For something as important and as sensitive as healthcare, there are plenty of rules and regulations in place to protect both patients and organizations. However, with healthcare being ever-evolving our regulations are also ever evolving. This can make it extremely difficult to not only follow all of the ones in place today but to prepare our organizations for the upcoming regulations.
To help out, we reached out to our amazing Healthcare IT Today Community to see which healthcare regulations they foresee having a big impact on healthcare IT. The following is what they had to say.
Stephen Sofoul, SVP, Data & Decision Science Services at MultiPlan
A critical challenge lies in the shortage of experienced financial analysts or data analysts capable of effectively analyzing the wealth of information that the healthcare industry holds. As a result, the industry struggles to provide meaningful insights and harness the power of data to drive positive change. Price transparency is vital for making informed healthcare decisions, so enforcement of transparency-related policies will continue to increase. This will compel payers to take immediate steps to gain more visibility into their data to better inform that decision-making.
Mimi Winsberg, Co-Founder and Chief Medical Officer at Brightside Health
We have been in an uncertain time for regulation around telemedicine, and there are a few key trends to watch. The public health emergency (PHE) resulted in a temporary lifting of certain telemedicine regulations, but now post-PHE, we have seen that telemedicine is here to stay – particularly in behavioral health. Additionally, the DEA is now considering a telemedicine registry that will have implications for the kinds of treatments that can safely be delivered using tech-enabled services.
Further, as artificial intelligence (AI) takes center stage, new regulations may be needed to disclose the nature and source of care dispensed. Just like nutritional information on food packaging, disclosures about what aspects of care are the product of generative AI versus what has human oversight can improve public trust.
Regarding medication, several new psychiatric treatments have been approved by the FDA, including Auvelity for major depressive disorder, the SAINT transcranial magnetic stimulation protocol for treatment-resistant depression, and Zurzuvae for postpartum depression. New drugs and delivery models are going to challenge what can be delivered over telemedicine and challenge the regulations of how in-person services are delivered. With that, I predict we will see an emergence of “click-and-mortar” services that combine technology and in-person care.
Finally, the current state of tech needs to be updated. We need to refine the Ryan Haight Act to develop a telemedicine registry that can safely prescribe controlled medication virtually. Further, state-by-state laws requiring in-person meetings between psychiatric nurse practitioners and psychiatrist collaborators should be reexamined as these can safely take place over video conferences. As a physician who is invested in complying with current regulations, I welcome clear regulatory guidelines from both the FDA and the DEA on these matters.
Steven Fitzsimmons, CEO at Freshpaint
There is a steady stream of privacy legislation being introduced and passed at the state level – WA, VA, CO, CT, UT, MA, CA – many triggered by the Supreme Court’s decision to overturn Roe v. Wade. While the intention is to protect the privacy of patients, most legislation is a very strict application of privacy that will impact healthcare providers and services.
The industry as a whole is going to be under a lot of additional pressure to protect patient data – even data they may not know they are collecting. It’s not just web analytics and ads that are an issue but even things like maps and videos hosted on a website. Many organizations are conducting a full analysis of their sites and some have found more than 50 tools that create privacy risks.
As healthcare systems and providers modernize (or build) their technology stacks, it will be more important than ever to prioritize privacy and to understand new regulations at the state level, from HIPAA, and from the FTC.
Lynne Rinehimer, Manager of Compliance Editors and Sales Engineers at symplr
There are several regulations that have been introduced in the last few years that organizations are struggling with as they seek clarification and make modifications to be in compliance. The No Surprises Act was signed into law in 2020 and took effect last year. Many hospitals, health systems, and health plans still don’t have employees trained and don’t have the proper policies, procedures, and tech tools in place to be compliant, even with the two years of runway that was provided by legislators. And with potential penalty fees of $10,000 per case of noncompliance on the line, this lack of preparation has dire consequences.
Another likely forthcoming requirement that will exacerbate the existing challenges: in the coming years, the US Department of Health and Human Services (HHS) will implement the provision for convening providers to incorporate projected costs from co-providers on an estimate for a care episode. This means providers will need to include good-faith cost estimates for other providers in addition to their own, based on the patient’s treatment plan. This type of document will require not only top-notch billing tools but also new levels of contractual collaboration between separate provider entities.
Another regulation healthcare organizations should be paying close attention to is the 21st Century Cures Act and its information-blocking requirements. At the end of June, the Office of the Inspector General (OIG) posted a final rule that amended the civil monetary penalties for information-blocking violations. Under this final rule, individuals and entities that violate the information-blocking requirements face a penalty of up to $1 million per violation. This final rule does not apply to healthcare providers but instead is directed at health information networks and health information exchanges, as well as developers of certified health IT. There will be a separate notice of proposed rulemaking directed at healthcare providers that should be coming out in the near future.
