ONC and CMS regulations aim to improve patient access and interoperability, but more needed to protect patient privacy and reduce administrative burden
April 3, 2020 (ACP) – Though a new batch of federal health IT regulations is a step in the right direction, the American College of Physicians believes there's more work to be done and is continuing to lobby policymakers on the issues of patient privacy and elimination of administrative burden.
“Effective interoperability is crucial to improving the patient experience, reducing burden on physicians, and, in turn, improving the quality of care. Patients also have a right to easily access their electronic personal health information and be able to use and share that information as they see fit,” said Dr. Robert McLean, president of ACP. “That is why it is critical to make sure that regulations governing interoperability balance the desire to increase access to data with the need for privacy, while also focusing on exchanging meaningful and actionable data and allowing for ease of implementation for physicians.”
In early March, two sets of regulations were released. One came from the Office of the National Coordinator for Health IT (ONC) and the other from the Centers for Medicare & Medicaid Services (CMS). Both sets of regulations aim to improve patient access to data and electronic health information exchange, also known as interoperability.
Why are there two sets of rules? “Improving interoperability is a multifaceted issue and requires various stakeholder involvement to improve the process,” said Brooke Rockwern, ACP senior associate of health IT policy.
The ONC rule, known as the 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program, is primarily focused on the health IT vendor community, including health IT vendors and health information exchanges and networks, as well as the physicians using those systems. “ONC is requiring vendors to use standards-based application programming interfaces (APIs) to exchange health data electronically,” Rockwern said. “Another big part of ONC's rule—and the aspect that is directly related to actions physicians take—includes ONC's definition of information blocking and the eight exceptions to information blocking.”
The regulations from CMS in the final rule, titled Interoperability and Patient Access, are designed for payers who contract with the agency. “The CMS regulations promote patient access to their data and the exchange of electronic health information across payers,” Rockwern said. “CMS calls for the use of the same standards-based APIs that ONC lays out for the vendor community to promote this data exchange.”
In general, ACP supports the new regulations, Rockwern said, including provisions that boost the rights of patients to access their data and improve health information exchange. “ONC and CMS responded to some of our concerns that we raised during the proposed rulemaking process,” she said. “The most significant – and one of ACP's specific asks – regards narrowing the scope of the data required for exchange, at least initially. ACP has continuously recommended that efforts to improve data exchange happen in stages so that risks and benefits can be assessed appropriately before opening the floodgates for clinical data exchange. Those risks include privacy, security, information-overload and workflow issues.”
ACP supports other ONC provisions in areas such as data security and the ability of clinicians to share screenshots and videos regarding health IT usability.
On the CMS front, “we support efforts for hospitals to send electronic Admission, Discharge, and Transfer notifications to clinicians,” Rockwern said. “However, these notifications have the potential to be a new burden if not presented in meaningful and actionable ways.”
ACP has other concerns about the ONC and CMS reforms. “More needs to be done to protect patient privacy and avoid administrative burdens,” Rockwern said. “Neither ONC or CMS really addressed the underlying privacy policy concerns regarding patient data and third-party apps. They are essentially leaving it to others in industry to layer privacy policies on top of the security specifications.”
In addition, she said, “ACP is concerned about the downstream, and likely burdensome, effects the information blocking provisions and exceptions will have on day-to-day physician practice. Each specific exception requires extensive documentation, and each exception is different.”
ACP is also focusing on costs associated with implementing and maintaining APIs and data exchange services. “Clinicians will have to pay to implement and operate functionality but cannot charge patients for these exchange services,” Rockwern said.
Finally, she said, “there are still a number of varying timelines. Both CMS and ONC seem overly optimistic regarding when technical upgrades will be ready versus when they will be required to be used.”
What does all this mean for ACP members? “These rules take significant steps to improve data exchange between physicians as well as promote patient access to their data. Physicians will need to work closely with their vendors to make sure the technical requirements are in place,” Rockwern said. “ACP is working on developing education tools and resources for those practices that do not have access to health information management departments to help them better understand how to comply and succeed under these new regulations.”
Back to the April 3, 2020 issue of ACP Advocate