On March 9, 2020 the Office of the National Coordinator for Health Information Technology (ONC) released its final rule on the 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program. Referred to by some people as the “Information Blocking Rule,” since this is the primary topic, the document actually covers a host of other issues related to interoperability driven primarily by requirements of the 21st Century Cures Act. In addition to the final rule itself you can read the ONC press release, a comparison between the proposed and final rules, and lots of other resources. The final rule was officially be published in the Federal Register on May 1, 2020.
Previously, we provided a detailed table of Public Health Issues, Impacts, and Opportunities, as well as a separate detailed response to the ONC Patient Matching RFI and CMS Patient Matching RFI. We then published our final comments on the ONC NPRM and the CMS NPRM Patient Matching RFI.
So instead of going to HIMSS20 (boy, that seems like so long ago…) I spent the past week reading over the final rule, as usual with a particular eye to public health issues, concerns, and impacts. Aside from its length, and complexity in a few spots, the final rule overall seemed pretty clear. With over 2,000 comments received on the NPRM, ONC did a good job of consolidating the comments and presenting them in an orderly manner. I have updated my detailed table of Public Health Issues, Impacts, and Opportunities to offer observations and discussion based on the text of the final rule.
Here are some thoughts about what I found in the Final Rule. I apologize if references here seem cryptic to new readers but this is a complex topic with a fair amount of prerequisite knowledge required:
- The final rule replaces CCDS with USCDI v1 and associated “Standards Version Advancement Process” (SVAP). ONC clarified that USCDI comes into effect through specific certification criteria and not in and of itself. Though the certification criterion “transmission to public health agencies – electronic case reporting” (§ 170.315(f)(5)) would be subject to USCDI compliance, the discussion, seems to make it optional for public health to make use of data elements from USCDI that are not currently within eCR specifications.
- Additions to USCDI are made through this rule making, but that feels like a violation of the process set up within USCDI itself for changes. ONC did not feel compelled by objections to the NTTAA exception for USCDI maintenance and development. No specific recognition of public health concerns about SVAP was noted in the Final Rule.
- ONC adopted NCPDP SCRIPT 2017071 for ePrescribing.
- ONC decided that the data set for data export would be the same electronic health information that a patient has the right to request from a provider under the HIPAA Privacy Rule. This may be an opportunity for public health to benefit from more standardized and comprehensive formats for EHR data export that may facilitate public health registry data import.
- The FHIR v4 API was adopted for both single and multiple patient focuses. The “ARCH” was not adopted but the HL7 US Core IG and SMART were adopted. ONC affirmed that the API requirements only apply to the specific API-focused certification criteria which relate to query for patient records from an EHR. Though public health reporting transactions do not appear to be directly impacted by this proposal, as FHIR becomes more pervasive in the clinical community, some public health registry activities (e.g., IIS query/response) may come under pressure to support FHIR.
- ONC affirmed that public health certification criteria should be included in Real-world Testing. ONC concurred with comments that stressed the need to involve public health in real-world testing plans and to limit any additional burden on public health.
- With respect to Information Blocking, ONC also stated that public health agencies and the infrastructure they deploy to support public health reporting certification criteria would fall outside of the definition of “HIT developer.” Community-based organizations were excluded from the definition of healthcare providers so long as they do not also conduct the activities identified in the definition. ONC affirmed that a patient’s preference cannot be an obstacle to information sharing required by law unless the law allows for that preference (e.g., opt-out). ONC acknowledged the question about whether onboarding queue backlog could be exempted from information blocking but did not directly answer the question. But most importantly, ONC determined that transactions (like public health reporting) that do not facilitate interoperability between more than two parties were excluded from Information Blocking consideration.
- With respect to the Standards Version Advancement Process” (SVAP), public health needs to be sure that standards don’t creep into the ONC Interoperability Standards Advisory (ISA) that we are not prepared to support in production.
- Comments about various RFI sections of the NPRM were acknowledged by ONC but no further disposition or conclusions were offered.
- In light of COVID-19, ONC has announced enforcement discretion which will stretch out some of the compliance timetables for the final rul.
We will continue to refine these comments as discussions continue over the coming weeks and months.
Send us feedback about this blog