Ongoing standards development and implementation of the Affordable Care Act (ACA) are providing significant new opportunities for pioneering health information technology (HIT) solutions. A variety of private and public sector forums are rewriting the regulatory “rules of the road,” highlighting the need for early and active engagement to advance individual priorities while anticipating potential challenges from competitors.
Health reform has vastly expanded the demand for effective solutions in the HIT marketplace. A broad range of state and federal implementation efforts are underway to overhaul the nation’s health care system by expanding access to care, improving quality and reducing costs, and virtually all of these initiatives require advanced information technology solutions to succeed.
Given the high political stakes, federal and state regulators are working to ensure an effective implementation process; however, the establishment of health insurance exchanges has presented significant practical and technical challenges. Advanced HIT solutions ultimately will play a critical role in achieving policy-makers’ goals for electronic data exchange, cybersecurity, privacy and data security, program compliance, quality improvement and payment reform, among other objectives.
Health care policies are driven by a tight-knit community of players with long-standing relationships. Akin Gump Strauss Hauer & Feld LLP leverages its experience in understanding the legal and regulatory framework and its extensive network of political contacts with health leaders in Congress and the administration to advance clients’ priorities and position them as leaders in promoting best practices.
We are actively engaged in the ACA implementation process to identify potential market opportunities for clients and to showcase their capabilities to key federal and state decision-makers. For example, the reform law significantly expands the use of information technologies to root out waste, fraud and abuse under existing governmental health care programs, as well as the new health insurance exchanges. Federal and state-based demonstration projects also present opportunities for HIT companies to demonstrate their proficiency in the analysis and interpretation of “big data” to enhance Congress and the administration’s understanding of the impact of various service delivery and payment reforms. These initiatives provide a wealth of opportunity for HIT solutions providers to demonstrate their capacity to reduce unnecessary and inappropriate government spending and to achieve better quality health care and improved patient outcomes.
Cybersecurity, Privacy and Data Security
Ensuring the privacy and security of patients’ health information is also of paramount importance to policy-makers. A core component of our cybersecurity, privacy and data protection practice is to provide clients with legal and analytical assistance and advice. We work with our clients to develop organization-specific compliance plans, strategic plans for data sharing, policies and procedures, and supporting documents such as monographs, agreements (including business associate agreements and data use agreements), model documents, check lists and other materials to help clients identify their needs and implement a comprehensive approach to compliance with federal and state cybersecurity, privacy protections and data security requirements.
Federal Framework for HIT Regulation
We are actively engaged in monitoring and advising clients concerning the administration’s implementation of a risk-based framework for HIT, as mandated by the Food and Drug Administration Safety and Innovation Act of 2012. The proposed framework envisions differential regulatory oversight for three categories of HIT functionality: (i) administrative, (ii) health management and (iii) medical device uses. We regulatory advise clients on the likely direction of this framework and its implications for their businesses. For clients with HIT subject to potential regulatory oversight by the Food and Drug Administration (FDA), we guide them in the development and promotion of their technology and in their interactions with the agency.
We assist clients in navigating the complexity of these health care regulations at the local, state and federal level, and provide support by working through compliance issues to minimize the risk of exposure that arises from their status as covered entities or business associates. We also assist those who engage with the health care industry but who may not be required to comply directly with these laws. In addition, we provide educational materials and seminars to ensure that our clients have the tools they need to implement these policies and practices—especially those related to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act regulations—quickly and efficiently. Another important part of our process is to ensure that federal and state officials take our clients’ legitimate needs for information into account. To that end, we work directly with policy-makers to develop guidance to resolve confusion and uncertainty regarding implementation challenges.
Akin Gump is directly involved in the development of standards for the “meaningful use” of electronic health records (EHRs), and we use that knowledge to assist clients in addressing functionality, security and interoperability concerns affecting a range of interests, including HIT vendors, hospital systems and other health care providers. We combine technical knowledge of HIT systems with policy experience to ensure that our clients are well-positioned to receive Medicare and Medicaid EHR incentive payments and avail themselves of other federal funding opportunities.
The experience of Akin Gump’s HIT lawyers includes:
- expanding use of real-time data matching technology to strengthen program compliance initiatives
- promoting development of flexible standards for “meaningful use” of electronic health records
- providing technical assistance to clients on HIPAA and HITECH compliance efforts, including developing privacy and data security policies and procedures, drafting agreements, training the workforce, and obtaining clarifications and guidance
- advising companies on the design and promotion of clinical decision support technology to reduce the risk of FDA regulatory oversight
- providing legal assistance on the interaction of state and federal cybersecurity, privacy and data security and breach notification laws
- identifying opportunities for HIT companies to contract with state and federal agencies.