ONC issues proposed technical standards to improve health information sharing

Proposed regulations bring healthcare providers and patients a step closer to gaining access to key health information stored in payer databases.

Provisions in a proposed rule published Aug. 5 by the Office of the National Coordinator for Health Information Technology (ONC) support a CMS final rule released in 2020 and another issued early this year, setting voluntary certification standards for information-sharing technology.

The newly proposed rule is IT-focused, but hospital-based personnel in various functions likely will be interested in what the standards mean for information access starting in 2027, when the required application programming interfaces (APIs) must be in place. While plans for the APIs were broadly finalized in the CMS rulemaking, the technical specifications are subject to a notice-and-comment period via the ONC proposed rule. Comments are due by Oct. 4 at regulations.gov.

Implementing the technology is projected to cost $69,200 per hospital and $2,250 per physician practice in the form of pass-through costs incurred by health IT developers, ONC wrote in the rule. The cost likely would be spread out over time and “could subsequently be defrayed across patients within the system,” ONC wrote.

Key APIs for providers

New certification criteria based on the HL7 FHIR standard would support a provider-access API, giving in-network providers access to payer information on patients’ clinical, coverage and claims data, including data in the U.S. Core Data for Interoperability v4 set and prior authorization requests and decisions.

Available clinical data is set to go beyond what’s included on claims and include:

• Lab results
• Consolidated clinical document architecture (CCDA) data
• Admit, discharge and transfer messaging
• Immunization registry information
• Medication information from pharmacy networks

The goal is to improve care coordination and care quality while supporting participation in value-based payment by offering deeper insight into patients’ health histories.

The API described in the ONC rule would give providers functionality to request, look up and return a patient’s history. It also would have safeguards in place to ensure providers only receive data for patients to whom they are providing care and would give patients the choice to opt out of making their data available for sharing.

Separate technical criteria would support a highly anticipated prior authorization API, establishing an electronic prior authorization system for Medicare Advantage, Medicaid and the Affordable Care Act’s federally facilitated marketplaces. Information available through the API would help the provider determine patient eligibility for a service and the authorization processes required by the payer.

The criteria would set up providers to submit 1) requests for information on coverage requirements and 2) required documentation, as well as how payers should provide that information and receive requests. The 2024 CMS rule established that the Promoting Interoperability programs for hospitals and physicians will include a requirement to report on use of the prior authorization API.

As defined in that rule, requirements for electronic prior authorization pertain to medical items and services but not to drugs.

Other APIs of note

Separate APIs would be made available for patients to access their own data from payers and for payers to transmit member information with one another.

The patient-access API would give patients the ability to view their health and administrative information using a third-party app, with access to the payer’s drug formulary information and the patient’s own clinical, coverage and claims data, along with status updates on prior-authorization decisions.

The payer-to-payer API would transmit information about claims and clinical encounters, along with approved prior authorizations, in situations when patients switch insurers or have multiple insurers. In these scenarios, the new health plan must get permission from the patient and make the request of the previous payer (or payers) no more than one week after coverage begins. Encounter data provided by the previous payer must cover a five-year period leading up to the transmittal request, assuming the patient was a customer of the previous payer for that duration.

Another API supported by the ONC rule would give payers the ability to publish provider directories for their coverage networks. Those directories would need to be accessible to consumers via apps.

A wide-ranging rule

The ONC proposed rule has a slew of other provisions designed to promote interoperability and information exchange.

New requirements would support the utilization of hyperlinks to diagnostic imaging within the electronic health record, although without a specific standard to support the functionality. The hope is to reduce reliance on CD-ROM-dependent exchange with patients and other providers. The rule also proposes new standards for electronic prescribing, including a multifactor authentication standard.

Information-blocking penalties for providers were established in previous 2024 regulations that finalized a lower Medicare payment update for any provider deemed to be in violation. The ONC proposed rule specifies examples of information blocking that include delaying patients’ access to new electronic health information (e.g., diagnostic testing results) to allow clinicians to review the information. Failing to make medical imagery available electronically also would constitute information blocking, assuming the technical infrastructure for electronic access is in place.

The ONC rule proposes a new exception that would hold a provider harmless for blocking the sharing of electronic health information if the information would expose patients or providers to legal action stemming from reproductive healthcare that’s considered lawful in the jurisdiction in which the care is delivered.

The rule also describes new or revised certification standards and other updates on the Trusted Exchange Framework and Common Agreement (TEFCA) and USDCI v4.

Public-health data exchange is supported by various provisions in the rule, such as a new IT standard for hospitals to report birth information and prescription drug monitoring. In addition, the FHIR standard would be applied to data exchange pertaining to immunization, lab results and cancer-pathology reporting.