Deadline Extended for Comments on HHS Health IT and ePHI Interoperability Rules

New rules were published by the Department of Health and Human Services’ Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare and Medicaid Services (CMS) in February to support the secure accessing, exchange, and use of ePHI and health IT. The new rules aim to eliminate some of the barriers that are impeding the secure access, use and exchange of health information and are hampering attempts by patients to access their health data.

Feedback was requested on the new rules within 60 days of the publication of the rules in the federal register.

Late last week, the HHS announced that the commenting period has been extended until June 3, 2019. The HHS had received feedback from several industry stakeholders, but multiple requests had been received asking for more time to thoroughly assess the new rules and their implications.

The extension of the deadline for comments was influenced by the release of second draft of the ONC’s Trusted Exchange Framework and Common Agreement (TEFCA). After receiving more than 200 comments, the ONC has made several key changes to TEFCA.

While there is not a significant amount of overlap between TEFCA and the two new rules on Health IT and ePHI interoperability, they all operate in a similar space. It therefore made sense for the new rules and second draft of TEFCA to be reviewed together, as TEFCA may influence stakeholder comments.

In addition, it was brought to the attention of the HHS that some healthcare organizations appear not to have understood HIPAA Rules regarding patients’ right of access to ePHI in relation to health IT and accountability for ePHI, especially after patients have exercised their right of access. The HHS’ Office for Civil Rights has created a new FAQ for healthcare professionals which should help to improve understanding of HIPAA Rules in relation to health IT and the right of access.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: