The proposed rule also expands the certification and use of API technology based on HL7’s Fast Healthcare Interoperability Resources (FHIR®) standard for additional uses cases across the health care sector for the following areas:
- Electronic Prior Authorization
- Access to Billing and Payment Transactions
- Public Health Exchange
Additionally, the proposed rule includes proposals for new and revised exceptions under the information blocking regulations as well as revisions to the criterion for encrypt authentication credentials, new criteria for “administrative” APIs, and a new criterion for a standardized FHIR®-based API for public health reporting.
Key Provisions
A New Baseline Version of USCDI
The USCDI standard is a baseline set of data that can be commonly exchanged across care settings for a wide range of uses and is a required part of certain certification criteria in the Program. The USCDI standard in § 170.213 will be updated by adding USCDI v4 and by establishing an expiration date of January 1, 2028 for USCDI v3 for purposes of the Program.
Minimum Standards Code Set Updates
In the 2015 Edition Final Rule, HHS established a policy of adopting newer versions of “minimum standards” code sets that update frequently (80 FR 62612). Adopting newer versions of these code sets enables improved interoperability and implementation of health IT with minimal additional burden (77 FR 54170). If adopted, newer versions of these minimum standards code sets would serve as the baseline for certification, and developers of certified health IT would be able to use newer versions of these adopted standards on a voluntary basis.
Bulk Data Enhancements
ONC proposes to adopt the HL7 FHIR Bulk Data Access v2.0.0: STU 2 implementation specification (Bulk v2 IG) and require server support for the group export operation and a query parameter for performance improvement. ONC believes this will better support application developers interacting with § 170.315(g)(10)-certified Health IT Modules in exporting complete sets of FHIR resources, as constrained by the US Core IG and USCDI, for pre-defined cohorts of patients.
Electronic Prior Authorization
The proposed rule would support the Department of Health and Human Services agency-wide approach to electronic prior authorization that meets the Department’s interoperability and burden reduction goals, such as reducing documentation requirements associated with completing prior authorization requests for payers. This proposed rule would also update certification criteria and standards updates that would facilitate electronic prior authorization using certified health IT to ensure that health care providers are able to interact with these APIs using certified health IT.
Information Blocking
The proposed rule would update two existing exceptions and establish two new exceptions.
- Proposed new Protecting Care Access Exception would, under specified conditions, cover actors’ limiting EHI sharing in order to reduce a risk of potentially exposing patients, providers, or persons who facilitate care to legal action based on the mere fact that they sought, obtained, provided, or facilitated lawful reproductive health care. The Protecting Care Access Exception would also apply where an actor limits sharing of a patient’s EHI potentially related to reproductive health care in order to protect that patient from potential exposure to legal action.
- Proposed new Requestor Preferences Exception would provide actors a framework under which they can be confident they will not be committing information blocking if they agree to a requestor’s ask for restrictions on when, under what conditions, and how much EHI is made available to that requestor.
- Revisions to existing exceptions would: expand application of the existing Privacy Exception to further support more actors’ practices protecting the privacy of patients’ health information; and update the existing Infeasibility Exception to offer actors more clarity and more flexibility under certain conditions.
TEFCA
The ONC proposes to add a new part, part 172, to title 45 of the Code of Federal Regulations to implement certain provisions related to the Trusted Exchange Framework and Common Agreement (TEFCA™). These provisions will establish the qualifications necessary for an entity to receive and maintain Designation as a Qualified Health Information Network (QHIN) capable of trusted exchange pursuant to TEFCA™. The proposals also cover the procedures governing QHIN Onboarding and Designation, suspension, termination, and administrative appeals to ONC.
AHA Reaction
The American Hospital Association (AHA) expressed both support of, and opposition to, the proposed rule. In an Oct. 4 letter, the AHA said it supported the following parts of the rule: (a) aligning CMS application programming interface requirements and recommendations; (b) continuing to develop U.S. Core Data for Interoperability (USCDI) standards; (c) committing to protect patient data; (d) improving public health data interoperability; (e) rolling out the Trusted Exchange Framework and Common Agreement (TEFCA); and (f) revising information blocking request-response criteria.
However, the AHA was not as happy with some the proposals, stating “we are concerned that providers would still be held to a higher accountability standard for data sharing, USCDI version deadlines are too aggressive, new encryption requirements are burdensome, and TEFCA's current governance structure may be inadequate."
The AHA asked ONC to clarify that hospitals and health systems would not be in violation of interoperability and information-blocking rules if their Qualified Health Information Network gets suspended or terminated from TEFCA. We may have to wait until the publication of the final rule to get an answer to this question. In other words, more to come!