The Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC) released final rules intended to increase interoperability and improve patients’ access to their health information. The rules finalize provisions related to CMS’ MyHealthEData initiative and implement provisions of the 21st Century Cures Act. ONC and CMS released proposed versions of these rules last February.
CMS Final Rule
The CMS final rule on interoperability and patient access aims to increase patient access to health data, promote interoperability across providers and payers, and improve care coordination. Specifically, the rule revises the Medicare conditions of participation to require hospitals electronically exchange information with other health care facilities or community providers in the form of electronic event notifications upon a patient’s admission, discharge, or transfer. The new requirement applies to acute care hospitals, psychiatric hospitals, and critical access hospitals and will take effect six months after CMS publishes the rule in the Federal Register.
Additionally, the rule:
- updates the frequency with which states must exchange certain data on beneficiaries dually eligible for Medicare and Medicaid to improve benefit coordination for this population;
- makes public a list of hospitals and other providers engaging in “information blocking,” or practices that create excessive barriers to increasing interoperability; and
- requires Medicare Advantage plans, state Medicaid fee-for-service and managed care plans, qualified health plans sold on Affordable Care Act exchanges, and certain other payers to increase access to health information through application programming interfaces (APIs).
The final rule also requires providers to post and update their digital contact information in the National Plan and Provider Enumeration System (NPPES). CMS will publicly list the providers who fail to provide their digital contact information in NPPES.
The provisions in the rule will take effect 60 days after CMS publishes it in the Federal Register, unless noted otherwise for specific provisions.
ONC Final Rule
Meanwhile, the ONC final rule implements parts of the 21st Century Cures Act related to advancing interoperability; supporting the access, exchange, and use of electronic health information; and addressing information blocking.
The rule finalizes provisions related to the 2015 certification criteria, which electronic health record (EHR) developers must include in their products if they are intended for use in the Medicare and Medicaid Promoting Interoperability Programs. Most notably with regard to the 2015 certification criteria, the rule finalizes the adoption of the United States Core Data for Interoperability (USCDI) standard, which is the core dataset that an EHR must contain. The USCDI replaces the more limited common clinical data set (CCDS). The rule also adds a certification criterion for APIs, through which patients can access their clinical data contained in providers’ EHRs.
The rule also finalizes a definition of electronic health information (EHI) for the purposes of information blocking. Specifically, ONC aligns the definition of EHI with electronic protected health information (ePHI) as used for purposes of the Health Insurance Portability and Accountability Act (HIPAA). In the proposed rule, ONC had planned a more expansive definition of EHI that included ePHI and additional health information, including payment and price information. The final rule definition of EHI, which mirrors ePHI, could include payment information to the extent that a patient’s ePHI includes this information. For the first 24 months after the rule’s effective date, however, ONC will limit the definition of EHI to the data elements contained in the USCDI standard, which America’s Essential Hospitals had called for in its comments.
ONC also delineates the eight “reasonable and necessary” activities that would qualify for an exception from the definition of information blocking:
- preventing harm;
- promoting the privacy of EHI;
- promoting the security of EHI;
- recovering costs reasonably incurred;
- responding to requests that are infeasible;
- licensing of interoperability elements on reasonable and non-discriminatory terms;
- maintaining and improving health information technology (IT) performance; and
- limiting the content and manner of an information request (this eighth exception was not included in the proposed rule).
Health information networks, health IT developers, health information exchanges, and health care providers are subject to the information blocking provision and these eight exceptions. These entities must comply with the definition of EHI and the information blocking exceptions six months after the rule is published in the Federal Register.
The general effective date of the rule is 60 days after its publication in the Federal Register, with varying effective dates for other specific provisions where noted in the rule.
America’s Essential Hospitals is reviewing the rules and will send a detailed Action Update in the coming days.
Contact Senior Director of Policy Erin O’Malley at eomalley@essentialhospitals.org or 202.585.0127 with questions.