The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology and Centers for Medicare & Medicaid Services today finalized rules to promote electronic health information exchange.
 
The ONC final rule implements the information blocking provisions of the 21st Century Cures Act by outlining exceptions to the definition of information blocking under the law. The rule also updates the 2015 Edition certification criteria for health information systems to ensure that certified health IT systems can send and receive electronic health information in a structured format; make that electronic health information available through application programming interfaces; and export a patient’s electronic health information to a location designated by the patient.

“America’s hospitals and health systems support giving patients greater access and control over their health data,” said AHA President and CEO Rick Pollack in a statement. “In fact, nearly all hospitals and health systems have made health information available to patients electronically. However, today’s final rule fails to protect consumers’ most sensitive information about their personal health. The rule lacks the necessary guardrails to protect consumers from actors such as third party apps that are not required to meet the same stringent privacy and security requirements as hospitals. This could lead to third party apps using personal health information in ways in which patients are unaware. These guidelines are too important not to get right. We need to stand on the side of the patient by protecting patient privacy and strengthening security in this rule.”

The CMS final rule requires Medicare Advantage organizations, state Medicaid and Children’s Health Insurance Program fee-for-service programs, Medicaid managed care plans, CHIP managed care entities, and qualified health plan issuers in the federally facilitated exchanges to implement the same API standards as the ONC rule by 2021. 
 
Among other provisions, the CMS rule requires Medicare-participating acute-care hospitals, long-term care hospitals, inpatient rehabilitation facilities, psychiatric hospitals, children’s hospitals, cancer hospitals, and critical access hospitals to send electronic notifications to receiving providers when an inpatient is admitted, discharged or transferred. This requirement will go into effect six months after publication of the final rule.
 

Related News Articles

Headline
Learn how hospital and health system leaders such as Neil Gomes, system senior vice president of digital and human experiences at CommonSpirit Health, are…
Headline
Though most hospitals and health systems are collecting patient demographic data, by using layers of additional data sets, investigating patterns in health…
Headline
The Centers for Medicare & Medicaid Services yesterday extended from Feb. 8 to March 17 the deadline for inpatient prospective payment system hospitals and…
Headline
The AHA today urged the Centers for Medicare & Medicaid Services to extend the deadline for hospitals to submit 2020 data for the Medicare Promoting…
Headline
The Office of the National Coordinator for Health Information Technology yesterday released for comment proposed changes to the United States Core Data for…
Headline
The Department of Health and Human Services yesterday updated its guidance to hospitals on the reporting of COVID-19-related data. The guidance includes two…