AHIMA and Provider Groups Call for Enhanced Security and Clarification On Information Blocking Rule
The American Health Information Management Association (AHIMA) sent a joint letter to Congressional leaders today voicing concerns that certain provisions of the Office of the National Coordinator for Health Information Technology’s (ONC’s) recent 21st Century Cures Act (Cures) proposed rule on information blocking jeopardizes goals to foster a healthcare system that is interoperable, patient-engaged and reduces burdens for those delivering care.
The letter, co-signed by seven organizations representing the nation’s clinicians, hospitals, health systems and experts in health informatics and health information management, outlines several recommendations aimed at furthering the objectives of Cures, while ensuring that the final regulations do not unreasonably increase provider burden or hinder patient care.
“We support the intent of the Cures Act to eradicate practices that unreasonably limit the access, exchange and use of electronic health information for authorized and permitted purposes that have frustrated care coordination and improvements in healthcare quality and efficiency,” said AHIMA CEO Wylecia Wiggs Harris, PhD, CAE. “However, in light of the lessons learned from the meaningful use program, we believe it is crucial that we get this right. We look forward to discussing the details of these recommendations with congressional staff and ONC.”
Recommendations outlined in the letter include:
- Additional rulemaking prior to finalization: ONC should seek further input from impacted stakeholders on issues including modifying the information blocking proposal to ensure that the requirements and exceptions are well-defined and understandable, and clinicians, hospitals and health information professionals are not inappropriately penalized if they are unable to provide a patient’s entire electronic health information through an application programming interface (API).
- Enhanced privacy and security: The proposed rule does not sufficiently address Cures’ directives to protect patient data privacy and ensure health IT security. It is imperative that the Committee continues its oversight of privacy and security issues that fall outside of the Health Insurance Portability and Accountability Act (HIPAA) regulatory framework. This includes ensuring certified APIs include mechanisms to strengthen patients’ control over their data—including privacy notices, transparency statements and adherence to industry-recognized best practices.
- Appropriate implementation timelines: ONC should establish reasonable timelines for any required use of certified health IT (CEHRT). Providers must be given sufficient time to deploy and test these systems, which must take into account competing regulatory mandates.
- Revised enforcement: The U.S. Department of Health and Human Services should use discretion in its initial enforcement of the data blocking provisions of the regulation, prioritizing education and corrective action plans over monetary penalties.
For additional information on these recommendations, click here.
Signatories of the letter include:
American Health Information Management Association (AHIMA)
American Medical Association (AMA)
American Medical Informatics Association (AMIA)
College of Healthcare Information Management Executives (CHIME)
Federation of American Hospitals (FAH)
Medical Group Management Association (MGMA)