ONC

Subscribe to ONC via RSS

On June 24, 2024, the Department of Health and Human Services (“HHS”) released a final rule (“Disincentives Final Rule”) establishing disincentives for certain healthcare providers that have committed information blocking. The information blocking disincentives directly impact Medicare-enrolled healthcare providers or suppliers including hospitals, critical access hospitals, MIPS-eligible clinicians, and ACOs. The Disincentives Final Rule has been submitted to the Office of the Federal Register for publication and will become effective 30 days after Federal Register publication.Continue Reading Healthcare Providers Who Engage in Information Blocking Will Face Disincentives Described in an HHS Final Rule    

On December 13, 2023, the U.S. Department of Health and Human Services’ (HHS) Office of the National Coordinator for Health Information Technology (ONC) released the Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing (HTI-1) Final Rule.Continue Reading ONC Releases Final Rule on Information Blocking and Health IT Certification Program Updates, Including Requirements Related to AI

On January 18, 2022, the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) and the entity chosen as a contracting partner, The Sequoia Project, Inc., published the long-awaited Trusted Exchange Framework and Common Agreement (TEFCA) for health information exchange. In simple terms, TEFCA is a framework that health information networks (HINs) may enter into to share health data with other HINs, individuals, and entities. The stated goal of TEFCA is to develop uniform policies and technical requirements to scale health information exchange nationwide and ensure that HINs, health care providers, health plans, individuals, and other stakeholders can access real-time, interoperable health information.
Continue Reading ONC Releases a Framework for Nationwide Health Information Exchange

Electronic health record (EHR) vendor Allscripts recently disclosed on an earnings call that it has reached a tentative agreement with the Department of Justice (DOJ) to pay $145 million to settle an investigation into the regulatory compliance of one of its recent acquisitions, Practice Fusion. This news, combined with DOJ’s other recent successful enforcement actions against EHR companies, represents a trend and should be a warning that compliance is a priority when it comes health IT. We anticipate that there will be more Anti-Kickback, HIPAA, and False Claims Act cases against similar health IT targets in the pipeline.

Allscripts acquired Practice Fusion, also an electronic health record company, in February 2018. According to the company’s public SEC filing from the first quarter of 2019, the investigation “relates to both the certification Practice Fusion obtained in connection with the U.S. Department of Health and Human Services’ Electronic Health Record Incentive Program and Practice Fusion’s compliance with the Anti-Kickback Statute and HIPAA.”Continue Reading Allscripts Close to Reaching Deal with DOJ for Health IT Certification, Anti-Kickback Statute, and HIPAA Issues

Building on momentum from Administrator Seema Verma’s announcement of the MyHealtheData initiative at HIMSS 2018, CMS has published more clues as to future action to liberate health information for patients.

In the CY 2019 call letter to Medicare Advantage organizations and Part D programs, CMS describes the Blue Button 2.0 project and its use of

On March 6, 2018 at the Healthcare Information and Management Systems Society (HIMSS) 2018 conference, Centers for Medicare & Medicaid Services (CMS) Administrator Seema Verma announced a new initiative furthering the current Administration’s focus on value-based care and increasing patient access to healthcare data. The initiative — called MyHealthEData — will be led by the White House Office of American Innovation, in collaboration with the Department of Health and Human Services (HHS), CMS, the Office of the National Coordinator for Health Information Technology (ONC), the National Institutes of Health (NIH), and the Department of Veterans Affairs (VA). (CMS press release here.)
Continue Reading Liberating Data to Transform Value-Based Care: MyHealthEData, Blue Button 2.0, and Price Transparency

This morning, the Food and Drug Administration released highly anticipated guidance on clinical and patient decision support that has been in the works at the agency for several years, advising the digital health community about how it plans to regulate software that offers recommendations or feedback to its users—both healthcare professionals, and patients and caregivers. It also provides guidance on FDA’s interpretation of new software provisions in Section 3060 of the 21st Century Cures Act.

Given the explosion of these innovative digital health tools and their strong potential to transform healthcare, this guidance is a significant development for tech companies and investors focusing on this space. Comments will be accepted for 60 days.
Continue Reading FDA Issues New Guidance for Clinical and Patient Decision Support Software

On September 26, 2016, the Office of the National Coordinator for Health Information Technology (ONC) released guidance, entitled EHR Contracts Untangled, to help providers navigate the complexities of electronic health record (EHR) vendor contracting. The guidance breaks down important considerations for selecting EHR systems, and provides strategic pointers – including sample contract language

The HHS Office of Civil Rights published a new FAQ response (OCR FAQ) detailing the agency’s position that generally information blocking will violate the HIPAA Privacy and Security Rules if it affects a covered entity’s access to its own protected health information (PHI) or its ability to respond to requests for access to PHI from patients. This follows a series of similar policy documents from HHS over the past 18 months that focus on preventing business arrangements or practices that would be defined as information blocking, and thereby, frustrating the goal of interoperability. Specifically, according to the OCR FAQ:

  • An electronic health records (EHR) vendor or cloud provider’s actions to terminate a covered entity’s access to its own electronic PHI (ePHI) (e.g., in a payment dispute) would violate the HIPAA Privacy Rule because those actions would constitute an impermissible use of PHI.
  • An EHR vendor or cloud provider’s refusal to ensure the accessibility and usability of a covered entity’s ePHI upon demand by the covered entity or to return a covered entity’s ePHI upon termination of the agreement, in the form and format that is reasonable in light of the agreement, would violate the HIPAA Security Rule.
  • A business associate may not deny a covered entity access to the PHI the business associate maintains on behalf of the covered entity if necessary to provide individuals with access to their PHI under the HIPAA Privacy Rule.
  • A covered entity that agrees to terms within a business associate agreement (BAA) that would prevent the covered entity from ensuring the availability of its own PHI as required would not be in compliance with the HIPAA Privacy and Security Rules.

OCR has increasingly ramped up its enforcement of violations of the HIPAA Privacy and Security Rules related to noncompliant BAAs, so the new OCR FAQ signals that information blocking provisions could be the source of future enforcement actions.Continue Reading Blocking Access to Health Information May Violate HIPAA

On July 19th, the Office of the National Coordinator for Health Information Technology (“ONC”) released a report expressing concerns about major gaps in policies and oversight surrounding the access to, security, and privacy of health information held by certain mobile health (“mHealth”) technology companies and health social media.  While the report frames the