For most in the health IT industry, last week was a doozy. On February 11, just one day before the start of HIMSS (one of the largest health IT conferences in the world), the Department of Health and Human Services (HHS) announced 2 large proposals focusing on information blocking and interoperability.
The Office of the National Coordinator (ONC) and the Centers for Medicare & Medicaid Services (CMS) decided to release complementary proposed rules to promote the sharing of health information, increase patient access to their electronic health information (EHI), and restrict information blocking.
Although both rulings have similar themes (interoperability and information blocking), they are meant for different audiences. The ONC rule will be holding health IT developers accountable as a condition of certification and the CMS rule will focus on Medicare, Medicaid, and CHIP providers.
Unlike regulations of the past, these rules are not dangled with carrot incentives. Instead, there is one big stick of warnings, penalties, threats, and a wall of shame.
ONC: 21st Century Cures Act Proposed Rule
The ONC proposed rule the “21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program” is the larger of the two proposed rules, weighing in at 724 pages.
It addresses several topics all designed to do the following:
- Increase innovation and competition
- Adopt standardized application programming interfaces (APIs) in the healthcare industry
- Identify exceptions to the definition of information blocking
- Place a strong focus on a patient’s ability to access his or her health information at no cost
The actions proposed would require health IT systems to recertify to new 2015 edition certification criteria (focusing on increased interoperability) and define strict penalties to those who information block.
The information blocking provision was enacted in response to concerns that some “actors” (health care providers, health IT developers, health information exchanges, and health information networks) were engaging in practices that unreasonably limit the availability and use of EHI for authorized and permitted purposes.
In response, the ONC has enlisted the help of the HHS Office of the Inspector General (OIG) to be both the investigatory and enforcement authority over information blocking. In this role, the OIG may issue civil money penalties for information blocking conducted by such actors who do not play nice in the sandbox. Penalties in the $1 million range per instance are being threatened (along with a wall of shame on the CMS side of the house)!
7 exceptions to the information blocking provision
There will be circumstances in which exchange of electronic health information (EHI) should not occur. The ONC listed 7 proposed categories of exemption to the information blocking definition, which would not incur the monetary or civil penalties threatened for purposeful withholding of data.
- Preventing Harm
- Promoting Privacy of EHI
- Promoting the Security of EHI
- Recovering Costs Reasonably Incurred
- Responding to Requests that are Infeasible
- Licensing of Interoperability Elements on Reasonable and Non-discriminatory Terms
- Maintaining and Improving Health IT Performance
Each item above has several conditions, all of which must be met for protection to apply—although some terms like “reasonable” are anything but concrete. Failure to meet one of the conditions fully could result in exposure to potentially significant liability. I would dig into the fact sheets to understand how to shape your organizational policies and how to document individualized findings.
What’s is EHI anyway?
The term “electronic health information” or EHI goes way above and beyond contents of a summary of care document created by your certified EHR. The ONC’s definition of EHI encompasses all the health information that the health IT system produces and electronically manages for a patient. According to the proposed rule, this applies to the health IT’s entire database, including but not limited to clinical, administrative, and claims/billing data.
However, when it comes to interoperability, the whole shooting match of EHI is not technically feasible today. For the purposes of opening up data via APIs, the ONC would like to scrap the “common clinical data set (CCDS)” defined by today’s 2015 edition certification and replace it with the United States Core Data for Interoperability (USCDI) standard.
The USCDI will add new data classes such as clinical notes, patient address and phone number, and pediatric vital sign data elements. In addition, the USCDI will include metadata about the provenance of information (i.e., when it was created and by whom). The version of the USCDI will continue to evolve and increase the minimum baseline of data classes that must be commonly available for interoperable exchange.
Update existing 2015-edition certification criteria
In order to “open the flood gates,” the ONC is proposing to change the requirements of a 2015-edition certified EHR technology. If finalized, this would require all CEHRTs to comply with the new requirements 24 months after the finalized rule date. If passed, we should expect this functionality to be in production by the spring of 2021.
