Background: Over the past several years, Congress and the Administration have focused on ways to improve the adoption of information technology as one way to foster reform within the health care system. Advocates of health IT and electronic health records believe that their widespread adoption and use by practitioners could improve the quality of care and reduce the incidence of preventable medical errors, which kill up to 100,000 individuals annually. Some individuals also assert that health IT could generate significant savings within the health care system, though estimates vary and may be based in part on the systems changes that accompany IT adoption.
Legislative Proposals: Although health IT legislation has been debated in previous Congresses, no proposal was enacted into law. As a result, several pieces of legislation have been introduced or re-introduced in the 110th Congress. In the House, the Energy and Commerce Committee approved on July 23, 2008 H.R. 6357, sponsored by Committee Chairman John Dingell (D-MI) and Ranking Member Joe Barton (R-TX). The bill would codify the Office of the National Coordinator of Health Information Technology (ONCHIT)—previously established by Executive Order in April 2004—within the Department of Health and Human Services, set guidelines for the federal government and relevant stakeholders to develop health IT standards, and authorize grants for adoption of health technology, including electronic health records. The bill also creates requirements for entities handling medical records to limit the circumstances under which records may be disclosed, and to notify patients in the event of an electronic data breach.
The Ways and Means Committee—which shares jurisdiction over Medicare with Energy and Commerce—is also expected to weigh in with legislative activity. Ways and Means Health Subcommittee Ranking Member Dave Camp (R-MI) has introduced health IT legislation, H.R. 6179. The bill would codify ONCHIT into statute, provide for a streamlined process for the promulgation of IT standards (including privacy standards), make permanent a regulatory exception promulgated by the Administration allowing hospitals to purchase IT software for physicians, and create new tax incentives for physicians to expense the cost necessary to implement a system of electronic health records.
In the Senate, the Health, Education, Labor, and Pensions Committee marked up S. 1693, sponsored by Chairman Ted Kennedy (D-MA), on June 27, 2007. The bill is broadly similar to H.R. 6357, and includes provisions codifying ONCHIT’s role, authorizing grants for health IT promotion, and incorporating stricter privacy standards. Press reports indicate that staff attempted to “hotline” the legislation before the August recess, but that objections from several offices precluded passage by unanimous consent.
Implications of Legislation: While most policy-makers agree on the desirability of additional IT adoption by health practitioners, clarifying the federal role in such activity has proved more problematic. As Congress considers potential legislative action to promote health IT, four key areas remain subject to controversy surrounding the federal government’s proper role. These include:
Funding: Several health IT bills—including both H.R. 6357 and S. 1693—authorize grants to promote interoperability among electronic health record systems and the adoption of health information technology. H.R. 6357 authorizes $575 million over five years for grants to physicians, states, or local health-related entities to promote the effective use of IT, and an additional $20 million over two years for clinical education grants. Similarly, S. 1693 authorizes $278 million over two years for grants to providers, states seeking to establish health IT loan programs, and the development of local or regional health IT plans, while including additional authorizations for clinical education grants and grants to promote telehealth services. Some conservatives may question the need to authorize this additional new spending, and agree with the Administration’s position that market forces, not direct subsidies, are the most effective way to stimulate the growth of electronic health records and related technology.
Another approach discussed to promote the adoption of health IT focuses on adjustments to Medicare reimbursement rates—payment increases for adopters and/or payment reductions for non-adopters. Such an approach was included in e-prescribing provisions attached to the latest Medicare physician payment legislation (P.L. 110-275). Some conservatives may have both a specific and a general concern with this approach: first that any reimbursement adjustments be implemented in a budget-neutral manner, and second that any linkage between physician payment levels and health IT adoption could be perceived as a further attempt by the federal government to micro-manage the practice of medicine for physicians nationwide.
