Health Data Management looks at the year ahead and what it may portend for health information technology. From the legislative battle brewing in Congress over health IT to the growing epidemic of health data breaches to the troubled Meaningful Use program, 2015 is shaping up to be anything but dull.

With Republican control of both the House and Senate starting in January, some health IT legislation that has languished might get resurrected in 2015, and efforts to challenge the statutory authority of federal agencies to regulate HIT also may be renewed. For her part, Rep. Marsha Blackburn (R-Tenn.), vice chair of the House Energy and Commerce Committee, is promising that legislation to curb the Food and Drug Administration’s authority to regulate health IT will pass the Congress in early 2015.

Blackburn in October 2013 first introduced the Sensible Oversight for Technology which Advances Regulatory Efficiency (SOFTWARE) Act. Her bill would establish a risk-based regulatory framework for health IT divided into three broad categories of software—clinical, health and medical—with the two former software types not subject to regulation under the proposed legislation.

A companion bill, the PROTECT Act, was introduced in the Senate in early 2014. Both the SOFTWARE Act and the PROTECT Act would exempt so-called “clinical software” and “health software” from FDA oversight. Blackburn told a Dec. 3 Bipartisan Policy Center forum in Washington, D.C., that “after a few more tweaks” she will reintroduce a finalized draft of the SOFTWARE Act in January, then “move it on through the Senate” and “have it on the President’s desk in early 2015.”

ICD-10 might also be on the legislative agenda when the 114th Congress convenes in January. The House Energy and Commerce Committee on Dec. 10 issued a statement that it is prepared to hold a congressional hearing on ICD-10 in 2015. Add the fact that physician groups have been lobbying for an additional two-year delay to the code switchover—last month a letter from the Medical Society of the State of New York to Speaker of the House John Boehner (R-Ohio) was circulated to other members of Congress requesting the ICD-10 deadline be pushed back to October 2017—and you have the makings of a political fight.

There were concerns earlier this month that a $1.1 trillion spending bill to fund almost all of the federal government for fiscal 2015 might contain language to delay the current ICD-10 compliance date—October 1, 2015. However, in the end, those fears were not realized. But, when Congress meets next year to again consider changes to the Medicare Sustainable Growth Rate formula for paying physicians, a further ICD-10 delay could be part of a so-called “doc-fix” bill like the one passed by Congress in late March 2014 and signed into law in April by President Obama that included a provision to delay the ICD-10 deadline by one year.

If further delays to ICD-10 implementation don’t scare you, the rash of health data breaches should. Healthcare organizations accounted for about 42 percent of all major data breaches reported this year, and next year they will continue to be plagued by cyber attacks, thanks to the expanding number of access points to protected health information and other sensitive data via electronic health records and the growing popularity of wearable technology.

In fact, the number of health data breaches is expected to rise in 2015. On average these breaches cost the healthcare industry about $5.6 billion annually. As a result, in an effort to limit their cyber vulnerabilities, healthcare organizations will increase their budgeting for information security in 2015, predicts Brian Evans, senior managing consultant with IBM Security Services.

Evans says that healthcare organizations are still not practicing security fundamentals, have “fragmented security efforts that lack any type of formally integrated oversight, governance or alignment with other risk functions within the organization,” and have “unassigned ownership and accountability over security and compliance requirements.”

Not surprisingly, he also predicts that HIPAA enforcement in 2015 will cause more healthcare organizations to experience investigations and fines than in any previous year. If 2014 is any indication, next year could be a record year for the levying of fines for violations of HIPAA privacy and security rules. And, with the HHS Office for Civil Rights expected to begin random HIPAA audits in 2015, healthcare organizations would be wise to heed the warning.

When it comes to warnings, the writing is on the wall with regard to the troubled Meaningful Use program. Earlier this month, the Centers for Medicare and Medicaid Services announced that more than 50 percent of eligible professionals will face penalties under the MU program in 2015. That’s more than a quarter of a million physicians who will receive notices over the next few weeks that they are subject to Medicare payment reductions. Likewise, Evans predicts that CMS next year will recoup more Meaningful Use money from healthcare organizations than in any previous year as audits discover errors in attestation.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access