Notable changes include:
- Replacing the “data export” criterion with “EHI export”. The proposed “EHI export” criterion differs significantly from the “data export” certification criterion. The proposed “EHI export” criterion is not limited to just the scope of the certified capabilities in the certified Health IT Module as it applies to all produced and electronically managed EHI (as defined earlier)
- The use of the Health Level 7 (HL7®) Fast Healthcare Interoperability Resources (FHIR®) standard along with a set of implementation specifications that would provide known technical requirements against which app developers and other innovative services can be built
- API access to and search capabilities for all data proposed as part of the United States Core Data for Interoperability (USCDI) for a single patient and multiple patients
- Secure connections that include authentication and authorization capabilities in ways that enable, for example, patients to use an app to access their EHI without needing to log in each time they use the app
To put it briefly, the ONC is hoping to settle on a national open API standard with FHIR® and wanting certified health IT technology to provide a much larger set of data to export.
The proposed rule has a lot more goodies that will keep you reading through the wee hours of the morning. For more details, I suggest you look at the number of fact sheets available.
CMS: Interoperability and Patient Access Proposed Rule
Now let’s flip over the CMS side of the house. The Centers for Medicare & Medicaid Services (CMS) released the Interoperability and Patient Access Proposed Rule to be in lockstep with ONC. Although this rule only comes in at 250 pages, it still packs a punch.
CMS’ proposed rule directly supports its MyHealthEData initiative by improving patient access and advancing electronic data exchange and care coordination throughout the healthcare system.
Some highlights of the rule include:
- Patient Access Through Application Programming Interfaces (APIs)
This will require Medicare Advantage (MA) organizations, state Medicaid and CHIP FFS programs, Medicaid managed care plans, CHIP managed care entities, and QHP issuers in FFEs to implement, test, and monitor FHIR®-based APIs to make patient claims and other health information available to patients through third-party applications and developers.
- Health Information Exchange and Care Coordination Across Payers
The payer entities listed above will also need to exchange data with one another as patients transition between plan types. This data includes information about diagnoses, procedures, tests, and providers seen, and provides insights into a beneficiary’s health and healthcare utilization.
- Hospital Discharge Notifications
Hospitals will be required to send electronic notifications to providers when patients are admitted, discharged, and transitioned (otherwise known as ADT) to the hospital.
- Care Coordination Through Trusted Exchange Networks
This may be the one I’m most excited about. This would require payers in CMS programs the ability to participate in a trusted exchange network which would allow them to join any health information network they choose and be able to participate in nationwide exchange of data. Being able to see the beneficiary’s claims history (regardless of provider/entity) will open up the opportunity to make better decisions, enhance safety, and avoiding duplication.
- Public Reporting and Prevention of Information Blocking (“wall of shame”)
Practices, providers, and hospitals that unreasonably limit the availability, disclosure, and use of electronic health information and undermine efforts to improve interoperability will be publicly listed. “Simply put, we’re going to expose the bad actors who are purposefully trying to keep patients from their own information,” CMS Administrator Seema Verma said in a press call following the release of the documents. “If a patient requests their record, and it’s not given to them electronically and for free, that’s information blocking.”
In addition to the items above, CMS also issued a request for information (RFI) on the 2 following categories:
- Interoperability and health information technology (health IT) adoption in Post-Acute Care (PAC) settings
- The role of patient matching in interoperability and improved patient care
Phew, we covered a lot of ground here on the blog. I could go on, but I will save it for next time. The one thing I will end on is the right for you to voice your comments and concerns. Both proposed rules come with a 60-day public comment period (granted this is a very short time given the massive amount of content in both documents). Instructions on how to submit your official public comment are found within each proposed ruling.
What are your thoughts of the two proposed rules? Is this the answer for the future of value-based care and patient engagement? Or are we about to walk into a tsunami of compliance concerns? We would love to hear your thoughts below!
Diana Strubler, Policy and Standards Senior Manager, joined Acumen in 2010 as an EHR trainer then quickly moved into the role of certification and health IT standards subject matter expert. She has successfully led Acumen through three certifications while also guiding our company and customers through the world of Meaningful Use, ICD-10 and PQRS.
Image from www.canstockphoto.com