With its latest round of proposed policies, the Office of the National Coordinator for Health IT (ONC) aims to rapidly advance data sharing and interoperability standards in healthcare.
The draft rule, released Wednesday, establishes, for the first time, a path for certification for payers. It establishes voluntary certification for health IT software used by public health organizations and health plans.
The 1,067-page rule, called HTI-2 (PDF), builds on the agency's HTI-1 final rule published in January, implements provisions of the 21st Century Cures Act and introduces new standards and updates to enhance healthcare interoperability and data sharing, ONC officials said.
ONC's HTI-1 rule established first-of-its-kind nationwide requirements for transparency around AI and algorithms used in health IT.
HTI-2 establishes two new sets of certification criteria for public health IT and payer IT, and both sets focus heavily on standards-based application programming interfaces to improve end-to-end interoperability.
While the certification is voluntary, Micky Tripathi, Ph.D., national coordinator for health IT, said the standards could improve the flow of healthcare data and enhance the patient experience.
The rule also aims to support technical requirements included in the Centers for Medicare & Medicaid Services' (CMS') Interoperability and Prior Authorization final rule released in January that aims to shift payers to electronic prior authorization.
Further, the draft rule raises the floor on the U.S. Core Data for Interoperability (USCDI) to version 4 for certified health IT by January 2028.
Some of the other technology updates for health IT developers included in the proposed rule are required by January 2026, according to a fact sheet (PDF) with key dates from ONC.
The proposed rule would advance the certification of the following APIs required: Patient Access API, Provider Access API, Payer-to-Payer API, Prior Authorization API and Provider Directory API.
Key healthcare stakeholders impacted by the proposed rule include health IT developers, which must update their health IT modules; providers, which will nee to use certified health IT that complies with the updates for data sharing; and health plans, which must ensure their data follows FHIR standards and USCDI v4 (by January 2028). The rule also will enable public health agencies to improved data systems.
America's Health Insurance Plans, a trade association for payers, acknowledged that ONC’s proposed rule includes requirements for aligning health plans, providers and health IT developers in the implementation of electronic prior authorization.
"Electronic prior authorization can help ensure patients receive safe, evidence-based care, while reducing decision times and administrative burdens on providers and plans," the organization said in a statement. "AHIP will continue to review the proposed rule, including proposed payer certification standards, particularly as plans are not subject to the requirements of the ONC certification program."
Electronic health record software developers are concerned about proposed compliance timelines given the scope of proposed requirements and alignment with CMS’ interoperability rule.
“Significant efforts toward HTI-1 compliance are currently underway by EHR Association members, and the Association will now also assess and respond to the HTI-2 proposed rule," Stephanie Jamison of Greenway Health and the EHR Association executive committee chair said in a statement. The EHR Association represents 28 companies in the EHR market.
"Other areas of specific interest to our member organizations include those related to USCDI, expanded API use cases, new and revised information blocking exceptions, health IT obligations regarding ePrior Authorization, certification changes, and TEFCA. The EHR Association will continue our collaborative relationship with ONC and provide feedback from our membership on any areas of concern that arise from our in-depth analysis of HTI-2," the organization said.
"This is a clarification and an expansion of HTI-1," said Jay Anders, M.D., chief medical officer at Medicomp Systems, a health IT and hospital information software company. "They also starting to address some of the things that's been really the bane of existence of physicians for quite some time, like electronic prior authorization for procedures. So, they have basically streamlined, electronically, that whole process, linking the physician to the payer."
The draft rule also expands voluntary health IT certification to public health IT systems to support better data sharing between public health agencies and the rest of the healthcare system. The COVID-19 pandemic exposed gaps in public health infrastructure and a lack of investment in health IT systems.
"I think the United States and pretty much the rest of the world got caught with our pants down with COVID. Sharing information, who's gotten vaccinated and what vaccine did they get, the reporting process needed to be revamped because they were getting information so late in the game. HTI-2 starts to put that mechanism in place, linking public health, both at the county and state level, to the CDC and being able to do electronic case reporting," Anders said.
He added, "The biggest problem with healthcare interoperability is that there have been very few rules or standards by which that information can be shared. Now those are starting to appear. So HTI-1 started and HTI-2 has refined it."
Point-of-Care Partners, a health IT management consulting firm, called the proposed rule a "big step forward for healthcare interoperability."
"By focusing on standard APIs, better data exchange, and fixing key problems in the healthcare system, ONC is making healthcare more connected, efficient, and focused on patients," wrote Kim Boyd, regulatory resource center lead and senior consultant at Point-of-Care Partners in a blog post.
"While the HTI-2 proposed rule sets new standards, smart health plans and EHR vendors should see this as a chance for innovation and standing out," Boyd wrote.
Health plans and EHR vendors should face on creating user-friendly interfaces that help patients access and understand their health information such as prior authorization status and real-time benefit details, Boyd noted. Organizations also could develop patient-facing tools using the new APIs to offer personalized health insights and advice.
"Health plans should think about using these new capabilities to offer more attractive and personalized insurance products. EHR vendors should focus on creating a more open platform that easily integrates with a wide range of third-party applications," Boyd wrote.
While the health IT certification for payers and public health agencies is voluntary, Anders said the draft rule is an important step to establish common data sharing standards.
"It basically establishes that if we're going to communicate, then we're all going to speak the same language," he said. "If you look at the way public health is structured today, the county may be drastically different than the state, which may have no connection to anything nationally at the CDC. Certification levels the playing field."