Health IT End-Users Alliance Responds ASTP HTI-2 Proposed Rule
15677
post-template-default,single,single-post,postid-15677,single-format-standard,wp-custom-logo,bridge-core-3.0.2,qode-page-transition-enabled,ajax_fade,page_not_loaded,,qode-child-theme-ver-1.0.0,qode-theme-ver-28.8,qode-theme-bridge,disabled_footer_top,qode_header_in_grid,wpb-js-composer js-comp-ver-6.9.0,vc_responsive

Health IT End-Users Alliance Responds ASTP HTI-2 Proposed Rule

03 Oct Health IT End-Users Alliance Responds ASTP HTI-2 Proposed Rule

Posted at 21:14h in Press Releases by

 

RE: RIN 0955–AA06, Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing and Public Health Interoperability (HTI-2) Proposed Rule

Dear Dr. Tripathi:

The Health IT End-Users (HITEU) Alliance appreciates the opportunity to provide the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (ASTP) with feedback on the Health Data, Technology and Interoperability: Patient Engagement, Information Sharing and Public Health Interoperability (HTI-2) Proposed Rule (RIN 0955-AA06), as published in the August 5 Federal Register.

The HITEU Alliance brings together health information professionals, physicians, hospitals, and other front-line health care providers and organizations that use health IT in the provision of care to ensure that policy and standards development activities reflect the complex web of clinical and operational challenges facing those who use technology tools for care. By working collaboratively across settings of care, the Health IT End-Users Alliance is focused on priorities for how technology can best support clinical care and operations.[1]

Our comments are grounded in the HITEU Alliance’s Consensus Statements on Data to Support Equity[2] and Real-World Testing, [3] as well as the Alliance Roadmap[4] that highlights the growing set of federal mandates faced by health IT end-users. Our comments focus on:

  • Proposed changes to the information blocking exceptions
  • Proposed prior authorization application programming interfaces (APIs)
  • Pace of change in regulatory requirements and need for greater end-user input/education

Information Blocking

The HITEU Alliance appreciates and supports ASTP’s proposals to ensure access to care and accommodate requestor preferences. However, we believe that certified health IT should include functionality to support providers in complying with information blocking rules.

Protecting Care Access. The HITEU Alliance supports the proposed addition of a Protecting Care Access Exception, with a request to simplify the conditions under the exception. The exception would allow practices that would otherwise be considered information blocking, based on the actor’s good faith belief that sharing electronic health information (EHI) indicating that any person(s) sought, received, provided, or facilitated the provision or receipt of reproductive health care that was lawful under the circumstances in which it was provided, could result in a risk of potential exposure to legal action for those persons.

This exception would provide needed clarity that physicians and other actors may withhold access, exchange, or use of EHI to protect patients, providers, and others in accordance with the Office of Civil Rights’ (OCR) policies on protecting reproductive health information under the Health Insurance Portability and Accountability Act (HIPAA).

Physicians and other providers are committed to protecting their patients from all forms of harm, yet the lack of clear federal policies on the intersection of reproductive health information and information blocking requirements has placed them in serious ethical dilemmas and at risk of federal penalties.

The HITEU Alliance also requests that ASTP limit the burden of using the exception when acting in good faith. As currently constructed, actors must work through a range of conditions in order to satisfy the exception’s requirements, creating uncertainty and documentation burden.

Requestor Preferences. The HITEU Alliance supports the proposed addition of a Requestor Preferences Exception. This exception is appropriate for circumstances when a patient or other requestor asks for only certain information or asks for a delay in receiving information. For example, physicians and other health care professionals have expressed concerns that some patients do not want to receive life-changing diagnoses or lab results in advance of a clinical encounter, and experience real harm when they do not have appropriate guidance or context for understanding clinical information.

The HITEU Alliance urges ASTP to modify the proposed requirement that the preferences of a patient or other requestor be provided in writing. This requirement is overly restrictive and does not recognize that patient preferences, in particular, may be expressed verbally, such as during a clinical visit. We recommend that ASTP instead require that the preferences be documented by the actor.

Support from Certified Electronic Health Record (EHR) Technology. While the newly proposed exceptions provide additional flexibility for clinicians to protect their patients and other providers from inappropriate legal actions and to respect the preferences of patients and other requestors, we caution that the information blocking rules are generally overly complex, leading to confusion among end-users and conservative behavior by providers and vendors. Furthermore, ASTP has not included certification criteria that would result in EHR functionality that supports the use of these exceptions or limit the need for them by advancing technical tools for segmenting data.

To ease the burden of regulatory compliance through technology, the HITEU Alliance encourages ONC to accelerate efforts to advance digital tools that support data segmentation for privacy. This would allow  physicians and other providers to have more confidence that they can engage in information sharing without revealing sensitive information, including reproductive health data, that could negatively impact patients or lead to noncompliance with local, state, or federal privacy laws. We also recommend that ASTP require certified EHR functionality that supports health care providers in recording patient-level information that is needed for compliance with information blocking, such as patient preferences for the release of data to be withheld or delayed, or specific concerns about preventing harm or protecting privacy.

