Loyola University Chicago School of Law, JD 2021
Last year, the Department of Health and Human Services (“HHS”) proposed new rules to improve the interoperability of electronic health information (“EHI”) to fulfill its statutory requirement under the 21st Century Cures Act. These proposed rules were issued by the Center for Medicare and Medicaid Services (“CMS”) and the Office of the National Coordinator for Health Information Technology (“ONC”) to address both technical and healthcare industry factors that create barriers to the interoperability of health information and limit a patient’s ability to access EHI. Epic, one of the largest programs for maintaining electronic health records (“EHR”), is attempting to halt the finalization of the interoperability rules before they take effect as they believe it posts privacy concerns. On March 9, 2020, HHS announced the joint final rules from CMS and ONC to spur innovation and to end information blocking.
What is interoperability?
Interoperability, in healthcare, means the ability for various healthcare information technology (“HIT”) to exchange, interpret, and use data cohesively. It enables the HIT systems to work together within and across organizational boundaries for efficient healthcare delivery. In the recent ONC proposed rule, interoperability means HIT that: (1) enables the secure exchange of EHI with, and use of EHI from, other health IT without special effort on the part of the user; (2) allows for complete access, exchange, and use of all electronically accessible health information for authorized use under applicable state or federal law; and (3) does not constitute information blocking.
Why interoperability matters
Since the enactment of the American Recovery and Reinvestment Act (“ARRA”) in 2009, healthcare systems were required to switch from paper to electronic health records. In 2013, as part of the ARRA, the Health Information Technology for Economic and Clinical Health Act (“HITECH”) was established, which creates incentives for the use of an EHR system among healthcare providers. While receiving and sharing patient’s health information is vital for quality care, interoperability among office-based physicians improved very little from 2015 to 2017. According to the May 2019 ONC data brief, only about ten percent of physicians reported the ability to send, receive, query, and integrate patient health data into their EHR systems. In a focus group discussion involving 31 healthcare executives, HIT interoperability was ranked as a top priority during the early-phase of EHR adoption.
Interoperability is needed to reduce the barriers to healthcare data exchange, especially when it comes to complex patients with co-existing chronic conditions. However, electronic health data oftentimes comes from multiple sources that are not able to readily communicate with one another. New HIT systems used by different providers are not necessarily aligned, which makes interoperability even more so a challenge.
Epic’s concern surrounding privacy
In January 2020, Epic’s CEO Judy Faulkner emailed healthcare leaders of the largest hospitals in the U.S. to sign a letter opposing the finalization of the proposed rule. She urged the chief executives to voice their disapproval for rules that might result in patient privacy crisis and app makers having access to patient data without proper consent. According to the report, about 60 health systems signed the letter.
ONC’s HIT leader Donald Rucker calls out hospital leaders who signed the letter and said that the upcoming final rule will include solid privacy protections for patients as they share their ePHI. He criticized those who signed the opposition letter for disregarding their patient privacy when filing lawsuits for unpaid medical bills. Moreover, CMS and HHS are looking at reforming the HIPAA privacy framework to better safeguard patient privacy while increasing the interoperability of EHR.
How the finalized rule promotes change
The final rule seeks to improve the ability of healthcare providers to transmit electronic protected health information (“ePHI”) to each other in an interoperable format. It seeks to establish the patient as the owner of their health data and to make ePHI more portable as patients transition between providers and health plans. Only health plans directly under oversight of CMS are covered under the rule, and such health plans are required to provide the patient with free electronic access to medical claims information, diagnoses, procedures, tests, and a list of the providers who treated the beneficiary by 2020.
The final rule also acknowledges some obstacles to achieving interoperability and proposes several new policies to address the issues. First, the lack of a unique patient identifier for each patient that is not health plan specific makes it very hard to assign EHR across different systems. CMS and ONC thus suggest an alternative in using the patient matching process, which uses other demographic data to identify the health records. A second barrier is a lack of standardizing computer language. CMS proposed to require Medicare, Medicaid, and ACA plans to deploy publicly available application programming interfaces (APIs) to make certain information available to other health systems. Thirdly, CMS addresses the issue with information blocking, which is the intentional withholding of data sharing between different entities. CMS and ONC each define information blocking and plan to impose fines and public announcement of noncompliance. The proposed rule does not establish a specific EHR system or coding standard as a way to achieve interoperability. CMS instead seeks to establish an environment where private entities can create programs and apps to communicate information between non-compatible systems.