Introduction
The vast majority of physician practices and hospitals have moved on from paper medical records to electronic health records (EHRs). This is a fundamental step towards fulfilling the promise of interoperable health information technology (IT). Interoperability refers to the different IT systems and software applications being able to access and exchange data accurately, seamlessly, and in a timely manner, and to use the shared information to optimize the health of individuals and populations. For example, with full interoperability, lab results could be integrated automatically from one facility into the EHR system of another.
Health IT systems and software available in the US health care industry are largely developed in silos. Integrations work to an extent; however, the intent of interoperability is to have a holistic view of patients despite the variance in technologies. As part of the effort to achieve the full promise of health IT, the Office of the National Coordinator for Health Information Technology (ONC) and Centers for Medicare & Medicaid Services (CMS) finalized separate but related federal regulations addressing health IT interoperability. These regulations advance provisions from the 21st Century Cures Act (Cures Act) passed by Congress in December 2016 and help clarify standards to better ensure that different health IT systems can effectively communicate with each other. The aim is to impact patients, health care providers and Health IT developers by:
- Providing patients with convenient access to their cost and clinical data through computers, cell phones, and mobile applications
- Supporting providers ability to seamlessly share relevant clinical data on patients in order to ensure the best medical decisions possible are being made
- Advancing innovation in the health IT industry to maximize the potential of modern technology
The ONC regulation—”21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program”—includes significant changes to the health IT certification program that will require developers to update their technology. Rules are also set for how the health care industry can prevent information blocking among health care providers, health IT developers, and health information networks. Highlights of key provisions are provided below:
- Credentialing for Health IT developers – Updates certification requirements for health IT. The changes include a small number of new certification criteria, as well as revisions and removal of several existing criteria. The new requirements promote the ability to establish secure, standards-based interoperability between certified health IT systems and make it easier for patients to access their own electronic health information on their smartphones. Criteria that were removed were done so to limit burden and increase flexibility to both providers and developers to increase innovation. It is expected that many of the removed criteria for credentialing (e.g., ability to access medication lists) will still be captured by health IT systems as they are critical for clinical care, even though they are no longer required.
- Exporting Electronic Health Information (EHI) – Supports the ability of patients to export their EHI across certified health IT platforms, as well as health care providers to export EHIs of an entire patient population to another health IT system (such as when a provider chooses to transition to another health IT system).
- API Conditions and Maintenance of Certification. Requirements are set for patients to securely and easily obtain their EHI through application programming interfaces (APIs) at no additional cost when electronically accessed (e.g., by using a smartphone application).
- Deterring Information Blocking – Mandates secure data sharing between payers, providers, and vendors for all “reasonable and necessary” healthcare activities. Organizations who continue to block information—i.e., interfere with access, exchange, or use of EHI—may face fines of $1 million or more. Examples of information blocking include imposing fees that make exchanging EHI cost prohibitive or contractual arrangements that limit how information can be shared. The regulation also details eight common sense information blocking exceptions that identify reasonable and necessary activities that do not constitute information blocking. For example, it may not be considered information blocking if limiting access to data would prevent harm to a patient or reduce the risk of security breaches to EHI.
- Core Data Standards – Adopts the S. Core Data for Interoperability (USCDI) standard for the type of data (including “clinical notes” among other data important for clinical care) and constituent data elements that would be required to be exchanged in support of interoperability. The USCDI will help improve the flow of EHI and ensure that the information can be effectively understood when received. The USCDI standards will be updated and expanded over time.
The CMS regulation—known as “Interoperability and Patient Access”—advances efforts to improve access to the clinical, encounter, claims, and other types of data that can be shared among patients, health insurance plans, and federal agencies by choosing standards for data formats and elements as well as an API. These standards are known as the Fast Healthcare Interoperability Resources (FHIR). The regulation also describes how CMS will discourage information blocking, capture more electronic addresses for providers, and require hospitals to send admission, discharge, and transfer notifications electronically.
The regulations were finalized on March 9, 2020 and will begin to go into effect May 2020. Compliance for certain provisions, including information blocking, will start to be required in six months, along with compliance reporting by EHR vendors every six months. EHR vendors will have up to 24 months to provide customers with API technology supporting the new standards. EHI export requirements must be met within 36 months. Note that CMS has extended the implementation timeline for certain provisions in recognition that hospitals are on the front lines of the COVID-19 public health emergency. This includes the requirement for hospitals around electronic transmission of admission, discharge, and transfer notifications.