HHS releases HTI-2 proposed rule to bolster public health, payer data sharing

Just six months after finalizing a sweeping regulation with new requirements for AI transparency and interoperability, the federal government's healthcare tech arm is proposing another major policy update with implications for public health and payer health IT.

The Office of the National Coordinator for Health IT (ONC) on Wednesday released the HTI-2 proposed rule that implements provisions of the 21st Century Cures Act and introduces new standards and updates to enhance healthcare interoperability and data sharing. The rule also aims to support technical requirements included in the Centers for Medicare & Medicaid Services' (CMS') Interoperability and Prior Authorization final rule released in January that aims to shift payers to electronic prior authorization.

Further, the draft rule raises the floor on the US Core Data for Interoperability (USCDI) to version 4 for certified health IT by January 2028.

The rule, called Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability (HTI-2), reflects "ONC’s focused efforts to advance interoperability and improve information sharing among patients, providers, payers and public health authorities," the agency said in a press release.

“The HTI-2 proposed rule is a tour de force. We have harnessed all the tools at ONC’s disposal to advance HHS-wide interoperability priorities,” Micky Tripathi, Ph.D., national coordinator for health IT, said in a statement. “As always, we look forward to reviewing public comments and engaging with the health IT community in the weeks and months ahead.”

ONC finalized HTI-1 in December that established first-of-its-kind nationwide requirements for transparency around AI and algorithms used in health IT.

"The HTI-2 proposed rule includes several technology and standards updates that build on the HTI-1 final rule that was published this January. We have been, over the last three and a half years, working really hard to have breakthroughs in interoperability and the uses of health information technology to bring together all of the efforts that we've been working so hard on for the last 10 years," Tripathi said during a briefing with reporters Wednesday.

The updates in the draft rule expand the horizon of interoperability, he noted. "Even though we've been working really hard on making parts of our healthcare delivery value chain, and the public health value chain, more and more electronic, it's still siloed. You still have silos with public health, you still have silos with payers and silos with the healthcare delivery system and provider organizations. We want to break those down. We need to be able to think of this as one health IT ecosystem because that's how healthcare happens," Tripathi said.

This latest update, HTI-2, establishes "firsts of their kind" new certification criteria designed to enable health IT for public health as well as health IT for payers to be certified under the ONC Health IT Certification Program, ONC said.

These new voluntary certification criteria, which would improve public health response and advance the delivery of value-based care, focus heavily on standards-based application programming interfaces to improve end-to-end interoperability between data exchange partners, or healthcare providers and public health organizations or payers, according to ONC officials.

Proposed certification criteria would make available certified health IT that can enable payers contracting with the federal government, such as Medicare Advantage plans, to meet CMS requirements for sharing information, ONC wrote in the proposed rule. 

The health IT for public-health-oriented certification criteria were developed in tandem with the Centers for Disease Control and Prevention to support its ongoing data modernization initiative.

The health IT for payer-oriented certification criteria were developed in coordination with CMS, ONC officials said. A CMS rule finalized in January included requirements for certain payers regulated by CMS to establish APIs that can facilitate electronic prior authorization processes by 2027.

"In this proposed rule, we propose to adopt standards and establish certification criteria to facilitate electronic prior authorization using certified health IT, which providers can use to complete the required actions under the finalized measures," ONC wrote in the proposed rule. The certification would impact health tech vendors that work with payers to provide that API functionality.

"It's certification related to APIs that are required in the CMS rule. We have had voluntary certification in other areas—all certification is voluntary—but we haven't had certification related to APIs that have been required in CMS rules for payers. That's a relatively new innovation on the CMS side as well. It is a new dimension to the scope of certification," Tripathi said.

Tripathi added, "What we're hoping is that by creating that voluntary certification program that the market itself wants to be able to step up and leverage that interoperability. The way to do that is for partners who are going to exchange information to say, 'Look, if we're both conforming, from a technical perspective, we're going to be able to do the kind of interoperability that's going to get us to the next level of value.' This is something that the market can pick up and run with, in hopes that the market wants to have better and more interoperability."

The draft rule also expands voluntary health IT certification to public health IT systems to support better data sharing between public health agencies and the rest of the healthcare system.

"We saw during the pandemic that one of the pain points that we had in our public health infrastructure was the inability for our public health systems to be able to communicate with each other and to be able to respond to the greater demands placed on it during the pandemic," Tripathi said during the briefing. "In many cases, those systems fall down at the most dire time of need. We want to be able to establish public health IT certification requirements so that those systems have the core capabilities that we've now come to rely on in our healthcare delivery system, which would mean the ability to have certain kinds of functionality, the ability to support standardized data and the ability to support interoperability and standardized mechanisms that are required now in other parts of the ecosystem," he said.

Supporting better data sharing among public health agencies helps automate processes and modernize organizations from "phoning and faxing" information, he noted.

Other key provisions in the HTI-2 rule include several proposed technology and standards updates that build on the HTI-1 final rule, ranging from the capability to exchange clinical images, like X-rays, to the addition of multifactor authentication support.

There also is a proposal for a new real-time prescription benefit tool certification criterion, which would enable providers and their patients to make more informed decisions with more transparent information comparing the patient-specific cost of drugs and suitable alternatives.

In HTI-2, ONC also proposes a new “protecting care access” information blocking exception related to withholding reproductive health information. 

"This allows providers to not share information under an information blocking exception when there are concerns that the sharing could risk exposing patients, providers or those who helped them to legal actions based on the mere fact that they thought that the patient got lawful reproductive healthcare in a jurisdiction where that's allowed. So we think that's a very important provision for patients and the protection of their information," Tripathi said.

These provisions comes in the wake of the Supreme Court's Dobbs decision in 2022 that overturned the constitutional right to an abortion. Many states have since taken steps to bar or severely limit abortion services, and patients or providers can face legal consequences for having sought or provided such services.

To help strengthen cybersecurity for health data, ONC also is proposing requirements that certified EHR technology support multifactor authentication.

The draft rule also establishes certain Trusted Exchange Framework and Common Agreement governance rules.

ONC will be host a virtual public webinar on the draft rule on Wednesday, July 17. More information can be found here.