Deadline for Commenting on the Proposed Rules to Improve ePHI Interoperability Extended

The Department of Health and Human Services changed the due date for sending feedback on its proposed guidelines to promote the interoperability of health information technology and electronic protected health information (ePHI) to June 3, 2019.

The Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare and Medicaid Services (CMS) released two new rules on February 11, 2019 by . The objective of the new rules is to facilitate the safe access, sharing, and usage of electronic health data. Subject to the rules are technical and healthcare industry factors blocking the interoperability of health data and are restricting the capability of patients to access their health information.

The due date was changed to provide the public and industry stakeholders even more time to study the proposed guidelines and give substantial input to help accomplish the goals. The extension was a reply to comments from a lot of stakeholders who have requested more time to evaluate the rules, which potentially produce a variety of concerns for healthcare companies.

Two more factors affected the choice to lengthen the due date. There seemed to be some misunderstandings regarding HIPAA and if healthcare providers are responsible for the patients’ use their health information. Additionally, the ONC has just lately introduced the second version of its Trusted Exchange Framework and Common Agreement (TEFCA), which can factor into feedback. Although there isn’t a lot of overlap between the proposed rules of TEFCA and the ONC/CMS, both deal with interoperability and work in similar space.

Additionally, the HHS’ Office for Civil Rights introduced a new FAQ to make clear to patients the HIPAA right of access with regards to the health apps that patients use and the application programming interfaces (APIs) that healthcare providers’ EHR systems use. The FAQ confirms that the patient shares health data via an application, succeeding uses and disclosures are just the healthcare provider’s responsibility if the application developer is a business associate of the healthcare provider.