CHIME Stakeholder Letter to HHS, CMS, ONC and OIG Information Sharing Compliance

September 26, 2022

The Honorable Xavier Becerra

Secretary

U.S. Department of Health and Human Services

200 Independence Avenue, SW

Washington, DC, 20201

Dear Secretary Becerra:

The undersigned organizations represent a broad range of providers and clinicians from across the healthcare continuum. We appreciate the Department of Health and Human Services’ (HHS’) ongoing efforts to advance health data exchange and interoperability while advancing health equity for all.

Pursuant to provisions contained in the 21st Century Cures Act (Cures Act) healthcare providers, health IT developers, health information exchanges (HIEs), and health information networks (HINs) are prohibited from engaging in “information blocking” practices. Beginning October 6 th these actors must be able to share all electronic protected health information (ePHI) in a designated record set, as defined under the Health Insurance Portability & Accountability Act (HIPAA). Prior to this data sharing mandates are limited to what is contained in the USCDI.

Our members have been working diligently towards meeting the upcoming – and rapidly approaching – October 6 th information blocking deadline with the expanded electronic health information (EHI) definition. They are making every feasible effort, many with scarce resources, to ensure that they are prepared to be in compliance – from both a vendor readiness standpoint, as well as from a comprehension standpoint. The below organizations and their members understand and strongly support patients’ need to access their information in a digital format. Despite our best efforts to educate our members, significant knowledge gaps and confusion still exist within the provider and vendors communities with respect to implementation and enforcement of information blocking regulations.

Based upon feedback from our members that continues to build, it is evident that both healthcare providers, clinicians and vendors are not fully prepared for the October 6 th deadline. Therefore, we are respectfully requesting that HHS consider both postponing for a period of one-year the information blocking compliance deadlines – including October 6 th , as well using corrective action warning communications to providers/clinicians prior to imposing any monetary disincentives or beginning a formal investigation.

A chief factor limiting compliance readiness is the widespread inability to support access, exchange, and use of EHI. There is no clear definition of EHI and there is a lack of a technical infrastructure to support its secure exchange. There are widely divergent approaches to how each healthcare stakeholder is interpreting what data is ePHI, DRS, and EHI. Many stakeholders are still confused by the Office of the National Coordinator’s (ONC) EHI infographic. [1] Since providers and other Actors will be held accountable for EHI interoperability, consistency in EHI interpretation is critical. Moreover, significant confusion continues to exist on how the eight information blocking exceptions are applied when EHI cannot or should not be exchanged. Providers and patients are also deeply concerned with the harm occurring when laboratory results and reports are released in instances of life threatening or life limiting diagnoses. [2] Additionally, there are insufficient technical and policy guides to assist providers in protecting sensitive health records such as substance use disorder, adolescent, mental health, and reproductive information. We continue to monitor and review ONC’s frequently asked questions, however, many of the questions we are raising are not clearly answered.

If large providers are unable to discern this, small and lesser resourced providers are even more confused – if they are even aware of the policies at all. In fact, small providers/clinicians’ awareness remains very low, and they are relying heavily on their vendors. Vendor readiness is lagging and their deadline for delivering needed upgrades is December 31, 2022 , three months after providers are required to comply . Some vendors are not even on track to meet their own deadline, and some providers are already reporting that their vendors are delaying EHI upgrades. Further, certified vendors’ deadline for delivering an EHI export isn’t until December 31, 2023 , a year and three months after providers are required to comply . Certified API developers are required to upgrade to FHIR based APIs by December 2022, but the requirement is limited to the USCDI v1 and not all EHI. Certified vendors are tracking to their required timelines that don’t necessarily align with the provider requirements which is causing confusion and limitations on sharing of EHI data. ONC’s own data shows that only 26% of health IT products are certified. [3]

A recent College of Healthcare Information Management Executives (CHIME) survey found that of providers queried, 39% reported they were concerned about receiving their upgrade on time. Finally, the lack of guidance around how these policies will be enforced is creating significant anxiety among providers/clinicians and stoking fears that despite best efforts, they could be out of compliance. Providers and clinicians who must already comply with the Promoting Interoperability (PI) Program are required to attest that they are not information blocking. These statements will take on new meaning once October 6 th arrives creating fear that they will attest to something they are not sure they have met. For providers/clinicians outside of the PI Program, the burden of compliance could be even greater especially if they are not using a certified EHR technology.

The organizations below have worked to prepare our members for what the final enforcement could include and how HHS may proceed with implementing disincentives against providers. Furthermore, provider compliance is first contingent on vendor readiness.Healthcare providers and clinicians have faced both the unthinkable and unknown during the COVID-19 pandemic and are already preparing for a post-Public Health Emergency (PHE) world with a depleted workforce. Combined, this has led to much uncertainty in an environment where healthcare providers are already constantly adapting and often struggling.

To improve the collective provider and clinician understanding of the information blocking regulations, we urge federal agencies under the HHS umbrella – including the Centers for Medicare & Medicaid Services (CMS), the Office of the National Coordinator for Health Information Technology (ONC), and the HHS Office of the Inspector General (OIG) – to engage in more education targeted to the provider/clinician community with a particular focus on small, medium and lesser-resourced organizations. Providers want and need best practices and implementation guides that they can reference as they strive to prepare for the investigation and disincentive phase of information blocking regulations. Without real-world guidance, providers will continue to struggle with implementing internal policies to avoid allegations of information blocking.

Our organizations are supportive of the Department’s efforts towards increased interoperability and ensuring patients have access to their health data. Given the great importance of these policies, we want to make sure that they are implemented as smoothly and successfully as possible – for both patients and the clinicians and providers who care for them. Operationalization of these data sharing policies should be informed by the many lessons learned from implementation of the Promoting Interoperability program (formerly Meaningful Use), the data public health data needs made evident during the COVID-19 pandemic and will be further shaped by the Trusted Exchange Framework and Common Agreement (TEFCA).

We remain steadfast in our commitment to be partners with our patients and facilitate access to their records; the need for more time to ensure all providers and clinicians understand the policies, are prepared to meet them and have the technology to support these policies are critical.

Given the aforementioned challenges, we respectfully urge HHS to consider giving providers an additional year to comply with the October 6 th , 2022 deadline. Should you have any questions or if we can be of assistance, please contact Chelsea Arnone, Director, Federal Affairs at [email protected] .

Sincerely,

America’s Essential Hospitals

American Academy of Family Physicians

American Health Care Association (AHCA)

American Hospital Association

American Medical Association

Association of American Medical Colleges

Federation of American Hospitals

Medical Group Management Association

National Association for the Support of Long Term Care (NASL)

The College of Healthcare Information Management Executives (CHIME)

cc: Chiquita Brooks-LaSure, Administrator, Centers for Medicare & Medicaid Services, Department of Health and Human Services

The Honorable Christi Grimm, Inspector General, Office of Inspector General, Department of Health and Human Services

Micky Tripathi, PhD, National Coordinator for Health Information Technology, Department of Health and Human Services

1] Understanding the Scope of Electronic Health Information (EHI) for the Purposes of the Information Blocking Definition . (2021, December). [https://www.healthit.gov/sites/default/files/page2/2021-12/Understanding_EHI-Scope-Diagram.pdf . Retrieved September 13, 2022, from https://www.healthit.gov/sites/default/files/page2/2021-12/Understanding_EHI-Scope-Diagram.pdf

2] Preventing patient harm . (2022, July). American Medica Association. Retrieved September 19, 2022, from [https://www.ama-assn.org/system/files/patient-privacy-survey-results-preventing-patient-harm.pdf

3] Certified Health IT Product List (CHPL) . (n.d.). Retrieved September 19, 2022, from [https://chpl.healthit.gov/#/search