New rules were published by the Department of Health and Human Services’ Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare and Medicaid Services (CMS) in February to support the secure accessing, exchange, and use of ePHI and health IT. The new rules aim to eliminate some of the barriers that are impeding the secure access, use and exchange of health information and are hampering attempts by patients to access their health data.
Feedback was requested on the new rules within 60 days of the publication of the rules in the federal register.
Late last week, the HHS announced that the commenting period has been extended until June 3, 2019. The HHS had received feedback from several industry stakeholders, but multiple requests had been received asking for more time to thoroughly assess the new rules and their implications.
The extension of the deadline for comments was influenced by the release of second draft of the ONC’s Trusted Exchange Framework and Common Agreement (TEFCA). After receiving more than 200 comments, the ONC has made several key changes to TEFCA.
While there is not a significant amount of overlap between TEFCA and the two new rules on Health IT and ePHI interoperability, they all operate in a similar space. It therefore made sense for the new rules and second draft of TEFCA to be reviewed together, as TEFCA may influence stakeholder comments.
In addition, it was brought to the attention of the HHS that some healthcare organizations appear not to have understood HIPAA Rules regarding patients’ right of access to ePHI in relation to health IT and accountability for ePHI, especially after patients have exercised their right of access. The HHS’ Office for Civil Rights has created a new FAQ for healthcare professionals which should help to improve understanding of HIPAA Rules in relation to health IT and the right of access.