United States: In Coordinated Proposed Rules, ONC And CMS Seek To Tackle Interoperability, Information Blocking, And Patient Access To Health Information

On February 11, 2019, two agencies of the U.S. Department of Health and Human Services ("HHS") coordinated the release of complementary proposed rules designed to support and advance seamless and secure access, exchange, and use of electronic health information ("EHI"). Taken together, these proposed rules seek to address both technical and practical obstacles that create barriers to the exchange of, and access to, health information. For various stakeholders in the health care industry—particularly health information technology ("health IT") developers, health plans / payors, and health care providers—these proposed rules, if finalized, would clarify provisions of the 21st Century Cures Act, particularly regarding interoperability and information blocking, and create significant new requirements.

The first rule was issued by the Office of the National Coordinator for Health Information Technology ("ONC"), and implements key provisions of the 21st Century Cures Act (the "Cures Act"), including provisions designed to advance interoperability; to support the access, exchange, and use of EHI; and to address occurrences of "information blocking" (the "ONC Proposed Rule"). The second rule, issued by the Centers for Medicare & Medicaid Services ("CMS"), centers on advancing interoperability and patient access to EHI using the authority available to CMS and in alignment with ONC's efforts and the Cures Act (the "CMS Proposed Rule"). We describe both below.

ONC Proposed Rule

The ONC Proposed Rule contains proposals to implement various aspects of the Cures Act, and to revise ONC's existing Health IT Certification Program more generally. We highlight four of the most important aspects of the ONC Proposed Rule: Information Blocking, API Standards, EHI Exports, and Conditions and Maintenance of Certification. ONC has indicated that it will host a series of webinars to explain the Proposed Rule, and also issued helpful fact sheets summarizing key aspects of the rule.

Information Blocking. First, the ONC Proposed Rule promulgates the information-blocking provisions of the Cures Act, including provisions identifying "reasonable and necessary activities" that do not constitute information blocking. The Cures Act defined "information blocking" broadly, and directed HHS to promulgate exceptions. Information blocking, generally speaking, means practices that are likely to interfere with, prevent, or materially discourage access, exchange, or use of EHI. Here, ONC proposes seven "reasonable and necessary activities" as exceptions to the information-blocking provisions codified in the Cures Act, provided certain conditions are meet. The first three exceptions address activities deemed reasonable and necessary to promote public confidence in the use of health IT and the exchange of EHI—specifically, activities intended to protect patient safety, to promote the privacy of EHI, and to promote the security of EHI. The next three exceptions address activities deemed reasonable and necessary to promote competition and consumer welfare—specifically, activities intended to recover costs reasonably incurred, excusing entities from responding to requests that are infeasible, and permitting the licensing of interoperability elements on reasonable and nondiscriminatory terms. The last exception addresses activities that are reasonable and necessary to promote the performance of health IT, by providing an exception for making health IT temporarily unavailable for maintenance or improvements that benefit the overall performance and usability of health IT. ONC made a specific request for information for additional exceptions.

API Standards. Second, the ONC Proposed Rule revises the 2015 Edition certification criteria for the certified health IT for application programming interfaces ("APIs") and establishes certain Conditions and Maintenance of Certification, implementing the Cures Act's requirement that health information from API technology be accessed, exchanged, and used "without special effort." In doing so, ONC seeks to move the health care industry toward adoption of standardized APIs. In particular, ONC's new "standardized API for patient and population services" requirement for certified health IT requires use of Health Level 7 Fast Healthcare Interoperability Resources ("FHIR®") standards, with several implementation specifications. ONC is also proposing restrictions on API-related fees. ONC's overall goal is to allow individuals securely and easily to access structured and unstructured EHI formats using mobile devices.

EHI Exports. Third, ONC proposes a new certification criterion for EHI exports, to permit the export of EHI in computable, electronic format, both in the context of an individual patient request and when a health care provider chooses to transition or migrate information to another health IT system. The proposal's other revisions to the 2015 Edition certification criteria include new privacy and security attestations and the adoption of the United States Core Data for Interoperability ("USCDI") as the standard for establishing a set of data classes and constituent data elements, which would be exchanged in support of interoperability nationwide. ONC also proposes revisions to the required health IT disclosures to include a detailed description of all known material information concerning additional types of costs or fees that a user may be required to pay to implement or use the health IT module's capabilities.

Conditions and Maintenance of Certification. Fourth, ONC proposes certain "Conditions and Maintenance of Certification" requirements for health IT developers based on the conditions and maintenance of certification requirements outlined in the Cures Act. Notably, ONC proposes to implement any accompanying Maintenance of Certification requirements as stand-alone requirements to ensure that not only are the Conditions of Certification met, but also that they are continually being met through the Maintenance of Certification requirements.

CMS Proposed Rule

The CMS Proposed Rule focuses on advancing interoperability and patient access to EHI by targeting health plan and payor entities, as well as health care providers. In the proposed rule, CMS emphasized its fundamental belief that "patients should have the ability to move from health plan to health plan, provider to provider, and have both their clinical and administrative information travel with them throughout their journey." CMS issued a fact sheet summarizing key aspects of the proposed rule, and has indicated that it has an active listserv dedicated to its interoperability efforts.

Health Plan / Payor APIs. The centerpiece of the proposed rule is a range of new interoperability and patient access obligations that CMS proposes to require of the various health plans and payors within its jurisdiction, including Medicare Advantage organizations, state Medicaid and Children's Health Insurance Program ("CHIP") fee-for-service programs, Medicaid managed care plans, CHIP managed care entities, and Qualified Health Plan issuers in Federally-facilitated Exchanges. In particular, in alignment with CMS' "Blue Button 2.0" approach for Medicare fee-for-service, these entities must deploy standardized, open APIs to make certain information available to enrollees, consistent with the API (FHIR®) technical standards proposed in the ONC Proposed Rule, as well as the same content and vocabulary standards. These APIs must provide enrollees with immediate electronic access to medical claims and other health information, through third-party applications and developers.

Health Plan / Payor Transitions of Care. CMS also proposes to require the above-mentioned health plans and payors within its jurisdiction to implement open data sharing technologies to support transitions of care as patients move between plans, including requiring plans to exchange, at enrollee request at the specified time, at a minimum, the data elements in the same USCDI standard using that standard's aligned set of content and vocabulary standards for clinical data classes. These data include information about diagnoses, procedures, tests and providers seen. CMS also proposes that, if asked by the beneficiary, plans must forward a beneficiary's information to a new plan or other entity designated by the beneficiary for up to five years after the beneficiary has disenrolled with the plan.

Health Care Provider Information Blocking. CMS also proposes to publicly report providers or hospitals that attest negatively to any of the prevention of "information blocking" statements, which providers must address in context of certain Medicare interoperability support programs. CMS believes that making this information publicly available may incentivize providers and clinicians to refrain from such practices. Other CMS proposals include measures addressing dual-eligibility data syncing, the provision of provider contact information, and new provider requirements relating to discharge, admission and transfer notifications.

Requests for Information. In addition to the policy proposals described above, CMS also included two requests for information. One request related to how CMS can improve patient identification conventions, such as through the use of a unique patient identifier, while another relates to how CMS can promote wide adoption of interoperable health IT systems for use across various health care settings, including those where adoption rates are currently low, such as post-acute settings.

* * *

Comment Period. ONC and CMS are soliciting comments on both proposed rules and the proposals also include a number of specific requests for information. The comment period is expected to close 60 days after the rules' publication in the Federal Register, likely sometime in mid-April 2018.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
In association with
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions