Key 2022 Health Care Regulatory and Policy Priorities to Navigate

Share this story:

reg_compliance gears-modifiedThrough its policy and regulatory mechanisms, the federal government is in the driver’s seat to drive and effect changes in health care and health information technology. The most recent Unified Regulatory Agenda provides insight into what is likely to come in 2022 and beyond. The most notable rules continue to be focused on activities by agencies at the Department of Health and Human Services (HHS), including the Centers for Medicare and Medicaid (CMS) and the Federal Drug Administration (FDA). Here’s a sneak peak of expected 2022 priorities. 

Implementing the interoperability rules

2022 will be a year for compliance. Related to the interoperability rules specifically, electronic health information (EHI) that cannot be “blocked” is limited to the data elements represented in the United States Core Data for Interoperability (USCDI Version 1). However, that changes on October 5, 2022, when the full scope of the Office of the National Coordinator for Health Information Technology (ONC) regulation’s definition of EHI becomes effective. In the meantime, ONC encourages the regulated community to make all EHI available.  

Health care organizations must swiftly recognize that interoperability is a strategic imperative—and act on it. It’s more than just checking the box to meet federal mandates and adapting infrastructure. Stakeholders like payers, providers, and vendor entities should be executing on an interoperability strategy that is tied to the overall enterprise strategy inclusive of compliance, transformation, and differentiation. Topline revenue and margins cannot be improved without an enterprise strategy that puts interoperability front and center. 

Ramping up compliance and enforcement

The Federal Trade Commission (FTC) has vowed to ramp up enforcement, including in the areas of privacy and security. Organizations focused on digital applications, patient-facing applications, and the exchange of information that inform these solutions should closely monitor and engage in FTC endeavors. The goal is to address many of the questions being posed about privacy and security relative to solutions that have not historically been included in regulations, such as HIPAA.  

Over at HHS, enforcement will be more of a mixed bag. On one hand, enforcement will be discretionary or pushed off into the future for some regulations. For example, CMS announced discretionary enforcement with compliance with the payer-to-payer data exchange provisions of its 2020 final rule on interoperability and patient access. This will continue until CMS finalizes future rulemaking to address implementation challenges, likely later in 2022.   

On the other hand, the hammer will drop eventually. For example, CMS has posted a dire warning on enforcement of its price transparency rule. CMS will delay enforcement for 6 months, or until July 1, 2022, to give impacted plans additional time to comply. After that, CMS looks like it is prepared to crack down. According to posted guidance, ”For plans and issuers that are subject to CMS's enforcement authority and do not comply, we may take several enforcement actions, including: requiring corrective actions and/or imposing a civil money penalty up to $100 per day, adjusted annually under 45 CFR part 102, for each violation and for each individual affected by the violation.” Impacted plans and their partners should take notice.  

More sticks could be added to the enforcement toolbox for information blocking. Stakeholders should expect a final rule from HHS’s Office of the Inspector General with respect to its enforcement of the information blocking rules. For health care providers, HHS must issue a rule spelling out “appropriate disincentives,” as directed by the 21st Century Cures Act. That also could come in 2022. 

Continuing focus on price transparency

2020-2021 were banner years related to price transparency with the publication of several rules concerning use of the real-time benefit check (RTBC). We expect continued focus on this issue.  

For example, stakeholders should be focusing on compliance with two recent rules. In 2020, CMS issued a rule requiring Medicare Part D sponsors to implement an electronic real-time benefit tool capable of integrating with at least one prescriber’s electronic prescribing system or electronic health record, effective January 1, 2021. Additionally, in January 2021, CMS issued a final rule to enhance the Part C and D Programs. This final rule will require Part D plans to offer real-time comparison tools to enrollees starting January 1, 2023, so enrollees have access to real-time formulary and benefit information, including cost-sharing, to shop for lower-cost alternative therapies under their prescription drug benefit plan. Stakeholders should be looking ahead to comply with these requirements. 

We also expect RTBC regulatory requirements to be strengthened with respect to standards. Both rules (described above) omitted any reference or use of a particular standard, such as the National Council on Prescription Drug Programs (NCPDP) real-time prescription benefit standard. The Consolidated Appropriations Act of 2021 (HR 133), Health Extenders, Sec. 119 likely resolves the issue of RTBC standards naming, as the Act calls for the National Coordinator of HIT to adopt technical standards that have been developed by a standards development organization, such as NCPDP. 

Many states are also making a legislative impact related to price transparency. Colorado, Ohio, Tennessee, and Maine all passed legislation in 2021 requiring health plans to make eligibility, benefit coverage, cost and utilization management information available, in real-time, to providers, patients, and their third-party partners.  We expect state-level legislative activity to continue in 2022. 

Revisiting HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996. Since then, HIPAA has controlled certain transaction standards, privacy, and security in the health care field. But at the same time, there have been many changes in terms of standards, business needs, and technology—not to mention the rise of the internet, mobile health, and application programming interfaces, just to name a few. Certain health care providers subject to the information blocking regulations (and any other actor that supports them) may not be covered entities or business associates under the HIPAA Rules. Regulators have been prompted by many in the industry to revisit and overhaul the HIPAA regulations. Drivers include the evolutions seen in health care relative to digital applications, APIs, and the overall growth in technologic innovations in health care—all of which are creating an interoperable landscape that HIPAA did not take into consideration when passed. Could 2022 be the year? 

Pushing for additional burden reduction 

In 2022, the Administration, Congress, and regulators will continue the push for burden reduction via the use of electronic prior authorization (ePA). So far, CMS has made no announcement to change or delay the January 1, 2022, enforcement date for required use of the NCPDP SCRIPT standard for ePA for Part D-covered drugs for Part D-covered patients. We anticipate a proposed rule from CMS that would create new requirements for government insurers — such as the Affordable Care Act exchange issuers and Medicare Advantage plans — to streamline prior authorization using the NCPDP SCRIPT standard. 

Anticipating 2022 will be the year for TEFCA. Emphasis will continue in 2022 on improved means to exchange data through establishing a floor of universal interoperability through the Trusted Exchange Framework and Common Agreement (TEFCA). Currently, exchange is challenging because the information flows among a series of health information networks (HINs) and discrete health information exchanges (HIEs). Those entities operate with varying business models, technical requirements, and geographic market areas — not to mention the fact that not all connect with each other. That will begin to change in 2022 when the provisions of TEFCA come online. TEFCA creates a unified, national approach that will allow any health care entity — as well as individual patients — to join any health information network, connect with the network, and exchange health information on a national basis. Beginning in the spring, the government will begin to authorize “Qualified Health Information Networks” (QHINs), which will serve as on-ramps to the many national networks. Entities will need to figure out which of the QHINs they want to do business with and how that will be operationalized. (Click here for our TEFCA update.) 

At the same time, state funding for health information exchanges will be drying up, so payers and providers may need to scramble to find alternative arrangements for data exchange before the QHINs fully come online. 

Looking ahead.     

Point-of-Care Partners (POCP) expects a flurry of activity at the federal and state level — far more than we can predict at this point. To assist your organization, we offer several subscription solutions. These solutions help you stay on top of all of this activity such as our Interoperability Outlook, ePA State Navigator and ePrescribing State Law Review offered through the POCP Regulatory Resource Center. As a leading HIT consultancy, we are always helping our clients understand what impact the legislation, rules, and regulations will have on them and their partners as well as develop market intelligence and strategies for implementation. Want to know more? Reach out to Brian Dwyer at brian.dwyer@pocp.com.