Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Harm reduction wikipedia , lookup
Public health genomics wikipedia , lookup
Health system wikipedia , lookup
Reproductive health wikipedia , lookup
Health equity wikipedia , lookup
Patient safety wikipedia , lookup
Rhetoric of health and medicine wikipedia , lookup
September 1, 2010 Department of Health and Human Services Office for Civil Rights Hubert H. Humphrey Building 200 Independence Ave. SW Room 500F Washington, DC 20201 Attention: HITECH Privacy and Security Rule Modifications www.regulations.gov RE: RIN 0991–AB57 Dear Office for Civil Rights; The National Council for Prescription Drug Programs (NCPDP) submits the following comments regarding the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) notice of proposed rule making on the modifications to the Standards for Privacy of Individually Identifiable Health Information (Privacy Rule), the Security Standards for the Protection of Electronic Protected Health Information (Security Rule), and the rules pertaining to Compliance and Investigations, Imposition of Civil Money Penalties, and Procedures for Hearings (Enforcement Rule) issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). NCPDP is a not-for-profit ANSI-accredited Standards Development Organization consisting of more than 1,550 members who represent drug manufacturers, chain and independent pharmacies, drug wholesalers, insurers, mail order prescription drug companies, claims processors, pharmacy benefit managers, physician services organizations, prescription drug providers, software vendors, telecommunication vendors, service organizations, government agencies and other parties interested in electronic standardization within the pharmacy services sector of the health care industry. For over 30 years NCPDP has been committed to furthering the electronic exchange of information between healthcare stakeholders. NCPDP Telecommunication Standard is the standard used for eligibility, claims processing, reporting, and other functions in the pharmacy services industry as named in HIPAA. The NCPDP SCRIPT Standard and the Formulary and Benefit Standard are the standards in use in electronic prescribing as named in Medicare Modernization Act (MMA 42 CFR Part 423). II. General Issues, A. Effective and Compliance Dates (p 40871) We seek comments on any potential unintended consequences of establishing a 180-day compliance date as a regulatory default, with the noted exceptions NCPDP response: If changes to the standards used to support the exchange of information are needed to comply with these rules, 180 days is not a sufficient timeframe to make and implement those changes. Even if changes to the standards are not needed, modifications to systems and workflows will be required, which will necessitate training of impacted personnel and likely communication to Page: 1 NCPDP Comments on RIN 0991–AB57 Page 2 patients. Such changes, depending on the extent, may be difficult or infeasible in a 180-day timeframe. VI. Section-by-Section Description of the Proposed Amendments to the Privacy Rule, B. Section 164.501—Definitions, 2 (p 40885) We request comment on the scope of this exception, that is, whether communications about drugs that are related to the drug currently being prescribed, such as communications regarding generic alternatives or new formulations of the drug, should fall within the exception. NCPDP response: NCPDP agrees that the scope of this exception is appropriate because it is designed to allow covered entities to serve the best interests of the patient. VI. Section-by-Section Description of the Proposed Amendments to the Privacy Rule, J. Section 164.522(a)—Right To Request Restriction of Uses and Disclosures (p 40899) Due to the myriad of treatment interactions between covered entities and individuals, we recognize that this provision may be more difficult to implement in some circumstances than in others, and we request comment on the types of interactions between individuals and covered entities that would make requesting or implementing a restriction more difficult. We request comment on this issue, and we ask specifically for suggestions of methods through which a provider, using an automated electronic prescribing tool, could alert the pharmacy that the individual may wish to request that a restriction be placed on the disclosure of their information to the health plan and that the individual intends to pay out of pocket for the prescription. Additionally, we request comment on the obligation of covered health care providers that know of a restriction to inform other health care providers downstream of such restriction. We request comment on whether a restriction placed upon certain protected health information should apply to, and the feasibility of it continuing to attach to, such information as it moves downstream, or if the restriction should no longer apply until the individual visits the new provider for treatment or services, requests a restriction, and pays out of pocket for the treatment. In addition, we request comment on the extent to which technical capabilities exist that would facilitate notification among providers of restrictions on the disclosure of protected health information, how widely these technologies are currently utilized, and any limitations in the technology that would require additional manual or other procedures to provide notification of restrictions. We request comment on examples of types of disclosures that may fall under this provision. We request comment on the extent to which covered entities must make reasonable efforts to secure payment from the individual prior to submitting protected health information to the health plan for payment. We encourage covered entities to have an open dialogue with individuals to ensure that they are aware that protected health information may be disclosed to the health plan unless they request an additional restriction and pay out of pocket for the follow-up care. We request public comment