Increased Interoperability of Health Information: Two New Proposed Rules

15 February 2019 Health Care Law Today Blog
Author(s): Chanley T. Howell Jennifer J. Hennessy

The U.S. Department of Health and Human Services (HHS) recently proposed two new rules designed to increase patient and provider access to health records. As stated by HHS in its press release, the proposed rules “will support seamless and secure access, exchange, and use of electronic health information.” These proposed rules stem from two separate components within HHS – the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC). The rules have much in common, with both sharing the same goal of increased health information interoperability in order to improve access to, and the quality of, health information.

A Snapshot of the Proposed Rules

  • On February 11, 2019, CMS and ONC proposed complementary rules facilitating patient access to and the flow of health information.
  • Health care providers would be required to implement, test, and monitor open standards-based application programming interfaces (APIs) to make patient information more available to patients through third-party applications and developers.
  • Payers would have to support electronic exchange of data for transitions of care as patients move between plans.
  • Plans would have until 2020 to comply with the proposed rule, should it go into effect.
  • To ensure both patients and providers have easy access to information, plans would be required to make information about in-network providers available to enrollees and prospective enrollees through API technology.
  • Health care organizations would be incentivized to participate in “trusted exchange networks” such as health information exchanges (HIEs) in order to facilitate the flow of health information.
  • “Information blocking” would be curtailed through public reporting of and enforcement actions against organizations that engage in practices that prevent or significantly restrict the effective and efficient flow of patient information.
  • Patients would be enabled to easily access their health information electronically and at no cost.

What Are the Key Takeaways?

The CMS Proposed Rule

The CMS proposed rule, CMS-9115-P, strives for greater interoperability in the health care industry by requiring that all governmental health plans as well as all health plans offered through the federal Affordable Care Act (Covered Plans) provide patients with free control of, and increased access to, their HIPAA protected health information (PHI). Issuers of these Covered Plans would have until 2020 to comply with the proposed rule, should it go into effect. The reach of this rule would be extensive, as Covered Plans provide insurance for nearly 125 million patients.

Patient Access and Information Flow through APIs

Among other things, the CMS rule would require Covered Plans to implement, test, monitor, and maintain PHI APIs to:

  1. Make patient claims and other PHI available to patients through third-party applications and developers
  2. Simplify and increase the ease and access for patients to transition between insurance plans and providers by facilitating the flow of PHI.

Generally, APIs are sets of code which allow multiple software programs to interact and communicate with each other (more on this under the ONC Rule). Covered Plans are encouraged to join an “exchange network,” with certain payers being required to join, with the goal of facilitating the flow of information.

Restricting “Information Blocking” Practices

Both rules address the practice often referred to as “information blocking” – when a health care provider or vendor unreasonably interferes with or prevents access to electronic health information (for example, when an organization charges fees which makes information exchange cost prohibitive, or when policies or contract terms prevent or disincentive sharing information with patients or other health care providers). Under CMS’ proposed rule, CMS would publicly post information about health care organizations that submit information indicating the engagement in some form of information blocking. The reporting would apply to clinicians under the Merit-based Incentive Payment System (MIPS), hospitals participating in Medicare and/or Medicaid, and critical access hospitals in rural areas serving residents otherwise far from emergency care.

Increased Adoption and Use of Health Information Networks (HIEs)

Transmitting health information through the internet requires a ‘trust framework’ that addresses the privacy and security of the information. Trusted networks such as HIEs are those in which plans and providers can easily share information regardless of various health IT systems and networks. The CMS rule recognizes the need to expand and integrate more plans and providers into these networks.  The rule would incentivize payers to join any health information network they choose and be able to participate in regional and nationwide exchange of data. Certain CMS qualified plans would be required to participate in trust networks to improve interoperability.

The ONC Proposed Rule

Common API Criteria and Standards to Improve Access

The ONC rule, RIN 0955-AA01, addresses more technical and granular issues than the CMS rule. Similar to the CMS rule, the ONC rule attempts to increase health care network interoperability through the use of APIs. The ONC rule is more detailed than the CMS rule in this regard, proposing new API criteria in an effort to standardize APIs in the health care industry to promote and facilitate secure access to health information on smartphones and other mobile devices. The proposed rule sets forth standards on data classification as well as other specifications for the API-enabled access and services. The goal of these aspects of the rule is to facilitate the sharing of the myriad different formats currently used, and to make patient information available using mobile technology.

More on Information Blocking

Like the CMS proposed rule, the ONC proposed rule would also address information blocking in an effort to lessen use of the practice in non-constructive or beneficial ways. Curtailing information blocking is key to the HHS goal of health information interoperability and exchange. The ONC rule provides further requirements to discourage information blocking, with a few important exceptions focused on preventing harm and promoting privacy, which the ONC deems reasonable and necessary under certain conditions. In an effort to provide additional clarity to health care providers and vendors, the proposed rule identifies reasonable and necessary activities that do not constitute information blocking. These aspects of the rule as well as the API criteria and standards are designed to help ensure that patients can electronically access their electronic health information at no cost.

How to Submit Comments

Interested parties will have until mid-April to provide comments on the proposed rules to CMS and ONC (the exact date will be 60 days from when the rules are posted on the Federal Register, expected to be February 15). Commenters can provide their responses either online or through mail to the contact information provided in the rules. Instructions on how to comment are provided below.

In addition, CMS is requesting specific feedback and commentary on adopting health information technology for use in post-acute care settings, and the role of patient matching through data interoperability, resulting in improved patient care.  ONC is also seeking specific input regarding what types and kind of information would help increase transparency for health care industry costs.

To learn more about the proposed rules, or for assistance in providing a comment, contact any of the authors for more information.

For the CMS Rule:

  • Visit the Federal eRulemaking Portal. Be sure to follow the instructions for submitting comments
  • Send written comments by regular mail to the following address:

Centers for Medicare & Medicaid Services
Department of Health and Human Services
Attention: CMS-9115-P
P.O. Box 8016
Baltimore, MD 21244-8016

  • Send written comments by express or overnight mail to the following address:

Centers for Medicare & Medicaid Services
Department of Health and Human Services
Attention: CMS-9115-P
Mail Stop C4-26-05
7500 Security Boulevard
Baltimore, MD 21244-1850

For the ONC Rule:

  • Visit the Federal eRulemaking Portal. Be sure to follow the instructions for submitting comments
  • Send one original and two copies by regular, express, or overnight mail (or by hand delivery or courier) to the following address:

Department of Health and Human Services, Office of the National Coordinator for Health Information Technology
Attention: 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program Proposed Rule
Mary E. Switzer Building
Mail Stop: 7033A
330 C Street, S.W.
Washington, D.C. 20201

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.