Health IT glossary

CIO.com's health IT glossary provides definitions and information for many terms used in the complex field of healthcare-related information technology and management systems.

Comments

health it glossary - government regulations

Health IT glossary: Government healthcare regulations

Direct messaging. The Direct Project, a secure clinical messaging protocol based on standard Internet protocols, was devised in 2011 by a private/public consortium. Direct messaging allows providers to push messages with document attachments to other providers. Health information service providers (HISPs), most of them owned or contracted by EHR vendors, handle the transmission of these messages and make sure they get to the right providers at their Direct addresses. Under the 2014 EHR certification rules, vendors are required to include Direct capability in their products so that providers can exchange care summaries. Despite all of these efforts, only a small minority of providers used Direct messaging in the first half of 2015. But a recent survey shows that two-thirds of HIEs are using the protocol for enabling data exchange among their participants.

EHR certification. To qualify for meaningful use incentives, eligible providers must use certified EHRs that have been tested by government-approved certification bodies. The certification criteria have been devised so that users of these EHRs have all of the capabilities needed to show meaningful use. So, like the EHR incentive program, the certification program has grown more complicated and demanding over time. Because many EHR vendors had difficulty in rewriting their applications, CMS allowed providers to use EHRs certified under 2011 rules in 2014, but all of them had to use 2014-edition EHRs in 2015 to qualify for meaningful use. By 2018, everyone will have to use EHRs that have been certified to new standards that will enable them to meet the meaningful use stage 3 requirements.

Fast Healthcare Interoperability Resources (FHIR). FHIR is a new standards framework from Health Level Seven (HL7), the leading healthcare standards development organization. In conjunction with Restful APIs, the Oauth authorization standard, and a visualization layer called SMART, FHIR promises to facilitate interoperability, broaden EHR capabilities, and accelerate innovation in the use of mobile health apps. FHIR uses snippets of data known as resources to represent clinical entities within EHRs in a web services context. Non-proprietary APIs can be used to connect FHIR applications to any FHIR-enabled EHR without customized interfaces. A coalition of 40-plus EHR suppliers and other stakeholders is currently building out and testing FHIR. Eventually, experts say, FHIR should enable providers to exchange discrete data directly between EHRs, using cloud-based networks.

FDA mHealth regulations. The Food & Drug Administration (FDA) regulates mobile health apps as medical devices, but only if they fall into one of three categories. First, FDA approval is required to market an app that functions like a device that the FDA already regulates, such as an app that turns an iPhone into an electrocardiography (ECG) machine. Second, the FDA regulates apps that are accessories to a regulated device, such as a tablet app that displays x-rays from an FDA-approved PACS. Third, mobile medical apps that suggest diagnoses and provide treatment advice are regulated. Taken together, these regulated products form a very small portion of the estimated 63,000 mHealth apps on the market.

HIPAA. The acronym HIPAA refers to the federal Health Insurance Portability and Accountability Act of 1996. The original intent of the law was to help people keep health insurance when they switched or lost jobs. HIPAA also requires providers to protect the privacy and security of health information and to take steps to control administrative costs by simplifying electronic transactions. CMS has implemented a number of measures to standardize the electronic exchange of administrative data, including claims, eligibility, claims status, ERA, and EFT. But the most important part of HIPAA for healthcare providers and consumers have been the privacy and security provisions, which were strengthened by the same 2009 law that created the meaningful use program. Penalties for violations of these provisions were increased to up to $1.5 million per violation, depending on the circumstances. So healthcare providers – who already were very wary about violations of patient confidentiality – have stepped up their efforts to prevent data security breaches. As mentioned earlier, however, the number of breaches continues to grow.

ICD-10. Starting Oct. 1, 2015, healthcare providers will have to start using the International Classification of Diseases (ICD)-10 diagnostic code set in order to file claims with Medicare, Medicaid, and private payers. This is going to be a monumental shift for the industry, since the current ICD-9 code set has about a fifth as many codes as ICD-10 does. Physicians and billers are being trained to select the correct codes, and healthcare organizations are doing extensive internal and external testing. CMS recently struck an agreement with the American Medical Association (AMA) to allow claims to be paid for the first year if coders get the primary ICD-10 codes right. But many providers still fear that there will be a massive disruption of payments during the transitional period.

Interoperability. The meaningful use and EHR certification rules include a number of provisions related to interoperability, which refers to the ability of different health IT systems to communicate with one another. At one level, this can mean the exchange of secure messages with document attachments. But for the kind of data liquidity that analytics require, EHRs should be able to ingest data from other systems and sort it into the appropriate fields, with provider approval. Up to now, interoperability at either of these levels has been very limited. The government has been reluctant to prescribe standards to the private sector, and the healthcare industry's efforts to promote interoperability have run into complex business and technical barriers. However, some new approaches such as Direct messaging and FHIR are promising, and some of the leading EHR vendors and HIEs have banded together in various coalitions to pave the way for interoperability.

Meaningful use. The government EHR incentive program, which began in 2011, requires eligible hospitals and eligible professionals to show "meaningful use" of their EHRs to qualify for the government funds. The meaningful use criteria get more difficult during the three phases of the program. In stage 2, the current phase, eligible providers must use their EHR for prescription and lab orders, record vital signs, maintain diagnosis and medication lists, provide a portion of their patients with online visit summaries, have at least 5 percent of patients view, download or transmit their electronic records (this rule has been scaled back), exchange clinical summaries with other providers in a percentage of "transitions of care" (such as hospital discharges and referrals to specialists), use clinical decision support tools, incorporate lab results into their EHRs, report on clinical quality measures, and provide reminders to patients for preventive and follow-up care. To date, CMS has spent more than $30 billion on EHR incentives. Providers have received the bulk of their incentives and now face financial penalties for not showing meaningful use.

Medicare fraud and abuse audits. CMS contractors do random audits of physicians, hospitals and other providers to find out whether they are defrauding Medicare, usually by sending by charging more than they should or by charging for services they didn't perform. (Medicare sets fee schedules every year, but providers can "upcode" to a higher level of service than they actually provided.) EHRs encourate fraud in two ways: First, they make it easier to generate documentation that justifies higher-cost codes. Second, some providers have fraudulently attested to meaningful use. CMS has directed its auditors to pay more attention to EHR documentation and has begun random audits of providers who have attested to Meaningful Use.

Telehealth regulations. In recent years, audio and/or video "virtual visits" between consumers and physicians have spread across the country (see the mobile and telehealth section). The majority of states now require private health plans to cover these visits in the same way that they would pay for office visits. Some states also provide some telehealth coverage through their Medicaid programs. To date, Medicare has declined to cover most telehealth services except in rural areas. The agency typically requires the patient to be in an office with a primary care physician who is consulting a specialist remotely. In contrast, private insurers cover services provided remotely to patients wherever they are, on computers or smartphones.