20 Jun Health IT End-Users Alliance Responds to ONC HTI-1 Proposed Rule
June 20, 2023
RE: RIN 0955–AA03, Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency (HTI-1) Proposed Rule
Dear Dr. Tripathi:
The Health IT End-Users (HITEU) Alliance appreciates the opportunity to provide the Office of the National Coordinator (ONC) for Health IT with feedback on the Health Data, Technology and Interoperability: Certification Program Updates, Algorithm Transparency (HTI-1) Proposed Rule (RIN 0955-AA03), as published in the April 18, 2023 Federal Register.
The HITEU Alliance brings together health information professionals, physicians, hospitals, and other front-line health care providers and organizations that use health IT in the provision of care to ensure that policy and standards development activities reflect the complex web of clinical and operational challenges facing those who use technology tools for care. By working collaboratively across settings of care, the HITEU Alliance is focused on priorities for how technology can best support clinical care and operations.
Our comments are grounded in the HITEU Alliance’s Consensus Statements on Data to Support Equity and Real-World Testing. They focus on:
- Adoption of the U.S. Core Data for Interoperability version 3 (USCDI v3) standard
- Patient-requested restrictions certification criterion and the related request for information (RFI) on data segmentation
- Proposals to enhance transparency and risk management for decision support interventions (DSI)
The USCDI contains the minimum data needed for interoperability and is composed of critical data elements and vocabulary standards used in clinical care. ONC first adopted the USCDI v1 in the 21st Century Cures Act Final Rule (2020) and proposes to advance to the larger USCDI v3. Among other advances, USCDI v3 will include additional data on social drivers of health (SDOH), including SDOH assessments, goals, and interventions.
The HITEU Alliance supports the ONC proposal to adopt USCDI v3. Adopting USCDI v3 will advance efforts to standardize and increase uniform collection and reporting of relevant data on race, ethnicity, preferred language, and social drivers of health. However, more needs to be done to support physicians, hospitals and other health care providers given Congress’ and the Biden-Harris Administration’s focus on the collection, use, and sharing of this data for public and private programs.
As noted in our Data to Support Equity Consensus Statement, achieving equity in health and health care is a key priority that requires collection of data to identify disparities and monitor efforts to improve. In addition to agreed-upon and validated standards and instruments to support interoperability, end-users need training in how best to collect sensitive data, and the development of tools and workflows to efficiently collect and share data, avoid redundant or inaccurate data collection, and minimize burden on individuals, clinicians, and other providers. Collection of data should be actionable, purpose-driven and supported by appropriate and accessible technology and other resources that support connection to social services and other interventions. The nine principles laid out in our consensus statement address factors such as:
- Aligning domains of SDOH data collection across federal and state healthcare program and reporting requirements;
- Recognizing the shared obligation among public programs, payers, community-based organizations (CBOs), and providers to collect and appropriately share relevant demographic and SDOH data;
- Keeping the primary focus on collecting demographic and SDOH data on meeting patient needs versus secondary uses of the data;
- Supporting the adoption of technical tools to protect privacy and share information consistent with patient preferences; and
- Acting on the need for federal, state, and local governments and health plans to provide funding, technical resources, and infrastructure to support training, hardware and software implementation and maintenance, evaluation and quality improvement, and coordination between health care organizations and CBOs.
HITEU Alliance members would be pleased to work with ONC and other policymakers to continue to advance policy and practice to ensure that we have the necessary data to support equity.
Patient Requested Restrictions and Data Segmentation
The proposed rule includes three provisions related to data segmentation:
- Within the certification criteria, ONC proposes that a health IT developer must enable a provider (or other user) to flag whether any data element in the USCDI should be restricted from use or disclosure and prevent any flagged data from subsequent use or disclosure. ONC does not point to specific standards to achieve this functionality, which would support health care providers in being responsive to patient-requested restrictions that are included as a right in the HIPAA Privacy Rule (45 CFR 164.522(a)(1)(i)(A).
- Within the certification criteria, ONC also proposes that health IT developers must provide the ability for “patients (and their authorized representatives) [to] be able to use an internet-based method to request a restriction to be applied for any data expressed in USCDI.” ONC does not specify how this functionality would be provided but states it could be built into a patient portal, an API, or other method.
- In the information blocking portion of the proposed rule, ONC includes an RFI on health IT capabilities for data segmentation, including discussion of the HL7 standards on Data Segmentation for Privacy (DS4P) and the related HCS Security Label Vocabulary.
