The federal government’s healthcare tech arm released proposed provisions of the 21st Century Cures Act and enhancements to the certification program for health IT technology. The U.S. Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) refers to the new planned regulation as Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency and Information Sharing, or the HTI-1, proposed rule. The HTI-1 Proposed Rule implements provisions of the 21st Century Cures Act (Cures Act) and arrives approximately three years after the ONC Cures Act Final Rule. The HTI-1 Proposed Rule, like its predecessor, aims to further advance interoperability, improve transparency, and support the access, exchange and use of electronic health information.
Background
Signed into law on December 13, 2016, the 21st Century Cures Act includes several provisions to encourage the adoption and effective use of health IT and support access to and exchange of electronic health information (EHI) between patients, healthcare providers and others in a convenient form by discouraging information blocking. In March 2020, ONC issued the Cures Act Final Rule, outlining information blocking policies aimed at holding accountable those who restrict the availability of EHI and establishing reasonable exceptions. Penalties were to be established through future notice and comment rulemaking by the Office of the Inspector General (OIG).
Although compliance with the Cures Act Final Rule was initially set for November 2, 2020, the applicability date was postponed until April 5, 2021, under an interim final rule revising the compliance timeline. Even then, the full scope of EHI subject to the prohibition was temporarily narrowed to allow actors subject to the prohibition to have ample time to bring their policies and practices into compliance. On October 6, 2022, EHI subject to the information blocking prohibition expanded to its fully defined scope under the Cures Act Final Rule. The new HTI-1 Proposed Rule recommends additional enhancements to further advance interoperability, improve transparency, and support the access, exchange and use of EHI.
Proposed Rule
The proposed rule has several updates to HER certification criteria. First, it adopts the United States Core Data for Interoperability (USCDI) Version 3. ONC proposed adopting Version 3 of USCDI as a standard within ONC’s Certification Program and establishing an expiration date for USCDI Version 1 as a certification standard for the program. Second, ONC proposed a “decision support interventions (DSI)” certification criterion to improve transparency and reliability for the use of artificial intelligence in the use of clinical decision support tools. Third, ONC proposed a number of updates to improve the secure transmission of access of information transmitted through APIs, including amending the API Condition and Maintenance of Certification requirements. Also, as part of its efforts to increase inclusivity, ONC proposed to add the data elements “Sex for Clinical Use,” “Name to Use” and “Pronouns” to the proposed Patient Demographics and Observations certification criterion. ONC also proposed to replace the terminology standards for “Sex,” “Sexual Orientation” and “Gender Identity” with other terminology codes according to SNOMED CT.
Additionally, ONC made several proposals to improve the ability of patients to request restrictions on the use and disclosure of their health information as provided by the HIPAA Privacy Rule. The updated certification criterion would require functionality with the EHR to flag instances in which a patient has requested that data be restricted from subsequent use or disclosure in order to prevent such flagged data from being included in a subsequent use or disclosure for the restricted purpose.
Finally, ONC proposed several updates to the information blocking regulations, including defining what it means to “offer health IT” for purposes of the information blocking rule to narrow the applicability of the health IT developer of certified health IT definition and clarify that ONC does not consider the following to be offering health IT: the implementation of APIs or portals for clinician or patient access; the issuance of login credentials allowing licensed healthcare professionals who are in independent practice to use a hospital/health facility’s EHR to furnish and document care to patients in that hospital/health facility; or the inclusion of health IT in a package of items, supplies, facilities and services that a management consultant handles for a clinical practice or other healthcare provider in a comprehensive package of services for administrative or operational management. The Proposed Rule also clarifies that ONC does not consider healthcare providers who self-develop certified health IT to “offer health IT” even if they supply their self-developed certified health IT to others under arrangements excluded from the definition of what it means to “offer health IT.”