currin-Britt, Senior Director, Client Success at Savista
Address the contrasting financial situations of insurance companies and critical access hospitals. Insurance companies continue to see substantial profits while critical access hospitals are struggling to maintain their operations. Insurance companies’ market dominance and cost containment measures contribute to their profits. For instance, large insurance companies can negotiate exclusive contracts with hospitals, limiting patients’ access to critical access hospitals and diverting them to larger, more profitable facilities.
Nelson Liston, Director of Revenue Cycle Solutions at Savista
Implement a nationwide patient identification strategy to manage the quality of care and patient safety and lead the effort to protect patients from privacy and financial implications in the revenue cycle process. A National Patient Identifier (NPI) would help get all patient documentation into one location vs. spread out among multiple providers and healthcare systems. From a financial perspective, this initiative can help prevent healthcare fraud due to identity theft, stop improper use of someone else’s health insurance, and prevent marketing scams where people’s identities are stolen through fake medical billing or enrollment in fake medical benefit plans.
Bill Charnetski, EVP, Health System Solutions and Government Affairs at PointClickCare
There is no one entity across healthcare that can push forward industry regulations and policies on its own. Healthcare technology companies that have a role in shaping policy alongside industry stakeholders must also take into consideration who they work with on the provider side as these voices are extremely important in not only fixing but also regulating facets of healthcare. For example, staffing remains a debilitating problem across the continuum. A federal staffing mandate would potentially result in an additional cost of $11B to a sector that is already struggling to provide frontline care.
Moreover, there is not enough staff to meet the requirements of this proposed staffing mandate – when we think about actual people power, the mandate equates to 191,000 nurses and staff that don’t exist to fulfill those roles. The shift to value-based care continues to accelerate each year, especially as clinicians are increasingly taking on more risk. The number of patients treated by physicians within the current landscape could roughly double in the next five years, growing approximately 15 percent per annum. If the anticipated staffing mandate does come to fruition, this would severely impact access to care across the continuum.
Working with stakeholders to instead create a sustainable solution to solve today’s staffing crisis while focusing on other areas of care such as advancing interoperability and connectivity is paramount. By integrating care management technology with stronger interoperability, providers can help more clinicians better predict risk, close care gaps, and improve patient outcomes – across both fee-for-service and value-based care models – through automation, an improved user experience, and greater alignment across care teams. With more funding acquired for the LTPAC space and investment in health information technology, care delivery will be secure.
Bottom line: forward-looking policies and regulations need to be thoughtful and more understanding of the complex and challenging environment in which caregivers continue to provide day-to-day care for their residents – not augment existing difficulties.
Lora Sparkman, VP, Partner, Clinical Solutions, Patient Safety and Quality at Relias
From a global perspective, hospitals and health systems need to refine their data capture and reporting processes so they can truly understand their patient population by assessing rates of patient harm and adverse events. Once hospitals have a firm grasp on their patients’ needs, they can establish systems to start improving the issues revealed by the data. This data monitoring will allow leadership to clearly evaluate transformation, patient safety, and reliability.
Graham Gardner, MD, MBA, CEO at Kyruus
Consumers increasingly prefer digital self-service and they seek out care through a variety of channels—health systems, health plans, digital health apps, care navigators, internet searches, and more. To fully empower people to find and receive the right care for their needs, regulators should seek to enable access to comprehensive, reliable, and timely information about their care options and the cost of care. Improving care access requires that information be more than simply available, but also accurate and actionable.
Lee Barrett, Commission Executive Director at DirectTrust
If I were a healthcare regulator for a day, I would look to reconcile two major conflicts between the federal and state governments. First, at the federal level, I would move the agenda forward to gain bipartisan support for the American Data Privacy and Protection Act (ADPPA) – currently being developed and coordinated by the House Energy and Commerce Ranking member Rep. Frank Pallone (D-NJ) to set a “floor” for privacy aligning with the CCPA and the American version of GDPR. Although this in all likelihood won’t stop states from adding any specific additional requirements, it would certainly help to minimize the number of states creating their own privacy regulations which is untenable for national organizations to contend with.
I would then expand PL 116-321 to require third-party assessments of healthcare organizations and support a true Safe Harbor provision. The expansion of this public law would prevent organizations that fall victim to cyberattacks from being further penalized by a federal regulatory agency if they have made an investment in a third-party assessment. I believe this would provide a significant incentive for healthcare organizations to implement the highest level of cyber hygiene in their organizations to reduce risk and increase staff awareness.
Andrea Mazzoccoli, RN, MSN, MBA, PhD, Commure Strongline Nurse Advisor and Former Chief Nurse & Quality Officer, Bon Secours Mercy Health
Workplace violence (WPV) is a significant issue affecting healthcare organizations across the ecosystem. With detrimental effects on staff well-being, patient outcomes, and organizational health, the time for increased regulation to curb WPV — at both state and federal levels — is now. For a long time, nurses have accepted the kinds of things that happened in their environment that they shouldn’t have — which has been further exacerbated by the pandemic, leading to an even greater prevalence of WPV across healthcare.
In many ways, we’re seeing the WPV crisis reaching the same levels as we saw the patient safety crisis reach a decade ago — and without similarly dramatic, quick, and collective action to mitigate this crisis, it’s only going to get worse, and further strain an industry that is already strapped for resources. For regulators, the continued issue ushers in a need for a new wave of technology alongside legislation to curb the WPV crisis. Because of the direct impact of WPV on clinician engagement and retention, patient care encounters, and the overall healthcare experience, WPV prevention isn’t just good for healthcare workers — it’s good for every financial, operational, and clinical part of the healthcare business.
So much to think about here! Thank you to everyone that took the time out of their day to share their insights with us and thank you to everyone who took the time to read this! We couldn’t do this without your support. What current regulations do you think need to be removed or updated? What regulations do you think we’re missing entirely? Let us know either in the comments down below or through sharing this article on social media!