on this issue. NCPDP response: The NCPDP SCRIPT Standard, which is used for ePrescribing, named in MMA and required by some states, does not currently support a structured, codified method for communicating an individual’s request to restrict the use or disclosure of their PHI in other than medication history requests. This could conceivably be handled in the version allowed now under MMA by indicating the request in a free-text field that is used for all notes from the prescriber to the pharmacist. There are risks inherent in using a non-codified, non-specific field to communicate a request about how to use or disclose PHI. As the healthcare industry moves towards more automated systems with increased interoperability, NCPDP would suggest that if there is functionality and/or exceptions to workflow that need to be supported by the systems, or automated; those requirements should be included in the certification program and in the standards used to exchange information. Until such time as this vision is achieved, it remains the responsibility of the patient to communicate to each and any provider their desire to restrict the use/disclosure of their PHI. It is critical that the patient knows and understands the risks of restricting the use/disclosure of their PHI. The prescriber is responsible for obtaining patient consent and indicating that they have consent when sending a request for a medication history. The medication history is a complete record of all medications that a pharmacy has dispensed to the patient, whether paid by the patient or a third-party. Therefore, if a patient has requested that their PHI not be used or disclosed, they will need to communicate this restriction to their prescriber or pharmacy so that the entity can refuse the request from the prescriber or pharmacy for the medication history. Page: 2 NCPDP Comments on RIN 0991–AB57 Page 3 It is important to note that when a patient’s PHI is not used or disclosed, certain benefits of ePrescribing and real-time Drug Use Review may not be realized. The prescriber will not be able to request their medication history nor perform a check of their formulary and benefits to perhaps identify more fiscally viable alternatives. There is also the inherent risk that if ordered and dispensed medications are not reported other providers may order or dispense contraindicated medications which could potentially lead to an adverse event for the patient. VI. Section-by-Section Description of the Proposed Amendments to the Privacy Rule, K. Section 164.524—Access of Individuals to Protected Health Information (p 40901) We also note that the proposed modification presumes that covered entities have the capability of providing an electronic copy of protected health information maintained in their designated record set(s) electronically through a secure Webbased portal, via e-mail, on portable electronic media, or other manner. We invite public comment on this presumption. We invite public comment on this aspect of our rulemaking, specifically with respect to what types of activities related to managing electronic access requests should be compensable aspects of labor. Finally, we are requesting comment on one aspect of the right to access and obtain a copy of protected health information which the HITECH Act did not amend. Based on the assumption that a single standard would be the preferred approach, we are interested in public comment on an appropriate, common timeliness standard for the provision of access by covered entities with electronic designated record sets generally. We would appreciate comment on aspects of existing systems that would create efficiencies in processing of requests for electronic information, as well as those aspects of electronic systems that would provide little change from the time required for processing a paper record. Alternatively, we request comment on whether the current standard could be altered for all systems, paper and electronic, such that all requests for access should be responded to without unreasonable delay and not later than 30 days. We are also interested in public comment on whether, contrary to our assumption, a variety of timeliness standards based on the type of electronic designated record set is the preferred approach and if so, how we should operationalize such an approach. Finally, we request comment on the time necessary for covered entities to review access requests and make necessary determinations, such as whether the granting of access would endanger the individual or other persons so as to better understand how the time needed for these reviews relates to the overall time needed to provide the individual with access. Further, we request comment generally on whether the provision which allows a covered entity an additional 30 days to provide access to the individual if the protected health information is maintained off-site should be eliminated altogether for both paper and electronic records, or at least for protected health information maintained or archived electronically because the physical location of electronic data storage is not relevant to its accessibility. NCPDP response: While a single standard for a designated record set may be assumed to be the preferred approach, one does not exist today. NCPDP recommends that OCR contact the Standards Development Organizations (SDO) for their assistance and expertise in the evaluation and development of an appropriate standard(s). NCPDP is willing to participate in this effort. Thank you for the opportunity to submit comments. For direct inquiries or questions related to this letter, please contact Patsy McElroy Manager, Standards Development NCPDP Direct: 900 Indigo Run Bulverde, TX 78163 P: (830) 438-8055 E: [email protected] Sincerely, Lee Ann C. Stember President National Council for Prescription Drug Programs (NCPDP) 9240 E. Raintree Drive Scottsdale, AZ 85260 (480) 477-1000 x 108 Page: 3 NCPDP Comments on RIN 0991–AB57 Page 4 [email protected] cc: NCPDP Board of Trustees Page: 4