Proposed ACO Rule Addresses Privacy

Accountable Care Organization Participants Would Share Data
Proposed ACO Rule Addresses Privacy
A proposed federal rule that would pave the way for formation of Accountable Care Organizations to coordinate care of chronically ill Medicare patients emphasizes the need to protect the privacy of information shared among ACO participants.

The rule establishing the Medicare Shared Savings Program, called for under federal healthcare reform, would enable hospitals, clinics, long-term care facilities and other providers in a region to form Accountable Care Organizations to improve care for the chronically ill and share in savings that may result. Participation in ACOs is voluntary. The Department of Health and Human Services is soliciting comments on the proposal.

The proposal stresses that ACOs must "comply with the limitations on the use and disclosure of individually identifiable health information that the HIPAA Privacy Rule places on HIPAA covered entities, as well as other applicable privacy and confidentiality requirements."

In describing the goal of ACOs, HHS Secretary Kathleen Sebelius said, "Accountable Care Organizations will improve coordination and communication among doctors and hospitals, improve the quality of the care the patients receive and help lower the costs." One way of achieving these goals, for example, is to improve access to primary care so patients avoid trips to the emergency room.

Health Information Exchange

The ACO approach to managing the quality and cost of care for the chronically ill would rely heavily on information sharing. Compliance with federal coordination of care requirements, according to the proposal, may require "the establishment and use of health information technology, including electronic health records and an electronic health information exchange, to enable the provision of a beneficiary's summary of care record during transitions of care both within and outside of the ACO." Compliance also may require the use of remote monitoring of patients, telehealth and predictive modeling, according to the proposal.

The proposed rule would require Medicare beneficiaries to opt out if they did not want their Medicare claims data shared among ACO participants. "We are particularly interested in comments on the kinds and frequency of data that would be useful to ACOs, potential privacy and security issues, and the implications for sharing protected health information with ACOs, and the use of beneficiary opt-out, as opposed to opt-in, to obtain beneficiary consent to the sharing of their information," the proposal states.

The proposal also would require that 50 percent of primary care providers in an ACO be meaningful users of electronic health records by year two of the program. The HITECH Act provides financial incentives to hospitals and physicians who are meaningful users of EHRs. To qualify for stage one of the incentives, EHR users must conduct a risk assessment and take action to mitigate any privacy risks identified. Additional security requirements are under consideration for stage two (See: Tiger Team Tackles EHR Requirements).

Fraud and Abuse, Antitrust Issues

In addition to the rule authorizing the ACO program, federal authorities this week issued a proposal for potential waivers of certain fraud and abuse rules for ACO participants. These include the physician self-referral law, the federal anti-kickback statute, and certain civil monetary penalty law provisions.

Also, the Federal Trade Commission and the Department of Justice issued a proposed policy statement regarding ACOs and antitrust issues. "The policy statement is intended to ensure that health care providers have the antitrust clarity and guidance needed to form pro-competitive ACOs that participate in both the Medicare and commercial markets," the proposal states. The statement describes the conditions under which ACOs could fall into antitrust "safety zones" or be eligible for expedited antitrust reviews.


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.