As the front line in providing care, HITEU Alliance members believe there is an urgency to solve the issue of data segmentation. End-users need these tools not only to support patient-requested restrictions, but also to navigate the ever-more-complex web of state and federal requirements regarding health information management and privacy, comply with the information blocking rules, and, above all else, maintain the trust between patients and providers that is a bedrock of medicine.
Therefore, in addition to moving ahead with the proposed certification criteria to support patient-requested restrictions, the health IT community must come together and engage in the hard work to further develop and engage in real-world testing of a standardized approach to data segmentation that will support end-users without adding undue burden.
To that end, we urge ONC and other federal agencies to act quickly to deploy a federally supported process to engage stakeholders, including end-users, and establish a collaborative process to both define the needs for data segmentation and evaluate, pilot test, and improve the HL7 DS4P Implementation Guides (IGs) for CCDA and FHIR.
Consistent with our Real-World Testing Consensus Statement, the IGs must undergo timely real-world testing that provides transparent information to assess maturity and support adoption. The testing should create an understanding of whether the IGs will:
- Be implementable by health care organizations without significant effort beyond the value incurred by adoption;
- Be effective at achieving the desired goal;
- Encompass a complete solution to achieve the desired goal;
- Not result in unintended consequences that would harm individuals (caregivers, patients, physicians, and other clinicians);
- Respect and accommodate the privacy needs of individual patients;
- Not add extraneous work to the care team but would reduce burden;
- Ensure sufficient return on investment to justify the health IT spend; and
- Not disparately impact physicians and other providers who care for communities that are underserved/ marginalized.
ONC and other federal agencies should work with the broader health IT community to identify expectations for rigorous real-world testing of data segmentation solutions, such as the needed metrics, methods of accountability, assurance that testing results are impartial, external expert review of testing methods and results, impact on health equity, and public reporting of the outcome. Standards should not be considered mature until real-world testing has been completed and comprehensive report-outs on the testing are made public. Inclusion of standards and IGs in regulation should also not be considered a mark of maturity.
Engaging with end users to conduct real-world testing will increase the likelihood that technical solutions will succeed and achieve the goals of automating appropriate data segmentation without undue burden for patients and providers. Given the importance of this issue, the Alliance looks forward to collaborating with ONC and the broader health IT community to ensure that the end-user perspective is well represented in advancing data segmentation and encourage end-users to engage in real-world testing.
Decision Support Interventions (DSI) and Algorithmic Transparency
ONC proposes to build from the existing certification requirements related to clinical decision support tools to create a broad range of transparency and risk management measures related to DSI, and particularly Predictive DSI, which ONC proposes to define as: “Technology intended to support decision-making based on algorithms or models that derive relationships from training or example data and then are used to produce an output or outputs related to, but not limited to, prediction, classification, recommendation, evaluation, or analysis.”
The HITEU Alliance generally supports ONC’s efforts to create better transparency and risk management around DSI. As noted in the preamble to the proposed rule, researchers and others have identified concerns about DSI tools in use today that may embed bias or have other unintended consequences. More transparency on the training data and algorithms used to create DSIs, as well as results from analyses and evaluations of DSI tools, will support clinicians and other end-users in assessing whether and how to use these tools.
However, the HITEU Alliance is concerned that ONC has cast too broad of a net in creating a proposal that would apply to all predictive DSI, regardless of who created it (health IT developers, health systems, clinicians, and third-party developers). At a minimum, the HITEU Alliance would recommend that ONC exclude from its transparency and risk management requirements any DSI tools that are created by a health care provider organization for its own use, with no intent to commercialize.
Providers already engage in significant research and internal review processes to ensure that the tools they create are evidence-based and will meet their needs. They would not gain any additional information by sharing that information with their EHR vendor for the purpose of having it shared back to them. For example, ONC specifically mentions order sets as a type of DSI that would be included in its regulatory approach. Many provider organizations regularly develop custom order sets that are deployed through their EHR, based on the specific expertise, and needs of their clinicians.
The HITEU Alliance also recommends that ONC and other federal agencies actively engage end-users and other stakeholders to identify the most appropriate list of DSI attributes to include in the transparency requirements. Working together, the clinical, operational, and technical communities can identify how best to balance usability and completeness in creating a “nutrition label” for DSI.
The HITEU Alliance applauds ONC for taking steps to improve the standardization and sharing of health information in support of clinical care. We stand ready to work with ONC to ensure that the end-user perspective is taken into account as the public and private sectors collaborate to make further progress.