eHI's Policy Workgroup met to discuss the Notice of Proposed Rulemaking (NPRM) proposed changes from the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services. The intent of the changes is to support individuals’ engagement in their care, remove barriers to coordinated care, and reduce regulatory burdens on the health care industry.
It is nearly impossible to read or listen to the news these days without seeing or hearing something about “vaccine passports.” Do we need them? Do we want them? Are they happening regardless, and if so, where and when?
As the conversation swirls around the utility and benefit of a simple, fast way to see if individuals – students, customers, employees – have been vaccinated against COVID-19, the legal and ethical implications of any such system have turned the whole issue into, as the New York Times said this week, a “cultural flashpoint.”
A vaccine passport is a standardized credential that would allow people to prove that they have been vaccinated against COVID-19. They have been oft-discussed in relation to travel, and airlines such as Jet Blue and United have already implemented them on select flights through an application called Common Pass. Universities including Northeastern, Brown, Cornell, and Rutgers have all said in recent weeks that they will require proof of vaccination in order to allow students to return to campus in the fall. And New York has rolled out the “Excelsior Pass,” described by the state as “a free, fast and secure way to present digital proof of Covid-19 vaccination” in the event that large venues such as sports arenas or concert halls require proof of an entrant’s vaccination status.
Whether or not such a requirement is legal depends on whether or not the entity implementing it is public or private – in some senses, this can be seen as akin to a “no shirt, no shoes, no service” edict by local businesses. Regardless of its legality, however, there are significant and legitimate concerns that the credential, or lack thereof, could be used against people unfairly, or in a manner that promotes or results in discrimination or bias.
After the governor of Texas used his executive power Tuesday to ban the state and organizations that receive funding from the state from requiring vaccine passports, over concerns that they intrude on “personal freedoms,” White House Press Secretary Jen Psaki made clear that the federal government “is not now, nor will we be, supporting a system that requires Americans to carry a credential…There will be no federal vaccinations database and no federal mandate requiring everyone to obtain a single vaccination credential.” Citing concerns related to equity, the World Health Organization also said on Tuesday that it currently does not support mandatory proof of vaccination for international travel.
Regardless, Walmart, which is the country’s largest private employer, has already begun offering electronic applications verifying the vaccination status of patients who receive their vaccines at Walmart, and there are at least 17 different vaccine passport development initiatives currently underway, according to the Washington Post, for use by businesses who want to restrict admission to those who have been vaccinated.
Is your head hurting yet?? In an effort to help increase understanding of the current landscape and the legal, privacy, and ethical issues at play, eHI is hosting a webinar on April 27 at 2:00 EDT. Join us to have all your questions answered (we hope!) – register and submit your questions below.
With a new session of Congress and new administration, there is a lot of health policy news to keep track of this year! This is why eHI holds monthly policy briefings for members on the third Tuesday of each month to learn from policymakers, staff, and health policy experts and discuss timely issues and their impact on health IT and digital health.
In this briefing, Dr. Jorge Rodriguez and Dr. David Bates, both with Brigham and Women's Hospital, joined eHI for a 30-minute discussion on key policies that they believe should be in place to ensure equitable access to care as the utilization of digital health tools increases.
As we enter our third month of 2021 and the new Administration and Congress, new national, comprehensive data privacy legislation is still not guaranteed any time soon. In the absence of such a law, consumer health data remains governed by HIPAA, several other narrowly applicable federal laws, and a patchwork of state laws and regulations, leading to concern about how under-protected health data is collected, used, and shared. The exponential proliferation of mobile health applications, wearable devices, remote monitoring and online health-related communication in recent years has accelerated the need for prompt federal and industry action. Additionally, the COVID-19 pandemic has shone a spotlight on the collection and sharing of data and the legal landscape that does – or does not – protect it.
In this featured panel from eHI’s Annual Meeting in January, eHI Vice President and Senior Counsel Alice Leiter joined Jodie Daniel of Crowell & Moring, Laura Hoffman of the AMA, and Liz Salmi of OpenNotes and Beth Israel Deaconess Medical Center to discuss the challenging balance of shoring up legal protections for the increasing amount of non-HIPAA-covered health data, establishing consumer trust in new technologies, and encouraging innovation in health and health care.
Nearly one year ago, the Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Medicare & Medicaid Services (CMS) released final regulations to implement information blocking provisions of the 21st Century Cures Act.
This year, all eyes turn to compliance with the regulations, which could be especially complicated for health information exchanges (HIEs) given how they operate in the health care system and their contractual arrangements with providers. In this webinar, hear from experts and HIEs directly about the impact of regulation on HIEs, and the implementation challenges they’re facing as they prepare for the upcoming compliance deadlines.
