As part of the ongoing efforts to enhance healthcare interoperability and data security, the Office of the National Coordinator for Health Information Technology (ONC) has proposed significant updates to the Health IT Certification Program. These changes, detailed in the ONC HTI-2 Proposed Rule, aim to streamline health information exchange, improve member care, and ensure robust data protection. For Payers, these updates bring about crucial adjustments that need immediate attention and implementation. Here’s a comprehensive look at the ONC Health IT Certification Program Updates and what they mean for Payers.

• Rule
  The ONC has proposed the adoption of USCDI Version 4 (USCDI v4), an updated standard for electronic health information (EHI) to enhance data interoperability and standardization across the healthcare ecosystem. The adoption of USCDI Version 4 (USCDI v4) is a cornerstone of the proposed rule. By expanding the scope of electronic health information (EHI) to include new data classes like social determinants of health, payers can gain a more comprehensive view of their members. This enriched data set empowers payers to identify high-risk populations, develop targeted interventions, and improve overall health outcomes.

• Requirements
  • Specific Data Elements: The rule will explicitly outline required data elements within each data class, including:
    • Member demographics (name, date of birth, gender, race, ethnicity, address, contact information)
    • Clinical data (diagnoses, medications, procedures, allergies, immunizations, vital signs, lab results, imaging reports)
    • Social determinants of health (income, housing, education, transportation, food security, community safety)
  • Data Representation and Standards: To ensure seamless data exchange, the rule will mandate specific data formats and standards:
    • HL7 FHIR: A standardized language for exchanging healthcare information electronically.
    • CDA (Clinical Document Architecture): A structured format for clinical documents.
    • Other relevant standards: As needed to support specific data types.
  • Data Quality: To maintain data integrity and reliability, the rule will impose stringent data quality requirements:
    • Accuracy: Data must be correct and free from errors.
    • Completeness: All required data elements must be present.
    • Consistency: Data must be consistent across different systems.
    • Timeliness: Data must be up-to-date and available when needed.
• Implications
  By adopting USCDI v4, Payers can expect improved data exchange capabilities, leading to more accurate and comprehensive member records. This will facilitate better care coordination and outcomes while also meeting regulatory requirements.

• Rule
  The proposed rule includes the adoption of the SMART App Launch 2.2 framework, which provides a standardized approach for integrating third-party applications with health IT systems. The SMART App Launch 2.2 framework fosters a more member-centric approach to healthcare. By enabling seamless integration of third-party apps with health IT systems, payers can offer innovative tools that enhance member engagement and decision-making.
• Requirements
  • Authentication and Authorization: To protect member data, the rule mandates strong authentication and authorization mechanisms:
    • OAuth 2.0: A widely used authorization framework for granting access to protected resources.
    • Role-based access control: Limiting access to data based on user roles and responsibilities.
  • App Registration and Management: To ensure app quality and security, the rule requires a rigorous app registration and management process:
    • App review: Evaluation of app functionality, security, and privacy practices.
    • App certification: Meeting specific criteria for interoperability and security.
    • App lifecycle management: Monitoring and updating apps to address vulnerabilities and maintain compliance.
  • Data Sharing: The rule outlines how member data is shared between the EHR and the app:
    • Data scope: Defining the specific data elements shared with the app.
    • Consent management: Obtaining member consent for data sharing.
    • Data encryption: Protecting data during transmission and storage.
  • Interoperability: To ensure seamless data exchange, the rule mandates:
    • FHIR-based APIs: Using FHIR standards for data exchange between the app and the EHR.
    • Data formats: Supporting standardized data formats for consistent data representation.
• Implications
  Supporting SMART App Launch 2.2 will allow Payers to offer enhanced member services through integrated health apps. Members will benefit from improved access to their health data, leading to more engaged and informed healthcare decisions.

• Rule
  Revised standards for the encryption and decryption of EHI have been proposed to strengthen data security measures. The proposed rule places a strong emphasis on data security by mandating robust encryption standards.
• Requirements
  • Encryption Algorithms: To ensure data confidentiality, the rule mandates the use of FIPS 140-2 validated encryption algorithms for both data at rest and in transit:
    • AES (Advanced Encryption Standard): A widely adopted symmetric encryption algorithm.
    • Other approved algorithms: As specified in FIPS 140-2.
  • Key Management: Proper key management is crucial for effective encryption:
    • Key generation: Strong random number generators must be used to create cryptographic keys.
    • Key distribution: Secure methods for distributing keys to authorized parties.
    • Key storage: Keys must be stored in a secure environment, often using hardware security modules (HSMs).
    • Key rotation: Regular key rotation to mitigate the risk of compromise.
  • Data Integrity and Authenticity: Encryption alone is not sufficient to protect data integrity and authenticity:
    • Hash functions: Used to verify data integrity and detect unauthorized modifications.
    • Digital signatures: Ensure data authenticity and non-repudiation.
  • Key Management Systems: To streamline key management, the rule may encourage the use of key management systems (KMS):
    • Centralized key management: Provides efficient key generation, distribution, storage, and rotation.
    • Integration with EHR systems: Seamless integration for automated key management processes.
• Implications
  Enhanced encryption standards will significantly reduce the risk of data breaches and unauthorized access to member information. For Payers, this means increased trust from member and partners, as well as compliance with stringent data protection regulations.

