Electronic Healthcare Records , Governance & Risk Management , Healthcare Information Exchange (HIE)

HHS Delays Data Sharing Regulation Deadlines

Regulator Says COVID-19 Response Stretching IT Resources, Making Compliance Challenging
HHS Delays Data Sharing Regulation Deadlines
Donald Rucker, M.D., national coordinator for health IT says delayed data sharing deadlines aim to help overstretched healthcare entities.

Citing the stretched health IT resources and heavy workloads healthcare organizations face as a result of the COVID-19 pandemic, federal regulators are delaying compliance deadlines for information blocking and health IT interoperability regulations.

See Also: OnDemand | Driving Security, Privacy, & Compliance Goals by Accelerating HITRUST Certification

The Department of Health and Human Services’ Office of the National Coordinator for Health IT on Thursday issued an interim final rule extending the compliance dates and timeframes for the regulations as described in March.

The regulations are designed to enhance health IT interoperability, prevent the blocking of patient information sharing among clinicians and ensure patients have secure access to their health information – including via their smartphones - through the use of application programming interfaces.

Under the new interim final rule – which has not yet been published in the Federal Register – ONC is extending the compliance date for the information blocking and interoperability regulations until April 5, 2021. The original deadline was Nov. 2.

ONC is also extending the compliance dates in its health IT certification program, including certain 2015 edition health IT certification criteria and conditions and maintenance of certification requirements, until Dec. 31, 2022. Previously, those regulations had various compliance dates in March 2022. Those certification regulations include requiring health IT developers to publish APIs that allow “health information from such technology to be accessed, exchanged and used without special effort.”

Same Goals Remain

“The overall goal here still remains the same and was amplified by the COVID pandemic,” ONC leader Donald Rucker, M.D., said at a Thursday press briefing.

HHS wants to have “tighter and better care” for patients and providers, including maximizing communication to its “fullest underlining technical capability,” he says. But during the COVID-19 crisis, “this is a careful balance of the absolute importance of interoperability and standardized application programming interfaces with the reality that [healthcare] providers … are working so hard on some of these critical technical underpinnings to telehealth and related recourses, and that needs to be their first priority.”

A Welcome Delay

Some experts say the regulatory compliance delay will help the healthcare sector during an extremely stressful time.

“We were pleased to see an extension to the deadline, which the industry has been pushing for and anticipating for several weeks,” says regulatory attorney Janine Anthony Bowen of the law firm BakerHostetler.

”Healthcare providers are already under significant pressure due to the COVID-19 pandemic, and this extension will give HHS ONC additional time to provide much-needed regulatory guidance and give the provider community the necessary runway to adapt their business and technology processes to comply.”

Privacy attorney David Holtzman of the consultancy HITprivacy LLC offers a similar assessment.

The response to the pandemic “has strained the limited health IT resources of many hospitals and clinics as they continue to expand telehealth services while battling an onslaught of new cybersecurity threats and ransomware attacks,” he says.

The deadline delay “gives Congress more time to work on passing critically needed privacy legislation to protect the confidentiality of health information consumers would be downloading onto their smartphones,” he contends.

ONC will accept public comment on the final interim rule for 60 days after its publication in the Federal Register.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.