As the age-old adage goes, information is power. This is especially true with respect to one's own health information, a fact that the Office of the National Coordinator for Health Information Technology (ONC) recognized and embraced with the recent publication of a long-awaited rule implementing the 21st Century Cures Act. Through this rule, ONC strikes the difficult balance between increasing health information sharing among patients, providers, and other parties and maintaining the privacy and security of that information.
- Promote and fund the acceleration of research into preventing and curing serious illnesses;
- Accelerate drug and medical device development;
- Address the opioid abuse crisis; and
- Improve mental health service delivery.
In March 2020, the ONC passed a comprehensive rule intended to implement some of the Act’s core objectives. According to HHS, this rule along with another Cures Act rule recently passed by the Centers for Medicare and Medicaid Services (CMS) “mark the most extensive healthcare data sharing policies the federal government has implemented.” Most pertinently for the telehealth space, ONC’s rule focuses on increasing interoperability among disparate electronic health record systems in order to make electronic health information (EHI) mobile and truly possessed by the patient, ensuring ease of exportability to and accessibility by a new provider.
In this article, we’ll break down key aspects of the rule which could have a positive impact on the telemedicine industry.
ONC Cure’s Act Rule: Restriction on Information Blocking related to EHI
First, the rule regulates “information blocking” which are practices that are likely to interfere with, prevent, or materially discourage access to, exchange, or use of EHI. Information blocking impedes the development of a technology-forward healthcare system because it leads to diminished interoperability. With health information stored in siloed databases, accessible only via certain proprietary software, it becomes difficult to share and analyze.
Information blocking can come in various forms. One example is a healthcare provider refusing to exchange EHI in a HIPAA-compliant manner. This can occur either directly or by the provider imposing unreasonable limitations on the release of EHI. Another example of information blocking would be imposing restrictions on a patient’s ability to share EHI with a provider who uses a different electronic health records system or limiting the types of data elements that can be exported from a given records system.
A key impetus for the ONC rule was the conclusion by the HHS that information blocking is anti-competitive conduct, frustrating “efforts to use modern technologies to improve healthcare quality and efficiency, accelerate research and innovation, and provide greater value and choice to health care consumers.” 84 Fed. Reg. 7424, 7508 (March 4, 2019).
After defining information blocking, ONC offers examples of eight exceptions for “reasonable and necessary” practices that do not constitute information blocking. These exceptions include five situations where requests for access to, exchange, or use of EHI may be denied: (1) where necessary to prevent harm to patients, (2) where necessary to protect patient privacy; (3) where necessary to promote security of EHI; (4) where infeasible; and (5) where necessary to maintain and improve overall performance of health information technology. The final three exceptions pertain to fulfilling requests for access to, exchange, or use of EHI: (1) providers may impose reasonable limits on the content of their response to, and the manner in which they fulfill, requests for EHI; (2) providers may impose certain costs incurred in connection with access to EHI; and (3) providers may impose reasonable and non-discriminatory terms on the licensing of their interoperability elements.
Understanding these exceptions is critical for providers, as violation of the information blocking provisions can result in having to pay significant financial penalties.
ONC Cure’s Act Rule: API Requirements to Increase Access to EHI
The second key aspect of ONC’s new rule is its establishment of various application programming interface (API) requirements intended to minimize difficulties in accessing, exchanging, and using EHI via certified API technology. These “conditions of certification” fall into three categories: (1) transparency conditions, which require API developers to publish certain business and technical documentation necessary to interact with their API technologies; (2) permitted fees conditions, which set criteria for fees that API developers are allowed to charge for development, deployment, and upgrade of their technology as well as value-added services related to the technology; and (3) openness and pro-competitive conditions, which create practices that API developers must follow to enable an open and competitive marketplace.
ONC Cure’s Act Rule: Likely Impact on Telemedicine
ONC’s Cures Act rule has the potential to deeply impact telemedicine. Taken together, both of the rule’s key sets of provisions are likely to reduce a main barrier to entry to telemedicine -- difficulty accessing EHI -- leading to greater interest in receiving and providing care via telehealth modalities. In addition, standardized APIs, as called for by the rule, reduce the time and costs providers must expend accessing EHI, making telehealth treatment more palatable for providers.
"Both of the rule’s key sets of provisions are likely to reduce a main barrier to entry to telemedicine -- difficulty accessing EHI"
From a big picture perspective, ONC’s rule may benefit the telemedicine industry by promoting a regulatory environment conducive to creative and innovative healthcare solutions. The mere fact of the rule’s publication is likely to encourage new market entrants and boundary-pushing products and services across the healthcare industry, including telemedicine and virtual care.