The Office of the National Coordinator for Health Information Technology (ONC) is one step closer to issuing its long-awaited proposed rule to implement various provisions of the 21st Century Cures Act, including proposed regulations distinguishing between prohibited health information blocking among health care providers and health information technology vendors and other permissible restrictions on access to health information. According to its website, the Office of Management and Budget (OMB) received ONC’s proposed rule for review on September 17, 2018. OMB review is one of the final steps in the process before a proposed rule is published in the Federal Register for public comments. OMB did not identify a deadline for completing its review. The agency generally has up to 90 days to complete its review, but can take less time than that.

In addition to defining the scope of prohibited information blocking conduct, the proposed rule is likely to address other issues of interest to health industry stakeholders. According to OMB, the proposed rule “would update the ONC Health IT Certification Program (Program) by implementing certain provisions of the 21st Century Cures Act, including conditions and maintenance of certification requirements for health information technology (IT) developers, the voluntary certification of health IT for use by pediatric healthcare providers, health information network voluntary attestation to the adoption of a trusted exchange framework and common agreement in support of network-to-network exchange, and reasonable and necessary activities that do not constitute information blocking. The rulemaking would also modify the Program through other complementary means to advance health IT certification and interoperability.”

Subscribe here to receive future updates from McDermott.

In September, the Office of the National Coordinator for Health Information Technology (ONC) announced that it is scaling back requirements for third-party certification of criteria related to certified electronic health record (EHR) technology (CEHRT). Going forward, ONC will allow health developers to self-declare their products’ conformance with 30 of the 55 certification criteria.

ONC will also exercise discretion and not enforce the requirement that certification bodies conduct randomized surveillance of two percent of the health IT certifications they issue.

Read “ONC’s De-Regulatory Announcement Aims at Enticing Industry to Adopt 2015 Edition Criteria.”

Copyright 2017, American Health Lawyers Association, Washington, DC. Reprint permission granted.

On May 31, 2017, the US Department of Justice announced a Settlement Agreement under which eClinicalWorks, a vendor of electronic health record software, agreed to pay $155 million and enter into a five-year Corporate Integrity Agreement to resolve allegations that it caused its customers to submit false claims for Medicare and Medicaid meaningful use payments in violation of the False Claims Act.

Read the full article.

On April 1, 2015, the Office of the National Coordinator for Health Information Technology (ONC), which assists with the coordination of federal policy on data sharing objectives and standards, issued its Shared Nationwide Interoperability Roadmap and requested comments.  The Roadmap seeks to lay out a framework for developing and implementing interoperable health information systems that will allow for the freer flow of health-related data by and among providers and patients.  The use of technology to capture and understand health-related information and the strategic sharing of information between health industry stakeholders and its use is widely recognized as critical to support patient engagement, improve quality outcomes and lower health care costs.

On April 3, 2015, the Federal Trade Commission issued coordinated comments from its Office of Policy Planning, Bureau of Competition, Bureau of Consumer Protection and Bureau of Economics.  The FTC has a broad, dual mission to protect consumers and promote competition, in part, by preventing business practices that are anticompetitive or deceptive or unfair to consumers.  This includes business practices that relate to consumer privacy and data security.  Notably, the FTC’s comments on the Roadmap draw from both its pro-competitive experience and its privacy and security protection perspective, and therefore offer insights into the FTC’s assessment of interoperability from a variety of consumer protection vantage points.

The FTC agreed that ONC’s Roadmap has the potential to benefit both patients and providers by “facilitating innovation and fostering competition in health IT and health care services markets” – lowering health care costs, improving population health management and empowering consumers through easier access to their personal information.  The concepts advanced in the Roadmap, however, if not carefully implemented, can also have a negative effect on competition for health care technology services.  The FTC comments are intended to guide ONC’s implementation with respect to: (1) creating a business and regulatory environment that encourages interoperability, (2) shared governance mechanisms that enable interoperability, and (3) advancing technical standards.

Taking each of these aspects in turn, creating a business and regulatory environment that encourages interoperability is important because, if left unattended, the marketplace may be resistant to interoperability.  For example, health care providers may resist interoperability because it would make switching providers easier and IT vendors may see interoperability as a threat to customer-allegiance.  The FTC suggests that the federal government, as a major payer, work to align economic incentives to create greater demand among providers for interoperability.

With respect to shared governance mechanisms, the FTC notes that coordinated efforts among competitors may have the effect of suppressing competition.  The FTC identifies several examples of anticompetitive conduct in standard setting efforts for ONC’s consideration as it considers how to implement the Roadmap.

Finally, in advancing core technical standards, the FTC advised ONC to consider how standardization could affect competition by (1) limiting competition between technologies, (2) facilitating customer lock-in, (3) reducing competition between standards, and (4) impacting the method for selecting standards.

As part of its mission to protect consumers, the FTC focuses its privacy and security oversight of health- related information on companies and data sharing arrangements that sit outside the jurisdiction of the Health Insurance Portability and Accountability Act (HIPAA), which regulates the privacy and security practices of covered entity health care providers, health plans and health care clearinghouses, as well as the third parties that assist those covered entities, referred to as business associates.  Information regulated by HIPAA, called Protected Health Information (PHI) typically resides in the “traditional medical model” of providers and health plans.  Information regulated by the FTC, often called consumer-generated health information (CHI) tends to be generated outside of the traditional medical model, for example through the explosion of wearables and other digital, consumer-facing technologies.

As interoperability gathers steam, and as providers and plans increasingly look to mobile and digital health tools to maximize patient engagement and obtain additional “out of the exam room” data that they can leverage to improve patient outcomes and control costs, the divide between PHI and CHI collapses.  Not only will interoperability have to contend with PHI-centered systems effectively sharing information with one another, but it will also have to contend with the need for systems to move PHI and CHI, consistent with the different consumer expectations and regulatory frameworks for such information.  And then, of course, there is also state law.

The FTC’s comments highlight the central role that the FTC will play, alongside the Office of Civil Rights, which enforces HIPAA, in envisioning, deploying and overseeing the health information sharing systems beginning to emerge.