Prior Authorization APIs

ASTP proposes to adopt standards and certification criteria for Prior Authorization API functionality, which would deploy Fast Healthcare Interoperability Resources (FHIR)-based exchange using a set of implementation guides (IGs) developed by the Health Level Seven International (HL7) Da Vinci Project. These APIs are designed to allow providers to request coverage requirements, submit needed documentation for authorizations, and receive notification back from the payer on authorization status. ASTP proposes to include these functions in the Base EHR definition, which means that eligible hospitals and clinicians must implement them in order to comply with the Medicare Promoting Interoperability Program and Merit-Based Incentive Payment System (MIPS) requirements to use certified EHR technology (CEHRT), with no additional regulatory action by the [5]

The HITEU Alliance is concerned that there is no similar requirement on payers and health plans to adopt certified technology. In fact, CMS does not even require regulated plans use the Da Vinci Project IGs for the prior authorization APIs, but only recommends their use.[6] We urge ASTP and CMS to only require providers to use certified, standards-based APIs for prior authorization if payers are required to also do so, and on the same timeline. Having both parties use conformant, certified technology will increase the likelihood of success.

The HITEU Alliance generally supports solutions to the prior authorization challenges that currently face clinicians and are hopeful that technology can play a key role. In addition to the growing administrative burden of managing a very complex and often manual prior authorization process, providers and others have noted that prior authorization can delay access to care, result in patients abandoning a recommended treatment, and lead to higher out-of-pocket costs.[7]

However, we are concerned that the Da Vinci Project APIs may not have undergone sufficient real-world testing to date. Consistent with our Real-World Testing Consensus Statement, the IGs must undergo timely, real-world testing that provides transparent information to assess maturity and support adoption. The testing should create an understanding of whether the IGs will:

  • Be implementable by health care organizations without significant effort beyond the value incurred by adoption;
  • Be effective at achieving the desired goal;
  • Encompass a complete solution to achieve the desired goal;
  • Not result in unintended consequences that would harm individuals (caregivers, patients, physicians, and other clinicians);
  • Respect and accommodate the privacy needs of individual patients;
  • Not add extraneous work to the care team;
  • Ensure sufficient return on investment to justify the health IT spend; and
  • Not disparately impact providers who care for communities that are underserved/ marginalized.

It is encouraging that CMS approved a HIPAA exceptions process for voluntary use of the Da Vinci Project prior authorization APIs that included requirements for reporting on the outcome. We are concerned, however, that ASTP is moving ahead with these certification proposals before the findings of the exceptions process have been released to the public, or even referenced in this rulemaking. CMS specifically stated in its approval letter that “[t]he goal of the test is to determine whether FHIR based standards will reduce the cost, complexity, and reduce the burden of the prior authorization transaction” and required a report with findings to be provided to CMS by mid-July 2024.[8]

Pace of change in regulatory requirements and need for greater end-user input and education

As noted in the HITEU Alliance Roadmap, those who use technology tools for care – health IT end-users – face a growing set of federal mandates over the next four years. While each rule addresses important objectives, understanding the complete regulatory landscape highlights implementation challenges, areas of overlap, and even potential conflict.

The HTI-2 proposed rule includes a vast array of regulatory proposals that must be considered within the full context of other regulatory requirements. We applaud ASTP for addressing some areas of regulatory challenge or conflict through policies such as the proposed Protecting Care Access Exception to information blocking. However, many of the proposed new policies will add to existing requirements, including those first introduced in the HTI-1 Final Rule, which was published on January 9, 2024 – barely six months before ASTP released HTI-2 (July 10). In fact, many, if not most, of the provisions in HTI-1 have yet to be implemented (such as adoption of United States Core Data for Interoperability (USCDI) v3 or the Decision Support Interventions, among others).

It is challenging for end-users, and particularly those on the front lines of care delivery, to adequately absorb and assess the proposals in HTI-2 given the many other demands on their time and other regulatory proposals yet to be implemented (HTI-1) or under consideration (such as those contained in CMS payment rules). However, the ASTP rules have a significant impact on the tools available to end-users, their workflows, and their technology costs, thus meriting substantive review. This impact is even more direct given recent CMS rulemaking that leads to automatic alignment of ASTP’s definition of the Base EHR with Medicare’s definition of CEHRT that eligible hospitals and clinicians must use to avoid penalties under the Promoting Interoperability Program (PIP) and meet performance thresholds for MIPS.

The HITEU Alliance recommends that ASTP take a step back and reconsider how the proposals in the HTI-1 and HTI-2 rules fit together, where it makes sense to learn from implementation of HTI-1 provisions before advancing new requirements, and what bandwidth end-users have to update their systems to accommodate these priorities. For example, ASTP has proposed to include in the definition of the Base EHR for providers both a set of prior authorization APIs and a public health API even before payers and public health agencies are required to use certified health IT to communicate with providers.

The HITEU Alliance would be pleased to be a resource and engage in discussions of priorities, timelines, and the need for sub-regulatory guidance and education for physicians and other health care providers that must buy, deploy, and use certified systems to care for patients.

Conclusion

The HITEU Alliance applauds ONC for taking steps to improve the standardization and sharing of health information in support of clinical care. We stand ready to work with ONC to ensure that the end-user perspective is taken into account as the public and private sectors collaborate to make further progress.

 

[1] https://hitenduser.org

[2] Data to support equity consensus statement (hitenduser.org)

[3] Real-world testing consensus statement (hitenduser.org)

[4] EndUsersAllianceRoadmap-Digital-FINAL.pdf (hitenduser.org)

[5] Calendar Year 2024 Program Requirements | CMS

[6] https://www.cms.gov/priorities/key-initiatives/burden-reduction/interoperability/policies-and-regulations/cms-interoperability-and-prior-authorization-final-rule-cms-0057-f

[7] Consumer Problems with Prior Authorization: Evidence from KFF Survey | KFF and https://www.ama-assn.org/system/files/prior-authorization-survey.pdf.

[8] Da Vinci HIPAA Exception – Da Vinci – Confluence (hl7.org)