Healthcare Information Security

Patient Privacy News

Will Revised HIPAA Rules Encourage Greater Health Data Exchange?

A research fellow claims altering current HITECH and HIPAA rules, allowing fees to be charged with health data exchange, will foster interoperability.

health data exchange aided with fees

Source: Thinkstock

By Elizabeth Snell

- Updating HITECH and the HIPAA Rules by having providers and EHR vendors charge fees for health data exchange would help promote interoperability, according to Brookings Institution Non-Resident Fellow Niam Yaraghi.

The current regulatory framework surrounding health information exchange is designed to fail, wrote Yaraghi, who is also an assistant professor of operations and information management at University of Connecticut’s School of Business.

More than $35 billion has already been spent on the meaningful use program to subsidize EHR adoption, Yaraghi said in a Health Affairs blog post.

“A part of this budget was allocated to the establishment of health information exchange platforms that were to connect these different EHR systems and allow the transmission of data among them,” he explained. “Yet, almost a decade after spending that budget, health information is rarely exchanged between providers, despite the fact that almost all of them now use an EHR system.”

Yaraghi added that the lack of interoperability is also due to the very same regulations that were designed to foster data exchange. Opting for stricter enforcement actions is not the answer when the majority of organizations are already adhering to the current regulations.

READ MORE: Data Security Considerations in Healthcare Interoperability

Citing the eClinicalWorks incident, Yaraghi said that while it was a significant development, eClinicalWorks was not a major EHR vendor. It is not fair to generalize its practices with other players in the space.

“Congress is also demanding that the Centers for Medicare and Medicaid Services attempt to recover $729 million of meaningful use funds that providers received by fraudulently attesting to have met program requirements,” he wrote. “Again, note that the $729 million of misappropriated funds amount to only 2 percent of the total meaningful use incentives.”

“If more than 90 percent of the EHR market is compliant with meaningful use certification guidelines and 98 percent of the meaningful use funds are correctly allocated to providers that follow the meaningful use requirements, it is not reasonable to blame only uncooperative EHR vendors and dishonest providers for the system’s broad failure to effectively exchange information,” Yaraghi continued.

HIPAA rules state that free EHR data transmission is a right, but it does not actually do anything to overcome information exchange obstacles. There is now no incentive for entrepreneurs to invest in the EHR data transmission space because data transmission fees have been banned, the blog post stated.

“If it was legal to directly charge a data exchange fee, other innovators would compete to provide exchange services at a lower cost and higher quality,” Yaraghi argued.

READ MORE: ONC, OCR Fact Sheet Discusses HIPAA Health Data Exchange

The banking industry is one sector that has been successful in charging transmission fees, for example, Yaraghi pointed out. Individuals do not have the right to access their data free of charge, but there are still secure and user-friendly systems where they can access their information and transfer funds.

“The online banking system and seamless exchange of financial data became possible only because there were no rules prohibiting banks from charging fees for providing such services,” he maintained. “Naturally, as soon as banks realized the benefits of online banking and exchange of financial data, they came together and created a system that is the envy of the health care system.” 

Congress needs to adopt a similar approach, Yaraghi concluded, and change HIPAA and HITECH so fees can be applied to health data exchange.

“This would unleash the long-awaited incentives for information exchange in the health care industry and open the floodgates of medical data to allow patients to access, manage, and transmit their medical data as easily as their financial data,” he said.

This is not a new argument in healthcare, and other stakeholders have pushed for a similar approach to what Yaraghi suggested.

READ MORE: Focusing on Patient Data Privacy in Health Data Exchange

The EHR Association (EHRA) said in a blog post earlier this week that pushing for penalizations to EHR developers and providers was not the way to approach health data sharing.

“Certainly, not all (or even most) HIPAA misinterpretations by providers can or should be considered information-blocking based on government descriptions,” EHRA wrote. “The task we should all focus on is education on what HIPAA permits and requires, not punishing providers who make mistakes or simply live in the real world of complex interoperability and HIPAA implementation decisions.”

It is also unlikely that an EHR vendor would not allow data to be exchanged simply because that organization was not a customer. Ideally, standards-based tools are being utilized and the data requirements needed for the provider to submit data are identified.

“Of course, if the registry employs a non-standard information exchange approach or requires data elements not captured in the provider’s clinical workflow, which is not uncommon, there reasonably may be fees for creation of any needed interface or other customization necessary to collect the additional data, in addition to any normal fees for integration with the registry, depending on the particular EHR’s architecture and business model,” EHRA said, noting that such an approach is not considered information blocking. 


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...