Stark Bill Outlines Deadlines, Incentives For Health IT Implementation

September 2011 and January 2013 are the key dates for health IT adoption under a new bill introduced by Rep. Pete Stark, D-Calif. The 2011 deadline is for the completion of the first generation of standards, and 2013 is when early adopters would be eligible for financial incentives.

The bill, "The Health-e Information Technology Act of 2008," H.R. 6898, places HHS at the forefront of standards development. The language directs the agency to, "through a rulemaking process and after consideration of public comment, adopt the initial set of standards" recommended by the Office of the National Coordinator of Health Information Technology no later than Sept. 30, 2011.

H.R. 6898 defines those initial standards as including, at a minimum, technical standards for de-identifying health information and for immutable audit trails.

In a Sept. 15 release announcing introduction of the bill, Stark, who chairs the Ways and Means Health Subcommittee, explained why the government is placed at the forefront of standards development: "If we want a uniform, interoperable health care system in America, time has shown us that we can't depend on the private sector to do it on their own. This is the perfect role for government. We should work with stakeholders to develop the standards, ensure an affordable product is available and pay providers to adopt it."

While the government would be directed to take the lead, Stark's bill relies on participation from various public and private stakeholders. The bill calls for ONCHIT to develop its standards based in part on input from the heath IT advisory committee, identified in the bill as being made up of public and private members representing varying interests, including patient/consumer advocates, physicians, payers, privacy and security, IT vendors and purchasers and employers.

Incentives Follow eRx Model

Once the standards are set, Stark's proposal follows the incentives and penalties model that is now in place for the adoption of electronic prescribing under the Medicare Improvements for Patients and Providers Act of 2008, which is to provide an increase in Medicare payments to physicians for adopting and using a certified technology, as well as cutting back Medicare payments for failing to adopt.

However, unlike the e-prescribing incentives, physicians will receive a fixed dollar amount for adoption and use totaling up to $41,000, rather than a percentage increase in Medicare reimbursements.

Beginning in 2013, physicians demonstrating they have adopted a system will be eligible to receive $15,000. In 2014, the incentive payment drops to $12,000. For the next three years, the payments continue on a declining scale of $8,000, $4,000 and $2,000.

Penalties in the Stark bill for non-adoption begin in 2016 and, like the e-prescribing bill, are charged as a percentage of Medicare reimbursements, with physicians being assessed a 1 percent penalty in the first year. The penalty increases by a half percentage point annually in successive years until it reaches 3 percent.

H.R. 6898 also offers Medicare payment incentives and penalties for hospitals and grant programs designed to help providers, such as non-profit facilities, those in medically underserved areas or those with a small Medicare patient base, get involved in using health IT.

The "carrot and stick approach" is in line with recommendations offered by Congressional Budget Office Director Peter Orszag, who told House Ways and Means Committee members during a July 24 hearing that positive incentives mainly work for those already on the verge of adopting new technology (¹ (Also see "E-Prescribing Incentives Offer Model For Electronic Records – CBO’s Orszag" - Pink Sheet, 4 Aug, 2008.), p. 24).

The approach is different from incentives offered in a health IT bill, H.R. 6357, introduced by House Energy and Commerce Committee Chairman John Dingell, D-Mich., and Ranking Member Joe Barton, R-Texas, which provides incentives in the form of matching funds but no penalties for non-adoption.

Stark's incentives, though spread out over five years, could potentially cover the initial installation of a program and help defray ongoing costs in the early years. According to a fact sheet on the bill distributed by Stark's office, a health IT system can cost between $10,000 and $50,000 per doctor to install. The fact sheet sets annual ongoing costs at about 25 percent of the installation costs.

Privacy Penalties Strengthened

The Stark bill also increases the scope and reach of penalties for those who compromise the privacy of information passed through the health IT infrastructure.

For example, the bill expands the definition of business associates to those that could come in contact with health data, such as regional health information exchanges, that were not in existence when the Health Insurance Portability and Accountability Act was enacted in 1996. It also subjects those business associates to the same penalties as entities already covered by existing federal law and regulations.

In addition, the law sets clear boundaries on what types of uses and disclosures of health information are prohibited, such as the sale of health information and the unauthorized re-identification of de-identified data.

Patients also would receive more rights relating to the use of their health information, including being required to give their consent before identifiable data can be used in ways not necessary for treatment, payment or other health care operations.

For those found in violation of the privacy provisions, the bill provides HHS with improved enforcement capabilities by requiring a formal investigation of complaints and the imposition of civil monetary penalties for violations that rise to the level of willful neglect or other violations that are not corrected within 30 days.

The provision also increases the amount of monetary penalties and allows a percentage to accrue to the individual harmed and the HHS Office of Civil Rights using a formula that the Government Accountability Office will develop.

As part of securing information, HHS would be required to issue guidance annually on the technologies and methodologies that meet the standard of making information secure. If no guidance is released, protected health information is considered secure if it meets technology standards developed or endorsed by a standards organization that is accredited by the American National Standards Institute.

GAO: No Process On Addressing Privacy Issues

On the heels of the legislation, GAO issued a report calling for HHS to define the process that will ensure privacy issues related to the implementation of a health IT system are fully addressed.

The Sept. 17 report outlines a variety of initiatives HHS is undertaking to build out a health IT system. But from the government watchdog's perspective, more work needs to be done on how it will address privacy issues related to these efforts.

"It is important that the department and its Office of the National Coordinator define a process for ensuring that all stakeholders' contributions will be appropriately considered and that inputs to the privacy framework will be effectively assessed and prioritized to achieve comprehensive coverage for all privacy principles and challenges," GAO said.

A clearly defined process is important, particularly because certain initiatives only address very specific aspects of a health IT infrastructure and are not aimed at addressing comprehensive privacy and security requirements.

"For example, the certification and standards harmonization efforts primarily address the implementation of technical solutions for interoperable health IT and, therefore, are aimed at system-level security measures such as data encryption and password protections, while the recommendations submitted by HHS' advisory committees and state-level initiatives are primarily aimed at policy and legal issues," GAO reported.

"Without defined steps for thoroughly assessing the contributions of the activities, some principles and challenges may be addressed extensively, while others may receive inadequate attention, leading to gaps in the coverage of the principles and challenges."

- Gregory Twachtman ([email protected])