Photo by Westend61/Getty Images
The American Hospital Association and the HIMSS Electronic Health Record Association have each weighed in with feedback in response to the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health IT's recent notice of proposed rulemaking, HTI-5, which seeks to scale back requirements for ONC's health IT certification program.
Timing and interoperability concerns
In its letter to ASTP/ONC, the EHR Association, which represents nearly 30 member companies developing and supporting certified health IT for hospitals and providers nationwide, said it largely supports burden reductions, and efforts to align health IT certification with real-world clinical use and clarify information blocking exceptions.
While the association said it is encouraging the rapid finalization of proposed health IT certification deregulatory actions, it is asking for the release of any lingering certification and conditions requirements that ASTP/ONC intends to include in the next proposed health IT rule, HTI-6.
In addition, while supportive of efforts to modernize clinical decision support and move toward decision support interventions, EHRA raised concerns about artificial intelligence transparency by washing all source attributes and other related requirements away.
"Despite this general support for the effort, we encourage ASTP/ONC to carefully consider the impact the proposed certification changes would potentially have on the ease of health data interoperability and patient safety within the health system as a whole." – EHRA
"There is some apprehension that inefficiencies, added costs and safety risks could actually increase if new EHR market entrants are able to achieve certification by meeting only the remaining criteria," they said, "possibly ignoring entirely standardized approaches to exchange and data harmonization that are foundational to successful interoperability."
Alignment and cost controls
Meanwhile, in its response to ASTP/ONC, the American Hospital Association asked the agency, among other requests, to establish a more realistic, 24-month transition timeline to FHIR-based standards and maintain existing certification testing criteria to protect rural and resource-constrained hospitals.
The AHA said its hospital members oppose the removal of current privacy, security and third-party modification protections because of patient safety compromises and financial burdens.
On costs, EHRA is largely supportive of certified health IT deregulation measures taken in HTI-5, also known as the Health Data, Technology, and Interoperability: ASTP/ONC Deregulatory Actions to Unleash Prosperity Proposed Rule.
"We appreciate the coordination with [U.S. Centers for Medicare & Medicaid] and their references to the certification program, as it will be important for both EHR developers and participants in Promoting Interoperability and [Merit-based Incentive Payment System] to have alignment between certification requirements and CMS programs," the EHR Association said in the Feb. 27 comment letter.
"In particular, aligning language around payment program requirements and how those depend on functionality affected by removed certified functionality will be key for clarity."
EHRA has been calling on CMS to adjust burdensome reporting requirements for providers and the IT developers that limit implementation timelines and create development challenges and workflow disruption.
"More predictable schedules and alignment across payment programs would help developers build sustainable, usable solutions that providers can more easily integrate into care delivery," the organization said in a 25-page letter that answered a broader Department of Health and Human Services health tech ecosystem request for comments last year.
Salvaging some regulatory criteria
Overall, the agency proposed to remove 34 and update seven of 60 certification criteria within the ONC Health IT Certification Program in the draft HTI-5 rule.
The EHR Association said it supported the removal of several criteria it believes are unnecessary, such as the removal of the implantable device list certification criterion, where broad adoption had been achieved, but recommended keeping certain criteria that could strengthen CDS guidance.
"We generally support the establishment of an expiration date as a sensible approach to removing older and outdated criteria," the association said in its letter addressed to ASTP/ONC chief Dr. Thomas Keane.
"However, if all source attribute requirements are removed from the (b)(11) criterion, we suggest reinstating the (a)(9) criterion without the formerly established 'Info button' standard requirements as a way to retain the source attribute requirements for evidence-based decision support."
Some of its members agreed with the agency that end-user clinicians do not access certain source attributes and requiring their inclusion and enabling customers to edit and modify them is burdensome, EHRA said.
"Source attributes, such as the developer and funding source of interventions, are very helpful for promoting transparency and are valued by clinical organizations using our systems."
Clinicians need to trust that the tool outputs are evidence-based, the EHR Association noted, and some members hold varying positions on whether source attributes should be required to be provided at all.
"Given the need to build trust amongst clinical users of AI during this nascent stage of technology adoption, assuring continued transparency by still requiring that the most informative source attributes be provided to users in a user-friendly way could prove helpful," said EHRA.
AHA, in its preliminary recommendation letter to Keane on Feb. 27, recommended that ASTP/ONC "retain the current decision support interventions criterion."
Of note, the agency proposed to remove the AI model card and risk management requirements related to predictive decision support interventions development and deployment, which it says flies in the face of primary barriers to healthcare AI adoption, AHA said.
"While we appreciate that the agency is attempting to identify criteria that may be of limited value, we have heard from hospitals that this criterion is one of the few examples of transparency standards providing information on AI to help inform procurement and implementation of tools." – AHA
"This criterion provides information on how a predictive or generative AI application was designed, developed, tested, evaluated and should be used. These data are critical to foster trust in AI tools and ensure patient safety."
Info blocking exceptions
ASTP/ONC suggested in the proposed HTI-5 rule that health IT developers are misusing the Infeasibility Exception of information blocking rules.
EHRA found that allegation to be "unnecessarily inflammatory, particularly as this exception has been rarely used by health IT developers," the association said.
"We suggest instead that ASTP/ONC should view confusion amongst regulated actors as a symptom of the complexity of their regulatory program and inadequacy of their guidance and education."
The association said the 10-business-day response window is impossible to meet. "The exception process definitively cannot be completed in such a short timeframe," EHRA said.
"The Information Blocking section of ASTP/ONC's ruling is not deregulatory," the association stated. "In fact, it proposes new requirements for the industry that would have associated costs."
EHRA recommended that ASTP/ONC offer further explanation to types of misuse it claims and as it adds expectations for the use of the exception, "such as custom negotiation of agreements," and supply an estimate of new cost burdens.
The association also described the agency as having "overly prescriptive expectations" of the roles of suggesting and accepting alternatives.
To meet the requirements of the Manner Exception and the Manner Exception Exhausted under information blocking, "ASTP/ONC seems to have overly prescriptive expectations of the roles of the actor and the requester with respect to suggesting and accepting alternatives," EHRA said.
"This is overly heavy-handed on ASTP/ONC's part and counter to the deregulatory requirements outlined by the White House."
AHA also recommended the agency "to retain the 'third-party seeking modification infeasibility exception' but on the grounds of patient safety, provider liabilities and financial burdens. The hospital association argued that retaining requirements would help to prevent "third parties from inappropriately modifying providers' records without their knowledge."
"We also urge the agency to repeal the excessive provider disincentives that were finalized under the Biden administration," AHA said in its comment letter.
Ongoing requirements
A major key concern of EHRA is having the agency address lingering concerns left over from the HTI-2 final rule, which neither proposed nor finalized certain privacy and security requirements needed to certify DSI modules.
"It has proven difficult for us to comment as thoroughly as we would normally on the HTI-5 NPRM without knowing the other imminent plans for the certification program." – EHRA
AHA similarly cited privacy and security requirements as one of its priority recommendations: "Specifically, we urge ASTP/ONC to maintain current privacy and security criteria, as well as transitions of care and decision support interventions criteria," the hospital association said.
EHRA said the lack of candor on these issues causes uncertainty in terms of development efforts, certification planning and provider adoption plans, noting that it's "unclear whether certification proposals from HTI-2 that were previously canceled will be reintroduced in a different form in HTI-6," the association said.
There's also still the matter of competing compliance timelines dictated by HHS agencies.
"When updated certification requirements are added in the future," EHRA told Keane, "we also urge you to continue to look even more closely at timelines to ensure they are adequate for the scope of the work to be completed and to coordinate carefully with CMS to ensure better alignment between ASTP/ONC deadlines for software certification and those requiring adoption of updated technologies by our provider customers."
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.
