Laws & Mandates

Federal Laws and Mandates

The following are federal laws and mandates that guide and support e-health activities.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, was enacted to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes. The HIPAA Administrative Simplification Regulations (45 CFR parts 160, 162, and 164), also known as the Privacy and Security Rules, provide federal guidance on the Act’s implementation.

Resource: Health Information Privacy (U.S. Department of Health and Human Services)

Resource: Minnesota e-Health Privacy and Security

42 Code Federal Regulations Part 2 regulates and facilitates information exchange within new health care models while addressing the privacy concerns of patients seeking treatment for a substance use disorder.

Resource: Minnesota e-Health Privacy and Security

Medicare Access and CHIP Reauthorization of 2015 (MACRA) (42 CFR Parts 414 and 495) repeals the Medicare sustainable growth rate (SGR) methodology for updates to the physician fee schedule (PFS) and replaces it with a new approach to payment called the Quality Payment Program that rewards the delivery of high-quality patient care through two avenues: Advanced Alternative Payment Models (Advanced APMs) and the Merit-based Incentive Payment System (MIPS) for eligible clinicians or groups under the PFS. MIPS will consolidate components of three existing programs, the Physician Quality Reporting System (PQRS), the Physician Value-based Payment Modifier (VM), and the Medicare Electronic Health Record (EHR) Incentive Program for Eligible Professionals (EPs), and will continue the focus on quality, cost, and use of certified EHR technology (CEHRT) in a cohesive program that avoids redundancies.

Resource: Centers for Medicaid and Medicare Services

The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted under Title XII of the American Recovery and Reinvestment Act of 2009, promotes and expands the adoption of health information technology, particularly electronic health records (EHRs) (often referred to as meaningful use) and formed the Office of the National Coordinator for Health Information Technology within the Department of Health and Human Services. The HITECH Breach Notification Interim Rule (45 CFR parts 160 and 164) was enacted to require health care providers, health plans, and other entities covered by HIPAA to notify individuals when their health information is breached.

Resource: HealthIT (U.S. Department of Health and Human Services)

The 21st Century Cures Act promotes and funds the acceleration of research into preventing and curing serious illnesses; accelerates drug and medical device development; attempts to address the opioid abuse crisis; and tries to improve mental health service delivery. The Act includes a number of provisions that push for greater interoperability, adoption of electronic health records (EHRs) and support for human services programs.

Updated Monday, May 01, 2017 at 10:33AM