The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology and Centers for Medicare & Medicaid Services today finalized rules to promote electronic health information exchange.
 
The ONC final rule implements the information blocking provisions of the 21st Century Cures Act by outlining exceptions to the definition of information blocking under the law. The rule also updates the 2015 Edition certification criteria for health information systems to ensure that certified health IT systems can send and receive electronic health information in a structured format; make that electronic health information available through application programming interfaces; and export a patient’s electronic health information to a location designated by the patient.

“America’s hospitals and health systems support giving patients greater access and control over their health data,” said AHA President and CEO Rick Pollack in a statement. “In fact, nearly all hospitals and health systems have made health information available to patients electronically. However, today’s final rule fails to protect consumers’ most sensitive information about their personal health. The rule lacks the necessary guardrails to protect consumers from actors such as third party apps that are not required to meet the same stringent privacy and security requirements as hospitals. This could lead to third party apps using personal health information in ways in which patients are unaware. These guidelines are too important not to get right. We need to stand on the side of the patient by protecting patient privacy and strengthening security in this rule.”

The CMS final rule requires Medicare Advantage organizations, state Medicaid and Children’s Health Insurance Program fee-for-service programs, Medicaid managed care plans, CHIP managed care entities, and qualified health plan issuers in the federally facilitated exchanges to implement the same API standards as the ONC rule by 2021. 
 
Among other provisions, the CMS rule requires Medicare-participating acute-care hospitals, long-term care hospitals, inpatient rehabilitation facilities, psychiatric hospitals, children’s hospitals, cancer hospitals, and critical access hospitals to send electronic notifications to receiving providers when an inpatient is admitted, discharged or transferred. This requirement will go into effect six months after publication of the final rule.
 

Related News Articles

News
The Office of the National Coordinator for Health Information Technology today released its first final Trusted Exchange Framework and Common Agreement, a set…
Headline
The Centers for Medicare & Medicaid Services will continue to exercise discretion in enforcing compliance with the payer-to-payer data exchange…
Headline
The Centers for Medicare & Medicaid Services has extended the deadline for eligible hospitals to submit calendar year 2021 electronic clinical quality…
Headline
Eligible hospitals and critical access hospitals that did not qualify as meaningful users of certified electronic health record technology for the 2020…
Headline
The Centers for Medicare & Medicaid Services has released additional FAQs on its May 2020 final rule on interoperability and patient access. The new FAQs…
Headline
The AHA supports adding data classes and elements to future versions of the U.S. Core Data for Interoperability to capture standardized data on social…