eHI's Policy Guy Summarizes Comments on ONC & CMS Interoperability Proposals

June saw the end of exhaustive and exhausting comment periods on interoperability-focused proposed rules from the Office of the National Coordinator for Health IT (ONC) and the Centers from Medicare and Medicaid Services (CMS), discussed in my prior blog. The annual CMS Medicare hospital payment proposed rule also touched on interoperability issues and the physician-focused annual proposed rule is expected imminently.  In the U.S. Congress, there was also renewed activity to fill in the interoperability puzzle, including provisions in a Senate HELP Committee approved bill on cost reduction that would build on the Blue Button 2.0 expansion in the recent CMS interoperability proposed rule, as well as interest in expanding HIPAA to non-covered entities to address privacy and security concerns with application programming interfaces (APIs) and apps. There was also House action to remove statutory restrictions on federal consideration of a national patient identifier.

ONC and CMS Information Blocking and Interoperability Proposed Rule Comments

The ONC and CMS interoperability proposed rules stimulated many comments (including from the eHealth Initiative). The ONC proposed rule received over 2,000 comments, many if not most, on price transparency, the subject of a June 25 Executive Order. ONC has formally targeted November 2019 for a final rule, although a later release is likely given the number and tenor of comments, including calls for second round of proposed rulemaking.  

Common issues in comments on the ONC interoperability and information blocking proposed rule were:

• Broad support for increased patient access to information, standards-based open APIs, and reduction of information blocking;
• Likely significant burdens on information blocking-relevant “actors,” especially complexity and compliance costs;
• The Information Blocking definition is too broad and the need for specific guidance to develop compliance plans;
• Definitions of Health Information Network and Health Information Exchange are too broad and confusing;
• The focus on Electronic Health Information (EHI) should be scaled back to HIPAA Protected Health Information (PHI);
• The proposed information blocking exceptions cover the right categories, but requirements are too detailed and rigid, although some see exceptions as loopholes;
• Pricing and contracting limits are too restrictive, requiring extensive documentation, and could distort markets (the Federal Trade Commission agreed);
• The scope (which products and developers) of information blocking liability for health IT developers; and
• The effective dates and timelines for developers and implementers should be extended.

Trusted Exchange Framework and Common Agreement (TEFCA) Draft 2

The ONC Trusted Exchange Framework and Common Agreement (TEFCA) Draft 2 received far fewer comments (about 125) by the June 17 deadline, including from the eHealth Initiative. A common theme was for ONC to be more consistent with congressional intent to support and not disrupt or duplicate existing exchange networks and frameworks and their in-place trust agreements. There were also calls for ONC to reconcile the TEFCA with HIPAA privacy and security regulations and with forthcoming information blocking and open API regulations. There was particular attention to how Individual Access will be implemented, including the role of apps and APIs, as well as how to implement Meaningful Choice, which would enable individuals to opt out of the TEFCA.

Comments also emphasized that the Recognized Coordinating Entity (RCE) to be designated in August by ONC should have considerable leeway to work with stakeholders to refine and implement the policy and technical aspects of the TEFCA. The RCE will be a nonprofit organization assigned to develop, update, implement, and maintain the TEFCA Common Agreement. The RCE will also work with ONC to designate and monitor the Qualified Health Information Networks (QHINs) that will be the backbone of nationwide queries, modify and update the accompanying QHIN Technical Framework (QTF) that will govern QHIN-to-QHIN interactions, and engage with stakeholders through virtual listening sessions.

Following its review of these TEFCA Draft 2 comments, ONC intends to:

• Finalize and publish final principles for the Trusted Exchange Framework (TEF);
• Have the RCE issue for public comment, after ONC approval, Draft 1 of the Common Agreement, which will include Minimum Required Terms and Conditions (MRTCs) developed by ONC and Additional Required Terms and Conditions (ARTCs) developed by the RCE and approved by ONC;
• Have the RCE issue for public comment, after ONC approval, Draft 2 of the QTF;
• Have the RCE issue for production, after ONC approval, Final Version 1 of the Common Agreement (to be published in the Federal Register);
• Have the RCE issue for production, after ONC approval, Final Version 1 of the QTF;
• Have the RCE designate and monitor QHINs that sign and adopt the Common Agreement—QHINs would “flow-down” Common Agreement provisions to their Participants and Participant Members;
• Have the RCE implement an ONC-approved process to determine QHIN compliance with the Common Agreement;
• Have the RCE implement a process to update the Common Agreement, as needed, for ONC final approval and publication; and
• Have the RCE propose strategies to sustain the Common Agreement at a national level after expiration of the four-year term of the Cooperative Agreement.

Based on a review of the TEFCA Draft 2 and the companion ONC Notice of Funding Opportunity for the RCE, it is likely that the revised Common Agreement, the QTF, and initial QHINs will all roll-out during 2020.

Implications for eHealth Initiative Members

The flurry of federal activity in June sets the stage for expanded healthcare interoperability in the U.S. and for a more complex regulatory environment.  Key changes to prepare for include:

• Expanded nationwide query-based access to health information, initially at the “document” level (e.g., C-CDA) and later at the level of individual data elements, using standards like HL7® FHIR®. This access will accommodate queries by patients and their designees;
• Regulatory drivers to reinforce private sector growth in standards-based APIs for granular, patient-focused, health data access, again relying on HL7® FHIR®;
• Pressures for federal and state privacy and security protections to follow the shift to an API/app ecosystem;
• Increased recognition of the need to enhance patient matching, with a robust federal role;
• Continued tensions between federal government prescriptiveness and reliance on private sector dynamics, recognizing that the latter can be driven by high-level federal initiatives around areas like value-based payment and information blocking; and
• Implementation of federal laws and regulations on information blocking that will transform the digital health space, resulting in both increased data liquidity and a complex and costly compliance environment, potentially rivaling what we have seen with HIPAA.
   

Mark Segal, PhD, FHIMSS, Principal, Digital Health Policy Advisors, LLC. Member and Past Chair of the eHI Policy Steering Committee. July, 9 2019. Twitter @msegal111

eHI thinks Mark Segal is a super cool guy and is providing his opinions for informational purposes only. The opinions presented, do not represent those of eHealth Initiative, our members or the Foundation.