Co-Founder & Chief Regulatory Officer
Deven McGraw is the Chief Regulatory Officer for Ciitizen. Prior to joining Ciitizen, she directed U.S. health privacy and security policy through her roles as Deputy Director for Health Information Privacy at the HHS Office for Civil Rights (the office that oversees HIPAA policy and enforcement) and Chief Privacy Officer (Acting) of the Office of the National Coordinator for Health IT. Deven also advised PCORNet (the Patient Centered Outcomes Research Network), as well as the federal All of Us Research Initiative, on HIPAA and patient-donated data research initiatives.
Melissa Kotrys, MPH
Chief Executive Officer
Melissa Kotrys is the Chief Executive Officer (CEO) for Health Current, the health information exchange (HIE) that helps partners transform care by bringing together communities and information across Arizona. Through her vision and leadership, the Arizona HIE is recognized as a model for aligning the healthcare community with the possibilities of connected electronic health information to advance individual and community health and wellbeing.
Melissa is recognized as a collaborative partner of hospitals and health systems, health plans, healthcare providers, healthcare associations and other healthcare sectors in Arizona. She currently serves as the Board Chair of the Strategic Health Information Exchange Collaborative (SHIEC), the national association of HIEs. She also serves as a member of the Healthcare Information and Management Systems Society (HIMSS) Americas Advisory Board, the Employers Council Board of Directors, the State Medicaid Advisory Committee, and the Crisis Response Network’s Advisory Council.
Prior to joining Health Current, Melissa worked as a consultant and health policy analyst at Deloitte Consulting. She holds a Master of Public Health in health policy from The George Washington University and a Bachelor of Arts from The University of North Carolina at Chapel Hill.
General Counsel, Privacy and Compliance Officer
Amy Warner is the Chief Counsel, Privacy and Compliance Officer at Rochester RHIO. Prior to that, she was an Attorney and Manager at Sedgewick. She served as the Assistant State’s Attorney in Broward County, Florida, and Deputy County Attorney in Monroe County.
She led the EHNAC Accreditation Initiative for the Rochester RHIO in 2014, 2016 and 2018. Obtained national accreditation by the Electronic Healthcare Network Accreditation Commission.
She has been the recipient of the Rochester Business Journal Corporate Counsel Award in 2020, the Rochester Business Journal Healthcare Achievement Award 2013 and the Eastridge High School Hall of Fame Award. She volunteers on the board of Verona St Animal Society and the board of the Children’s Institute. She co-chairs the Legal Workgroup of the Systems Integration Project, NYS Privacy and Security Policy Committee, and chairs both the SHIN-NY Qualified Entity Privilege Committee and the Rochester RHIO Cross Sector Data Sharing Committee.
Amy has a Bachelor’s in Business Administration from UNC, an MBA from St John Fisher’s University, and a JD from NOVA Southeastern University.
Adrienne Ellis brings substantial health policy and financing expertise to Burton Policy Consulting. In her previous work at the Mental Health Association of Maryland and the National Council for Community Behavioral Health, Adrienne advanced public policy at the state and federal level to ensure that individuals with mental illness or substance use disorders have access to quality and timely treatment. In these roles, Adrienne worked with Maryland’s implementation of the Affordable Care Act. She has trained behavioral health consumers and providers to understand insurance regulations and worked with behavioral health stakeholders and consumer organizations to improve their organizational policies.
Adrienne has extensive experience in coalition building, training, and facilitation. As a consultant, Adrienne focuses on helping organizations understand the impact of their policies and evaluate their effectiveness in achieving goals. Currently, Adrienne serves as an advisor to CRISP, assisting them to improve health outcomes for behavioral health patients by increasing provider access to clinical mental health and substance use disorder information.
Adrienne has a Master of Social Work from the University of Maryland, Baltimore and is a graduate of Northern Michigan University.
Vice President and Senior Counsel
Alice is a health regulatory lawyer with a specialty in health information privacy law and policy. She previously worked as a Senior Associate at the law firm Hogan Lovells, where she worked with clients on Medicare and Medicaid pricing and reimbursement. Alice spent several years as policy counsel at two different non-profit organizations, the National Partnership for Women & Families and the Center for Democracy & Technology. She currently sits on the DC HIE Policy Board, as well as the boards of Beauvoir School, Educare DC, and DC Greens, the latter of which she chairs. She received her B.A. in human biology from Stanford University and her J.D. from the Georgetown University Law Center. Alice and her husband, Michael, live in Washington, D.C. with their four children.
This webinar is sponsored by
The Center for Democracy & Technology (CDT) and the eHealth Initiative & Foundation (eHI), with generous support from the Robert Wood Johnson Foundation have released a proposed Consumer Privacy Framework for Health Data. The Framework responds to increasing concerns about the use of underprotected health data in the absence of federal privacy legislation, an issue magnified by the COVID-19 pandemic.
