Capitol Insights Newsletter

Authors: Luke Schwartz, Caroline Oliver, and Matt Reiter

What happened in Congress this week?

Congress was out of session this week and will return the Monday after Easter.

Last Friday March 22nd, Senator Mark Warner (D-VA) introduced legislation that would require advance and accelerated payments to healthcare providers following a cyber incident. However, to be eligible for these payments providers and their vendors would have to meet minimum cybersecurity requirements. This bill was introduced largely in response to the cyberattack on Change Healthcare to incentivize providers to improve their cybersecurity risk management and capacity to help deter future cyber incidents.

ONC Teases New Rule Furthering the Use of Health Data

The Office of the National Coordinator for Health Information Technology (ONC), which governs federal health information technology policy is previewing a new proposed rule that will expand upon a previous regulation on data interoperability.  

In December 2023 the ONC released the “Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing” Final rule (HTI-1). This final rule signaled the agency’s dedication to promoting health data sharing to streamline and improve patient care.  

Building upon this final rule, on March 12th the agency announced preliminary plans to create a second rule under the ONC’s series of Health Data, Technology, and Interoperability Rules. In a press release, the ONC outlined that “HTI-2” would double down on “interoperability and a specific focus on how strategic standards adoption can further interoperability.”

A key aspect to be included in the rule entails enhancing the generation and utilization of public health data to inform policy decisions concerning emergency response and overall population health. Part of this objective would be to foster a more robust partnership with the Centers for Disease Control and Prevention (CDC) in prioritizing public health initiatives. 

In their press release, the ONC also emphasized the significance of incorporating additional provisions for application programming interfaces (APIs). APIs enable secure and streamlined sharing of health information among authorized parties. Rather than dictating specific data standards, ONC has instead focused on standardized APIs that will facilitate interoperable exchange of information. Notably, in December 2022 the ONC introduced updated certification criteria, including mandating the adoption of Fast Healthcare Interoperability Resources (FHIR) for ONC Health IT certification. 

The FHIR API is the leading global standard for health data-sharing APIs. This requirement spurred healthcare organizations to integrate the FHIR API, thus enhancing the patient experience while establishing improved mechanisms for collecting anonymized patient data in a privacy-centric manner.  

Moving forward, the potential HTI-2 rule would introduce further API-related provisions that improve interoperability while focusing on improving patient engagement, electronic prior authorization, care management, and enhanced care coordination. 

The direct impact and burden of HTI-2 on medical practices is still unclear. Looking at HTI-1, one change impacting physicians was that new data elements were required to be collected for certified health IT, including Sexual Orientation, Gender Identity, Disability Status, Mental/Cognitive Status, Functional Status, and information on Social Determinants of Health (SDOH). Broadly speaking, HTI-1 more directly impacted Electronic Health Record (EHR) companies and other vendors more than the provider practices themselves. While this cannot be guaranteed for HTI-2, that trend could very likely continue. 

This is just the tip of the iceberg of what to expect from HTI-2. These potential new regulations concerning health information exchange will be vital for enhancing patient and population health outcomes while simultaneously ensuring that sensitive patient data remains both shareable and secure. Easing secure data exchange is crucial to promoting public health. Health data sharing, privacy, and security will increasingly shape and influence the rapidly expanding digital health landscape, particularly with the novel integration of artificial intelligence into healthcare. 

Top Stories in Healthcare Policy

A report on improper payments released by the Government Accountability Office (GAO) this week found that Medicare and Medicaid accounted for $101 billion of improper payments reported by federal agencies. Improper payments are defined as payments that should not have been made or payments of incorrect amounts, including overpayments and underpayments.

CMS announced that Medicare will cover the weight-loss drug Wegovy when it is prescribed to reduce the risk of heart attacks and strokes. This coverage announcement means that Wegovy could ultimately be included in next year’s Medicare Drug Price Negotiation Program.

A KFF analysis of Medicare Part D found that spending on GLP-1s, including Ozempic, Rybelsus, and Mounjaro, increased from $57 million in 2018 to $5.7 billion in 2022. A study published by Yale in JAMA Network Open this week found that Ozempic can be manufactured for between 89 cents and $4.73 per month. The current list price from Novo Nordisk is $935.77.

Last Saturday March 23rd marked the tenth anniversary of the passage of the Patient Protection and Affordable Care Act. A record number of 21.4 million individuals enrolled in an ACA plan in the healthcare marketplace for 2024.

The NIH issued its last version of guidance on COVID-19 treatment in February. The archives of the NIH’s guidance will be available until August of this year, and organizations such as the American College of Physicians will now be the reference for best-practice guidance on COVID-19 treatment.

A study published in JAMA Health Forum last week found that telemedicine use differed significantly for different racial groups throughout the pandemic. After controlling for factors such as geography among a sample of Medicare beneficiaries, Black and Hispanic individuals had fewer telemedicine visits than White individuals.

UnitedHealth Group announced last Friday, March 22nd that Change Healthcare will begin to process the backlog of medical claims totaling more than $14 billion that have accumulated since the cyberattack last month. While its services were unavailable, Change Healthcare has made roughly $3.3 billion in advanced payments to healthcare providers.

The Cybersecurity and Infrastructure Agency (CISA) released a notice of proposed rulemaking regarding cyber incident reporting. The proposed rule requires that large hospitals and medical manufacturers report cyberattacks within 72 hours and ransom payments within 24 hours.

On Tuesday, the Supreme Court heard oral arguments in the case FDA v. Alliance for Hippocratic Medicine regarding the abortion medication mifepristone, which is often accessed via mail. Based on the arguments, Supreme Court justices seemed to question the legal grounds for the suit.

CMS announced an extension of the Special Enrollment Period (SEP) for people disenrolled from Medicaid or CHIP to transition to a federal Affordable Care Act Marketplace Health plan. The deadline was extended from July 31st to November 30th, the start of 2025’s enrollment period.

Biden Administration limits use of short-term health insurance commonly referred to as “Junk” health plans in order to protect Americans from health plans that historically discriminate against pre-existing conditions and offer very little coverage.

The ONC released a draft plan of the 2024-2030 Federal Health IT Strategic Plan Framework for public comment. The strategic plan is divided into four goals: promote health and wellness, enhance delivery and experience of care, accelerate research and innovation, and connect the health systems with health data.