Lack of State Coordination Could 'Jeopardize Someone's Health', Says Connolly
Varying state laws may impede sharing of electronic health records (EHR), an official from the Department of Health and Human Services told a House Oversight Committee hearing Tuesday. Rep. Gerry Connolly, D-Va., said the problem could “jeopardize someone’s health" and asked if legislation is needed. The FTC backs legislation to bolster the agency’s consumer protection authority, a commission official told the joint hearing of the Information Technology Subcommittee and the Health Care, Benefits and Administrative Rules Subcommittee.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
A 2016 report to Congress by HHS said 97 percent of hospitals and 74 percent of physicians possess a certified EHR system, but only 76 percent of hospitals and 42 percent of physicians shared information to coordinate care. Connolly asked why so many healthcare providers with EHR systems don’t share data.
Differences among state laws contributed to the sharing problem, said Karen DeSalvo, HHS national coordinator for health information technology. “You are touching on the challenge that’s emerged since we’ve been adopting electronic healthcare records and moving to a digitized system, and that is that state laws vary,” she said. “There’s some need to harmonize that.”
Connolly said the problem must be addressed: “That’s a particular challenge here in the national capital region, since we have three jurisdictions with three different political cultures and sets of laws and so forth. And I have actually encountered that where Maryland has one set of standards and this kind of communication, and Virginia has another, and we’re not always talking.” Connolly asked if federal legislation might be the cure. “We regulate blood supply for safety," he said. "Well, electronic recordkeeping isn’t just a nice thing to have in the digital age. It may be very critical to someone’s health and the care they get, especially in an [emergency] situation.”
Work is under way to improve state coordination, but additional support could be needed, said DeSalvo. Her office has been working with the National Governors Association to develop methods for states to harmonize their privacy expectations, she said. “We certainly are leveraging all the opportunities that we have at [the Office of the National Coordinator] and our partners at the Office of Civil Rights and other agencies to see that we’re protecting consumers and that data’s going to flow, but … there are areas where we know there may be some opportunity like information blocking where we would need some additional support.”
The promise of health IT has been hindered by outdated laws and too much fragmentation, IT Subcommittee Chairman William Hurd, R-Texas, said in an opening statement. “Old and unclear privacy laws hinder interoperability between health IT systems and devices,” he said. “The sheer number of federal agencies and often conflicting rules one must navigate to invest in this space chills investment and entrepreneurship. And right now, a fragmented and bureaucratic system places the patient at the fringe of the process rather than at the center. ... Health IT is an exciting and innovative field, but to get this right, we must collaborate. We must destroy silos.”
An industry witness urged a “harmonized approach” among state and federal regulations, laws and standards, and private sector initiatives. “There’s a lot of activity under way around collaboration in the industry, but it’s one we think needs to be supported broadly,” said Neil de Crescenzo, an executive committee member of the Healthcare Leadership Council, a coalition of CEOs in the healthcare industry.
Legislation should strengthen the FTC’s data security authority and require data breach notifications to consumers when appropriate, said Consumer Protection Bureau Director Jessica Rich. It should allow the FTC to seek civil penalties and give the agency jurisdiction over nonprofit entities, she said.
Rich said the FTC already has jurisdiction over entities that make health IT products, even though many aren't covered by the Health Insurance Portability and Accountability Act. “The FTC is committed to protecting health information collected by these entities,” she said in prepared testimony. “The Commission has engaged in substantial efforts over the years to promote data security and privacy in this area through civil law enforcement, policy initiatives, and business and consumer education.”
The National Partnership for Women & Families believes no legislation is needed to bring the benefits of health IT to more people, said Mark Savage, director-health IT policy and programs. Needed improvements include making health data easier for patients to access and understand, clarifying the privacy and security requirements for sharing health data, and bridging the digital divide in rural and underserved communities, as well as for people with disabilities or don’t speak English, he said. Rather than legislate, such changes can be made “through federal guidance or assistance that further spurs private sector innovation, by public-private collaboration and by industry advancements,” he said in prepared testimony.