/ en Thu, 31 Jul 2025 18:16:16 -0500 Tue, 17 Jun 25 06:00:00 -0500 /aha-center-health-innovation-market-scan/2025-06-17-cvs-healths-next-big-goal-solve-interoperability <div class="container"><div class="row"><div class="col-md-8"><img src="/sites/default/files/inline-images/CVS-Healths-Next-Big-Goal-Solve-Interoperability.png" data-entity-uuid="105cc3af-d06e-46a4-a018-381f823e5f27" data-entity-type="file" alt="CVS Health’s Next Big Goal: Solve Interoperability. The CVS logo connected to a number of healthcare icons." width="1200" height="677"><p>CVS Health has never been shy about having lofty goals to reshape health care. So, when news broke recently that the mega retailer plans to invest $20 billion in technology over the next 10 years to deliver a more consumer-centric health experience by improving interoperability of health tech systems, it’s reasonable to wonder if the company may be biting off more than it can chew.</p><p>The investment, <a href="https://finance.yahoo.com/news/exclusive-cvs-lays-out-20b-plan-to-modernize-us-consumer-healthcare-experience-154127371.html" target="_blank" title="Yahoo!Finance: Exclusive: CVS lays out $20B plan to modernize US consumer healthcare experience">Yahoo!Finance reported</a>, will impact more than CVS’ vertically integrated businesses like its pharmacy, Oak Street health providers and insurance arm Aetna. It also will allow competitors and other health sector players to plug into the CVS system.</p><p>Whether a retail business, even one as large as CVS Health, can deliver on the promise of getting the various parts of health tech systems to integrate effectively — and ideally through a single patient record — remains to be seen. And it should be noted that the report was scant on details about how CVS will achieve its vision.</p><p>But, if successful, CVS would accomplish something no other health care organization, governmental body or other entity has been able to achieve.</p><p>Tilak Mandadi, CVS Health’s chief experience and technology officer, previously held executive roles at Disney and American Express and will be leading the company’s efforts to achieve interoperability. Here are some key areas Mandadi says the company will be focused on:</p><h2>3 Key Goals CVS Health Hopes to Achieve</h2><h3><span>1</span> <span>|</span> Modernizing the Patient Dashboard</h3><p>The aim is to give physician offices and CVS pharmacies a complete picture of what is going on, rather than isolated events for an interaction such as a physician office visit or picking up a prescription.</p><h3><span>2</span> <span>|</span> Creating a More Proactive Communication System for Patients</h3><p>The goal will be to make it easier for consumers to get information about claims status and billing without burdening them to place follow-up calls for care or deciphering bills. For example, if a claim is being processed and a potential problem is flagged with the claim, the patient also would know rather than having to find out after it is adjudicated.</p><h3><span>3</span> <span>|</span> Developing Guardrails for Artificial Intelligence (AI)</h3><p>Mandadi notes that CVS will never use AI for clinical diagnosis or for prior authorization or claims denials, or to prevent human touch in the patient experience. The company does, however, use AI to streamline back-end functions like pharmacy voicemail processing.</p></div><div class="col-md-4"><p><a href="/center" title="Visit the AHA Center for Health Innovation landing page."><img src="/sites/default/files/inline-images/logo-aha-innovation-center-color-sm.jpg" data-entity-uuid="7ade6b12-de98-4d0b-965f-a7c99d9463c5" alt="AHA Center for Health Innovation logo" width="721" height="130" data-entity- type="file" class="align-center"></a></p><p><a href="/center/form/innovation-subscription"><img src="/sites/default/files/2019-04/Market_Scan_Call_Out_360x300.png" data-entity-uuid data-entity-type alt width="360" height="300"></a></p></div></div></div>.field_featured_image { position: absolute; overflow: hidden; clip: rect(0 0 0 0); height: 1px; width: 1px; margin: -1px; padding: 0; border: 0; } .featured-image{ position: absolute; overflow: hidden; clip: rect(0 0 0 0); height: 1px; width: 1px; margin: -1px; padding: 0; border: 0; } h2 { color: #9d2235; } Tue, 17 Jun 2025 06:00:00 -0500 Interoperability /lettercomment/2025-06-16-aha-comments-cms-and-astponc-request-information-re-health-technology-ecosystem <p>June 16, 2025</p><p>The Honorable Thomas Keane, M.D.<br>Assistant Secretary for Technology Policy<br>National Coordinator for Health Information Technology<br>Department of Health and Human Services<br>Attention: CMS-0042-NC<br>P.O. Box 8013<br>Baltimore, MD 21244-8013</p><p>The Honorable Stephanie Carlton<br>Deputy Administrator and Chief of Staff<br>Centers for Medicare & Medicaid Services<br>Department of Health and Human Services<br>Attention: CMS-0042-NC<br>P.O. Box 8013<br>Baltimore, MD 21244-8013</p><p><em>Submitted Electronically</em></p><p><em><strong>RE: CMS-0042-NC Request for Information; Health Technology Ecosystem</strong></em></p><p>Dear Assistant Secretary Keane and Deputy Administrator Carlton,</p><p>On behalf of our nearly 5,000 member hospitals, health systems and other health care organizations, our clinician partners — including more than 270,000 affiliated physicians, 2 million nurses and other caregivers — and the 43,000 health care leaders who belong to our professional membership groups, the ���������� Association (AHA) appreciates the opportunity to provide comment on the Centers for Medicare & Medicaid Services (CMS) and Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology (ASTP/ONC) Request for Information (RFI) regarding the Health Technology Ecosystem.