ONC’s HTI-1 Places Undue Burdens on Healthcare Providers, Health IT Developers

The following is a guest article by David Bucciferro, Chair of the EHR Association

In April 2023, the Office of the National Coordinator for Health Information Technology (ONC) released its much-anticipated proposed rule to advance interoperability, improve transparency, and support further access, exchange, and use of electronic health information (EHI). While the EHR Association has long supported the goals of the proposed rule, called Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing Proposed Rule (HTI-1), we have a number of real concerns about the impact it would have on the industry if finalized as proposed.

Many of our concerns center on the proposed implementation timeframes associated with various concepts included in HTI-1, as well as ONC’s failure to sufficiently consider the burden compliance will place on provider organizations and health IT developers. Specifically, while we appreciate that ONC is under pressure to implement some of the requirements from the 21st Century Cures legislation, health IT developers need more time than allotted in HTI-1 to deliver safe, compliant, and high-quality versions of their certified products. Providers will also need sufficient time to implement and become proficient on that upgraded software.

It is commonly accepted that 18-24 months are needed to complete the development, testing, and safe deployment of new software versions – a position we have taken for more than a decade as certification requirements have grown in scope.  However, it seems that the protracted regulatory promulgation process that preceded the publication of HTI-1 was not used by ONC to push back various deadlines originally included in the proposed rule, resulting in suggested timelines that would be insufficient to complete sizable development work.

In the comments that we will submit to ONC on HTI-1, we’ll also be encouraging ONC and the Centers for Medicare and Medicaid Services (CMS) to work more closely together to address the misalignments that frequently occur between when ONC tells software developers to deploy new certified versions and when CMS requires providers to be using them. There are also proposals in HTI-1 that create a dependency on collaboration with healthcare provider organizations for developers to be successful in meeting their obligations, but CMS has included in rulemaking no corresponding incentives for them to do so – making compliance for vendors significantly more challenging.

In addition to these overarching concerns, the EHR Association has identified issues with four specific provisions of HTI-1: the new Insights Condition, the transition to USCDI v3, the proposed requirements related to Decision Support Interventions (DSI) and Predictive Models, and Patient Requested Restrictions. Following is a summary of those concerns and the recommendations we intend to share with ONC in our formal comment letter.

Insights Condition (EHR Reporting Program)

In addition to a timeframe that is too short to adequately prepare, recruit clients, execute, and submit reports, the proposed Insights measures harken back to the early days of the meaningful use program but without incentives for providers to cooperate. This puts EHR vendors in the middle of data aggregation from multiple sources. It is also a distraction from other analytics initiatives that software developers are expected to support, like CMS’ digital quality measures project.

Because the work to prepare for the measurement and to convince clients to work with developers on the project will be consequential, the EHR Association will urge ONC to delay the start of the first measurement period until at least CY 2025. We would also like to see it restructured for annual reporting, preferably mid-year to avoid conflict with significant year-end deadlines, development, and deployment obligations, and April/October attestations we are required to submit already.

USCDI v3

While we strongly support ONC’s efforts to advance USCDI in general, the proposed timeframe for development and implementation between the final rule and USCDI v1 expiration is too short and should be aligned with CMS timelines. Thus, we will recommend a timeline that moves the deadline for USCDI v3 to be included in upgraded versions until the end of the second calendar year following the publication of the final rule (estimated to be Dec. 31, 2025).

We will also reiterate our desire to see ONC move away from the current all-or-nothing certification requirement and towards a dynamic approach based on the data actually managed by the EHR or other health IT in use by a provider. Specialty EHRs and provider organizations that don’t benefit from supporting all USCDI criteria – e.g., geriatric-focused health IT that has no clinical need to support pediatric data, or diagnostic and imaging services that seek software that is relevant to “their” data but nothing unnecessary – should be allowed to achieve certification by adding only those aspects beneficial to meet user needs. Adopting the more flexible model would alleviate unnecessary burdens for both health IT vendors and those providers to whom the broader USCDI data list is not applicable.

DSI and Predictive Models

ONC is clearly attempting to leverage its certification program to help the Food and Drug Administration (FDA) increase transparency related to decision alerts, but this seems to be an inefficient and burdensome application of the certification lever.  Instead, we will recommend that regulations imposing transparency requirements be applied by the FDA or HHS more broadly to those creating the decision alerts rather than the developers of EHRs, which serve primarily as alert delivery mechanisms.

The burden inherent to the proposals about DSIs is significant and would result in duplicative work across software developers who rely on decision support content sourced from the same vendors. It also disregards the fact that many healthcare organizations create their own alerts; vendors have no oversight or responsibility for those decisions or the content underlying them. As such, given the magnitude of the proposed changes, we intend to suggest to ONC that the Dec. 31, 2024, compliance timeline is unrealistic.

In terms of specific proposed changes, the EHR Association has several concerns and recommendations. For starters, we do not support the proposal to replace “clinical decision support” (CDI) with DSI in the certification criterion, as “intervention” has other meanings in the healthcare space. We also recommend narrowing the definition of “predictive decision support intervention,” as some interventions are not conducive to source attributes or feedback gathering.

Further, ONC’s proposal to require user-accessible source attribute information on all decision support interventions available within the EHR is too broad, considering the scope of what could fit within the definition of a DSI. Thus, we intend to recommend narrowing the definition of those DSIs impacted by the proposed rule to focus on interruptive alerts that are created by the developer.

We will also recommend limiting user feedback on DSI information to interruptive alerts, as passive alerts can’t have associated user actions. Nor do we want to inadvertently encourage interruptive alerts with a negative effect on usability.

Patient Requested Restrictions

The proposed rule would require the new “patient requested restrictions” certification criterion for the Privacy and Security Framework by Jan. 1, 2026, which we feel is too broad as proposed for the timeframe, which also needs a targeted use case to focus on for the deadline. For example, ONC could refocus its certification capability requirement around the ability of patients to request that certain sensitive notes or lab results not be shared with proxy users in the patient portal. This would also give patients more granular control over data sharing without jeopardizing their care by preventing other clinicians from viewing the information.

The provider community has expressed concerns about pronounced negative unintended consequences that could result from broad requirements to support segmentation, including heightened risks of preventable medical errors from incomplete records and increased burden on providers.

Finally, there must be the opportunity to adjust privacy and patient consent rules and infrastructure over time to keep pace with the long-term impacts of changes under HTI-1 – something that is not addressed in the proposed rule but is nonetheless critical to success.

Refinement Required

HTI-1 is an expansive proposed rule, one whose impact will be felt across the healthcare ecosystem for years to come. As such, it is vitally important that ONC gets it right the first time – without impeding innovation.

A strong first step will be to fully consider the very real concerns the EHR Association shares with other impacted stakeholders as ONC moves forward with finalizing the rule to ensure its end goals can be achieved without unrealistic deadlines and without placing an undue burden on healthcare providers and health IT developers. 

About David Bucciferro

David Bucciferro is Chair of the EHR Association and a senior advisor with Foothold Technology – Radicle Health. The EHR Association is a partner of HIMSS whose 30 member companies serve most hospitals, post-acute, specialty-specific, and ambulatory healthcare providers using EHRs across the United States. Its focus is on collaborative efforts to accelerate health information and technology adoption, assist member companies with regulatory compliance, advance information exchange between interoperable systems, and improve the quality and efficiency of patient care using technology.

   

Categories