CHIME, AMA voice concerns to Congress over privacy, timelines of ONC information blocking rule

Seven healthcare provider groups are appealing to congressional leaders to help slow down proposed federal interoperability rules. The groups cited concerns about patient data privacy, the implementation timelines and increased burden on clinicians.

The groups sent a letter (PDF) to Sen. Lamar Alexander, R-Tennessee, chair of the Senate Committee on Health, Education, Labor and Pensions (HELP), and ranking member Sen. Patty Murray, D-Washington, and one to Reps. Frank Pallone, D-New Jersey, and Greg Walden, R-Oregon, chair and ranking member, respectively, of the House Energy and Commerce Committee. 

The Office of the National Coordinator for Health IT (ONC) released its proposed information blocking rule (PDF) that outlines seven exceptions to the prohibition against information blocking and provides standardized criteria for application programming interface (API) development. The seven groups said major work still needs to be done to clarify language in the rule.

RELATED: HHS delivers first fine under new information blocking initiative to Florida hospital

The letters were signed by the American Health Information Management Association (AHIMA), the American Medical Association, the American Health Information Management Association, the College of Health Information Management Executives (CHIME), the American Medical Informatics Association, the Federation of American Hospitals, the Medical Group Management Association and Premier. These same seven groups voiced similar concerns during a recent Health IT Advisory Committee meeting.

The healthcare stakeholders are asking congressional leaders to have continued oversight of the implementation of the 21st Century Cures Act provisions. The Senate HELP committee has held one hearing so far on the interoperability rules. Alexander called on federal policymakers to consider delaying implementing the information blocking rule. He also suggested taking a more phased-in approach, voicing concerns about the burden on providers and vendors and data privacy risks. 

RELATED: HIMSS19: ONC, CMS officials outline the framework for interoperability, the use of APIs, FHIR

AHIMA CEO Wylecia Wiggs Harris, Ph.D., said in a statement: "In light of the lessons learned from the meaningful use program, we believe it is crucial that we get this right. We look forward to discussing the details of these recommendations with congressional staff and ONC.”

CHIME said many of the proposed policies in information blocking are very complex, confusing and in fact seem to pit the Health Insurance Portability and Accountability Act against new information blocking policies.

This creates a "chaotic state" for providers, CHIME said. "The complexity associated with deciphering this is beyond most providers’ reach and will require substantial legal assistance to navigate," CHIME said.

The groups are requesting a period of supplemental rule-making to ensure more time for industry review and to hear stakeholder feedback. This would enable ONC to address outstanding questions and concerns, the groups said. There is significant confusion around the definition of electronic health information, or EHI, which forms the basis for much of the policies in the rule. These issues must be clarified so that providers understand what data they must share, the organizations said.

RELATED: Health IT stakeholders calling for ONC, CMS to 'go back to the drawing board' on interoperability rules

While the groups support ONC's work to improve information sharing through the use of APIs, the use of third-party apps raises privacy risks for patient data. The seven organizations are calling for additional security and privacy protections for patient data. They recommend certified APIs have mechanisms to strengthen patients’ control over their data, including privacy notices, transparency statements and adherence to industry-recognized best practices. 

"This basic level of transparency is critical to strengthening patients’ trust in an increasingly digital healthcare system," the groups wrote.

The groups also would like to see longer timelines for implementation as providers need time to deploy and test health IT systems.

CHIME and other groups are calling for looser enforcement of the rule, at least for an initial period. The Department of Health and Human Services should prioritize education and corrective action over monetary penalties at first so clinicians and hospitals can better understand the regulatory requirements.