</p><p>We support the agencies’ goals of reducing barriers for data interoperability and fostering innovation to support better health outcomes. The AHA recognizes the pivotal role that health technology plays in care delivery today and its potential to transform the patient and provider experience in the future. From artificial intelligence (AI) to mobile apps, medical devices to electronic health records (EHRs) — technology supports improvements in quality and efficiency for patients, caregivers and providers. Moreover, we believe that technology and data interoperability have the potential to address some of the prevalent challenges confronting the health care ecosystem today, including provider burnout and staffing shortages driven by administrative burdens. We also recognize that the innovative applications of health information technology (IT) must be balanced with reasonable guardrails to protect sensitive patient data and ensure security and privacy. In addition, while health technology can make care more efficient, implementing new tools and standards often requires significant financial investment and workflow changes for health care providers. This makes it critical for policymakers to ensure that policy changes intended to spur adoption are scoped and paced sustainably.</p><p>The AHA has several recommendations to improve health IT standards and infrastructure, increase beneficiary access to effective digital health tools, and advance data availability to improve health outcomes. Specifically, we recommend that CMS and ASTP/ONC:</p><ul><li>Foster a sustainable pace of standards implementation by continuing to develop ASTP/ONC’s United States Core Data for Interoperability vocabulary standards (USCDI), and extending the timeline to transition from USCDI version 3 to USCDI version 4 by an additional year (through calendar year (CY) 2028).</li><li>Collaborate across agencies to address broader infrastructure challenges associated with health IT adoption, such as lack of broadband, digital literacy training and reliable Wi-Fi access for rural and underserved communities.</li><li>Support reimbursement for the use of health technology by clarifying guidance on digital health and interprofessional consultation billing codes, and develop pathways to provide provisional payment for new technologies.</li><li>Promote accountability and engagement from payers on interoperability by requiring that impacted payers adopt and use certified payer application programming interfaces (APIs) and developing safety and security requirements for the Provider Directory APIs.</li><li>Repeal provider disincentives in the June 2024 final rule “21st Century Cures Act: Establishment of Disincentives for Healthcare Providers That Have Committed Information Blocking.” Under the final rule, hospitals and providers found to engage in information blocking may face excessive reductions in payment, which threatens access to services (particularly in rural and underserved areas).</li><li>Build additional infrastructure to provide oversight for Trusted Exchange Framework and Common Agreement (TEFCA), including establishing an attestation schedule for all qualified health information networks (QHINs)</li><li>Provide protections to ensure hospitals or health systems that have a QHIN that is suspended or terminated are not held liable for information blocking claims.</li><li>Advance administrative simplification efforts by establishing a standard transaction for clinical attachments to support claims.</li><li>Streamline current price transparency policies to remove complexity from the patient experience by focusing on options for patient estimates and other pricing information. Rely on No Surprises Act good faith estimates (GFEs) and advanced explanation of benefits (AEOBs) to provide patients with the most accurate estimates for their courses of care.</li><li>Provide incentives for technology investment to enable providers to transition to value-based arrangements.</li><li>Revert to previous thresholds (i.e., percentage threshold for the number of clinicians meeting certified electronic health record requirements) for the Medicare Shared Savings Program promoting interoperability measures.</li></ul><p>There are other areas relevant to the health technology ecosystem that were not directly addressed in the RFI, including cybersecurity. We included several health IT and cybersecurity-focused recommendations in our recent response to the Office of Management and Budget's RFI on deregulation, including modifying the HIPAA cybersecurity rule of December 2024 to make the requirements voluntary.<sup>1</sup></p><p>Our detailed comments are attached. We look forward to the opportunity to work with CMS, ASTP/ONC and the Department of Health and Human Services (HHS) to help realize technology’s full potential for improving health outcomes, fully engaging patients in managing their health and reducing administrative burden. Please contact me if you have questions, or feel free to have a member of your team contact Jennifer Holloman, AHA director of health IT policy, at <a href="mailto:jholloman@aha.org">jholloman@aha.org</a>.