• Rule
  The ONC has introduced new certification criteria for health IT modules that support imaging capabilities. The healthcare industry is increasingly reliant on imaging technologies for diagnosis and treatment planning. The ONC’s new imaging requirements ensure that health IT modules can effectively manage and exchange medical images.
• Requirements
  • Image Formats: To ensure compatibility and accessibility, the rule will mandate support for standard image formats:
    • DICOM (Digital Imaging and Communications in Medicine): The primary standard for medical image exchange.
    • Other supported formats: May include JPEG, PNG, or other relevant formats for specific image types.
  • Image Metadata: Accurate and comprehensive image metadata is essential for image interpretation and analysis:
    • Member information: Member demographics, identifiers, and clinical information.
    • Image details: Image acquisition parameters, modality, date, time, and other relevant details.
    • Image description: Clinical findings, interpretations, and annotations.
  • Image Storage and Retrieval: Efficient image storage and retrieval are critical for clinical workflows:
    • Storage formats: Specifies supported image storage formats (e.g., DICOM Part 10).
    • Image compression: May mandate image compression to optimize storage and transmission.
    • Image retrieval: Defines methods for accessing and retrieving images based on member identifiers, date, or other criteria.
  • Image Viewing and Manipulation: To support clinical decision-making, the rule may include requirements for image viewing and manipulation functionalities:
    • Image display: Capabilities for viewing images in different formats and resolutions.
    • Image measurement: Tools for measuring distances, angles, and other image characteristics.
    • Image annotation: Ability to add annotations, markings, or text to images.
  • Image Exchange: Seamless image sharing is essential for care coordination:
    • DICOM communication protocols: Mandating support for DICOM protocols for image exchange.
    • Image security: Protecting image data during transmission through encryption and authentication.
    • Image interoperability: Ensuring compatibility with different imaging systems and modalities.
• Implications
  By adhering to these new imaging requirements, for payers, this means improved access to imaging data, which can facilitate more accurate diagnoses, streamlined care coordination, and potentially reduced costs. By enabling seamless image sharing among providers, payers can contribute to better member outcomes.

• Rule
  The proposed rule includes a standard for real-time prescription benefit information, aimed at providing members with timely and accurate medication cost and coverage details. The proposed real-time prescription benefit criterion is a game-changer for member and payers alike. By providing accurate and up-to-date medication cost and coverage information, payers empower members to make informed decisions about their treatment options.
• Requirements
  • Data Elements: To provide accurate and comprehensive information, the rule will specify essential data elements:
    • Prescription details: Drug name, strength, dosage, quantity, and refills.
    • Member information: Member identification and insurance coverage details.
    • Benefit information: Copay, coinsurance, deductible, formulary status, prior authorization requirements, and alternative drug options.
    • Cost estimates: Real-time estimates of member out-of-pocket costs.
  • Data Exchange: To enable seamless integration with pharmacy systems, the rule will define data exchange standards:
    • Data formats: Standardized data formats for exchanging prescription benefit information (e.g., NCPDP SCRIPT standard).
    • Data transmission: Secure and reliable methods for transmitting prescription benefit data.
    • Response time: Performance benchmarks for real-time response to prescription benefit inquiries.
  • Error Handling: To ensure accurate information, the rule will address error handling:
    • Error codes: Standardized error codes for common issues (e.g., invalid prescription, missing member information).
    • Error handling procedures: Guidelines for resolving errors and providing feedback.
• Implications
  With real-time prescription benefit information, members can make more informed decisions about their medications. This transparency can lead to increased medication adherence, reduced prescription errors, and lower overall healthcare costs. Additionally, payers can benefit from streamlined claims processing and improved member satisfaction.

• Rule
  The ONC has expanded the use of APIs to enhance data interoperability and access for members, providers, and Payers. The expanded use of APIs is a catalyst for interoperability and data exchange. By adopting FHIR standards, payers can create a more connected healthcare ecosystem, enabling seamless data sharing with providers and other stakeholders. This increased data flow can lead to improved care coordination, reduced administrative burdens, and better population health management.
• Requirements
  • API Standards: To ensure consistency and compatibility, the rule mandates the use of FHIR (Fast Healthcare Interoperability Resources):
    • FHIR implementation guides: Specific guidance on FHIR profiles and resources for different use cases.
    • API security: Robust security measures to protect member data.
  • Data Exchange: The rule defines the scope of data that can be exchanged through APIs:
    • Member data: Basic demographics, clinical information, and relevant health records.
    • Provider information: Provider directories, contact information, and specialties.
    • Payer information: Benefit plans, eligibility, and claims data.
  • Error Handling: To ensure system reliability, the rule outlines error handling requirements:
    • Standard error codes: Consistent error codes for API failures.
    • Error messages: Clear and informative error messages to assist developers.
    • Retry mechanisms: Guidelines for handling transient errors.
• Implications
  The expanded use of APIs will improve interoperability, allowing Payers to access and share health data more efficiently. This can lead to better care coordination, reduced costs, and improved member outcomes. For example, a payer can use APIs to share clinical data with care managers, allowing for proactive interventions and prevention of costly complications.

The ONC HTI-2 Proposed Rule represents a pivotal step towards a more interoperable, member-centric, and secure healthcare ecosystem. By mandating the adoption of USCDI v4, SMART App Launch 2.2, and robust encryption standards, the rule lays a strong foundation for improved data exchange and member care. Additionally, the emphasis on imaging requirements, real-time prescription benefits, and APIs will drive innovation and efficiency within the healthcare industry.

While these changes present significant challenges for payers, they also offer immense opportunities. By embracing the new requirements and investing in the necessary infrastructure, payers can enhance their operations, improve member experiences, and drive better health outcomes. The successful implementation of the HTI-2 rule will require collaboration between payers, providers, health IT vendors, and policymakers to ensure a smooth transition and maximize the benefits for all stakeholders.

Ultimately, the success of the HTI-2 rule hinges on the ability of the healthcare industry to collectively adopt and implement these new standards. By working together, stakeholders can create a healthcare system that is more efficient, effective, and member-centered.