AHIMA and Provider Groups Call for Enhanced Security and Clarification on Information Blocking Rule

AHIMA recently sent a joint letter to Congressional leaders voicing concerns that certain provisions of the Office of the National Coordinator for Health Information Technology’s (ONC) recent 21st Century Cures Act (Cures) proposed rule on information blocking jeopardizes goals to foster a health care system that is interoperable and patient-engaged and reduces burdens for those delivering care. 

The letter, cosigned by seven organizations representing the nation’s clinicians, hospitals, health systems, and experts in health informatics and HIM, outlines several recommendations aimed at furthering the objectives of Cures, while ensuring that the final regulations do not unreasonably increase provider burden or hinder patient care. 

“We support the intent of the Cures Act to eradicate practices that unreasonably limit the access, exchange, and use of electronic health information for authorized and permitted purposes that have frustrated care coordination and improvements in health care quality and efficiency,” says AHIMA CEO Wylecia Wiggs Harris, PhD, CAE. “However, in light of the lessons learned from the meaningful use program, we believe it is crucial that we get this right. We look forward to discussing the details of these recommendations with congressional staff and ONC.” 

Recommendations outlined in the letter include the following: 

• Additional rulemaking prior to finalization: ONC should seek further input from impacted stakeholders on issues including modifying the information blocking proposal to ensure that the requirements and exceptions are well-defined and understandable, and clinicians, hospitals, and health information professionals are not inappropriately penalized if they are unable to provide a patient’s entire electronic health information through an application programming interface (API). 

• Enhanced privacy and security: The proposed rule does not sufficiently address Cures’ directives to protect patient data privacy and ensure HIT security. It is imperative that the Committee continues its oversight of privacy and security issues that fall outside of the HIPAA regulatory framework. This includes ensuring certified APIs include mechanisms to strengthen patients’ control over their data—including privacy notices, transparency statements, and adherence to industry-recognized best practices. 

• Appropriate implementation timelines: ONC should establish reasonable timelines for any required use of certified HIT. Providers must be given sufficient time to deploy and test these systems, which must take into account competing regulatory mandates. 

• Revised enforcement: Health and Human Services should use discretion in its initial enforcement of the data blocking provisions of the regulation, prioritizing education and corrective action plans over monetary penalties. 

For additional information on these recommendations, visit http://bok.ahima.org/PdfView?oid=302858.

Signatories of the letter are AHIMA, American Medical Association, AMIA, College of Healthcare Information Management Executives, Federation of American Hospitals, Medical Group Management Association, and Premier Inc.

— Source: AHIMA