ONC rule comes under fire from HIT, provider organizations

Healthcare information technology and provider groups are concerned that a proposed rule from the Office of the National Coordinator for Health IT does not fulfill the intent of the 21st Century Cures Act.

Seven stakeholder organizations sent a letter to House and Senate committee leaders Monday, urging them to ensure that the goals of the Cures Act are met.

They asked the committees to continue their congressional oversight of the “landmark” legislation and expressed their concern that provisions of ONC’s recent proposed rule “jeopardizes important goals to foster a healthcare system that is interoperable, patient-engaged and reduces burdens for those delivering care.”

The letter was signed by the American Health Information Management Association, American Medical Association, American Medical Informatics Association, College of Healthcare Information Management Executives, Federation of American Hospitals, Medical Group Management Association and Premier.

Earlier this year, ONC issued a proposed rule intended to make electronic health information accessible to both patients and providers. However, the seven stakeholders groups question whether the aims of the agency’s proposal will implement the Cures Act in a way that best meets the needs of patients and providers.

“While we are pleased the Administration is working to operationalize several requirements in Cures that seek to improve information sharing and patient care through use of APIs, at the same time it is imperative that policies be put in place to prevent inappropriate disclosures to third-parties and resultant harm to patients,” states their letter.

HHS HQ

To further the objectives of the Cures Act, the groups made several recommendations to the committees they contend will ensure that ONC’s final rule “does not unreasonably increase provider burden or hinder patient care.”

In particular, the groups called for the following to be included in the regulations:

• Additional rulemaking prior to finalization: To ensure a sufficient level of industry review and to appropriately respond to stakeholder feedback, ONC should issue a supplemental rulemaking to address outstanding questions and concerns.
• Enhanced privacy and security: The proposed rule does not sufficiently address Cures’ directives to protect patient data privacy and ensure health IT security. Further, it is imperative that the Committee continue its oversight of privacy and security issues that fall outside of the HIPAA regulatory framework.
• Appropriate implementation timelines: ONC should establish reasonable timelines for any required use of certified electronic health record technology. Providers must be given sufficient time to deploy and test these systems, which must take into account competing regulatory mandates.
• Revised enforcement: The Department of Health and Human Services should use discretion in its initial enforcement of the data blocking provisions of the regulation, prioritizing education and corrective action plans over monetary penalties.

Under the Cures Act, the HHS Office of the Inspector General is given the authority to investigate claims of information blocking and assign financial penalties of as much as $1 million per violation for practices found to be interfering with the lawful sharing of electronic health records.

If finalized in its current form, the ONC rule could be used by HHS OIG to take enforcement activities against those bad actors that impede the electronic flow of health data—a prospect that concerns the seven groups.

“HHS should use discretion in its initial enforcement, prioritizing education and corrective action over monetary penalties,” their letter concludes. “We assert that prioritizing education will be more effective over the long-term in ensuring clinicians, hospitals and health information professionals are in compliance, as they will better understand the regulatory requirements.”

For reprint and licensing requests for this article, click here.