“Much of the information consumers provide through health, retail, genomics, GPS apps and online is not protected. While federal regulation is urgently needed, the Framework and proposed self-regulatory body are a solid first step to holding companies accountable,” says eHI CEO Jen Covich Bordenick.
CDT President & CEO Alexandra Reeve Givens says, “Frequently, consumers are surprised to find out how their data is used. Our proposal aims to limit use of data about physical and mental health to ways that meet consumer expectations and help organizations stay ahead of the regulatory curve.”
The proposed Framework sets much-needed standards around the collection, disclosure, and use of health data that falls outside the protection of the Health Insurance Portability and Accountability Act (HIPAA), and aims to limit these practices to purposes consistent with consumer requests and expectations. It also proposes an independent self-regulatory body to hold member companies accountable to those standards.
Katherine Hempstead, senior policy adviser at RWJF, which provided funding for the study, said “Given the lack of federal legislation, the Framework is an important building block toward strengthening consumer privacy.”
The Framework covers a wide range of information used to make inferences or conclusions about a person’s physical or mental health and applies to a spectrum of non-HIPAA-covered entities that collect, disclose, or use consumer health information.
The Framework builds on an earlier draft proposal and is the culmination of a year-long collaborative process that involved dozens of organizations and experts, including clinicians, consumer groups, employers, health plans, hospitals, laboratories, privacy experts, pharmacies, public health agencies, policymakers, and the general public.
“Moving forward, CDT and eHI intend to continue developing the Framework with a particular focus on ensuring that company practices adequately address the unique and often discriminatory uses of health-related information affecting historically marginalized communities and vulnerable populations,” says Givens.
“This is especially urgent given how the pandemic is shining a spotlight on health disparities and discriminatory uses of health-related information,” adds Bordenick.
eHealth Initiative & Foundation (eHI) released a report in partnership with the Health Care business of LexisNexis Risk Solutions entitled Assessing eHI’s Guiding Principles for Ethical Use of SDOH Data During COVID-19: Examples from the Field. The report describes the ways in which stakeholders collect and utilize social determinants of health (SDOH) data to create targeted interventions for vulnerable populations.
In 2019, eHI released the Guiding Principles for Ethical Use of Social Determinants of Health Data, which proposed recommendations for the ethical use of SDOH data by healthcare organizations. Today’s report delivers findings from a panel of experts convened from government, health care providers, and community-based organizations, who each presented examples of how the five guiding principles were applied during the COVID-19 pandemic.
The five guiding principles involve how to ethically:
- Employ SDOH in care coordination
- Recognize risk through analytics
- Map resources and identify gaps
- Assess impact
- Customize interventions and allow individuals to determine the best fit
The report emphasizes the importance of applying the Guiding Principles in ways that are transparent, respectful, and effective. “So many factors can impact a person’s health, factors that go beyond just a clinical diagnosis. We have an obligation to our communities to effectively and ethically apply SDOH analytics to identify those who need additional care services that can dramatically improve their health,” said Josh Schoeller, CEO at the Health Care business of LexisNexis Risk Solutions.
“As we continue to face this unprecedented health challenge, the ethical use of SDOH data improves healthcare and community organizations’ ability to provide the right interventions," said Jen Covich Bordenick, CEO of eHI. “We were pleased to join with LexisNexis Risk Solutions to highlight how organizations have stepped up to meet the needs of communities who are most impacted by the ongoing COVID-19 pandemic. We hope this report provides insights on how to provide whole-person healthcare.
In December of 2016, the 21st Century Cures Act was signed into law, and in March 2020, the Office of the National Coordinator for Health Information Technology (ONC) released its 21st Century Cures Final Rule (“Final Rule”) in order to implement key provisions of the law. This Final Rule was set to go into effect on June 30, 2020. However, due to the coronavirus pandemic (COVID-19), the health care industry shifted focus and resources to caring for patients impacted by the virus.
Although ONC previously announced a delay of many compliance deadlines to November 2, 2020, many of the key actors did not feel ready or prepared to comply due to COVID-19. The purpose of this Interim Final Rule (IFC) letter is to outline the newly delayed compliance dates. This will allow actors to continue focusing primarily on combating COVID-19, without the added pressure of meeting strict compliance rules. The flexibility of these dates aims to strike a balance between relieving pressure on actors and care providers, while also working to establish greater interoperability to enhance patient care in a timely manner.
Download the full summary below.
eHealth Initiative Releases Survey on ONC and CMS Final Rules
Survey Provides Insights on Industry Readiness to Comply with Regulations