By Elizabeth Neal
Pitman, Eddie Williams III, Sakinah N. Jones
A recently published Proposed Rule will implement certain provisions of the 21st Century Cures Act (Cures Act) to “advance interoperability, improve transparency, and support the access, exchange, and use of electronic health information,” according to the U.S. Department of Health and Human Services’ (HHS) Office of the National Coordinator for Health Information Technology (ONC).
The Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing Proposed Rule (HTI-1 Proposed Rule) will modify and expand exceptions in the information blocking regulations to support information sharing, as well as implement other provisions related to health information technology (health IT) and certification.
Key elements of the HTI-1 Proposed Rule include:
implementing the Electronic Health Record Reporting Program as a new Condition of Certification for developers of certified health IT under the ONC Health IT Certification Program (Certification Program)
modifying and expanding exceptions in the information blocking regulations to support information sharing
revising several Certification Program criteria, including adopting the United States Core Data for Interoperability (USCDI) Version 3
updating standards and implementation specifications adopted under the Certification Program
Information Blocking
Enhancements
Information blocking enhancements in the HTI-1 Proposed Rule include additions and revisions to several definitions and exceptions in the original Cures Act Final Rule intended to provide clarity and enhance compliance with the regulations.
First, HTI-1 seeks to clarify what it means to offer “health IT.” The current regulation, which includes “an individual or entity that under any arrangement makes certified health IT available for purchase or license,” appears to pull into its radius healthcare providers acting in the ordinary course and others providing health IT under arrangements not intended to resell, sublicense or otherwise supply health IT for profit.
The proposed clarification excludes healthcare providers or other health IT users who are engaging in certain customary and common activities. Activities expressly excluded from the proposed definition are:
arrangements structured for the purposes of subsidizing health IT for providers in need, such as a health system supplying an EMR to a safety-net provider
issuing login credentials to employees, supplying API technology, online portals or issuing public health authorities with login credentials and providing login credentials to independent providers for treatment purposes at healthcare facilities
entities providing comprehensive administrative or operational management consultant services involving health IT
Exceptions would exclude from the definition traditional forms of management services agreements, the majority of which are administrative, credentialing and other business services for the healthcare recipient of health IT, and self-developing healthcare providers who fall within the exceptions.
Next, ONC proposes changes to the Infeasibility Exception by revising one condition and proposing two new conditions. First, ONC proposes to revise the uncontrollable events condition. Under the proposed revision, an actor must demonstrate a causal connection between not providing access, exchange or use of EHI and the uncontrollable event (i.e., natural/human-made disaster, public health emergency (PHE) or war). Second, ONC proposes to add two new conditions to the infeasible under the circumstances condition. The first new condition, “third party seeking modification use,” would apply to an actor’s practice of denying a third party’s request to enable use of EHI in order to modify EHI and, particularly, requests to create or delete EHI. The second new infeasibility condition, “manner exception exhausted,” would apply where an actor is technically unable to fulfill the request or cannot reach agreeable terms with the requestor, an alternative manner was offered but no agreement reached, and the actor does not provide access, exchange or use to others similarly situated. To encourage alternative solutions, ONC proposes to exclude from information blocking fees charged by the actor and license of interoperability elements, without requiring compliance with the Fees and License exception.
Further, ONC proposes an additional condition for a Qualified Health Information Network (QHIN), Participant or Subparticipant to Trusted Exchange Framework and Common Agreement (TEFCA) to encourage participation in this common framework for network-to-network exchange of information. The proposed new condition offers actors certainty that qualified practices required for compliance with the Common Agreement are covered by the Manner Exception if the elements are met.
HIPAA Implications
Health IT limitations related to data segmentation and patient preferences, specifically a patient’s right to request restrictions pursuant to the Health Insurance Portability and Accountability Act (HIPAA) were also addressed in HTI-1. ONC recognized a healthcare provider’s desire to grant a patient’s request for release of information to the patient or others and the difficulties arising from limited data segmentation functionality. ONC set out specific non-exclusive examples of when this may occur and requested comments on capabilities of health IT to segment data to support granting of such requests.
The HTI-1 Proposed Rule also recommends revisions to a new certification criterion focused on supporting patient right to request a restriction on certain uses and disclosures of their personal health information (PHI) under the HIPAA Privacy Rule. This proposed functionality is focused specifically on supporting one health IT enabled mechanism for a patient to request a restriction on disclosure and for a covered entity to honor that restriction using a certified Health IT Module.
Elizabeth Neal Pitman and Eddie Williams III are partners in Holland & Knight’s Birmingham, Alabama, and Tallahassee, Florida, offices, respectively. Sakinah N. Jones is an associate in Holland & Knight’s Atlanta office.