By David Bucciferro, Chair, EHR Association
Twitter: @EHRAssociation
While the EHR Association has long supported the goals of ONC’s proposed rule to advance interoperability, improve transparency, and support further access, exchange, and use of EHI, we have several serious concerns about the impact HTI-1 (ONC’s Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing Proposed Rule) will have on the industry if finalized as proposed.
Among the most significant are the insufficient implementation timeframes associated with various concepts included in HTI-1 and a failure to accurately consider the significant burden compliance would place on both provider organizations and health IT developers. Vendors need more time than proposed in HTI-1 to accommodate the substantial lift required to deliver safe, compliant, and high-quality versions of their certified products – 18-24 months is the commonly accepted necessary timeframe – while providers need sufficient time to implement, test and become proficient on that upgraded software.
HTI-1, as proposed, also fails to address misalignments between when ONC mandates health IT developers be prepared to deploy new certified software versions and when CMS requires providers to be using them, with insufficient time allowed for implementation. Additionally, it creates several scenarios necessitating provider support for vendor obligations, but there are no corresponding incentives in CMS rulemaking for the latter to do so, making compliance by software developers significantly more challenging.
HTI-1 is an expansive proposed rule that will impact the healthcare industry for years, and we ask that ONC address the real concerns we share with other impacted stakeholders before finalizing the rule. Doing so would ensure its end goals can be achieved without unduly burdening providers and developers with unrealistic deadlines and compliance requirements.
In addition to these overarching concerns, we have identified issues with four specific provisions of HTI-1:
- Insights Condition (EHR Reporting Program): In addition to a proposed timeframe that is too short by at least nine months, the proposed Insights measures harken back to the early days of the meaningful use program but without incentives for providers to cooperate. This puts EHR vendors in the middle of data aggregation from multiple sources while also making it difficult to assign resources to other high-priority analytics initiatives, like CMS’ digital quality measures project. Because the work to prepare for the Insights measurement and to convince large numbers of clients to collaborate with developers will be consequential, we urge ONC to delay the start of the first measurement period until at least CY 2025 and ask that it be restructured for annual reporting, preferably mid-year to avoid conflict with other significant obligations.
- USCDI v3: The proposed timeframe for development and implementation of USCDI v3 between the final rule and the expiration of USCDI v1 is too short and doesn’t align with CMS timelines. As such, the deadline for its inclusion in upgraded versions should be delayed until the end of the second calendar year following publication of the final rule (for example, Dec. 31, 2025, if the final rule is released in 2023). We would also like to see ONC move away from the current all-or-nothing certification requirement towards a dynamic approach based on the data actually managed by the EHR or other health IT in use by a provider. The broader USCDI data list simply isn’t relevant for health IT vendors and providers with a more specialized focus.
- DSI and Predictive Models: What is proposed in HTI-1 is a burdensome application of the certification lever because regulations to require transparency could more efficiently be applied to those authoring the decision alerts rather than EHR developers. Additionally, because the burden inherent to DSI proposals is significant, creates duplicative work, and disregards the fact that many healthcare organizations create their own alerts with no involvement from vendors, the Dec. 31, 2024 compliance timeline is unrealistic. Further, ONC’s proposal to require user-accessible source attribute information on all decision support interventions needs to be narrowed to focus on developer-created interruptive alerts, while user feedback on DSI information should be limited to interruptive alerts. This might help avoid negative impacts on usability.
- Patient Requested Restrictions: Requiring the new “patient requested restrictions” certification criterion for the Privacy and Security Framework by Jan. 1, 2026, is too broad for the proposed timeframe. We also strongly suggest refocusing the certification capability requirement to allow patients to request that certain sensitive notes or lab results not be shared with proxy users in the patient portal. This would also acknowledge the provider community’s concerns about the unintended consequences that could result from broad requirements to support segmentation, including heightened risks of preventable medical errors from incomplete records and increased workflow burden on providers.
HTI-1 is an expansive proposed rule that will impact the healthcare industry for years, and we ask that ONC address the real concerns we share with other impacted stakeholders before finalizing the rule. Doing so would ensure its end goals can be achieved without unduly burdening providers and developers with unrealistic deadlines and compliance requirements.
This article was originally published on the EHRA blog and is republished here with permission.