Athenahealth is asking federal regulators to create a fraud exemption that would allow doctors to pay “fair market value” for patient data, creating a business case for interoperability.
Such an approach would establish “a true functioning market for the exchange of health information,” Greg Carey, director of government and regulatory affairs at Athenahealth, wrote in a letter (PDF) to Inspector General Daniel Levinson. Carey said the payments would be "nominal."
Responding to a request for information issued by the HHS Office of Inspector General in August seeking suggestions on how to reform the Anti-Kickback Statute and Stark Law, Carey argued that outdated fraud laws didn’t account for the value of data exchange. While other industries like finance pay for data, healthcare companies like Athenahealth are forced to shoulder the costs of secure, efficient data transfer that supports value-based care.
“It is our experience that information exchange occurs best when there is a business case and problem to solve,” Carey wrote. “We believe that new safe harbors to Stark and Anti-Kickback statute to allow for the fair market value payment for the exchange of health data will spur interoperability forward and allow the market to further realize the benefits of health IT on lowering costs and improving patient outcomes.”
Meanwhile, Cerner called on (PDF) OIG to broaden carve-outs for providers to donate EHRs and related healthcare technology that address population health management and care coordination. The company recommended that the OIG add explicit provisions to the EHR Safe Harbor to allow any risk-bearing entity in an advanced alternative payment model to donate EHRs to post-acute care providers, nursing facilities, long-term care hospitals and rehabilitation facilities.
Cybersecurity carve-out needed
Similarly, two IT groups advocated for an Anti-Kickback carve-out that would allow health systems to share cybersecurity tools with smaller providers.
Rather than modifying the existing EHR safe harbor, the College of Healthcare Information Management Executives requested (PDF) a separate exemption that would include program development, software and hardware, expertise in the wake of a cyberattack and staff time.
Cybersecurity experts have frequently pointed to this exemption as a way to get resources to smaller providers prone to attacks.
The Healthcare Sector Coordinating Council (HSCC) also threw its support behind a cybersecurity safe harbor, noting that a stronger cybersecurity posture across the industry would help facilitate the shift from volume to value by facilitating protected data exchange.
“The security of the healthcare system is only as strong as its weakest link, so it would benefit the entire healthcare industry to support the provision of cybersecurity resources outside of large health systems,” wrote (PDF) Greg Garcia, executive director for cybersecurity at HSCC. “Doing so would help to protect a community’s larger systems, as well as the affiliated small and medium-sized practices.”