FDA mHealth regulations. The Food & Drug Administration (FDA) regulates mobile health apps as medical devices, but only if they fall into one of three categories. First, FDA approval is required to market an app that functions like a device that the FDA already regulates, such as an app that turns an iPhone into an electrocardiography (ECG) machine. Second, the FDA regulates apps that are accessories to a regulated device, such as a tablet app that displays x-rays from an FDA-approved PACS. Third, mobile medical apps that suggest diagnoses and provide treatment advice are regulated. Taken together, these regulated products form a very small portion of the estimated 63,000 mHealth apps on the market.
HIPAA. The acronym HIPAA refers to the federal Health Insurance Portability and Accountability Act of 1996. The original intent of the law was to help people keep health insurance when they switched or lost jobs. HIPAA also requires providers to protect the privacy and security of health information and to take steps to control administrative costs by simplifying electronic transactions. CMS has implemented a number of measures to standardize the electronic exchange of administrative data, including claims, eligibility, claims status, ERA, and EFT. But the most important part of HIPAA for healthcare providers and consumers have been the privacy and security provisions, which were strengthened by the same 2009 law that created the meaningful use program. Penalties for violations of these provisions were increased to up to $1.5 million per violation, depending on the circumstances. So healthcare providers – who already were very wary about violations of patient confidentiality – have stepped up their efforts to prevent data security breaches. As mentioned earlier, however, the number of breaches continues to grow.
ICD-10. Starting Oct. 1, 2015, healthcare providers will have to start using the International Classification of Diseases (ICD)-10 diagnostic code set in order to file claims with Medicare, Medicaid, and private payers. This is going to be a monumental shift for the industry, since the current ICD-9 code set has about a fifth as many codes as ICD-10 does. Physicians and billers are being trained to select the correct codes, and healthcare organizations are doing extensive internal and external testing. CMS recently struck an agreement with the American Medical Association (AMA) to allow claims to be paid for the first year if coders get the primary ICD-10 codes right. But many providers still fear that there will be a massive disruption of payments during the transitional period.
Interoperability. The meaningful use and EHR certification rules include a number of provisions related to interoperability, which refers to the ability of different health IT systems to communicate with one another. At one level, this can mean the exchange of secure messages with document attachments. But for the kind of data liquidity that analytics require, EHRs should be able to ingest data from other systems and sort it into the appropriate fields, with provider approval. Up to now, interoperability at either of these levels has been very limited. The government has been reluctant to prescribe standards to the private sector, and the healthcare industry's efforts to promote interoperability have run into complex business and technical barriers. However, some new approaches such as Direct messaging and FHIR are promising, and some of the leading EHR vendors and HIEs have banded together in various coalitions to pave the way for interoperability.
Sign up for CIO Asia eNewsletters.