A third approach would utilize tax incentives—in the form of accelerated depreciation or increased deductions for the purchase of equipment related to electronic health records—as a means to spur greater health IT adoption. While some conservatives may believe that tax expenditures constitute a more effective means of encouraging adoption of electronic health records than the direct government spending in the two examples above, others may question the necessity of federal involvement to promote health technology when other industries have adopted technological innovations much more quickly.
Some conservatives may believe that this central question—Why did it take only a few years to develop nationwide ATM networks, but decades to spur health IT adoption?—speaks to one of the fundamental drawbacks of the current health system: the distortionary effects of third-party payment. While patients may be willing to pay for the benefits associated with an electronic health record, or the convenience of an e-mail consultation with a physician, many private insurance companies’ reimbursement and coverage decisions continue to follow the example of a Medicare program frequently slow to respond to changes in medical care. Therefore, some conservatives may support initiatives like Health Savings Accounts as one way to minimize the effects of third-party payment and better align patient and physician incentives, improving the quality of care and thereby reducing the growth in costs.
Privacy: Under current law, electronic health records, along with other paper-based health information, are regulated by standards promulgated pursuant to the Health Insurance Portability and Accountability Act (HIPAA, P.L. 104-191). The law subjects “covered entities”—health plans, health clearinghouses, and providers who transmit any health information in electronic form—to a series of standards issued by the Department of Health and Human Services, commonly called the HIPAA Privacy Rule. In general, the Privacy Rule requires covered entities to obtain consent for the disclosure of protected health information—defined as health information that identifies the individual, or can reasonably be expected to identify the individual—except when related to “treatment, payment, or health care operations.” The regulations include several exceptions to the pre-disclosure consent requirement, including public health surveillance, activities related to law enforcement, scientific research, and serious threats to health and safety.
In addition, current HIPAA regulations include a separate Security Rule, requiring covered entities and their business associates to safeguard protected health information held electronically. The rule includes administrative, physical, and technical safeguards that covered entities must follow, and permits entities to contract with business associates to implement the regulatory requirements. Covered entities are not in compliance with the HIPAA Security Rule only if they become aware of “a pattern of an activity or practice” by the business associate in breach of its contract and the HIPAA security standards, yet fail to take remedial action.
While supporting the desirability of personal medical information remaining private, some conservatives may also believe that privacy standards should not be implemented in a way that impedes the functioning of the health care system. For instance, restrictions on “marketing” could be construed in such a way as to preclude pharmacists from e-mailing patient reminders to refill prescriptions, or consider cheaper generic drugs—both of which could be seen as unfortunate outcomes. Similarly, requiring patient consent to utilize electronic health information for auditing purposes could be an invitation for patients to commit fraud, thereby encouraging criminal activity that raises costs for all individuals.
To the extent that Congress decides to incorporate a breach notification regime into health IT legislation, some conservatives may support setting clear standards for when notification is required, and safe harbor provisions for entities that act promptly to remedy any breaches that may occur. Some conservatives may also support federal pre-emption with respect to breach notification provisions, so that covered entities will not be subjected to a patchwork of conflicting state laws. In that same vein, some conservatives may be concerned by the implications of any attempt to introduce or expand a private right of action for individuals affected by security breaches that could serve as a breeding ground for costly litigation.
Physician Self-Referral: One of the perceived impediments to wider health IT implementation lay in existing laws regarding physician self-referral. In general, the so-called Stark law prohibits physicians who receive Medicare payments from referring their patients to entities with whom the physician has a financial relationship. While the statute contains a number of exceptions to the general prohibition, no portion of existing law would provide a safe harbor for a hospital or health system to donate health IT equipment to physician offices.
In response, the Centers for Medicare and Medicaid Services (CMS) in August 2006 published final regulations under which the Administration used its authority to create a “safe harbor” with respect to the Stark self-referral laws and health IT promotion; the same day, the Inspector General at the Department of Health and Human Services created a similar safe harbor with respect to the federal anti-kickback statute. Although the exception was intended to encourage the adoption of health IT by physicians and other providers without facing possible adverse legal actions, the regulations contain several potential drawbacks: the exception covers health IT software, but not hardware; requires a 15% payment by physician recipients; and, perhaps most importantly, expires in December 2013.
Some conservatives may support actions that expand the health IT exception created by the Administration to address its limitations and protect physicians from unnecessary regulations and/or legal action by CMS. The self-referral exception created for electronic prescribing as mandated by Congress in the Medicare Modernization Act (P.L. 108-173) covered electronic hardware, providing little reason to qualify the exception with respect to electronic health records. The required 15% payment by physician recipients appears contradictory to the exception’s purpose; a gift is either inappropriate or it isn’t—the size of any payment by a physician to the donor bears little semblance to the inherent nature of the relationship. Finally, some conservatives may believe that eliminating the sunset date would provide important regulatory certainty for both physicians and the health IT community, rather than relying upon a future Administration and future Congresses to determine whether and how the self-referral exception should be extended.
Liability: Unstated in most discussions about health information technology legislation is the impact which widespread health IT adoption may have on the current medical liability system. Nevertheless, it may be reasonable to believe that the clarity afforded by electronic health records may have a measurable impact on tort claims—improved coordination of care may eliminate some medical errors before they occur, while the distinctions between frivolous and meritorious claims may become more clear.
Given this dynamic, some conservatives may support provisions in health IT legislation which create safe harbors for providers following accepted standards of care, as one potential way to minimize any increased costs associated with defensive medicine practices. Additionally, some conservatives may view a health IT bill as a logical vehicle to attach liability reform provisions that reduce the number of frivolous lawsuits, allow for fair and reasonable compensation for individuals with legitimate claims, and encourage providers to utilize adverse events to improve the quality of future care.
Conclusion: While health IT holds significant progress in terms of its ability to improve the quality of care and its potential to slow the growth in costs, its promise may rise or fall on the regime under which new technology is adopted. If improperly implemented, costly new health IT mandates could spark senior physicians to take early retirement, depriving patients of well-trained and trusted providers. Similarly, proposals that impose regulatory burdens that balkanize care in the name of privacy, while encouraging lawsuits against physicians and/or software providers, may well only inhibit the adoption of effective health IT and increase, rather than reduce, the growth of health costs.
Recognizing that the devil does indeed lie in the details, some conservatives may be cautious about assessing the implications of the final legislative product before supporting a health IT bill. Specifically, while many conservatives may support legislation that reduces unnecessary regulations and avoids imposing new onerous burdens, bills that include significant increases in federal regulations and/or government spending may warrant stricter scrutiny. Consistent with a belief that smaller government will allow private enterprise to thrive, conservatives may believe that a minimalist approach to health IT provides the best opportunity to allow the health system to create the innovative approaches to care that can slow the growth of costs.
 Institute of Medicine, To Err Is Human: Building a Safer Health System, summary available online at http://www.iom.edu/Object.File/Master/4/117/ToErr-8pager.pdf (accessed March 1, 2008).
 The definition of covered entity can be found at 42 U.S.C. 1320d-1(a); the HIPAA Privacy Rule can be found at 45 C.F.R. 160 and 164.
 Definitions of protected health information and individually identifiable health information can be found at 45 C.F.R. 160.103; permitted use for “treatment, payment, or health care operations” can be found at 45 C.F.R. 164.506.
 The full list can be found at 45 C.F.R. 164.512.
 The safeguards are found at 45 C.F.R. 164.308, 164.310, and 164.312, respectively.
 Language can be found at 45 C.F.R. 164.314(a)(1)(ii).
 The Stark law can be found at 42 U.S.C. 1395nn.
 The regulations can be found at http://www.cms.hhs.gov/PhysicianSelfReferral/Downloads/CMS-1303-F.pdf and http://oig.hhs.gov/authorities/docs/06/OIG%20E-Prescribing%20Final%20Rule%20080806.pdf, respectively (accessed August 25, 2008).