ONC and CMS regulations aim to improve patient access and interoperability, but more needed to protect patient privacy and reduce administrative burden
April 3, 2020 (ACP) 鈥 Though a new batch of federal health IT regulations is a step in the right direction, the 管家婆心水论坛 believes there's more work to be done and is continuing to lobby policymakers on the issues of patient privacy and elimination of administrative burden.
鈥淓ffective interoperability is crucial to improving the patient experience, reducing burden on physicians, and, in turn, improving the quality of care. Patients also have a right to easily access their electronic personal health information and be able to use and share that information as they see fit,鈥 said Dr. Robert McLean, president of ACP. 鈥淭hat is why it is critical to make sure that regulations governing interoperability balance the desire to increase access to data with the need for privacy, while also focusing on exchanging meaningful and actionable data and allowing for ease of implementation for physicians.鈥
In early March, two sets of regulations were released. One came from the Office of the National Coordinator for Health IT (ONC) and the other from the Centers for Medicare & Medicaid Services (CMS). Both sets of regulations aim to improve patient access to data and electronic health information exchange, also known as interoperability.
Why are there two sets of rules? 鈥淚mproving interoperability is a multifaceted issue and requires various stakeholder involvement to improve the process,鈥 said Brooke Rockwern, ACP senior associate of health IT policy.
The ONC rule, known as the 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program, is primarily focused on the health IT vendor community, including health IT vendors and health information exchanges and networks, as well as the physicians using those systems. 鈥淥NC is requiring vendors to use standards-based application programming interfaces (APIs) to exchange health data electronically,鈥 Rockwern said. 鈥淎nother big part of ONC's rule鈥攁nd the aspect that is directly related to actions physicians take鈥攊ncludes ONC's definition of information blocking and the eight exceptions to information blocking.鈥
The regulations from CMS in the final rule, titled Interoperability and Patient Access, are designed for payers who contract with the agency. 鈥淭he CMS regulations promote patient access to their data and the exchange of electronic health information across payers,鈥 Rockwern said. 鈥淐MS calls for the use of the same standards-based APIs that ONC lays out for the vendor community to promote this data exchange.鈥
In general, ACP supports the new regulations, Rockwern said, including provisions that boost the rights of patients to access their data and improve health information exchange. 鈥淥NC and CMS responded to some of our concerns that we raised during the proposed rulemaking process,鈥 she said. 鈥淭he most significant 鈥 and one of ACP's specific asks 鈥 regards narrowing the scope of the data required for exchange, at least initially. ACP has continuously recommended that efforts to improve data exchange happen in stages so that risks and benefits can be assessed appropriately before opening the floodgates for clinical data exchange. Those risks include privacy, security, information-overload and workflow issues.鈥
ACP supports other ONC provisions in areas such as data security and the ability of clinicians to share screenshots and videos regarding health IT usability.
On the CMS front, 鈥渨e support efforts for hospitals to send electronic Admission, Discharge, and Transfer notifications to clinicians,鈥 Rockwern said. 鈥淗owever, these notifications have the potential to be a new burden if not presented in meaningful and actionable ways.鈥
ACP has other concerns about the ONC and CMS reforms. 鈥淢ore needs to be done to protect patient privacy and avoid administrative burdens,鈥 Rockwern said. 鈥淣either ONC or CMS really addressed the underlying privacy policy concerns regarding patient data and third-party apps. They are essentially leaving it to others in industry to layer privacy policies on top of the security specifications.鈥
In addition, she said, 鈥淎CP is concerned about the downstream, and likely burdensome, effects the information blocking provisions and exceptions will have on day-to-day physician practice. Each specific exception requires extensive documentation, and each exception is different.鈥
ACP is also focusing on costs associated with implementing and maintaining APIs and data exchange services. 鈥淐linicians will have to pay to implement and operate functionality but cannot charge patients for these exchange services,鈥 Rockwern said.
Finally, she said, 鈥渢here are still a number of varying timelines. Both CMS and ONC seem overly optimistic regarding when technical upgrades will be ready versus when they will be required to be used.鈥
What does all this mean for ACP members? 鈥淭hese rules take significant steps to improve data exchange between physicians as well as promote patient access to their data. Physicians will need to work closely with their vendors to make sure the technical requirements are in place,鈥 Rockwern said. 鈥淎CP is working on developing education tools and resources for those practices that do not have access to health information management departments to help them better understand how to comply and succeed under these new regulations.鈥