The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology and Centers for Medicare & Medicaid Services today finalized rules to promote electronic health information exchange.
 
The ONC final rule implements the information blocking provisions of the 21st Century Cures Act by outlining exceptions to the definition of information blocking under the law. The rule also updates the 2015 Edition certification criteria for health information systems to ensure that certified health IT systems can send and receive electronic health information in a structured format; make that electronic health information available through application programming interfaces; and export a patient’s electronic health information to a location designated by the patient.

“America’s hospitals and health systems support giving patients greater access and control over their health data,” said AHA President and CEO Rick Pollack in a statement. “In fact, nearly all hospitals and health systems have made health information available to patients electronically. However, today’s final rule fails to protect consumers’ most sensitive information about their personal health. The rule lacks the necessary guardrails to protect consumers from actors such as third party apps that are not required to meet the same stringent privacy and security requirements as hospitals. This could lead to third party apps using personal health information in ways in which patients are unaware. These guidelines are too important not to get right. We need to stand on the side of the patient by protecting patient privacy and strengthening security in this rule.”

The CMS final rule requires Medicare Advantage organizations, state Medicaid and Children’s Health Insurance Program fee-for-service programs, Medicaid managed care plans, CHIP managed care entities, and qualified health plan issuers in the federally facilitated exchanges to implement the same API standards as the ONC rule by 2021. 
 
Among other provisions, the CMS rule requires Medicare-participating acute-care hospitals, long-term care hospitals, inpatient rehabilitation facilities, psychiatric hospitals, children’s hospitals, cancer hospitals, and critical access hospitals to send electronic notifications to receiving providers when an inpatient is admitted, discharged or transferred. This requirement will go into effect six months after publication of the final rule.
 

Related News Articles

Headline
The U.S. Court of Appeals for the 5th Circuit yesterday affirmed a district court decision dismissing a False Claims Act lawsuit brought by data analysis…
Headline
The Health Resources and Service Administration announced that the National Practitioner Data Bank will reimburse entities that conducted queries (one-time and…
Headline
Due to the COVID-19 emergency, the Centers for Medicare & Medicaid Services will give hospitals until July 1, 2021 to implement admission, discharge and…
Headline
Medicare eligible hospitals and critical access hospitals must attest to meaningful use of electronic health records for the 2019 Promoting…
Headline
The Department of Health and Human Services today finalized its strategy to reduce regulatory and administrative burdens for health care providers using…
Headline
Almost 8.3 million people selected a 2020 health plan through www.HealthCare.gov during open enrollment, the Centers for Medicare & Medicaid Services said…