Health Law Advisor

On August 5, 2024, the Office of the National Coordinator for Health Information Technology— now known as the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health IT (“ASTP/ONC”) within the U.S. Department of Health and Human Services (“HHS”)—issued a proposed rule titled “Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability” (the “HTI-2 Proposed Rule”), as part of its ongoing efforts to enhance health care interoperability and data sharing. The HTI-2 Proposed Rule builds on the January 2024 “Health Data, Technology, and Interoperability” final rule (the “HTI-1 Final Rule”). Comments on the HTI-2 Proposed Rule are due October 4.

Through the proposed changes, ASTP/ONC would (1) make sweeping changes to its Health Information Technology Certification Program (“HIT Certification Program”); (2) make revisions to the information blocking regulation, including implementing two new information blocking exceptions; and (3) codify and implement the statutory provisions regarding the Trusted Exchange Framework and Common Agreement (“TEFCA”) requirements.

New and Revised HIT Certification Criteria

The proposed changes in the HTI-2 Proposed Rule would significantly expand the scope of the HIT Certification Program to introduce additional functionality and new technology for developers of HIT used by health care providers and HIT that is intended to be used by payers and for public health agencies. The certification criteria introduced in HTI-2 for payers is the first time that the health IT certification program is being extended beyond the certified electronic health record (EHR) technology developers. Some notable changes include the following:

From the Diagnosing Health Care Podcast:  How have complaints of information blocking been submitted to the Office of the National Coordinator (ONC), and by whom? What does government enforcement action really look like?

In this episode of our special series on interoperability, hear from ONC attorneys Cassie Weaver and Rachel Nelson.

Featured on the Diagnosing Health Care Podcast:  How is openEHR transforming the way health data is managed and stored across Europe? Will it soon disrupt the U.S. marketplace?

In this episode of our special series on interoperability, hear from Alastair Allen, CTO of Better.

In this episode of the Diagnosing Health Care Podcast:  In the past decade, certified electronic health records (EHRs) have been instrumental in transforming medical records from paper to digital formats.

What obstacles are currently preventing providers from sharing patient data with each other or patients from sharing health information from their personal devices with their providers? In this episode of our special series on interoperability, hear from Tomaž Gornik, founder and CEO of Better.

In this episode of the Diagnosing Health Care Podcast:  The interoperability and information-blocking rules have imposed new regulations and requirements on health information exchanges (HIEs). How are HIEs responding to these new regulations in a space they have been in for decades? In this episode of our special series on interoperability, hear from Dan Paoletti, CEO of the Ohio Health Information Partnership.

New from the Diagnosing Health Care Podcast:  One of the long-term goals of the interoperability and information-blocking rules is to give health care providers a much more comprehensive view of a patient’s entire continuum of care.

Throughout 2021, we closely monitored the latest privacy laws and a surge of privacy, cybersecurity, and data asset management risks that affect organizations, small and large. As these laws continue to evolve, it is important for companies to be aware and compliant. We will continue to monitor these trends for 2022.

The attorneys of the Privacy, Cybersecurity & Data Asset Management group have written on a wide range of notable developments and trends that affect employers and health care providers. In case you missed any, we have assembled a recap of our top 10 blog posts of 2021, with links to each, below:

Only a few days remain before the enforcement delay that the Centers for Medicare & Medicaid Services (CMS) exercised due to COVID-19 will end and the agency will require certain payors to publish a Patient Access application programming interface (“API”) and a Provider Directory API under the requirements of the CMS Interoperability and Patient Access Final Rule. Starting on July 1, 2021, all health plans that offer Medicare Advantage, Medicaid and Children’s Health Insurance Program (CHIP) and most Qualified Health Plans offered through the Federally-facilitated ...

The roll out of the Office of the National Coordinator’s (ONC) 21^st Century Cures Act Interoperability and Information Blocking Rules is reminiscent of the way HIPAA has rolled out over the course of the past 25 years. As of May 1, 2021, Actors have been required to comply with the Information Blocking rules. However, it will take some time before all Actors know who they are and for complaints of Information Blocking to be determined to be actual instances of Information Blocking, by which time the penalties that have not yet been finalized may also need to be adjusted.

While ONC defined ...

As consumerism in healthcare increases, companies and the individuals they serve are increasingly sharing data with third-party application developers that provide innovative ways to manage health and wellness, among numerous other products that leverage individuals’ identifiable health data.  As the third-party application space continues to expand and data sharing becomes more prevalent, it is critical that such data sharing is done in a responsible manner and in accordance with applicable privacy and security standards. Yet, complying with applicable standards requires striking the right balance between rules promoting interoperability vis-à-vis prohibiting information blocking vs. ensuring patient privacy is protected. This is especially difficult when data is sent to third party applications that remain largely unregulated from a privacy and security perspective.  Navigating this policy ‘tug of war’ will be critical for organizations to comply with the rules, but also maintain consumer confidence.

On March 9, 2020, the Office of the National Coordinator for Health Information Technology (“ONC”) and the Center for Medicare and Medicaid Services (“CMS”) published their long-awaited final rules that seeks to promote interoperability. Market participants waited longer than usual for this rule due to the Department of Health and Human Services (“HHS”) extending the comment period at the request of a variety of stakeholders.

The ONC’s rule (the “Final Rule”) supports interoperability by prohibiting “information blocking”.  Affected organizations (see below) will want to be considering the impact on contracts and developing compliance policies that reflect the requirements of the Final Rule. One aspect of needed compliance relates to the Final Rule’s exceptions to information blocking including a newly-added “content and manner” exception.

Generally, information blocking is defined as an action by an actor interfering with, preventing, or materially discouraging access, exchange, or use of electronic health information[1]  (“EHI”). Actors include health care providers, health IT developers, health information exchanges, or health information network. In the proposed rule, the ONC proposed seven exceptions to conduct that might otherwise be deemed information blocking. However, in the Final Rule, ONC created eight exceptions. Further, the ONC defined two categories of exceptions: (1) Exceptions that involve not fulfilling requests to access, exchange, or use EHI and (2) Exceptions that involve procedures for fulfilling requests to access, exchange, or use EHI. Each of the eight enumerated exceptions are categorized as follows:

Interoperability and patient access to data has been pushed to the forefront as a primary concern for the health industry. This is largely due to proposed rules published this spring by the Office of the National Coordinator for Health Information Technology (ONC) and the Center for Medicare and Medicaid Services (CMS) that seek to advance interoperability and support the access, exchange, and use of electronic health information. In August 2019, the ONC held its third annual National Coordinator for Health IT Interoperability Forum in Washington DC. The event brings together the ...