After fierce opposition, EHR giant Epic now supports ONC, CMS interoperability rules

Judy Faulkner being interviewed at Forbes Healthcare Summit 2019
Epic CEO Judy Faulkner is interviewed by Robert Grossman, M.D., NYU Langone Health CEO and dean of the NYU Grossman School of Medicine, during the Forbes Healthcare Summit. (Forbes/GettyImages)

After launching a fierce opposition campaign to federal data-sharing rules, Epic is now voicing support for the new regulations aimed at improving patients' access to their health data.

The electronic health records (EHR) giant said the final interoperability rules from the Office of the National Coordinator (ONC) and the Centers for Medicare and Medicaid Services (CMS) published March 9 include many of the changes that Epic and other stakeholders requested.

Epic's support comes even as federal policymakers announced this week they are relaxing enforcement of the regulations and extending compliance timelines for some requirements due to the COVID-19 pandemic.

In a statement, Epic said the final ONC and CMS rules addressed concerns about opening up access to patients' data to private app developers. The final rules include "many material improvements" including greater flexibility for healthcare organizations to educate patients on how apps will use their data, Epic said in the statement.

RELATED: CMS' new interoperability rule requires major changes for payers, hospitals. Here are 6 key elements

The final rules also include "emphasis on the use of common data standards whenever possible so that information sent from one system can more easily be understood by another," the company said.

Epic said the rules remain complex and will require substantial operational changes and significant time investment by health systems and health plans to implement those changes.

A year ago, ONC and CMS issued proposed interoperability rules that aim to enable patients to get easier access to their digital records through smartphone apps and to facilitate data exchange by providers and health plans.

HHS will implement the rules over the next several years, with some provisions going into effect in about six months.

RELATED: Epic's Judy Faulkner: ONC data blocking rule undermines privacy, intellectual property protections

During a healthcare event back in December, Epic CEO Judy Faulkner said publicly that she had concerns the ONC rule would threaten patient privacy as well as vendors' intellectual property protections.

Earlier this year, lobbying efforts to oppose the proposed regulations ramped up with Epic emerging as the most prominent, vocal critic of the data-sharing regulations.

The company emailed hospital chief executives urging them to speak out against the rules. In the email, Faulkner wrote, "We are concerned that health care costs will rise, that care will suffer and that patients and their family members will lose control of their confidential health information."

Epic controls more than a quarter of the hospital EHR market, according to KLAS Research, and, among hospitals with 500 or more beds, Epic has a 58% market share.

Politico reported in January that Faulker had said the company would consider joining a lawsuit if the final rules weren't adjusted.

CMS and ONC officials publicly pushed back against Epic's opposition efforts. In February, HHS Secretary Alex Azar referred to Epic's efforts to drum up opposition against the rule as "scare tactics."

RELATED: Here are 6 ways the ONC's new rules for opening health record access will impact the industry

"Unfortunately, some industry stakeholders are defending the balkanized, outdated status quo," Azar said. He also noted that companies holding patient data have "prevented new market entrants from participating in the space."

Not all stakeholders were supportive of the final rule from ONC. The American Hospital Association continues to have concerns about patient privacy.

In a statement released March 13, AHA President Rick Pollack said the rule needed more protections for patients.

"The rule lacks the necessary guardrails to protect consumers from actors such as third party apps that are not required to meet the same stringent privacy and security requirements as hospitals," Pollack said. "This could lead to third party apps using personal health information in ways in which patients are unaware."