OIG has identified specific factors it will look to when prioritizing information blocking complaints including the extent/level of the information blocking, the harm caused, the number of those affected (patient and provider), its duration, financial losses, and intent. Providers can look to, and learn from the investigations conducted, and penalties imposed as they wait for the provider-focused final rule. All healthcare entities should review their policies and procedures and educate their staff to better ensure their information-blocking compliance. These activities should be multi-disciplinary, including representatives from the Compliance Department, Information Technology, HIPAA, and Legal.
Lastly, organizations should continue focusing on the Price Transparency Rule. Organizational compliance with the Price Transparency Rule has been slow, with a recently published report showing only 36% of hospitals reviewed were in full compliance. This finding, coupled with the effort by CMS to enhance its enforcement processes makes an organization’s focus on compliance more important than ever. As CMS has recently shortened full compliance timeframes, eliminated warning notices, and now automatically imposes a civil monetary penalty for hospitals that fail to submit a corrective action plan within 45 days, organizations need to better ensure they are making their standard charges public in a comprehensive machine-readable file, as defined by the Rule.
Jeanie Heck, Education Services at e4health
One change that significantly impacted the healthcare IT landscape was the restructuring of evaluation and management (E/M) codes by the AHA in 2023. This regulation shifted the previous three key elements of E/M codings to medical decision-making (MDM) or time. This regulatory change has continued to cause coding errors and confusion throughout the year.
The AHA’s aim was to reduce unnecessary documentation and streamline the coding process. From a coding and auditing perspective, the focus on the “why” behind the level-of-risk assessment became pivotal in determining the MDM level for each patient. Healthcare IT systems, especially EHRs, played a key role in supporting documentation with the use of macros, smart phrases, and templates.
However, EHR macros must accurately capture the patient’s condition on the day of the encounter. CMS recently provided guidelines for documentation using EHR macros and stresses the importance of supplementing them with enough patient-specific information to support medical necessity determination. Relying solely on EHR macros for documentation was deemed insufficient, highlighting the significance of accurate and individualized documentation in healthcare IT systems.
Mo Weitnauer, Chief Product Officer at MRO
One of the biggest regulatory changes ahead directly impacts Accountable Care Organizations (ACOs) and their quality reporting processes. ACOs will soon transition away from Web Interface to electronic clinical quality measure (eCQM) reporting. Beyond a new format, the rule requires reporting for three eCQM/CQM MIPS measures across all patients, not just a subset as in previous years. Preparation ahead of the mandatory deadline is crucial for success and ACOs with multiple EMRs will face unique challenges. This includes finding solutions for data aggregation, updating documentation and workflows, and ensuring consistent data collection. Three important steps to navigate the transition include:
- Implementing a best practice process
- Getting serious about data integrity and timeliness
- Identifying and closing gaps in quality measures
If I were a regulator for a day, I would provide additional ACO education and support teams to balance current reporting requirements with ACOs’ need to test outcomes under the new format. It is vital that new regulations support advancements in healthcare technology while also maintaining the highest standards of care.
Wayne Singer, VP of Regulatory at Darena Solutions
We are still eagerly awaiting the HHS Office of Inspector General’s long-overdue ‘disincentive’ final rule for healthcare providers who are information-blocking as per the Cures Act. Sadly, it will likely require monetary penalties to drive widespread information sharing with patients and to compel providers, health IT developers, and payers to fully embrace this new reality.
Cassie Choi, Co-Founder and COO at Pair Team
It’s exciting to see states like California requiring healthcare providers to participate in data-sharing exchanges to improve healthcare delivery. Unfortunately, because this is a large and new initiative, the data being shared is not quite in a place that makes it easy to use for the average healthcare provider. Even for digital health companies who can work to optimize the data being shared into action, we’re faced with issues like duplicate information and messy data that’s hard to use. There are interesting companies like Flexpa that are helping to streamline data sharing by putting the patient in charge of sharing their healthcare and claims data with any healthcare provider they want, instead of health plans gate-keeping it behind red tape.
Kyle Sherseth, VP of Revenue Cycle Solutions at Savista
The price transparency regulations enacted over the last few years have been touted as a way to give patients control over their healthcare costs and make informed decisions about their care. While there are pieces of the current and upcoming requirements that are consumer-focused, most have fallen short of achieving the stated goal and require modifications, including:
- Expansion from hospital-based care to ambulatory centers, freestanding providers, and standalone physician groups so consumers can see a wholistic view of options for their care
- Removal of data-only administrative requirements that create confusion for consumers
- The focus of regulations should be on requiring accurate, easy-to-use price estimation tools that allow patients to quickly evaluate options side-by-side
- Removal of separate requirements for payors and providers as the information often does not match and creates confusion
- With the exception of uninsured care, only payors should be required to provide patient-friendly cost estimation so consumers can easily review options side-by-side across all expected service types and care settings (e.g. physicians, hospital care, freestanding imaging centers, ambulatory surgical centers, etc.)
