Considered the product of 10 years of work, the latest regulation issued by the Office of the National Coordinator for Health IT on July 10 will usher in an era of interoperability automation in health care through application programming interface-based exchange capabilities, officials said on Wednesday.
The second edition of ONC’s Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability rule, or HTI-2, is designed to support the data exchange needs of patients, providers, payers, and public health agencies.
The proposed new rule establishes the first health IT certification criteria for public health and payers under the ONC Health IT Certification Program. It also promotes cybersecurity standards for multi-factor authentication in certified health IT and creates an information blocking exception for certain reproductive health data, among other features.
Micky Tripathi, the national coordinator, said at a press conference on Wednesday that the HTI-2 is something that “the market can accept and deploy.”
The U.S. Department of Health and Human Services has required the Rapid Healthcare Interoperability Resources API in all certified electronic health record systems across the provider ecosystem, which currently covers 97% of hospitals and more than 80% of outpatient service organizations, Tripathi noted.
But the proposed HTI-2 regulation advances the agency’s interoperability goals by outlining two new sets of certification criteria focused on standards-based APIs.
“Right now, the rules we’re applying have a ‘read’ capability — so it allows the FHIR API to be able to view information and download information,” Tripathi explains. “But we want to be able to say that we need to continue to push what those APIs are capable of doing that we’ve seen pretty much everywhere else on the internet.”
Those capabilities — such as sending patient data to authorized users like payers, other providers or patients themselves — will help the industry continue to grow, he said.
Tripathi also noted that the new version of the Trusted Exchange Framework and Common Agreement, which took effect July 1, has positioned eligible participating Health Information Networks to move toward FHIR-based exchanges.
“And a big part of that is something called dynamic customer registration,” he explains. “That’s an automation process that will allow FHIR APIs to connect to the EHR system, which is currently a very clumsy manual process. You want to be able to do that in an automated way so that you can have multiple applications that can connect to the EHR system in a much more seamless way.”
Allowing multiple apps to connect to the EHR “will eliminate the critical friction point that we have today,” Tripathi said.
Hope the payer will step up
On the payer side, ONC said it has worked closely with the Centers for Medicare and Medicaid Services in creating voluntary certification requirements, so that “we can have more assurance that the systems that go through that certification process are actually interoperable with the organizations that provide the services.”
Issued in January, the CMS interoperability rule built voluntary payer certification requirements into the FHIR standard to allow plan members to access their information through a variety of applications, bringing more transparency and speed to the pre-approval process.
The ONC proposed rule would also create standardized approaches for patients to access their information with six new criteria validated through HL7 and the Da Vinci Project.
The ability to conduct real-time benefits checks at the point of care to “determine for patients what benefits they are entitled to,” including prescriptions, can improve patient care, while payer-to-payer APIs for enrollment and insurance ensure continuity of care, Tripathi said.
However, “there is currently no regulation that requires anyone implementing an API that is required by CMS to be certified,” he admits. “What we hope is that by creating that voluntary certification program, the market itself wants to be able to move forward and take advantage of that interoperability.”
Public health regulations
With HTI-2, ONC will also establish a number of “anchors” that promote public-private governance – ensuring that providers do not have to use legacy, non-electronic capabilities to complete required public health reporting.
In requiring the adoption of US Core Data for Interoperability Version 4 by January 1, 2028, “we adopted the entire public health dataset,” explained Elisabeth Myers, deputy director of the Office of Policy at ONC, noting that there is more information in the agency’s fact sheet.
The new data library will add facility and drug information to enhance drug quality and public health monitoring and analysis, she said. It will also add new data for laboratory information – such as clinical sample sources and other identifying information around the lab.
Myers pondered that during the COVID-19 pandemic, public health agencies were unable to navigate critical laboratory data — the reference numbers were unclear, leaving government agencies unclear whether a piece of data was linked to an actual patient sample or where it originated.
“We want to make sure that when those [public health] “When dollars are spent on health IT systems, they have certain core capabilities that allow public health practitioners in jurisdictions to be confident that those systems will actually support the types of capabilities that they need to have,” Tripathi added.
Privacy and Security Protection
The proposed HTI-2 rule also addresses protections around the sharing of reproductive data. HTI-2 adds a “Protecting Access to Care” exception that allows information to be blocked in certain circumstances to reduce the risk of legitimate exposure to patients, providers, and others “based solely on the fact that the patient has received legitimate reproductive health care in a jurisdiction that permits it.”
To address cybersecurity, ONC is proposing multi-factor authentication requirements in certified EHR products, as well as server-side data encryption.
“There have been requirements for data encryption. If it’s an end-user system, like a laptop, like a mobile device, now the requirement is that the data has to be encrypted on the server itself, the EHR database,” Tripathi said.
When it launches in 2019, FHIR 4 – which builds on the FHIR DSTU2 and FHIR STU3 standards – has “the added benefit of facilitating backward compatibility,” removing significant hurdles for developers and “ensuring widespread adoption,” said Dr. Blackford Middleton, global advisory board member at Smile Digital Health and HL7 Advisory Council member. Healthcare IT News.
In November, Providence Health System – one of the largest health systems in the United States with 52 hospitals and more than 900 clinics across seven states – said it was the first health system in the United States to use the Clinical Data Exchange specification developed by HL7’s Da Vinci Project to build a data-as-a-service platform based on FHIR.
Providence said in its announcement that new clinical data exchange technology developed with Premera Blue Cross is helping to ease the administrative and financial burden of the transition to value-based care.
While ONC finalizes HTI-1 in December, the agency said it expects to continue the FHIR exchange by including new certification provisions for APIs in HTI-2.
In June, ONC highlighted the Health Resources and Services Administration’s use of an FHIR-based API in a proof of concept that streamlines reporting processes and improves data quality with live data while awaiting HTI-2 review by the Office of Management and Budget.
“This regulation has many different aspects, all of which are geared towards the goal that we need to work as hard as we can, as quickly as possible, to achieve the interoperability that we all dream of,” Tripathi said during a press conference.
“We are rolling out a number of different measures right now and we are really excited about what this rule will do for the American people.”
Andrea Fox is senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
