March 12, 2020

HHS Releases Long-Awaited HIT Regs

The health policy and health information technology (HIT) communities have long been anticipating the release of major, game changing regulations from the Department of Health and Human Services (HHS) that would establish new requirements to provide patients with greater access to their health care data. After nearly a year of waiting, HHS finally released two final regs on Monday:

  1. The Office of the National Coordinator (ONC) for HIT’s reg implements certain sections of the monumental HIT bill, the 21st Century Cures Act, aimed at preventing “information blocking” practices. ONC establishes new certification standards for EHRs, including requiring them to make certain clinical data available to promote new business models of care. Further, ONC creates new application programming interface (API) requirements to support a patient’s access and control of their electronic health records (EHRs).
  2. The Centers for Medicare & Medicaid Services (CMS)’ reg requires health plans in Medicare Advantage, Medicaid, CHIP, and through the federal exchanges to share claims data electronically with patients. Specifically, beginning January 1, 2021, health plans will be required to make data available on an electronic server (called an API) which a patient can access securely through a computer or mobile app. The reg also establishes a new Condition of Participation (CoP) for all Medicare and Medicaid participating hospitals, requiring them to send electronic notifications to another health care facility or community practitioner when a patient is admitted, discharged, or transferred.

In all, the final regs are meant to give patients more control of their own health care data by allowing them to use an app on their smart phone to access their records from any health care encounter. When HHS proposed these changes last year, many stakeholders, including ACEP, expressed concerns about the privacy and security of the data once received by third-party apps. Many smart phone apps are not regulated entities under the Health Insurance Portability and Accountability Act (HIPAA) and therefore don’t have to follow the same strict rules about how patients’ data can be shared. We had requested that HHS issue stricter guidelines for apps, including disclosing in a clear and concise way how the app plans on using the data. HHS tries to address this concern in the final regs by implementing the same app standards that are used on travel and banking apps. However, as the health care app industry grows, it will be interesting to see how different apps decide to use patients’ data and whether patients’ data really are safe and secure.

We are hopeful that the regs’ emphasis on promoting interoperability of EHRs and reducing data blocking will break down at least some of the current barriers that prevent physicians like you from accessing data on your patients. Although these regs may help, I don’t believe they will make access to data totally seamless for physicians or clinical registries, like ACEP’s Clinical Emergency Data Registry (CEDR) . Nor will they completely eliminate EHR reporting burden—a key concern that is contributing to physician burnout. Therefore, addressing these issues will continue to be a top priority for ACEP.

Over the next few months, you will likely see announcements from health plans, EHR vendors, and your hospitals about these regs and how they plan on complying with the requirements. The timeline for implementation is pretty aggressive, with some of the first requirements starting in six months. So, stay tuned for updates as the reg requirements go into effect.

Until next week, this is Jeffrey saying, enjoy reading or listening to regs with your eggs!

Want Regs & Eggs delivered fresh? Sign up for our email list.

[ Feedback → ]