Last week, the Office of the National Coordinator for Health Information Technology (ONC)  published an Interim Final Rule: Information Blocking and the ONC Health IT Certification Program: Extension of Compliance Dates and Timeframes in Response to the COVID-19 Public Health Emergency (Interim Final Rule) providing needed relief to entities working toward compliance.  In the 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program Final Rule (ONC Rule), issued on May 1, 2020, ONC defines the entities that are subject to the rule’s provisions. ONC refers to these entities as Actors. Actors include health care providers, health IT developers of certified health IT, Health Information Exchanges (HIEs), and Health Information Networks (HINs). The Interim Final Rule provides these Actors with “additional flexibilities” to implement the provisions of the ONC Rule including updated compliance dates.  ONC explained that the extension is due to the outbreak of COVID-19 public health emergency; however, this will also provide ONC with additional time to provide answers to the numerous questions that the agency has received as Actors work toward compliance. ONC is accepting comments on this rule, as is typical for an interim final rule. These comments must be submitted to regulations.gov by January 4, 2021.

The Interim Final Rule extends “the applicability date for the information blocking provisions and compliance dates and timeframes for certain Program requirements, including compliance dates for certain 2015 Edition health IT certification criteria and Conditions and Maintenance of Certification requirements.” See CMS and ONC Enforcement Deadlines Chart for more information about compliance dates for the ONC Rule.

Information BlockingContinue Reading ONC Issues Interim Final Rule Extending Compliance Dates for the Information Blocking and the ONC Health IT Certification Program

On March 27, 2019, the Centers for Medicare & Medicaid Services (CMS) announced a $1.65 million competition to accelerate development of AI solutions in health care. The Artificial Intelligence (AI) Health Outcomes challenge seeks innovative, AI-driven solutions that can predict unplanned hospital and skilled nursing facility (SNF) admissions and adverse events.

The challenge is a

In order to move health care organizations towards consistency in mitigating important cybersecurity threats to the health care sector, the Department of Health & Human Services (HHS) published multiple guidance documents on best practices for health care organizations to reduce cybersecurity risks (“HHS Cyber Guidance”). The HHS Cyber Guidance is the result of HHS’ public-private partnership with more than 150 cybersecurity and health care experts. While compliance is voluntary, this guidance serves as direction to health care entities on important practices that should be considered and implemented to reduce risk.

Why HHS has published this guidanceContinue Reading HHS Releases Voluntary Cybersecurity Practices Guidance

Yesterday, the FDA released draft guidance on the management of cybersecurity in medical devices submitted to the agency for premarket review. Noting that cybersecurity threats to the healthcare sector have increased in number and severity, the FDA offered new recommendations for device design, labeling, and documentation that medical device manufacturers will need to consider during premarket submission processes.

The guidance comes shortly after the FDA’s launch of its Medical Device Cybersecurity Playbook, which provides a framework for healthcare delivery organizations to use in preparing for and responding to cybersecurity threats against patient medical devices.

Given rapid changes in technology and increasing innovation in the digital health market, the guidance intends to decrease the risk of cyberattacks that could render medical devices inoperable and potentially harm patients. Comments on the draft guidance are due on March 18, 2019.
Continue Reading FDA Issues New Guidance for the Management of Cybersecurity in Medical Devices

Congress is considering several adjustments to health IT policy which may have significant impact on the Centers for Medicare and Medicaid Services’ (“CMS”) electronic health records (“EHR”) incentives. On July 20th and 21st, Representatives met to discuss bipartisan legislation to improve the Meaningful Use program and introduced legislation that would authorize a CMS Innovation Center (“CMMI”) project to incentivize EHR adoption by behavioral health providers. The bills may be indicative of Congress’ attitude towards the Meaningful Use program, which has garnered criticism from providers for being burdensome.

On July 21, 2017, the House Committee on Energy and Commerce Subcommittee on Health held a hearing on H.R. 3120 and featured testimony from Cletis Earle, Chairman-Elect of the College of Healthcare Information Management Executives. The bill, sponsored by a group of bipartisan lawmakers, will allow CMS to modify the requirements of the Meaningful Use program in order to give the Secretary additional flexibility in implementing the program. Currently, providers and vendors must comply with the Stage 3 measures and objectives of the Meaningful Use program starting January 1, 2018 or be subject to Medicare reimbursement penalties. Earle argued that the implementation timeline for Stage 3 of the program is too rigorous for providers to meet and may lead to an increase in hardship exemption applications. Provider and vendor groups across the industry have suggested that the HHS Secretary Tom Price delay the Stage 3 obligations, noting that software implementation and cybersecurity issues have made the 2018 deadline unreasonable. Sponsors of H.R. 3120 note that the bill will reduce the burden on providers’ use of EHR systems, allowing providers to focus on care coordination and patient outcomes. In response, CMS noted that the proposed “Medicare Program; CY 2018 Updates to the Quality Payment Program,” which is open for comment through August 21, 2017, would give eligible providers an additional year to implement EHR technology that complies with the 2014 or 2015 edition of Certified Electronic Health Record Technology (“CEHRT”) and offers the opportunity to apply for hardship exemptions for the Advancing Care Information performance category of the Merit-based Incentive Payment System (“MIPS”). For more information, see our update on key proposals of the 2018 Proposed Rule here.
Continue Reading Congress Remains Focused on Electronic Health Records