On August 5, 2024 the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health IT (ASTP/ONC) published for comment in the Federal Register the Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability (HTI-2) Proposed Rule. This mammoth, thousand-page document was a long time in coming and represents just the latest proposed federal rulemaking in fulfillment of Congressional mandates in the 21st Century Cures Act.
The proposed rule covered a lot of ground related to certified electronic health records (CEHRT) as well as many other topics related to health information technology. While much of it was not relevant to public health, there were some sections that proposed changes to current rules related to public health and introducing whole new areas of regulation for public health systems and data management processes.
HLN did not formally comment on this proposed rule, but did provide perspective on the rule’s possible impact on public health to a number of organizations that did submit formal comments (see below). These organizations commented extensively on the myriad of details in the proposed rule. We will not even attempt to summarize all this material, but we do offer a few select comments and observations related to HTI-2, some drawn from the comments referenced below.
While overall we believe this proposed regulation is moving us in the right direction, here are some pointed observations:
- The scope of HTI-2 and federal rulemaking is limited to data interoperability. Remember, there is a lot more to data management in public health agencies (PHAs) than just the submission of data by clinical care and (in some cases) its access by those same data exchange partners. In fact, much of the challenge facing PHAs is not so much data management (as in CDC’s Data Management Initiative, or DMI), but system management, as core public health systems are in dire need of modernization, improvement, and often replacement. This is out of scope for HTI-2. There is some risk that system vendors will focus too narrowly on compliance with ASTP/ONC certification requirements which are related only to interoperability and pay less attention to broader system functionality which may in fact be more essential to public health. With the great variation in PHA capability that still exists, any “one size fits all” certification standard may simply be infeasible, especially when some jurisdictions develop their own systems rather than procure vendor solutions.
- The certification criteria proposed in HTI-2 are just that (and no more than that): certification criteria. For them to be impactful, a government program needs to be proposed, finalized, and implemented to draw on these certification criteria. For EHRs, that is the remaining CMS Promoting Interoperability program which penalizes Medicare providers through a reduced reimbursement rate if they do not meet the requirements. For public health agencies, some federal agency (likely CDC) would need to create a corresponding program once any of these certification criteria for public health systems are finalized. Until that time these would be criteria without regulatory purpose, but one has to start somewhere.
- HTI-2 proposes some further refinement of the core regulatory language for CEHRT (the existing “(f)(n)” criteria), and goes on to propose corresponding new criteria (“(f)(2n)” criteria) with corresponding requirements for public health. Generally speaking, the rule proposes institutionalizing newer versions of existing standards for both interoperability messages and the code sets and terminology that support them that are generally in use already, and we applaud these core updates. It is worth noting that HTI-2 proposes adoption of USCDI v4 when v5 is currently defined and would likely be better at furthering the explicit goals of ASTP/ONC.
But the devil is in the details, and as the comments referenced below point out, there is a lot of messiness in the proposed rule which makes it difficult to understand exactly who the actors are for certain data exchange transactions, when exactly the proposed regulations (if accepted) would take effect, and more importantly how for public health compliance with any new rules would be funded.Some of the suggested renaming only confuses things further. In some cases, complete migration away from some existing standards (e.g., CDA to FHIR for electronic case reporting and cancer reporting) seems overly aggressive and perhaps even counterproductive.
- HTI-2 proposes fairly aggressive implementation of new HL7® standards, including, for example, Fast Healthcare Interoperability Resources (FHIR); Bulk FHIR; FHIR subscription; and SMART Health Cards. These standards are fairly immature, not widely tested, and certainly not widely adopted. The proposed timetable for their implementation seems fairly aggressive for EHRs let alone PHAs who are by and large not funded to implement these new standards.
- There are some core terms that are used repeatedly in the proposed rule that are not adequately defined, or, the definitions have not been sufficiently vetted (we suppose that’s what the proposed rule is all about). This includes the term “health IT for public health,” “support request, access, and display” of certain health information; and “receipt, validation, parsing, and filtering” as it applies to public health systems. Some of these data activities feel out of scope for HTI-2 (see first comment above).
- HTI-2 seems to propose some new functionality that does not seem to align with “real world” use and should probably be removed from the final rule. Examples include EHR response to a query for immunization information using existing HL7 v2 standards; Immunization Information System (IIS) bulk query of an EHR; birth reporting to public health; direct patient query of Prescription Drug Monitoring Program (PDMP) systems; required use of the older SFTP transport protocol for Syndromic Surveillance reporting to public health while ignoring the more dominant use of the Minimum Lower Layer Protocol (MLLP) and others; confusion over requirements for laboratory orders (LOI) to be sent to public health..
ASTP/ONC received over 270 public comments about this proposed rule, so they have their work cut out for them. Hopefully there will be sufficient engagement with the public health and broader healthcare community over the next year as they evaluate and consider language for a final rule. Stay tuned! We are sure there is much more to come!
Notable public health related comments drawn on for this post:
- American Immunization Registry Association (AIRA)
- Council of State and Territorial Epidemiologists (CSTE)
- Health Level Seven (HL7)
- Health Information and Management Systems Society (HIMSS)
- Health Information Technology Advisory Committee (HITAC) HTI-2 Proposed Rule Task Force
- Joint Public Health Informatics Taskforce (JPHIT)
- Pew Charitable Trusts (Pew)