ONC Proposes New Rule to Advance Care Through Technology and Interoperability
The HHS’ Office of the National Coordinator of Health IT has proposed a new rule that is intended to advance care through technology and interoperability. The new rule – Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing (HTI) – implements certain provisions of the 21st Century Cures Act and makes enhancements to the ONC Health IT Certification Program.
The aim of the new rule, which runs to 556 pages, is to advance interoperability, improve transparency, and support the access, exchange, and use of electronic health information which will help to promote innovation and improve data security. The updates cover the movement of health information, introduce new data standards, improve electronic case reporting to support the response to a public health emergency, ensure greater transparency of artificial intelligence algorithms, and changes to improve patient privacy.
Implementing the Electronic Health Record Reporting Program
The new rule implements the 21st Century Cures Act requirement to establish an EHR Reporting Program condition and maintenance of certification under the ONC Health IT Certification Program. ONC proposes the adoption of nine reporting measures for developers of certified health IT, which initially focus on interoperability and emphasize individuals’ access to electronic health information, public health information exchange, clinical care information exchange, and standards adoption and conformance. Other categories specified in the 21st Century Cures Act will be addressed in future years, namely security, usability, and user-centered design, conformance to certification testing, and other categories to measure the performance of EHR technology.
New Data Standards to Encourage and Improve Data Sharing
The rule will establish a new baseline version of the United States Core Data for Interoperability (USCDI v3) to promote the establishment and use of interoperable data sets of electronic health information for interoperable health data exchange, ensuring that data that enters and leaves a system can be understood. The rule proposes USCDI v1 will expire on January 1, 2025.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
USCDI v3 will increase the amount and types of data that can be used and exchanged through health IT to capture more comprehensive and complete patient characteristics reflective of patient diversity, which will help to address disparities in health outcomes and help providers identify gaps in care. The new version also supports the concept of health equity by design.
USCDI v3 will also help with the gathering, use, and sharing of data in public health emergencies and emergency response. The new rule also adopts health IT standards for certified Health IT Modules to support electronic case reporting.
Improved Transparency of Artificial Intelligence for Clinical Decision Support
Artificial intelligence algorithms could help to improve care delivery, cut costs, and improve patient outcomes, especially in areas such as clinical decision support. AI algorithms are trained on very large datasets to recognize patterns and then make recommendations. For example, they can be trained using medical images to look for signs of cancer and to identify potential adverse medication interactions. The new rule will provide greater transparency about AI algorithms that interface with certified health IT used for patient care and make that information available to providers through EHRs.
The new rule aims to improve the transparency and trustworthiness of clinical decision support tools. Under the new rule there will be a different certification class for clinical decision support algorithms and certified EHRs that enable or interface with the software will allow users to review information about additional source attributes. Developers of health IT modules would also be required to undergo risk management practices for all decision support interventions they interface with, just as healthcare providers are required to conduct regular risk analyses under the HIPAA Security Rule.
Application Programming Interface Improvements
The proposed rule updates the application programming Interface (API) Conditions of Maintenance and Certification to further ONC’s efforts to standardize APIs and help providers and patients to securely access their electronic health information through the broader adoption of standardized APIs. The rule will also foster competition by advancing foundational standards for certified API technology to improve legally permissible EHI sharing among clinicians and help individuals connect with their healthcare information through a new ecosystem of health applications.
Improvements to Respect Patient Privacy
Patients may request restrictions on certain uses and disclosures of PHI under HIPAA, such as reproductive health information and substance use information. The new rule adds new ways that developers of health IT can honor patient requests to restrict uses and disclosures, such as introducing new implementation alternatives for flagged data in health IT applications to prevent it from being added to a patient’s summary of care record, which may be viewable through patient portals or shared via an application programming interface.
New Information Blocking Provisions
The proposed rule makes several information blocking enhancements to advance interoperability, improve transparency, and support the access, exchange, and use of electronic health information. These enhancements include a definition of what it means to offer health information technology or offer health IT for purposes of the information blocking regulations, which narrows the applicability of the health IT developer of certified health IT definition. The health IT developer of certified health IT definition has been updated to make it clear that healthcare providers who self-develop certified health IT would continue to be excluded from this definition.
Organizations that participate in the voluntary Trusted Exchange Framework and Common Agreement will be provided with new information blocking flexibilities. The new condition means that if a TEFCA participant offers to fulfill a data sharing request from another TEFCA participant through the framework, they would not be required to offer the data in any other way.
The Infeasibility Exception has been revised to include two new conditions and one revision to clarify when an actor’s practice of not fulfilling a request for access, exchange, or use of EHI meets the uncontrollable events condition, and the two new conditions cover the denial of a third party’s request to enable the use of EHI in order to modify EHI, and when an actor has exhausted the manner exception.
Request for Public Comment
The proposed rule will be available for public inspection on April 18, 2023, and ONC is requesting public comment by June 20, 2023.
“In addition to fulfilling important statutory obligations of the 21st Century Cures Act, implementing these provisions is critical to advancing interoperability, promoting health equity, and supporting expansion of appropriate access, exchange, and use of electronic health information,” said Micky Tripathi, Ph.D., national coordinator for health information technology. “We look forward to reviewing public comments on ONC’s proposed rule.”
