On February 11, 2019, the Centers for Medicare and Medicaid Services (CMS) and Department of Health and Human Services’ (HHS) Office of the National Coordinator for Health IT (ONC) released proposed rules to implement interoperability-related provisions of the 21st Century Cures Act, including the ACR-endorsed expansion of HHS authority to investigate and penalize “information blocking” by dominant providers and health IT developers.
The ONC proposed rule is considered a critical step toward implementing HHS’ expanded authority to penalize information blocking through defining the following seven “reasonable and necessary” exceptions to the statutory definition of information blocking:
- Preventing harm
- Promoting the privacy of electronic health information (EHI)
- Promoting security of EHI
- Recovering costs reasonably incurred
- Responding to requests that are infeasible
- Licensing of interoperability elements on reasonable and non-discriminatory terms, and
- Maintaining and improving health IT performance.
Significantly, to invoke any of the seven exceptions, the provider or developer would have to satisfy the conditions of the exception in question for each relevant practice and for all relevant times. The conditions of each exception involve explicit prerequisites and a substantial burden of proof on the blocking entity. The intent is to leave no wiggle room for opportunistic, anticompetitive interpretation.
The ONC proposed rule also implements “Conditions and Maintenance of Certification” for health IT developers participating in the ONC Health IT Certification Program, various updates to the 2015 Edition health IT certification criteria, U.S. Core Data for Interoperability baseline requirements (including “imaging narrative” as part of the “clinical notes” data type), new EHI export and API certification criteria, a Standards Version Advancement Process to allow developers to update certified health IT functionality to the latest versions of approved standards, real world testing of certified health IT, and more.
The CMS proposed rule would implement various aspects of 21st Century Cures Act and the agency’s MyHealthEData initiative, most notably requirements for payers participating in CMS programs to implement APIs to make claims data and EHI available to patients, and to participate in trusted exchange networks.
The proposed rule would also seek to publicly report providers who do not attest to prevention of information blocking in the Promoting Interoperability programs, and any providers who have not added digital contact information to NPPES. In addition, CMS proposes new transition notification requirements for hospitals to notify the other providers and facilities when a patient is admitted, discharged or transferred.
ACR members interested in providing feedback for potential inclusion in the College’s future comment submissions on these proposed rules should contact Michael Peters, ACR Director of Regulatory and Legislative Affairs, at firstname.lastname@example.org or 202-223-1670.