ONC, CMS Announce Final-Rule Compliance Extensions Due to COVID-19
Due to the COVID-19 public health emergency, officials from the Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare & Medicaid Services (CMS) have respectively announced they will be providing some relief to stakeholders complying with their final interoperability regulations.
In a joint April 21 statement, federal officials from ONC and CMS said they were announcing “a policy of enforcement discretion to allow compliance flexibilities regarding the implementation of the interoperability final rules announced on March 9th in response to the COVID-19 public health emergency. ONC, CMS, and OIG (Office of Inspector General) will continue to monitor the implementation landscape to determine if further action is needed.”
The two new rules clarify issues around information blocking, as defined by the administration, and promote the development of a nationally consistent patient access API (application programming interface) concept, designed to make access to their electronic health records (EHRs) available to all patients through their smartphones.
Some of the timelines from the final interoperability rules—which apply to all hospitals, physicians, and health plans that receive any reimbursement through either the Medicare or Medicaid programs, as well as the technology vendors that these organizations use—were slated to be enforced as soon as six months from when the final rule was published in the Federal Register, which, for the ONC rule, is now going to be on May 1.
Now, due to COVID-19, each agency is planning on offering some relief for participants. For the ONC rule, Don Rucker, M.D., National Coordinator for Health IT, noted, “During this critical time, we understand that resources need to be focused on fighting the COVID-19 pandemic. To support that important work and the information sharing efforts we are already seeing, ONC intends to exercise enforcement discretion for three months at the end of certain ONC Health IT Certification Program compliance dates associated with the ONC Cures Act Final Rule to provide flexibility while ensuring the goals of the rule remain on track.”
Meanwhile, for CMS, Administrator Seema Verma announced the agency would be extending the implementation timeline for the admission, discharge, and transfer (ADT) notification Conditions of Participation (CoPs) by an additional six months. In the version of the final rule displayed on March 9, it stated these CoPs would be effective six months after the publication of the final rule in the Federal Register. Now, they will be effective one year after the final rule is published in the Federal Register—a date that is still to be determined. The six-month timeline for hospitals to begin doing patient event notifications was a particular concern for stakeholders, even before impact of the COVID-19 pandemic began to be felt in the U.S. Additionally, CMS finalized in March the Patient Access API and Provider Directory API policies for Medicare Advantage, Medicaid, and the Children’s Health Insurance Program (CHIP), effective Jan 1, 2021. CMS also will exercise enforcement discretion for a period of six months in connection with these two API provisions, extending those timeframes to July 2021, Verma said.
ONC has published a new compliance date/timeframe chart on its website, making it clear that some provisions—such as the condition of certification for information blocking—will still be expected to go into effect on November 1, 2020. However, the health IT agency is allowing for a three-month enforcement discretion across several of its requirements. For the rollout of new standardized API functionality, the timeframe is still 24 months from May 1, 2020, with the same three-month enforcement discretion added.
As the COVID-19 health crisis has continued to evolve over the last month, word starting spreading that discussions were being had about delaying the timelines for both the ONC and CMS rules. The non-profit Pew Charitable Trusts, a research and policy organization, noted in a letter to HHS Secretary Alex Azar that the epidemic has emphasized the need to move them forward without delay. “The COVID-19 pandemic gripping the nation underscores the importance of these regulations in enabling greater data exchange and providing patients with their information,” the group wrote. In a tweet following the flexibility announcements, Ben Moscovitch, director of health IT policy and research for Pew, wrote, “Good on ONC for finalizing the rule with minimal time changes.”
OIG weighs in on information blocking
When it released the final rule, ONC stated that the enforcement of information blocking civil monetary penalties will not begin until future rulemaking is issued by OIG. Today, OIG published a proposed rule amending the civil money penalty (CMP) regulations. One proposal from the department is to delay enforcement until 60 days after its rule is final, while noting that commenters are encouraged to submit comments regarding how the COVID-19 pandemic and other considerations should affect information blocking enforcement time frames.
The proposed rule would incorporate statutory changes in three areas: (1) new authorities for CMPs, assessments and exclusions related to HHS grants, contracts and other agreements; (2) new CMP authorities for information blocking; and (3) increased maximum penalties for certain violations, according to OIG.
In the proposal, OIG outlined that the maximum information-blocking penalty would be $1 million per violation.
In the proposed rule, OIG provides examples for how it would determine single or multiple violations of the information blocking provision for individuals and entities subject to OIG's CMPs, such as health IT developers. Additionally, OIG explains that information blocking determinations require determining if actors had the right level of intent.
"Health IT professionals and entities who make innocent mistakes will not be subject to CMPs," said Christi A. Grimm, HHS-OIG Principal Deputy Inspector General. "As our proposed rule makes clear, each allegation of information blocking would be assessed based on its own merits given the unique facts and circumstances presented, including the intent of parties. That assessment will include close coordination with ONC and the HHS Office of Civil Rights."
The proposed rule also highlights expected priorities for enforcement actions, OIG stated. Those priorities would include investigating conduct that resulted in, is causing or has the potential to cause patient harm; significantly impacted a provider's ability to care for patients; was of long duration; caused financial loss to federal healthcare programs or other government or private entities; or was performed with actual knowledge.