</p><p>Sincerely,</p><p>/s/</p><p>Ashley Thompson<br>Senior Vice President<br>Public Policy Analysis and Development</p><p>__________</p><p><sup>1</sup> <a href="/system/files/media/file/2025/05/aha-response-to-omb-deregulation-rfi-letter-5-12-2025.pdf"><small class="sm">/system/files/media/file/2025/05/aha-response-to-omb-deregulation-rfi-letter-5-12-2025.pdf</small></a><br> </p> Mon, 16 Jun 2025 13:30:11 -0500 Interoperability /advisory/2024-12-19-hhs-publishes-tefca-provisions-health-data-technology-and-interoperability-rule <div class="container"><div class="row"><div class="col-md-8"><p>The Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) Dec. 16 published a <a href="https://www.federalregister.gov/documents/2024/08/05/2024-14975/health-data-technology-and-interoperability-patient-engagement-information-sharing-and-public-health">final rule</a> implementing provisions related to the Trusted Exchange Framework and Common Agreement (TEFCA). The rule is intended to advance equity, innovation and interoperability by promoting the use and exchange of electronically captured health information as specified in certain provisions of the Health Information Technology for Economic and Clinical Health Act of 2009.</p><p>The final rule adds a new part — part 172 — to title 45 of the Code of Federal Regulations to implement certain provisions related to TEFCA. These provisions establish the qualifications necessary for an entity to receive and maintain designation as a Qualified Health Information Network (QHIN) capable of trusted exchange according to TEFCA. The final rule covers procedures governing QHINs including onboarding, designation, suspension and termination. The provisions this final rule adopts are not substantively different from those first proposed in August as part of the much larger <a href="https://www.federalregister.gov/documents/2024/08/05/2024-14975/health-data-technology-and-interoperability-patient-engagement-information-sharing-and-public-health">Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability (HTI-2)</a> rule and will be effective Jan. 15, 2025. Additional provisions of the HTI-2 rule, including Prior Authorization Application Programming Interfaces, more information blocking exceptions, United States Core Data for Interoperability Version 4 standards, and public health interoperability requirements are currently under review by the White House Office of Management and Budget and could be published in the future.</p><h2>AHA TAKE</h2><p>In our comments on the proposed rule, AHA supported the TEFCA objective of creating a common national framework that provides a universal technical foundation for interoperability. We also supported ONC’s proposed requirements for organizations choosing to participate in TEFCA as a QHIN. Specifically, we supported the recommendation that any organization aspiring to become a QHIN must adhere to specific privacy and security guidelines, with additional stipulations for those providing Individual Access Services.</p><p>However, we expressed concerns about what happens to the hospitals and health systems that rely on any QHIN that gets suspended or terminated from TEFCA. We appreciate that the ONC acknowledged our concerns in this area but are disappointed it declined to change the rule because the requested changes were deemed out of scope. We will continue to press this issue and encourage ONC to address it in future rulemaking. </p><p>Moreover, we also expressed concerns about the existing governance structure of TEFCA which gives QHINs the primary responsibility for ensuring that its participants abide by TEFCA’s requirements. We conveyed that this governance structure runs the risk of quickly exceeding the capabilities of both QHINs and the Recognized Coordinating Entity — the organization responsible for TEFCA’s oversite — of effectively managing participation in TEFCA. Although ONC did not change the proposed rule, the agency acknowledged these concerns and noted it “will continue to monitor TEFCA” and “will consider additional measures should circumstances arise that show that QHINs require additional oversight.”</p><h2>WHAT YOU CAN DO</h2><ul><li><strong>Share</strong> this advisory with your government relations, information systems and compliance teams to apprise them of this final rule.</li><li><strong>Contact </strong>the AHA with any questions or concerns regarding these provisions.</li><li><strong>Watch</strong> for notices of additional HTI-2 provisions published as final rules soon.</li></ul><h2>SUMMARY OF PROVISIONS</h2><ul type="disc"><li>Codifies (in new 45 CFR part 172) provisions related to TEFCA to provide greater process transparency and to further implement section 3001(c)(9) of the Public Health Service Act (PHSA), as added by the Cures Act.</li><li>Establishes the processes for an entity to qualify and maintain designation as a QHIN capable of trusted exchange under the Common Agreement.</li><li>Establishes the procedures governing the onboarding, suspension, termination and administrative appeals to the ONC for QHINs.</li><li>Codifies requirements related to QHIN attestation for the adoption of TEFCA. This subpart implements section 3001(c)(9)(D) of the PHSA and includes the requirement for ONC to publish a list on their website of the health information networks that have adopted the Common Agreement and are capable of trusted exchange pursuant to the Common Agreement.</li><li>Reenforces that adoption of TEFCA is voluntary. Section 3001(c)(9)(D)(ii) requires HHS to establish, through notice and comment rulemaking, a process for HINs that voluntarily elect to adopt TEFCA to attest to such adoption.</li><li>Finalizes the TEFCA Manner Exception, which allows an actor to limit electronic health information sharing requests to TEFCA only without being considered information blocking with no revisions.</li></ul><h2>FURTHER QUESTIONS</h2><p>If you have further questions, please contact Stephen Hughes, AHA’s director of health information technology policy, at <a href="mailto:Stephen.hughes@aha.org">Stephen.hughes@aha.org</a>.</p></div><div class="col-md-4"><a href="/system/files/media/file/2024/12/hhs-publishes-tefca-provisions-of-health-data-technology-and-interoperability-rule.pdf"><img src="/sites/default/files/inline-images/cover-hhs-publishes-tefca-provisions-of-health-data-technology-and-interoperability-rule.png" data-entity-uuid data-entity-type="file" alt="Regulatory Advisory Cover" width="679" height="878"></a></div></div></div> Thu, 19 Dec 2024 14:36:02 -0600 Interoperability /news/headline/2024-10-04-aha-comments-proposed-rule-designed-improve-patient-engagement-information-sharing-interoperability <p>The AHA Oct. 4 <a href="/2024-10-04-aha-comment-letter-hhs-hti-2-interoperability-proposed-rule">commented</a> on the Department of Health and Human Services' Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability (HTI-2) <a href="https://www.federalregister.gov/documents/2024/08/05/2024-14975/health-data-technology-and-interoperability-patient-engagement-information-sharing-and-public-health">proposed rule</a>. AHA expressed support for HHS' efforts to advance interoperability, improve transparency and support electronic access and exchange of electronic health records. Among the provisions AHA supports include the establishment of criteria aligning with the Centers for Medicare & Medicaid Services' application programming interfaces requirements and recommendations; continued development of United States Core Data for Interoperability standards; and the Trusted Exchange Framework and Common Agreement, among others. The association’s concerns about the proposed rule include providers still being held to a higher accountability standard for data sharing; USCDI version deadlines being too aggressive; new encryption requirements that are burdensome; and TEFCA’s governance structure.</p> Fri, 04 Oct 2024 14:13:27 -0500 Interoperability /2024-10-04-aha-comment-letter-hhs-hti-2-interoperability-proposed-rule <p>October 4, 2024</p><p>The Honorable Micky Tripathi, Ph.D.<br>Assistant Secretary for Technology Policy<br>National Coordinator for Health Information Technology<br>Department of Health and Human Services<br>Mary E. Switzer Building<br>Mail Stop: 7033A<br>330 C Street SW<br>Washington, D.C. 20201</p><p><em><strong>RE: Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability (RIN 0955-AA06)</strong></em></p><p>Dear Assistant Secretary Tripathi,</p><p>On behalf of our nearly 5,000 member hospitals, health systems and other health care organizations, our clinician partners — including more than 270,000 affiliated physicians, 2 million nurses and other caregivers — and the 43,000 health care leaders who belong to our professional membership groups, the ���������� Association (AHA) appreciates the opportunity to provide comments to the Assistant Secretary for Technology Policy (ASTP) on the Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability (HTI-2) <a href="https://www.federalregister.gov/documents/2024/08/05/2024-14975/health-data-technology-and-interoperability-patient-engagement-information-sharing-and-public-health">proposed rule</a>.</p><p>The AHA supports the Assistant Secretary’s efforts to advance interoperability, improve transparency and support electronic access and exchange of electronic health records (EHRs). Thoughtful integration of health information technology (HIT) is crucial to ensure that patients receive the best care possible. HIT can help streamline patient care processes, as well as provide patients and their families with the information they need to take a more informed and proactive role in their health management. These objectives can be realized by promoting clear, consistent and reasonable HIT standards without adding excessive administrative or regulatory demands on health care professionals and health IT innovators.</p><p>In summary, we support several provisions including:</p><ul><li>Establishing criteria that align with the Centers for Medicare & Medicaid Services (CMS) application programming interfaces (API) requirements and recommendations.</li><li>Continued development of United States Core Data for Interoperability (USCDI) standards.</li><li>Continued commitment to protecting patient data.</li><li>More robust public health data interoperability.</li><li>The Trusted Exchange Framework and Common Agreement (TEFCA).</li><li>Revising request-response criteria under information blocking exceptions.</li></ul><p><strong>However, we are concerned that providers would still be held to a higher accountability standard for data sharing, USCDI version deadlines are too aggressive, new encryption requirements are burdensome, and TEFCA’s current governance structure may be inadequate.</strong></p><p>Our detailed comments follow.</p><h2>Prior Authorization Application Programming Interfaces</h2><p>The AHA supports the proposal to establish HIT certification criteria that align with the CMS application programming interfaces (API) requirements and recommendations. This proposal would ensure that the APIs developed to meet the CMS regulations adhere to relevant interoperability standards and support effective information sharing. Importantly, HTI-2 would update certification criteria and standards to facilitate electronic prior authorization using certified HIT. Specifically, ONC proposes adopting two “Prior Authorization APIs” certification criteria, which specify requirements for certified HIT that providers and payers can leverage to conduct electronic prior authorization. This certified technology would enable streamlined implementation of the CMS final rule to ensure that patients receive the care they need in a timely manner, lower administrative costs, and reduce complexity for providers and patients. Furthermore, we support the proposal's alignment with CMS mandates for Patient Access APIs, as outlined in the CMS Interoperability and Patient Access rule. This alignment is critical as this proposal allows patients to choose the application they want to use to access their health information. <strong>However,</strong> <strong>although we support the Prior Authorization API, the AHA is concerned that it holds providers to a higher level of accountability in data sharing than the current voluntary requirements that payers are held to in the CMS final rule. As such, the AHA suggests the agency work with CMS to better align the CMS requirements applicable to payers with HTI-2 and require a mandatory certification for payers, rather than a voluntary one, to ensure that protecting the privacy of patient data is prioritized.  </strong></p><h2>United States Core Data for Interoperability Version 4</h2><p>The AHA is supportive of ASTP’s commitment to updating USCDI and acknowledges the impact that standardizing data can have on patient outcomes by ensuring providers have consistent and comprehensive information related to care. Specifically, the AHA appreciates that, in USCDI Version 4 (v4), ASTP continues adding depth to data elements under the clinical notes category. However, we encourage ASTP to continue building out vocabulary standards for all these USCDI v4 elements where those standards are limited or missing, such as they did by requiring the use of Systematized Nomenclature of Medical Clinical Terms (SNOMED CT) for the “Encounter Information” data class. This will ensure that the standard continues to evolve from a collection of narrow data points into a more holistic and complete picture of the patient's health.</p><p>That said, we urge the agency to give providers adequate time to implement new standards and updates. We encourage ASTP to carefully examine the technical lift and additional administrative burdens associated with meeting the compliance requirements of USCDI v4 especially as many organizations are still working to meet the requirements of USCDI Version 3 (v3). In this rule, ASTP proposes that USCDI v3 will expire on Dec. 31, 2027, and “that by January 1, 2028, a health IT developer of a Health IT Module certified to certification criteria referencing § 170.213 must update its Health IT Module to USCDI v4 and provide the updated version to their customers to maintain certification of that Health IT Module.” This is an aggressive timeline that puts many smaller hospitals at risk of non-compliance because the common technology vendors for smaller hospitals have historically struggled to keep up with USCDI updates. As such, the AHA requests that ASTP extend the expiration date of USCDI v3 an additional year to Dec. 31, 2028, and consider the ongoing impact of these updates on all stakeholders in the health sector.</p><h2>Encryption</h2><p>The AHA appreciates ASTP’s commitment to protecting patient data and understands the possible benefits of end-to-end encryption. In addition, we support the security recommendations in HTI-2 that align with existing <a href="https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-164">HIPAA Security Rule Safeguards</a> and the Healthcare and Public Health Sector Cybersecurity <a href="https://hhscyber.hhs.gov/performance-goals.html">Performance Goals</a> (HPH CPGs). However, the requirement to encrypt all electronic health information (EHI) at rest on all servers does not align with either the current HIPAA safeguards or the HPH CPGs.</p><p>EHI stored on end-user devices is treated differently than such data on servers because end-user devices pose a significantly different risk level. Whether virtual or physical, servers operate in physically secure environments behind the protection of multiple layers of network security. While requiring data on servers would add an additional layer of protection, it is unclear that the benefits outweigh the costs and burden on both the developers of certified EHR technology (CEHRT) as well as on all users of CEHRT applications. Currently, the HPG CPGs call for “strong encryption” and enable health care organizations to meet this requirement by “Deploy[ing] encryption to maintain confidentiality of sensitive data and integrity of Information Technology (IT) and Operational Technology (OT) traffic in motion” (NIST reference: 800-53 REV 5.1.1; SC-08, and SC-11). Simply put, the HPH CPGs do not call for data to be encrypted “at rest.” Adding BitLocker encryption to Windows servers or open-source encryption tools like cryptsetup to Linux servers, as suggested by the proposed rule, would require significant configuration, cost, testing and potential system downtimes, especially considering the proposed rule would require this of any server storing EHI, and not just EHRs. In hospitals, this can mean dozens of applications running on hundreds of servers that would require the added encryption. We urge ASTP to consider directly aligning the encryption requirements of HTI-2 with the current encryption best practices of HPH CPGs. In lieu of this direct alignment, we ask that rather than Jan. 1, 2026, ASTP push the effective date of this requirement to Jan. 1, 2028.