AHIMA Responds to the Release of Two New Federal Interoperability Rules

March 10, 2020
AHIMA’s vice president of policy and government affairs, Lauren Riplinger, shares her perspectives on the release this week of the two new final rules on interoperability and information-blocking

On Monday morning, March 9, senior healthcare officials from the Trump administration announced the release of two rules around interoperability, coming from the Office of the National Coordinator for Health Information Technology (ONC) of the Department of Health and Human Services, and from the Centers for Medicare & Medicaid Services (CMS). In a telephonic press briefing, Alex Azar, Secretary of Health and Human Services; Seema Verma, CMS Administrator; and Donald Rucker, M.D., National Coordinator for Health IT, announced the release of the final rules.They were introduced by Joe Grogan, Assistant to the President, and Director of the Domestic Policy Council, who initiated the telephonic press briefing by stating that the release of these two rules is connected to President Trump’s broader attempt to make the healthcare system more accountable and transparent to consumers.

The two new rules clarify issues around information-blocking, as defined by the administration, and promote the development of a nationally consistent patient access API concept, designed to make access to their electronic health records available to all patients through their smartphones. The rules apply to all hospitals, physicians, and health plans that receive any reimbursement through either the Medicare or Medicaid programs.

In a statement, Wylecia Wiggs Harris, Ph.D., CAE, CEO of the Chicago-based American Health Information Management Association (AHIMA), said on Monday that “We look forward to reviewing the final rule in greater detail. We support the intent of the Cures Act to eradicate practices that unreasonably limit the access, exchange and use of electronic health information for authorized and permitted purposes including patient access to their health information. However, given that the rule introduces a number of new definitions and terminologies and the significant economic impact of this rule, we are disappointed the Office of the National Coordinator for Health Information Technology did not heed stakeholders’ calls to issue an interim final rule.” Dr. Wiggs Harris’s statement was quoted in an article published in the Journal of AHIMA online.

Writing in that same article, Matt Schlossberg wrote, “The ONC final rule has several implications for health information management (HIM) professionals—how they protect, exchange, and collect data, and bring their organization into compliance with the rule. The information blocking rule, with defined exceptions, prohibits health providers, technology vendors, health information exchanges and health information networks from practices that inhibit the exchange, use, or access of electronic health information (EHI). The rule also standardizes criteria for application programming interface development. It also establishes eight exceptions to the 21st Century Cures Act’s ban on interfering with access, exchange, and use of EHI,” Schlossberg wrote.

Shortly after the announcement, Lauren Riplinger, AHIMA’s vice president of policy and government affairs, spoke with Healthcare Innovation Editor-in-Chief Mark Hagland. Below are excerpts from that interview.

What is your view of the new rules, starting at the 40,000-feet-up level?

First, we’re still very much reading through it. There’s a lot to dig into. We were thankful that the rule came out, and now we’re looking at what compliance means. As noted in our statement, we were a little disappointed that no interim rule was produced, to prepare for this. But the enforcement piece from OIG [Office of the Inspector General of the Department of Health and Human Services] gives folks a little bit of flexibility in terms of time. What ONC said yesterday, six months from now is the compliance date with the rule. You’re going to have to exchange CDI [ USCDI—U.S. core for data interoperability]; but remember, Cures says that OIG has authority over enforcement and penalties. And that component has yet to be articulated—what those penalties will look like for providers and vendors, we don’t know the answer to that question yet.

Is this in line with the privacy, integrity, and patient-centeredness of the electronic health record, as AHIMA supports?

We’re very heartened and excited over the fact that this administration, like prior administrations, continues to put patients at the center of care. This moves us closer to that perfect world that one would imagine. The big question is the privacy piece; there’s always this tension, for HIM, that we protect the integrity of the record, and that consumers understand where that data travels, and how it’ protected. So we’re reading through the rule to see whether that’s protected.

How would you frame the dynamic tension between patients truly owning their patient records, and the integrity of the patient record, particularly in the context of patient-supplied data being added into individual patients’ records?

We’re focused on patients’ access to the record, as well as to access and sharing among others. Certainly, I think that HIM [health information management] does think about how we’re making sure that the data that goes into the record, such as patient-generated data—is relevant, timely, and accurate. And we talk a lot about note bloat, and about the integrity of the documentation in the record itself. And that’s a conversation that HIM needs to have with the HIT side—making sure that we have not only the technical functionality, but also that the correct information is contained in the record.

What kind of role can HIM leaders play, in this dialogue?

HIM brings a lot of value, because HIM leaders know where the data is at any time, and where and how it should move. That brings tremendous value to this conversation, particularly with regard to access and use. The concern was that the definition of information-blocking was so broad in the preliminary rule. It was the definition of eHI that folks would be expected to exchange, in order to avoid a penalty. What we really appreciated in this final rule is that they’ve created a lot more clarity in this definition. Final rule says, first two years, you’ll be required to exchange USCDI. That first piece will be required. After those two years, the definition changes to ePHI, electronic protected health information. So, what does HIM do? We manage and figure out what the designated record set is. So as we move into a more robust compliance with this rule, HIM could play a great role in helping organization to figure out how do meet compliance in this area.

What is the difference between USCDI and ePHI, in that context?

USCDI is the new name for CCD—it’s the common clinical data set. A set of data elements that must be in your baseline HER system. This is things commonly collected already. So new elements will come into the definition of ePHI in two years from now. It’s often an operational policy set in place. There’s consistency, but there can be variations at times; and that’s where HIM can play a big role.

Is it your sense overall that the federal health officials basically got this right?

I think I need to take a deeper dive into this rule, to be honest, before giving that assessment.

Sponsored Recommendations

A Cyber Shield for Healthcare: Exploring HHS's $1.3 Billion Security Initiative

Unlock the Future of Healthcare Cybersecurity with Erik Decker, Co-Chair of the HHS 405(d) workgroup! Don't miss this opportunity to gain invaluable knowledge from a seasoned ...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...