HHS Announces Extended Comment Period for Healthcare Interoperability Proposed Rules,…
- Public Policy
- HHS Announces Extended Comment Period for Healthcare Interoperability Proposed Rules, Releases New HIPAA FAQs
- Nikki Golden
- April 30, 2019
The U.S. Department of Health and Human Services (HHS) announced that it would extend until June 3 the comment periods for CMS and the Office of the National Coordinator for Health Information Technology (ONC) proposed interoperability and information blocking rules. CMS also announced that as a result of public comments, it will adjust the effective dates of its policies to allow for adequate implementation timelines as appropriate.
In addition, HHS released a set of frequently asked questions (FAQs) from the Office for Civil Rights (OCR), addressing HIPAA’s right of access as related to apps designated by individual patients and application programming interfaces (APIs) used by a health care provider’s electronic health record (EHR) system. The FAQs clarify, among other things, that once protected health information (PHI) has been shared by a HIPAA-covered entity with a third-party app, as directed by the individual, the covered entity will not be liable under HIPAA for subsequent use or disclosure of electronic PHI, provided the app developer is not itself a business associate of a covered entity or other business associate.
In March 2019, the ONC published the original proposed rule to implement statutory provisions intended to advance the exchange of electronic health information (EHI). Notably, the proposed rule targets “information blocking” practices that unreasonably limit the availability, disclosure and use of EHI.
In a companion rulemaking, CMS proposes to publicly report providers that participate in information blocking practices. The rule also would require health care providers and plans to implement open data sharing technologies to support transitions and coordination of care as patients move between health plans.
As currently drafted, the ONC and CMS rules will likely require changes to stakeholders’ HIPAA policies and contractual arrangements and encourage partnerships with new technology vendors who offer compliant technology services. The extension of the proposed rule public comment periods and CMS’s stated plans to extend the implementation timeline appear to be an acknowledgement of the complexities of these policies.
Read the Original March Proposed Rule here: Original Proposed Rule
Read the Updated Proposed Rule here: Updated Proposed Rule