</p><h2>Public Health Interoperability</h2><p>The AHA agrees with ASTP that for Public Health Agencies (PHAs) to effectively promote and protect the health of all people and their communities, they need public health information exchange with hospitals and health systems as well as other providers, labs, schools and community service organizations. We also agree that PHAs generally lack the necessary access and ability to share the data needed to address public health needs. The AHA appreciates ASTP’s recognition of the complexity, safety issues and added work that arises from the manual processes required by hospitals and health systems to share information with PHAs, and we fully support policies to improve interoperability in support of more effective data exchange with PHAs. However, the AHA questions whether the ONC has the authority to influence how PHAs manage and share EHI.</p><h2>Trusted Exchange Framework and Common Agreement</h2><p>The AHA supports the TEFCA objective to create a common national framework that provides a universal technical foundation for interoperability. We broadly support ASTP’s proposed updates to the requirements under TEFCA participation for Qualified Health Information Networks (QHINs). Specifically, we support the recommendation that any organization aspiring to become a QHIN must adhere to specific privacy and security guidelines, with additional stipulations for those providing Individual Access Services. However, the AHA is concerned about the lack of details about the suspension and termination processes for QHINs. While we appreciate that there is a process to suspend or terminate QHINs from TEFCA for cause, it’s unclear what happens to the hospitals and health systems that relied on that QHIN. <strong>The AHA requests that ASTP clarify the rights and obligations of hospitals or health systems that are using a QHIN that gets suspended or terminated from TEFCA to ensure that they remain compliant with interoperability rules and are not liable for information-blocking claims because their QHIN was suspended or terminated. </strong>More broadly, we also have concerns about the existing governance structure of TEFCA which gives QHINs the primary responsibility for ensuring that their participants abide by TEFCA’s requirements. This governance structure runs the risk of quickly exceeding the capabilities of both QHINs and the Recognized Coordinating Entity – the organization responsible for TEFCA’s oversite - of effectively managing it. This is particularly concerning given the anticipated expansion of TEFCA.<strong> As such, the AHA recommends ASTP build more internal capacity to directly oversee and ensure adherence to TEFCA's stipulations including at a minimum establishing an attestation schedule for all QHINs. Further, ASTP should publish all “Designation” documentation on its website information for public review.</strong></p><p><strong>Infeasibility Exception: Responding to Requests Condition. </strong>ASTP proposes updating the conditions for responding to requests under the Infeasibility exception. These updates include varying the response times for written replies to the requester, tailored to the specific infeasibility condition cited. Specifically, the agency proposes to commence the 10-day response period at the point when the party confirms, promptly and upon a fair evaluation of the situation, that the requested access, exchange or usage of EHI cannot be fulfilled as originally asked, or that fulfilling the request as made is impracticable under the given conditions. The AHA appreciates ASTP’s consideration of the fact “that ten business days may not allow actors sufficient time to engage with requestors and fully evaluate all factors relevant to meeting certain conditions.” The AHA supports revising the request-response criteria and the additional flexibility in calculating the 10-day period. We appreciate ASTP’s recognition that several variables may affect the start of this period, including how requests are received and processed and the circumstances causing the infeasibility<strong>. The AHA proposes extending the time for the request-response conditions to a maximum of 30 days and simplifying the language of the “responding to requests conditions” to just “within 30 days of the actor receiving the request” to provide clear and concise guidance on response timeframes.</strong></p><p>We appreciate your consideration of these issues. Please contact me if you have questions or feel free to have a member of your team contact Stephen Hughes, AHA’s director for health information technology policy, at <a href="mailto:stephen.hughes@aha.org">stephen.hughes@aha.org</a>.</p><p>Sincerely,<br>/s/<br>Ashley Thompson<br>Senior Vice President, Public Policy</p> Fri, 04 Oct 2024 09:03:30 -0500 Interoperability /news/headline/2024-09-17-hhs-awards-2-million-columbia-university-hospital-ohsu-responsible-ai-behavioral-health-it-projects <p>The Department of Health and Human Services Sept. 17 <a href="https://www.hhs.gov/about/news/2024/09/17/hhs-announces-2024-leap-health-awardees-focused-data-quality-responsible-ai-accelerating-adoption-behavioral-health.html" target="_blank">announced</a> it has awarded a total of $2 million to two recipients to create tools to improve care delivery, advance research capabilities and address emerging challenges related to interoperable health information technology. Columbia University Hospital in New York will be tasked with developing innovative ways to evaluate and improve the quality of health care data used by artificial intelligence tools. Oregon Health and Science University will work on advancing the adoption of health IT in behavioral health settings. The funds were awarded through HHS' Leading Edge Acceleration Projects in Health IT program.</p> Tue, 17 Sep 2024 15:25:44 -0500 Interoperability /advisory/2024-08-15-hhs-proposes-expansion-health-data-technology-and-interoperability-rule <div class="container"><div class="row"><div class="col-md-8"><p>The Office of the National Coordinator for Health Information Technology (ONC), released the Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability (HTI-2) <a href="https://www.federalregister.gov/documents/2024/08/05/2024-14975/health-data-technology-and-interoperability-patient-engagement-information-sharing-and-public-health" target="_blank" title="The proposed rule text">proposed rule</a> for public comment. The HTI-2 proposed rule reflects ONC’s efforts to advance interoperability and improve information sharing among patients, providers, payers and public health authorities. Comments are due to the ONC by 5 p.m. ET, Oct. 4, 2024.</p><div class="panel module-typeC"><div class="panel-heading"><h2>Key Highlights</h2><p>The proposed rule would: </p><ul><li>Add technology and standards updates that build on the HTI-1 final rule, ranging from the capability to exchange clinical images (e.g., X-rays) to the addition of multi-factor authentication support.</li><li>Establish requirements for health IT that can be used by providers and payers to conduct streamlined electronic prior authorization.</li><li>Formally establish the Trusted Exchange Framework and Common Agreement (TEFCA) provisions in the Code of Federal Regulations.</li><li>Expand the list of Information Blocking Rule exceptions including one for the Protecting Care Access exception, to protect actors who withhold Electronic Health Information (EHI) in certain cases to reduce legal risks that may be associated with sharing EHI.</li><li>Require adoption by Jan. 1, 2028, of Version 4 of the United States Core Data for Interoperability (USCDI v4) certification criteria as the new baseline standard for EHI.</li></ul></div></div><h2>AHA TAKE</h2><p>The ONC intends for HTI-2 to advance public health interoperability, improve information sharing and support patient engagement. Much like its predecessor, HTI-1, the proposed rule predominately applies to health IT developers. However, hospitals and health systems will be affected by the updates in technology standards and other recommended changes. These updates should improve the accessibility and free exchange of clinical imaging data, such as X-rays and MRI results, and introduce reasonable security requirements, like multi-factor authentication and server encryption requirements for systems that handle electronic medical records. The AHA supports the security recommendations in the proposed rule that aligns with existing HIPAA Security Rule Safeguards and the Healthcare and Public Health Sector Cybersecurity Performance Goals. The AHA is also pleased the ONC is proposing to remove barriers to patient care and streamline the prior authorization process. It does so by supporting the technical requirements in CMS’s Interoperability and Prior Authorization final rule and requires payers to shift to electronic prior authorization. </p><p>The AHA is unclear, however, on what the ONC would accomplish with the other provisions in this proposed rule. The AHA is concerned about the TEFCA provisions because we have not seen widespread adoption of the framework by hospitals and health systems and it is not clear how adherence to the provisions will measurably improve patient access to care. Furthermore, the interaction of TEFCA with the rules on information blocking and the minimum-necessary requirement of HIPAA is unknown. These all require careful consideration of various legal, technical and privacy-related factors before TEFCA can be the accepted standard for clinical data sharing or a regulatory mandate for clinical data exchange. </p><p>Additionally, the AHA appreciates the ONC’s recognition of the complexity, safety issues and added work that arises from the manual processes required by hospitals and health systems to share information with public health authorities. However, the AHA questions whether the ONC has the authority to influence the way public health authorities manage and share electronic health records. Lastly, the AHA is disappointed that the ONC missed another opportunity to clearly define information blocking by offering specific examples and continues trying to define the rule by what it is not while just adding more exceptions. Although some of these new exceptions, such as broader definitions of “infeasibility,” could help protect providers from frivolous complaints, the other proposed exceptions are confusing, and their intended benefits are difficult to quantify. </p><h2>WHAT YOU CAN DO</h2><ul><li><strong>Share</strong> this advisory with your government relations, information systems and  compliance teams to apprise them of this proposed rule.</li><li><strong>Share</strong> any concerns and feedback on these provisions with the AHA.</li><li><strong>Submit</strong> by Oct. 4 to the ONC a comment letter explaining the rule’s impact on your hospital or health system.</li><li><strong>Watch</strong> for notice of a possible comment letter from the AHA on this topic.</li></ul><p>View the detailed Regulatory Advisory below.</p></div><div class="col-md-4"><p><a href="/system/files/media/file/2024/08/hhs-proposes-expansion-of-health-data-technology-and-interoperability-rule-advisory-8-15-2024.pdf" target="_blank" title="Download the Regulatory Advisory: HHS Proposes Expansion of Health Data, Technology and Interoperability Rule PDF."><img src="/sites/default/files/2024-08/cover-hhs-proposes-expansion-of-health-data-technology-and-interoperability-rule-advisory-8-15-2024-667px.png" data-entity-uuid data-entity-type="file" alt="Regulatory Advisory:HHS Proposes Expansion of Health Data, Technology and Interoperability Rule cover." width="NaN" height="NaN"></a></p></div></div></div> Thu, 15 Aug 2024 08:25:08 -0500 Interoperability /news/headline/2024-07-10-hhs-releases-proposed-rule-designed-improve-patient-engagement-information-sharing-interoperability <p>The Department of Health and Human Services July 10 released a <a href="https://www.healthit.gov/sites/default/files/page/2024-07/ONC_HTI-2_Proposed_Rule.pdf">proposed rule</a> designed to improve health information sharing and interoperability. The Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability (HTI-2) proposed rule includes two sets of certification criteria designed to enable health information technology for public health and payers to be certified under the Office of the National Coordinator for Health Information Technology's Health IT Certification Program. The criteria would improve public health response, advance value-based care delivery and focus on standards-based application programming interfaces to improve end-to-end interoperability between health care providers and public health organizations or payers. <br><br>The rule proposes a new set of certification criteria to support the technical requirements included in the Centers for Medicare & Medicaid Services’ Jan. 2024 Interoperability and Prior Authorization <a href="https://www.govinfo.gov/content/pkg/FR-2024-02-08/pdf/2024-00895.pdf">final rule</a> to facilitate electronic prior authorization. The proposed rule also responds to patient, provider and other communities’ concerns about patient privacy and care access by expanding exceptions and clarifying the definitions of information blocking. HHS plans to publish the notice in the Federal Register with a 60-day comment period.</p> Wed, 10 Jul 2024 15:43:17 -0500 Interoperability /news/headline/2024-06-24-hhs-releases-final-rule-disincentivizing-health-care-providers-commit-information-blocking <p>The Department of Health and Human Services June 24 released a <a href="https://www.hhs.gov/about/news/2024/06/24/hhs-finalizes-rule-establishing-disincentives-health-care-providers-that-have-committed-information-blocking.html">final rule</a> that would disincentivize health care providers for interfering with the access, exchange or use of electronic health information. AHA previously expressed <a href="/lettercomment/2024-01-02-aha-comments-21st-century-cures-act-establishment-disincentives-health-care-providers-have-committed">concern</a> when the rule was proposed, saying it could threaten the financial viability of economically fragile hospitals.<br><br>In the final rule, hospitals under the Medicare Promoting Interoperability Program found to have committed information blocking would experience a reduction of the market basket update by 75%. Critical access hospitals would see a reduction from 101% to 100% of reasonable costs, while clinicians in Medicare's Merit-based Incentive Payment System would receive a score of zero in the MIPS Promoting Interoperability performance category. Providers in accountable care organizations that commit information blocking would be ineligible to participate in the Medicare Shared Savings program for at least one year and may not receive revenue they may have earned through the program. <br><br>AHA is disappointed that HHS chose to disregard most of the comments they received and is highly concerned that the disincentive structure retained in the final rule is excessive, confusing and imbalanced.</p> Mon, 24 Jun 2024 14:42:51 -0500 Interoperability /webinars/2024-03-22-webinar-overview-advancing-interoperability-and-improving-prior-authorization-processes-final-rule <p></p><hr><h3><a href="/system/files/media/file/2024/03/slides-overview-of-the-advancing-interoperability-and-improving-prior-authorization-processes-final-rule-webinar-2-20-24.pptx" target="_blank" title="PowerPoint Slides">View the PowerPoint Presentation</a></h3><p> </p> Fri, 22 Mar 2024 15:18:00 -0500 Interoperability