Electronic Health Reporter

By Stephanie Jamison (Greenway Health) and Leigh Burchell (Altera Digital Health), Chair and Vice Chair, EHR Association Executive Committee, and Greg Thole (Oracle), Chair, EHR Association Certification Workgroup

In the lead-up to publication by the Assistant Secretary for Technology Policy (ASTP) of the Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability (HTI-2) proposed rule, health IT stakeholders braced for what was certain to be a massive policy proposal. Those fears were quickly realized when the overwhelming scope of proposed new and expanded software requirements in the 1067-page HTI-2 NPRM was revealed.

Following an in-depth analysis of HTI-2 and the process of drafting comments (available here), the EHR Association has identified several overarching issues, as well as specific concerns related to Insights measures within the proposed rule.

Highlighting the Positives

Before we delve into the negatives, however, it is important to note that we are highly supportive of several of ASTP’s recommendations. One is the proposal to expand the Certification Program to include criteria focused on the adoption and use of certified health IT by both payers and public health agencies (PHAs) to supplement criteria for healthcare providers. Holding all parties to specific and consistent standards and procedures is critical to achieving real end-to-end interoperability.

Another is the way ASTP has structured the numerous new proposed FHIR API-based required features (e.g., dynamic registration, SMART Health Cards, CDS Hooks, Subscriptions) in a manner that allows developers to re-use the same capability for multiple different use-case-focused criteria. This is a helpful format that allows developers to streamline and avoid duplicating work effort.

Finally, in the context of the Insights requirements, many of ASTP’s proposals demonstrate attentiveness to the questions and concerns raised by the Association and its member companies since the measures were originally finalized in HTI-1 rulemaking. Some of these tweaks to measurement specifications will reduce the burden and make for more consistent and valuable reporting data.

Overarching Concerns

While we do support many elements of HTI-2, there are also several areas of real concern. We’ve raised many of them previously in comments, but they have yet to be adequately addressed by ASTP and other regulatory agencies.

For example, a common refrain in the Association’s comment letters and RFI responses is that compliance timelines and the scope of work in ASTP regulations create significant burdens for all health IT developers, as well as our healthcare provider customers. We delivered this message related to HTI-1, and our members are now devoting extensive resources to compliance—sometimes at the cost of innovation clients have requested.

Yet, as evidenced by the extensive scope of the HTI-2 proposals, ASTP and CMS continue to ignore the significant and serious timeline concerns we’ve voiced for years. CMS programs, such as the Medicare Promoting Interoperability program and Merit-based Incentive Payment System (MIPS), require healthcare providers to use upgraded certified EHR technology effective essentially on the same deadlines set by ASTP for vendors to deliver those updates. This forces developers to deliver compliant solutions significantly earlier than the deadlines officially listed by ASTP and does not allow adequate runway after the deadline for healthcare providers to adopt the updates, potentially compromising a safe and effective implementation process.

In the case of HTI-2, the earliest proposed deadlines of 2026 are infeasible given the time required to develop and deploy upgraded software, since the HIT-2 final rule isn’t expected until several months into 2025. Further, even the proposed requirements for 2027 and 2028 certification changes are so significant as to make them difficult to complete on time, particularly when factoring in the necessary implementation runway.

The high price of compliance is another overarching concern. The HTI-2 compliance burden is so onerous that it is expected to reshape the certified solutions market, including a sizable decrease in Certification Program participation. ASTP projects a 12% reduction in certified products—a market contraction that will disrupt and place an undue burden on smaller healthcare organizations by forcing them to select and implement certified solutions from a new health IT partner in what would likely be a very short period.

Even more striking, HTI-2 compliance efforts are expected to drive smaller EHR developers out of business altogether. ASTP projects that the cost of complying with HTI-2, particularly on the heels of HTI-1, could lead to an 11% decrease in health IT developers in the market.

Providers and patients are also impacted by the high cost of compliance, both in terms of dollars spent and lost innovation opportunities. Heightened regulatory burdens on developers frequently translate into higher prices for providers who must adopt mandated technology upgrades, which trickles down to care delivery and operations.

The need to dedicate all resources to delivering compliant solutions also detracts from developers’ ability to focus on providing innovation and “delighters,” effectively stunting growth and innovation in the industry.

Concerning Insights Measures Proposals

Insights is a Condition and Maintenance of Certification requirement introduced via statutory directive in the 21st Century Cures Act, which tasked ASTP with creating an EHR reporting program for certified health IT developers. By its nature, Insights poses a difficult value proposition for developers, as it requires the commitment of development time and resources to efforts that do not directly benefit providers.

For this reason, we believe it’s critical to maintain a low level of complexity for Insights measures, particularly for the initial launch. However, HTI-2 proposes both new metrics and changes to pre-existing metrics that were initially finalized in HTI-1 rulemaking—changes that may impede developers from starting on compliance and even force them to scrap existing plans altogether and return to the drawing board.

Accordingly, our stance is that ASTP should maintain whatever is finalized in HTI-2 through at least the first year of reporting for each measure to avoid any further re-work by developers.

Other concerns specific to Insights measure proposals include: 

• Unique identifiers for providers whose data is included in measure submissions. To comply, health IT developers would likely need to secure agreements with providers to include their data in measure submissions without the benefit of anonymity. This would inevitably raise significant concerns from those providers and diminish the likelihood they would be willing to participate. It also poses a significant technical and operational challenge for developers to reliably collect and report unique identifiers for every clinician using their systems – a task that may prove infeasible, particularly for developers with a large customer base.
• Overly aggressive additions. Maintaining overall simplicity is key to ensuring Insights does not impose an unnecessary drain on developer resources that may ultimately harm both providers and developers. Newly proposed metrics as part of the “C-CDA Reconciliation and Incorporation Through Certified HIT” measure is a great example of ASTP being too aggressive and complex with Insights measures. When introducing new certified capabilities, we strongly recommend that corresponding Insights measures only be considered after those new capabilities are well established.

The bottom line is this: ASTP must consider the burden the increasing complexity of its various Insights requirements place on developers and providers and work to maintain simplicity while keeping realistic expectations for what information developers can reasonably obtain and what mandates can reasonably be met.