Two related rules touch health IT vendors, health care facilities, and providers — and come down hard on "information blocking" that prevents patients from accessing their electronic health records.
Two related rules touch health IT vendors, health care facilities, and providers — and come down hard on "information blocking" that prevents patients from accessing their electronic health records.
In this review: 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program (ONC final rule); CMS Interoperability and Patient Access (CMS final rule)
Effective dates: 60 days after publication in the Federal Register (ONC rule) and 6 months after publication for information-blocking and other rules; January 1, 2021 (provisions of the CMS final rule)
ONC overview; CMS fact sheet
ONC final rule timelines
The big picture: Beginning 60 days after publication in the Federal Register, health IT will function under new requirements that will make it easy for patients to access their electronic health information through apps or other widely accessible technologies, at no cost.
The pair of final rules — one from the Department of Health and Human Services' Office of the National Coordinator for Health Information Technology, and the other from CMS — help to flesh out provisions in the 21st Century Cures Act, which calls for changes to health IT provider certifications and wider patient access to electronic health information, or EHI. The new rules are described by HHS as "the most extensive health care data sharing policies the federal government has implemented, requiring both public and private entities to share health information between patients and other parties while keeping that information private and secure."
"Delivering interoperability actually gives patients the ability to manage their health care the same way they manage their finances, travel, and every other component of their lives," Don Rucker, MD, HHS national coordinator for health information technology, said in an HHS press release. "This requires using modern computing standards … that give patients access to their health information and give them the ability to use the tools they want to shop for and coordinate their own care on their smartphones.'"
Notable in the Final Rules
Updates to ONC’s health IT certification program. Within the final rule, ONC made modifications to its health IT certification program, a voluntary certification program that establishes standards for functionality of health IT, including EHRs. Updates include adoption of the U.S. Core Data for Interoperability standard to replace the Common Clinical Data Set as the default data classes and data elements that health IT users should expect to be able to change between systems.
Health IT developers will have to follow new requirements on application programming. At the heart of the rules are requirements for the development of application programming interface, or API, technologies that are more standardized and easier for patients to access. The 21st Century Cures Act requires that health IT developers publish APIs that allow “health information from such technology to be accessed, exchanged, and used without special effort through the use of APIs or successor technology or standards, as provided for under applicable law.” The law also states that a health IT developer “must, through an API, provide access to all data elements of a patient’s electronic health record to the extent permissible under applicable privacy laws.”
Health care providers will have to do their part, too. The new API standards will in turn allow hospitals and other health care providers to more easily share EHI — as long as they are equipped with the technology that allows them to comply. The ONC rule has varying effective dates; the CMS rule doesn't take effect until January 1, 2021.
There are penalties for "information blocking." Under the ONC rule, developers and providers (including physical therapists) will be required to avoid any EHI accessibility restrictions that constitute "information blocking" — everything from limits on patient access to their data to interoperability problems that make it difficult for providers to share data with each other when needed. The CMS rule also allows the agency to publish the names of clinicians and facilities it believes to be engaged in information blocking beginning in late 2020 — specifically providers participating in the Promoting Interoperability category of the Merit-based Incentive Payment System, or MIPS.
The rule acknowledges the need for exceptions to the information-blocking requirements. The ONC rule also carves out exceptions for eight "reasonable and necessary" activities that "actors" (health care providers, health IT developers of certified health IT, health information exchanges, and health information networks) may engage in that could limit access to EHI. Only one exception needs to be met in order to avoid penalties for information blocking, but that exception must be met "at all relevant times," not just as a one-off occurrence. A practice that fails to meet all of the conditions of an exception will be evaluated on a case-by-case basis to assess the specific facts and circumstances to determine whether information blocking has occurred.
The CMS rule applies principles regarding patient data sharing to Medicare, Medicaid, CHIP, and the insurance exchanges, with a January 1, 2021, implementation date. Patients in these programs will have the same level of access to their EHI as those covered by the ONC rule.