March 27—Proposed rules implementing a recent law aimed, in part, at stopping data blocking could carry a range of unintended consequences for hospitals, the Senate heard this week.
The chairman of the Senate Health, Education, Labor and Pensions Committee warned this week that proposed rules implementing data-blocking prohibitions as established by the 21st Century Cures Act could carry “unintended consequences.” This week, providers agreed and identified some of them.
In February, the Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Medicare & Medicaid Services (CMS) proposed interconnected rules to implement the law:
- The ONC rule would implement the law’s information-blocking provisions, including outlining seven exceptions to the definition of information blocking.
- The separate CMS rule would require Medicare Advantage plans, Medicaid programs, Medicaid plans, CHIP plans, and Affordable Care Act marketplace plans to implement by 2020 the application programming interface standards laid out by ONC.
Although the public-comment periods on the two rules remain open until May 3, the Senate hearing elicited early feedback from the healthcare industry.
Sen. Lamar Alexander (R-Tenn.) began the hearing by asking whether the rules had “unintended consequences” or were moving too fast.
Adverse Impacts Identified
The concerns hospitals expressed about the rules involved:
- New Medicare conditions of participation (CoP) requirements for hospitals based on information sharing
- Inadequate patient-data privacy protections in third-party applications
- Inadequate standards on moving data into and out of electronic health records (EHRs)
- Increasing provider burdens and costs
- A too-broad definition of electronic health information (EHI)
Christopher Rehm, MD, chief medical informatics officer for LifePoint Health, which uses 10 different inpatient EHRs and more than 10 ambulatory EHRs, was most concerned about the new CoP requirements.
The CMS rule would require hospitals to send electronic notifications when a patient is admitted, discharged, or transferred. Additionally, hospitals would need to send the notifications to other facilities, care team members, or post-acute providers that have an established relationship with the patient and that the hospital is reasonably certain will receive the notifications.
“While I support this idea directionally, and look forward to achieving this level of information sharing, this is unfortunately putting the cart before the horse,” Rehm told the HELP Committee. “It sounds like it would be simple to implement, but there are numerous unanswered questions and operational considerations.”
One challenge is that not all EHRs can generate such messages. Such functionality is not required of vendors under ONC certification rules.
Additionally, if a provider is not connected to a health information exchange or similar network, which can be “quite costly,” then a hospital would be required to launch “an enormous undertaking, in both time and money, to connect to these other providers and facilities individually,” Rehm said.
The rule also lacks details on how hospitals will be surveyed and evaluated to determine compliance, he said.
That lack of detail “is concerning given the tremendous penalties hospitals face for failing to comply with CoPs, including termination from the Medicare program,” Rehm said.
In a letter to the HELP Committee, hospital advisory group Premier warned that the proposed rules do not adequately address the adoption of standards to move data into and out of EHRs (known as read-write capabilities). These standards are needed to ensure that applications can be easily used within the clinical workflow.
For example, Premier said EHRs should be able to transmit data to and receive data from third-party applications, including registries, clinical surveillance, clinical decision support, and electronic prior authorization.
The new rules also could increase provider burdens and costs, including by creating potentially overlapping or conflicting requirements under HIPAA and substance abuse confidentiality regulations (42 CFR Part 2).
“Vigilance around alignment of federal programs and their requirements is needed to help reduce provider burden and eliminate redundant and unnecessary reporting,” Premier wrote.
Additionally, Premier noted “significant technical, operational, and legal concerns about the proposed broad definition of EHI and the related EHI export function criterion that should be carefully considered, including how failure to provide EHI would implicate the information blocking rule.”
Among potentially positive impacts, the rules noted CMS is moving to create a set of priority health IT activities as alternatives to the traditional measures used by the federal Promoting Interoperability Program (formerly the Meaningful Use program).
Health Plan Concerns
Although America’s Health Insurance Plans (AHIP) continues to assess the proposed rules, the group wrote in a letter to senators that it has “significant concerns that the implementation timeline outlined in the administration’s proposed rules is unrealistic.”
The rules would go into effect for policies issued between Jan. 1 and July 1, 2020, depending on the plan type. AHIP said the timeline was “simply not feasible” and “would pose significant compliance burdens not only on health insurers, but also providers and other stakeholders in the healthcare system.”
An extended timeline should account for the fact that once the standards are finalized, health plans will have to build and test the new standardized technology as well as ensure that third-party entities are able to securely connect to their systems, AHIP wrote.