Despite their shortcomings, the current price transparency regulations are not expected to go away anytime soon, so hospitals should focus on providing accurate, defensible, and compliant data to the public while making the information easy for consumers to understand and digest.
Joe Ganley, Vice President of Government and Regulatory Affairs at athenahealth
There is no shortage of potential regulations that could impact health IT and more importantly our customers, from how we regulate artificial intelligence, to privacy, to telehealth to TEFCA, to information blocking (HTI-1 Rule from ONC). But it’s worth noting that perhaps the most important one is the proposed 3.4% cut to physicians who treat the country’s most vulnerable patients through Medicare. Every healthcare stakeholder needs to say out loud what we all know to be true—that the way we reimburse ambulatory clinicians under Medicare is fundamentally broken and in need of a major structural overhaul.
To create a stable payment mechanism for all front-line clinicians, I see enormous promise in H.R. 2474 – dubbed the “Strengthening Medicare for Patients and Providers Act.” If passed, this bi-partisan legislation would link the Medicare Physician Fee Schedule to the Medicare Economic Index, removing the ongoing need for provider groups and ambulatory physicians to beg Congress for yearly short-term solutions to reduce payment cuts. This act would result in more precise reimbursements and reduce overall Medicare costs by ensuring the continuous delivery of high-quality senior care, which can help reduce hospital admissions.
Olivia Currin-Britt, Senior Director, Client Success at Savista
I anticipate a future where digital mental health will be subject to stricter regulations. Currently, the FDA does not regulate most digital mental health products, nor does it oversee psychotherapy, whether conducted online or in person. This lack of oversight has led to numerous investigations into the overprescribing of stimulants and deceptive marketing practices. It feels as though we are navigating through uncharted territory, akin to the lawless days of the Wild West, without a regulatory agency or a group setting standards in place.
Tyler Wince, Chief Product Officer at Myndshft Technologies
The future of healthcare lies not in more paperwork but in intelligent automation. As regulations evolve to modernize and standardize the data exchange process between providers and payers, prior authorization automation emerges as a critical focus. This bridge we are building paves the way for a future where focused regulations harmonize seamlessly with streamlined operations, enabling care providers to redirect their focus to where it truly matters—patient care.
Michael Gould, Associate Vice President for Interoperability Strategy at ZeOmega
Regulations that have to do with patient cost transparency and prior authorizations – as well as certified interoperability – will have the largest impact on healthcare IT. Interoperability improvements that streamline processes and data exchange have great potential for savings and adoption of these standards is the necessary step to ensure benefits can be realized. Adoption of certified HIT has reached 96% in hospitals and this is a great foundation for improving prior auths and patient cost transparency. Regulators have a greater success rate when engaging industry experts to develop rules in health IT. Since emerging technologies have upsides and downsides, engaging experts in development and real-world testing can enhance the benefits, ameliorate the downsides, and also have a path to manage inadvertent or unanticipated consequences of applying these technologies.
Recently, several organizations have published positions on CMS rules that overlap in the area of prior authorizations. It will be important for CMS to consider these and the need to innovate to improve prior authorizations so that patients will have timely access to care and reduce the burden for providers and payers.
Andrew Harding, Co-Founder & VP of Customer Success at Rivet
Patients have never had more opportunity to manage their healthcare experiences as they do now. The movement towards healthcare consumerism and implementation of new legislation, such as the Hospital Price Transparency rule, has brought previously unavailable transparency into healthcare costs. The benefits of this legislation for patients are undeniable, however, for hospitals, it is getting harder and harder to balance administrative obstacles to meet consumer expectations and comply with evolving regulations. To maximize the benefits of the Hospital Price Transparency rule and provide patients with the “shoppable” experience they are looking for, hospitals need to implement the right solutions to provide up-front patient cost estimates and improve financial transparency while minimizing the administrative burden on the organization.
Naomi Schwartz, Senior Director of Cybersecurity Quality and Safety at Medcrypt
Today’s intricate technology landscape ranges from legacy devices lacking security to cutting-edge designs, all under the watchful eye of regulatory cybersecurity mandates. The FDA’s RTA policy, effective Oct. 1, 2023, demands comprehensive cybersecurity data in premarket submissions, streamlining reviews. Simultaneously, the eSTAR program’s electronic submission template necessitates full cybersecurity details, driving proactive collaboration and integrated security practices. Effective strategies include stakeholder collaboration, uniting champions for cross-group security cooperation, and ensuring collective responsibility for cybersecurity to achieve optimal and timely market entry while neglecting security shortcuts can lead to significant developmental delays.
Quite a bit to think about here! Thank you to everyone who took the time to give us a response and thank you to everyone who took the time to read this article! We could not do this without your support. Did we miss a regulation that you think will have a big impact? Let us know either in the comments down below or through sharing this article on social media!
