The Research Triangle Institute is moving forward with its federal contract to examine state privacy laws and business practices and their potential impact on the development of capabilities for electronic healthcare information exchange.
The institute, based in Research Triangle Park, N.C., and the National Governors Association Center for Best Practices, the consulting arm of the NGA, based in Washington, D.C., were awarded a $11.5 million contract in October by HHS' Office of the National Coordinator for Healthcare Information Technology.
In its formal request for proposals, the institute is asking state governors to designate contractors and compete for contracts to "identify and resolve privacy and security barriers to interoperable health information exchange that result from variation in organization-level business policies or state laws." Requests for proposals were issued Jan. 5 and an initial conference call for prospective bidders was held Jan. 11. A second bidders' call is scheduled Feb. 8. The deadline for responses is noon March 1. Proposals must be submitted by a designee of the governor's office of each of the 55 states and U.S. territories eligible to compete for funding for up to 40 individual state projects. State contract awards will range from $150,000 to $350,000. States also may use private-sector funding to support their bids.
According to the office's Web site, the projects "will examine privacy and security policies and business practices within the state or territory that affect the ability to exchange interoperable electronic health information (e.g., electronic medical records, e-prescribing, and e-billing)." The resulting proposals must: "1) assess variations in organization-level business policies and state laws that affect health information exchange; 2) identify and propose practical solutions, while preserving the privacy and security requirements in applicable federal and state laws; and 3) develop detailed plans to implement solutions," according to the request for proposals. Awardees must complete their work in one year. The institute and the governors association will provide assistance and guidance to the state groups.
The request for proposals calls for the various state awardees to "convene and work closely with a wide range of stakeholders in each state, including clinicians, physician groups, health facilities and hospitals, payers, public health agencies, government health agencies, pharmacies, long-term care facilities and nursing homes and consumer organizations" but does not list as suggested participants local privacy organizations or the state legislatures that passed existing state privacy laws.
The request for proposals sets up a standardized process for identifying legal and business practice "barriers" to interoperable electronic health records and "formulating preliminary solutions to those barriers." The goal is "to create efficiency and facilitate communications between states, not because of any desire to develop 'national' standards that fail to recognize the unique needs of states. States should retain their uniqueness where possible." State contractors are to come up with action plans to overcome any barriers, but, again, approaching state legislatures is not mentioned as an option.
Finally, the request for proposals notes that Research Triangle Institute "will convene a national meeting to discuss the potential solutions and plans to implement the solutions to variations in state laws and business practices that impede the development of a nationwide health information network" based on topics raised by the states and "any remaining challenges to interoperability."
Privacy groups have expressed concern the privacy contract effort is a veiled approach to pre-empt and level state privacy laws to a single, lower national standard.
Under the privacy rules promulgated by HHS in response to HIPAA, the current federal privacy law was set as a floor, allowing states to pass or maintain their existing more stringent healthcare privacy rules, which generally involve tighter controls over the transmission and sharing of patient information regarding mental health, drug and alcohol treatment and sexually transmitted diseases, including HIV/AIDS.
The federally funded Commission on Systemic Interoperability, for example, recently issued its report on ways to boost healthcare information exchange and recommended the government pre-empt state privacy laws in favor of a single national privacy standard.
State privacy rules outside of healthcare are also under fire from various business entities seeking a single, national patient privacy standard.
What do you think? Write us with your comments at [email protected].