Despite positive initial reaction to a decision by the Internal Revenue Service to join HHS and the CMS in clearing a path for hospitals to subsidize healthcare information technology for affiliated physicians, some are voicing concerns about the details.
Of specific worry is access to patient data. The new IRS guidance includes a statement that hospitals subsidizing a physicians electronic health-records systems should have access to all of the doctors patient data, regardless of whether the hospital cared for those patients. That comes on top of physicians being cool to personal health records (See Feature story, this issue).
In addition, the IRS included some hurdles a hospital must leap if it wants to subsidize IT for only selected physicians on its medical staff, which could keep some hospitals from paying for their physicians IT.
As a result, the IRS move may not be the godsend some had hoped for. Its a major step forward, but people need to realize there are some additions (in the ruling) that may not fit their particular program, says Andrew Blustein, a partner with Garfunkel, Wild & Travis, Great Neck, N.Y.
The need for direction from the IRS stems from the HHS/CMS issuance of safe harbors to the federal anti-kickback law and exceptions to Stark laws prohibiting inducements for referrals. After that happened last August, however, legal experts say that IT contributions to for-profit organizations such as physician practices could still jeopardize hospitals tax-exempt status, so the industry pushed for direction from the IRS.
The IRS stance on the matter came by way of an internal, two-page field directive memorandum issued May 11 that said: We will not treat the benefits a hospital provides to its medical staff physicians as impermissible private benefit or inurement in violation of section 501(c)(3) of the code if the benefits fall within the range of health IT items and services that are permissible under the HHS EHR regulations and the hospital operates in the manner described below.
One of those referenced conditions has raised the hackles of privacy advocates: The health IT subsidy arrangements provide that, to the extent permitted by law, the hospital may access all of the electronic medical records created by a physician using the health IT items and services subsidized by the hospital.
The IRS included that provision to ensure that the doctors benefit from the subsidy was incidental to the benefit gained by patients. A hospital cannot generate impermissible private benefit for third parties. It has to be incidental. The hospital and its patients need to benefit from that in a way thats primary, and any benefit to the doctor needs to be incidental, says Stephen Clarke, an official within the rulings and agreements section of the exempt organizations division of the IRS who worked on developing the IT policy, and was also named in the memo as a spokesman for the agency.
Hospitals could use the data gleaned from the subsidized physicians, including that of patients of the physician who are not treated at the hospital, for a number of purposes, such as quality-improvement analysis, thus enhancing the benefit to the hospital of providing the IT service, Clark says. But, If the doctor is using the software primarily to manage their own practice and (the doctor) only does that internally and doesnt make that information available to the hospital and the community, then the software appears to (primarily) benefit the physician, Clark says.
Regardless, privacy advocates were less than thrilled. Its disturbing, says Joy Pritts, a lawyer and an associate research professor with the Health Policy Institute at Georgetown University. Clearly, IRS wants to ensure that there isnt impermissible private benefit to the doctors. But it seems that IRS has gone a little overboard, Pritts says.
Maybe the IRS doesnt understand the breadth of this requirement, she says. HHS interprets the HIPAA privacy rule as allowing providers to disclose medical records for treatment of any individualnot just the subject of the information. This has the potential to seriously undermine patient privacy.
But Clarke says while the memo requires a hospital that makes its IT services available to any physician on its medical staff to also make the same services available to all physicians on its medical staff, it does not require the hospital to provide subsidized services to all physicians or the same level of subsidy to all. Thus, the hospital could charge some physicians fair-market value for the services, while subsidizing the costs of others under certain conditions, Clarke says.
Clarke adds that although the agency has no plans to produce a more detailed version of the policy memorandum, it is not written in stone, either. There is only so far we can go with a directive like this, Clarke says. I know we cant satisfy everyone.What do you think? Write us with your comments at [email protected]. Please include your name, title and hometown.