Federal policymakers in healthcare IT are up against it. As many as seven healthcare industry groups are encouraging these rulemakers to begin dealing with data-blocking regulations now, including delaying the publication of a final rule. The groups are raising the flag toward the Office of the National Coordinator for Health IT (ONC) to issue another supplemental notice of rulemaking and clarify the language in the rules.
The organizations cite confusion regarding ONC's definition and scope of electronic health information and health information networks.
ONC released its proposed information-blocking rule in February 2019, defining seven exceptions to data blocking and fines associated with the practice, mandated by the 21st Century Cures Act.
Mari Savickis, vice president of federal affairs for the College of Healthcare Information Management, asked ONC to allow more time to address questions pertaining to the data-blocking proposals.
Savickis represented CHIME, the American Medical Association, the American Health Information Management Association (AHIMA), the Federation of American Hospitals, the Medical Group Medical Association, the American Medical Informatics Association, and the Premier Healthcare Alliance.
The Centers for Medicare & Medicaid Services’ (CMS) proposed interoperability rule requires insurers participating in CMS-run programs (Medicare, Medicaid and the federal Affordable Care Act exchanges) by Jan. 1. This rule is designed to provide 125 million patients with electronic access to their personal health information at no cost to patients.
"We support the intent of the Cures Act to eradicate practices that unreasonably limit the access, exchange, and use of electronic health information," said AHIMA CEO Wylecia Wiggs Harris, Ph.D., CAE. "However, in light of the lessons learned from the meaningful use program, we believe it is crucial that we get this right."
AHIMA recommendations include:
Additional rulemaking before finalization: ONC should seek further input from impacted stakeholders on issues, including modifying the information blocking proposal to ensure that the requirements and exceptions are well-defined and understandable.
Clinicians, hospitals, and health information professionals are not penalized inappropriately if they are unable to provide a patient's complete electronic health information through an application programming interface (API).
Enhanced privacy and security: The proposed rule doesn’t sufficiently address the Cures Act directives to protect patient data privacy and ensure health IT security. The Committee must continue its oversight of privacy and security issues that fall outside of the Health Insurance Portability and Accountability Act (HIPAA) framework.
Appropriate implementation timelines: ONC should establish reasonable deadlines for any required use of certified health IT. Providers must have sufficient time to deploy and test these systems, which must take into account competing regulatory mandates.
Revised enforcement: The U.S. Department of Health and Human Services should use discretion in its initial enforcement of the data-blocking provisions of the regulation, prioritizing education, and corrective action plans over monetary penalties.
The information-blocking rule requires electronic health records and other health IT vendors to change their technologies, so they want ONC to create a new version of its health IT certification rather than updating the 2015 certification. Advocates say that creating a new version of the certification should reduce confusion and enhance implementation.
Under the proposed rule, those that violate the prohibition against data blocking may be penalized $1 million per blocking instance.
The groups are calling for ONC to soften the rule enforcement as well. "Given the confusion regarding the definitions contained in the rule, including exceptions to the information blocking rule, we believe a more fruitful approach would be one that centers around education and opportunities for corrective action," Savickis said.
ONC also needs to focus on data privacy and security in the proposed rules, opponents say.