Improving Access to Health Information Central in Long-Awaited Information Blocking, Interoperability Rules

March 17, 2020

The Department of Health and Human Services (HHS) issued two final rules aimed at improving the interoperability of electronic health records and defining information blocking. The first rule comes from HHS’ Office of the National Coordinator for Health Information Technology (ONC), and the second rule comes from the Centers for Medicare & Medicaid Services (CMS). Together, these rules implement the interoperability and patient access provisions in the 21st Century Cures Act

ONC Cures Act Final Rule 

The ONC Cures Act final rule establishes standards and requirements for interoperability and identifies and finalizes the reasonable and necessary activities that do not constitute information blocking, while establishing new rules to prevent “information blocking” practices by healthcare providers, developers of certified health information technology (IT), health information exchanges, and health information networks. It finalizes major elements from ONC’s proposed rule, including the use of application programming interfaces (APIs) for patient access to their health data via third-party apps and the replacement of the “common clinical data set” (CCDS) with the US Core Data for Interoperability (USCDI) data classes and elements for use in health information exchange.

The final rule also includes updates from the proposed rule. For example, the term “Electronic Health Information” (EHI), to which the information blocking provision applies, was not defined in the Cures Act. ONC proposed a broad definition of the term but revised its definition in the final rule based on stakeholder feedback expressing privacy concerns connected to an overly broad definition of EHI. In the final rule, ONC focused the scope of EHI to mean electronic protected health information (ePHI) as defined in HIPAA rules. ONC also clarified that the definition of EHI will not change from the current definition—which follows United States Core Data for Interoperability standards—to the revised version until 24 months after the final rule’s publication date. 

CMS Interoperability and Patient Access Final Rule

Building on the foundation established by ONC’s final rule, the CMS Interoperability and Patient Access final rule will require health plans in Medicare Advantage (MA), Medicaid, Children’s Health Insurance Plans (CHIP), and plans offered through the federal Exchanges to share claims data electronically with patients starting January 1, 2021. These plans will also be required to share claims and other health information with patients in a safe, secure, understandable, user-friendly electronic format through an API. 

CMS does recognize concerns around patient data safety and security with the use of third-party apps. As part of CMS’ final rule, a payer may ask third-party application developers to attest to certain privacy provisions, such as whether their privacy policy specifies secondary data uses and inform patients about those attestations. CMS states that the agency is working with payers to provide information they can use to educate patients about sharing their health information with third parties, and the role of federal partners like the Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) in protecting their rights. 

The American Society of Clinical Oncology (ASCO) is conducting an in-depth analysis of these rules to determine their full impact on cancer care. Stay tuned to ASCO in Action for updates.