Members of the American Health Information Management Association (AHIMA) called on Congress to better serve and protect the growing population of healthcare consumers who use technology – such as social media, wearables and mobile health (mHealth) apps – to manage their health. AHIMA members met with Congressional leaders in Washington, D.C. on this issue, among others relating to the need for HIPAA modernization, during the 2019 AHIMA Advocacy Summit.
These technologies, referred to by the Office of the National Coordinator (ONC) as “non-covered entities” (NCEs), are not covered by the Health Insurance Portability and Accountability Act’s (HIPAA) individual right of access laws, meaning that an individual often times has no right to request their sensitive health information from such technologies. Rather, in many cases, whether such health information may be shared with the individual is left up to the discretion of the application itself.
To ensure this growing patient group’s information is both accessible and protected, AHIMA recommends lawmakers develop or direct the U.S. Department of Health and Human Services (HHS) to define HIPAA NCEs in law, extending HIPAA’s individual right of access to these entities. This will ensure the same uniform data access policy for individuals using health technologies.
“As technology continues to shape healthcare, the number of patients using wearables, social media and mobile apps for health purposes has skyrocketed, but this shift in how patients record data shouldn’t affect their level of protection and access,” said AHIMA CEO Wylecia Wiggs Harris, PhD, CAE. “AHIMA’s members are pushing for a solution that balances access to information, patient protection and maximizing use of technology.”
During the Summit, AHIMA advocated for three additional key issues related to patient information and the need for a modernized version of HIPAA:
- Converging HIPAA with Health IT Certification: Inconsistencies in concepts and terminologies have hampered the ability of health information professionals to provide patients access to their health information. AHIMA pushed for lawmakers to revise the definition of the designated record set (DRS) that outlines this information and require health IT certification to provide the amended DRS to patients electronically while maintaining computability.
- Encouraging note sharing with patients in real-time: AHIMA promoted incentivizing the use of note sharing such as OpenNotes through Medicare and Medicaid payment programs, including the Merit-based Incentive Payment System (MIPS) Improvement Activity Performance Category.
- Advancing a nationwide patient matching strategy: AHIMA also continued advocating for a nationwide patient matching strategy by requesting Congress lift the current ban that restrains the U.S. Department of Health and Human Services (HHS) from working with the industry to evaluate solutions for seamless patient identification.
“The amount of data and technology in the industry should not have an effect on the overall priority of healthcare – the patient,” said Harris. “The more we can do to ensure standards and policies are in place for a data-centric healthcare community, the safer our patient population will be.”
AHIMA’s advocacy initiatives began Monday, March 25, with the 2019 AHIMA Advocacy Summit. AHIMA members reached out to legislators on Capitol Hill on Tuesday, March 26.
AHIMA’s issue briefs on modernizing HIPAA were developed in conjunction with the American Medical Informatics Association (AMIA). The two associations held a congressional briefing on December 5, 2018, on these issues.