New Federal Policies Seek More Data for Public Health, Emphasize Health IT Safety

Changes to Medicare rules represent positive steps, but continued focus on electronic data sharing is needed

Navigate to:

New Federal Policies Seek More Data for Public Health, Emphasize Health IT Safety
The American flag is seen between the massive columns at the top of the steps to the U.S. Supreme Court on July 24, 2021 in Washington, DC.
Getty Images

The federal Centers for Medicare & Medicaid Services (CMS) released final updates Nov. 2 to policies detailing how the agency pays health care providers who treat Medicare patients. The rules cover a lot of ground, but include major steps forward for public health data sharing and the safety of health information technology (IT) systems.

In September, The Pew Charitable Trusts urged CMS to make many of these changes. At the same time, more work is needed to build on these updated policies—especially by other federal agencies, such as the Office of the National Coordinator for Health Information Technology (ONC).

On public health reporting, CMS announced that it would require providers who treat Medicare patients to share data electronically with public health agencies on cases of disease and immunizations. This requirement is critical for these agencies; electronic data sharing can help them analyze and act on information more quickly than if they received it through means such as faxes or phone calls. And having such information can help them track the potential spread of diseases in their communities. It also can provide insights into how well-protected those communities may be, based on vaccination rates.

However, not all of the information that public health agencies need was included in the final rule. Sending syndromic surveillance data–which aggregates data from individual patient interactions to paint communitywide pictures of potential health threats and track the emergence or spread of illnesses–remains optional, although providers can get bonus points for doing so and that could help increase how much CMS reimburses them for care. In the next policy update, CMS should consider requiring urgent care and emergency room providers to send syndromic surveillance data.

Most electronic health record (EHR) systems already have the capacity to send this information. Because EHRs have not been required to have the capacity to report all types of public health data, CMS granted providers a one-year extension for electronic case reporting if their EHRs do not yet have this functionality. ONC, as the agency that oversees health IT, should follow the CMS’ lead and pass its own regulations requiring these systems to be able to send all public health data to agencies electronically.

Meanwhile, CMS will also ask providers to attest annually that they’re taking steps to improve the safety and ease of use of their health IT systems. To do so, the agency is requiring the use of ONC’s SAFER Guides, which spell out recommended practices to test and improve the safety of EHR systems. Under these guidelines, all EHR users—including doctors and nurses—must be involved in assessing the systems and flagging any frequent issues. This has been an option for hospitals and providers since ONC released the SAFER Guides in January 2014, but uptake has remained low absent any requirements.

By making health IT safety a required area of focus, CMS is recognizing that systems such as EHRs are critical for providing safe and quality treatment. Extra care is needed, however, to make sure they don’t inadvertently put patients at risk.

The new CMS rules represent significant progress for public health and health IT safety. More work is needed to build on these changes, but the agency should be commended for recognizing how these issues can affect the health of individuals and communities, and for taking action to close some significant gaps.

Molly Murray manages The Pew Charitable Trusts’ health information technology project.