In a proposed rule similar to another presented by the Centers for Medicare & Medicaid Services (CMS), the Office of the Inspector General (OIG) is proposing to extend the exception for donors of electronic health record (EHR) systems (i.e., safe harbor) by three years. Along with changing the sunset date of the original 2006 ruling from Dec. 31, 2013 to Dec. 31, 2016, the propose rule aims to achieve two additional goals: removing the requirement for electronic prescribing (e-prescribing or eRx) and updating the previous ruling’s definition and determination of EHR interoperability.
According to the proposed ruled, the agency’s emphasis on interoperable EHR systems is part of its effort to avoid hindrances to the secure exchange of health information among healthcare organizations and providers, not just between donor and donee:
We are particularly interested in new or modified conditions that will help achieve two related goals. The first goal is to prevent the misuse of the safe harbor in a way that results in data and referral lock-in. The second, related goal is to encourage the free exchange of data (in accordance with protections for privacy). These goals reflect our interest, which we discussed above, in promoting the adoption of interoperable electronic health record technology that benefits patient care while reducing the likelihood that donors will misuse electronic health record technology donations to secure referrals.
The updated definition of interoperability embodies the work on the part of CMS, OIG, and especially the Office of the National Coordinator for Health Information Technology (ONC), to remove obstacles in the way of safe and efficient health information exchange:
For purposes of this safe harbor, “interoperable” means “able to communicate and exchange data accurately, effectively, securely, and consistently with different information technology systems, software applications, and networks, in various settings, and exchange data such that the clinical or operational purpose and meaning of the data are preserved and unaltered.”
In seeking comments on the proposed rule, the division of the Department of Health & Human Services (HHS) admits that true interoperability is not limited to the capabilities and certification of an EHR system as interoperable but must include components aimed at avoiding business practices that prevent the free exchange of health information:
However, it has been suggested that even when donated software meets the interoperability requirements of the rule, policies and practices sometimes affect the true ability of electronic health record technology items and services to be used to exchange information across organizational and vendor boundaries. We seek comments on what new or modified conditions could be added to the electronic health records safe harbor to achieve our two goals and whether those conditions, if any, should be in addition to, or in lieu of, our proposal to limit the scope of permissible donors.
Of major significance to the continued privacy and security of electronic protected health information (PHI) are the conditions for certifying EHR systems. “First, we propose to modify the provision to reflect that ONC is responsible for ‘recognizing’ certifying bodies, as referenced in this provision,” states the proposed rule. “Second, we propose to modify the portion of this provision concerning the time period within which the software must have been certified.”
Moving forward, the proposed rule would therefore have a downstream effect on health information in stored, accessed, or exchanged using donated systems if the criteria by which they were certified allow for conditions wherein EHR systems or modules do not need to meet privacy or security (e.g., the Base EHR definition in 2014 Certification).
The proposed rule is now published on the Federal Register and the 60-day comment period begin todayonce the rule is officially published.