On August 24, 2018, HIMSS submitted to the Centers for Medicare and Medicaid Services (CMS) in a letter its feedback on CMS’ Request for Information Regarding the Physician Self-Referral Law.
HIMSS leveraged the expertise of its membership to help CMS address the potential obstacles to care coordination unintentionally caused by the physician self-referral law. These comments from HIMSS focused on two key topics regarding the physician self-referral law: how the law places burdens on providers and inhibits care, and how the law inhibits provider access to cybersecurity services.
HIMSS notes that alternative payment models (APMs) would be better served if CMS allowed more physician self-referral law waivers for APMs, similar to the waivers offered in many of the innovation models currently being piloted by CMS. HIMSS asks CMS to vigorously use its waiver authority to allow APMs to function in a manner that allows for access to as well as the provision of the best available patient care and prioritizes the needs of patients. This waiver authority should be designed without a focus on the potential financial implications of any referrals for providers and be aligned across all CMS programs, including in the testing of new and innovative payment and service delivery models.
In the letter, HIMSS recommends that the physician self-referral regulations be changed so as to no longer prohibit any data sharing scenario that aggregates, normalizes, or secures patient data in connection with the coordination of care for a patient. As such, HIMSS pushes CMS to use its authority to ensure its policies and programs facilitate greater information flow for the benefit of patients, and in support of CMS’ MyHealthEData and Blue Button 2.0 initiatives.
HIMSS requests an exception to the physician self-referral law to allow for the subsidizing of cybersecurity needs such as cybersecurity software, hardware, training, and tools for threat information sharing, and hardware. HIMSS recognizes that having the right tools is not enough; updates to the physician self-referral law should also make exceptions for operational support such as IT assistance and other skilled services to aid smaller organizations with deployment and maintenance of these cybersecurity solutions.