A regulatory exception would allow larger healthcare organizations to provide assistance to smaller provider partners without fear of violating the Stark Law or Anti-Kickback Statute.
This article was originally published on the Credentialing Resource Center, July 12, 2017.
The U.S. Department of Health and Human Services Health Care Industry Cybersecurity Task Force recently released its report to Congress on improving cybersecurity in the healthcare industry. The report, which was mandated by the Cybersecurity Information Sharing Act of 2016, includes recommendations for streamlining and harmonizing federal and state regulations that may otherwise hinder cybersecurity. Among those potential constraints are the Stark Law and Anti-Kickback Statute.
The task force strongly encourages Congress to explore the potential impact of an amendment to both laws that would allow larger healthcare organizations to assist physicians in acquiring cybersecurity software through either donation or subsidy. Implementing a regulatory exception to the Stark Law and a safe harbor to the Anti-Kickback Statute to protect donations of electronic health records in certain situations would effectively address “management of technology between healthcare entities and serves as a perfect template for an analogous cybersecurity provision,” the task force argues in its report.
Larger healthcare organizations may want to provide technology to smaller provider partners to ensure they don’t become liabilities in the supply chain, the report states. A regulatory exception could allow those organizations to provide assistance without fear of violating the Stark Law or Anti-Kickback Statute.
The report also calls on the Office for Civil Rights to relax its enforcement of the Health Insurance Portability and Accountability Act when organizations make reasonable and good faith efforts to comply with the regulations. In this way, only reckless and negligent behavior would result in discipline. “Sharing of information about security breaches is essential, but fear of penalties and bad publicity surrounding an event will often result in silence,” the report states.
The Credentialing Resource Center (CRC) is the premier destination for credentialing, privileging, and peer review expertise. Membership provides MSPs, quality professionals, and medical staff leaders with a collection of continuously updated tools, best practice strategies, and compliance tips developed by industry experts. With three membership tiers, you can customize your access level depending on your education and training needs. Learn more.