EHR Vendors Seek More Time on Interoperability, Patient Data Proposals

Keith L. Martin

February 13, 2019

ORLANDO — The nation's electronic health record (EHR) vendors are asking the federal government for more time to review and respond to proposed rules seeking "substantial" changes to their products.

The Electronic Health Record Association (EHRA), the trade group representing more than 30 companies, said yesterday that it would ask the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC) to extend the public comment period on proposed rules on interoperability and greater patient data exchanges announced Monday.

The announcement came at the Healthcare Information and Management Systems Society (HIMSS) 2019 Conference, held here in Orlando.

The rules allow 60 days for public comment while the agencies craft a final rule for implementation. EHRA is seeking an additional 30 days, ending the public comment period in May.

Sasha TerMaat, the group's vice chair and a director at Epic, a healthcare software company based in Verona, Wisconsin, said the group has just begun reviewing both the CMS and ONC proposed rules. She said it was great to see the agencies extend some of the features systems have made available over the past few years, including the use of application programming interfaces (APIs) and use of the Fast Healthcare Interoperability Resources (FHIR) standard for exchanging clinical data.

Lots to Change in a Small IT Window

Among the proposals is the requirement that private insurers who operate several public health programs develop FHIR-based APIs so that patients can access their own health data on the smartphone app of their choice, and at no cost. There is also the goal of hospitals electronically notifying physicians and other providers when a patient of theirs is admitted, discharged, or transferred, to begin in 2020.

It's that 2-year window for those efforts, as well as e-prescribing and other proposed changes, that concerns the association, TerMaat said.

"That's a pretty substantial amount of EHR development and a proposed 24-month window for all that development to happen," she said. "There's also the implementation and rollout in healthcare organizations. So it's tough to plan when we don't know exactly when that 24-month window would start or end yet…contingent on the publication of a final rule."

The additional 30 days, TerMaat said, gives the association "the opportunity to give better, quality feedback" to CMS and ONC as well as put together a timeline and development estimates to help the agencies.

"We've done that in the past with meaningful use and ONC has told us that this is very valuable," she said. "They've told us in their cost estimates the amount of [software] development that would go into the project…but we have historically found their estimates don't match ours…sometimes dramatically."

EHRA Chair Cherie Holmes-Henry, a vice president at NextGen, added that the public comment extension also allows the organization to reach out to its membership to gather information on how much effort the proposal would require.

"ONC tends to appreciate that," she said. "We have a good, collaborative relationship and open dialogue with them. At the end of the day, everyone wants to get this right and a good rollout for patients, providers, and clients."

Vague Information-Blocking Details

Among the details in the ONC section of the proposed rules is identifying exceptions to the definition of "information blocking." Formally defined in the 21st Century Cures Act legislation, the proposal would provide seven scenarios for the US Department of Health and Human Services Office of the Inspector General (OIG) to consider in their enforcement of the law's information-blocking provisions.

To date, OIG has not defined what kind of penalties — monetary or otherwise — a healthcare entity or vendor would face if it is proven they are withholding the release of patient data.

Among the seven exceptions not considered information-blocking in the proposed rule are if the physician, developer, or other entity is implementing practice to promote the security of electronic health information (EHI) and performing maintenance or recovering reasonable costs to allow for the access, exchange, and use of EHI.

CMS noted in its proposed rule that if a healthcare entity is identified as an information blocker, that entity would be named publicly.

In addition to gaining clarity on OIG-proposed penalties through an additional 30 days of public comment, EHRA said it would want to address any ambiguity in the conditions outlined regarding information blocking.

Leigh Burchell, the group's chair emeritus and an executive at Allscripts, noted it is a unique challenge for regulators to address "what's not" something when they regularly define areas. She praised ONC's work in gathering information from EHRA and other groups on various scenarios, but also noted, "the word 'reasonable' is never one you love to see," as that definition varies by person.

Another example of ambiguity the group seeks to get more details on involves what information the patient allows to be released to an app vendor or another party, especially when it isn't their data. One example is a caregiver's contact information that technically doesn't belong to the patient.

Janet Campbell of Epic said the proposed rule broadens the scope of health information, but that also complicates things.

It's all well and good to say the patient can authorize sharing to a third party, but how much of that data is not just the patient's data [but another person's] data?

"It's all well and good to say the patient can authorize sharing to a third party, but how much of that data is not just the patient's data [but another person's] data?" Campbell said. "Should patients have that level of control over data not specifically about them but is somehow related to them? That scenario hasn't been considered."

For more news, follow Medscape on FacebookTwitterInstagram, and YouTube


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.
Post as: