Health IT laws may hold back development and fail to protect data

HCPRO Website, March 28, 2016

Healthcare IT laws need to be brought up to date to address new technologies and escalating new threats such as ransomware, legislators said at a federal hearing.

The U.S. House of Representatives’ subcommittees on Information Technology and Health Care, Benefits, and Administrative Rules held a joint hearing on the challenges and opportunities facing the advance of healthcare IT. Witnesses included Karen DeSalvo, MD, MPH, MSc, acting assistant secretary of HHS; Jessica Rich, director of the Bureau of Consumer Protection at the Federal Trade Commission; and Mark Savage, director of Health IT Policy and Programs at the National Partnership for Women and Families.

Rep. Will Hurd, R-Texas, began the hearing by discussing the potential benefits of health IT, such as consumer-facing wearable step-monitors and apps and improved telehealth, which can improve participation and understanding of care, reduce disease, and lower healthcare costs. However, the full benefits can’t be realized until health IT laws are modified to reflect current technology uses and vulnerabilities, he concluded. Hurd called for a drastic overhaul of existing laws to make way for development.

“Old and unclear privacy laws hinder interoperability between health IT systems and devices [and] the sheer number of federal agencies and conflicting rules one must navigate to invest in this space chills investment,” Hurd said.

Lawmakers and stakeholders must come together to reform outdated laws and develop new guidance that will encourage growth and security, Hurd continued. Improvements will only come through collaboration and a focus that puts patients at the center.

Rep. Matt Cartwright, D-Pa., drew attention to the advantages health IT promises to Americans living in rural communities with limited face-to-face access to specialists. However, Cartwright said that EHRs and other technology that doesn’t communicate between healthcare systems and software brands still leaves physicians and nurses without complete health records, potentially leading to errors and dangerous medical complications. Cooperation between government agencies and private industry can make health IT safer and available to all Americans, according to Cartwright.

“Laws should be there to protect the public,” Rep. Ted Lieu, D-Ca., said. “But done incorrectly they can hinder innovation.” HIPAA, HITECH, and the Affordable Care Act contain provisions to encourage universal, interoperable health records and protect patient privacy, Lieu notes, but they were developed before key developments such as the use of mobile devices and cloud computing. Lieu countered suggestions that government regulations be rolled back to make way for technological advances, saying that the government needs to adapt existing laws to allow growth while acting to protect new threats to health IT, such as ransomware.

“HITECH law has cybersecurity requirements and requires notification for data breaches, but the law says nothing about notification for data that is frozen or held hostage where it is stored,” Lieu said.

Scrutiny of health IT laws has grown this year. In a March 9 letter to HHS, members of Congress pointed out that, despite promises in 2014 to update HIPAA to keep pace with developments in technology and communication, HHS has done little to guide developers, leaving healthcare providers wary of incorporating new technology into their practices. In February, HHS released a document answering two questions about health apps and HIPAA, but that single document only highlights HHS’ overall lack of urgency or a detailed plan, the letter says.

Healthcare providers’ reluctance to integrate data from mobile devices, wearables, and apps may prevent them from collecting a complete picture of a patient’s health. A 2014 study published in Pharmacy and Therapeutics showed a link between access to mobile health apps and improved patient outcomes.

The Office of the National Coordinator of Health IT recently made moves to address shortcomings in health app development by launching an app developer contest with awards totaling $625,000. The contest aims to encourage the development of interoperable, secure, user-friendly apps that are able to aggregate data from a variety of sources.