Here's what former national coordinators, health IT groups had to say on ONC's information blocking rules

Of the hundreds of pages of comment letters from healthcare and health IT groups sounding off on the recently proposed information blocking rule, there seems to be one consistent theme: The timeline is too aggressive and will pose burdens to providers and vendors.

The Department of Health and Human Services (HHS) received 1,882 comments on the rule, which the Office of the National Coordinator for Health IT (ONC) unveiled back in February. The interoperability, information blocking and health IT certification rule (PDF) defines exceptions to data blocking as well as fines that may be associated with the practice, and was mandated by the 21st Century Cures Act.

There are six people, however, who are satisfied with the timing of the rule: six former national coordinators for health IT. In a joint letter, David Blumenthal, M.D.; David Brailer, M.D.; Karen DeSalvo, M.D.; Robert Kolodner, M.D.; Farzad Mostashari, M.D.; and Vindell Washington, M.D., said they offer "enthusiastic support" for the proposed rule. 

The rules, coupled with draft two of the Trusted Exchange Framework and Common Agreement, represent a "crucial opportunity to advance interoperability" across the healthcare system. The proposed interoperability rules should be implemented "as quickly as possible to propel the healthcare industry forward by finally enabling the meaningful flow of data," the former national coordinators wrote.

They said they strongly support the rapid advancement of the Fast Healthcare Interoperability Resource (FHIR) standard and the use of open application programming interfaces (APIs) as proposed in the rule.

RELATED: Lawmakers call for delay in implementing interoperability rules

Their comments are in sharp contrast to some groups calling for the rules to be delayed and the Health Innovation Alliance calling for the rules from ONC to be scrapped entirely and rewritten.

Here is a look at some of the themes that emerged from what the former national coordinators, as well as other stakeholders, had to say:


The former national coordinators are calling for ONC to make strong enforcement of the information blocking rule a priority while also providing additional guidance around all seven information blocking exceptions to ensure those acting in "good faith" do not unwittingly engage in the practice. With regard to API pricing parameters, they support a recommendation from the Health Information Technology Advisory Committee to distinguish "basic" and "value-added" information access and ensuring free or near-free access to the information contained in patients' medical records.

They also are calling for ONC, the Centers for Medicare & Medicaid Services and other federal agencies to develop a companion consumer privacy framework to address patient and consumer privacy protections as the API market develops. "Consumers should clearly understand how their data is being used by third-party APIs and how to exercise their consent options," they said in the letter.


The rule has an unrealistic two-year time frame for electronic health record (EHR) vendors to develop and implement software, according to the Electronic Health Record Association (PDF). The group suggests updates to e-prescribing and USCDI (U.S. Core Data for Interoperability) APIs could be priority areas reasonable for the proposed time frames. To achieve those in 24 months, other criteria will need to be deferred to a longer timeline.

The American Medical Group Association also said the proposed 2020 deadline is "too aggressive" and that ONC should reevaluate the timeline.

The Medical Group Management Association (MGMA) said ONC should stage the final requirements so practices and vendors have sufficient time to develop and implement software solutions. The risks of moving too quickly include additional administrative and financial burdens on practices, weaker privacy and security protections for sensitive health information, an increased level of physician burnout and the potential of compromised patient care, the group said.

RELATED: AMIA says ONC rule doesn't go far enough on patients' data access

"We’re concerned that the proposed approach goes too far, too fast," MGMA officials said. 

In contrast, the University of California, San Francisco’s Center for Digital Health Innovation (UCSF CDHI) wants (PDF) to see ONC move faster and move up the deadline requiring standardized APIs as part of 2015 edition of certified health IT. The implementation date should be moved up to Jan. 1, 2021, rather than 2022, the organization said.

Information blocking exceptions

The Healthcare Information and Management Systems Society (HIMSS) urged ONC to develop a list of best practices for broadly sharing more information to accompany the seven exceptions to information blocking. "Such a list could serve to reinforce the positive behaviors expected of the regulated actors, establishing 'safe lanes' for specific use cases and reducing compliance costs and risks," the group said.

These best practices could also help communicate more detailed information around the intended roles and expectations for each of the regulated actors, developers, providers or networks/exchanges, HIMSS said.

Vendors subject to information blocking provisions

The ONC rule states that information blocking provisions apply to health IT developers of certified health IT. UCSF CDHI leaders call for ONC to apply that provision to all health IT developers. There’s a huge swath of health IT necessary for healthcare which falls outside the “certification” program, for example, medical device makers and smaller mobile app developers, the CDHI leaders said. Leaving these vendors out could create a large safe harbor for information blocking, CDHI said.

RELATED: Health IT stakeholders calling for ONC, CMS to 'go back to the drawing board' on interoperability rules

"Left uncorrected, it could become the exception that swallows the rule and create perverse incentives where health IT developers avoid certified health IT and escape the information blocking prohibitions altogether—clearly frustrating Congress’s policy in the Cures Act," the organization said.

Third-party app developers also should be required to sign business associate agreements (BAAs), MGMA recommended. "A BAA would create a safe harbor from liability for practices if health information is disclosed by a third-party and unauthorized by the patient," the group said.

Standardized APIs and data elements

UCSF CDHI leaders call for ONC to adopt FHIR Release 4 as the API standard, not FHIR Release 2. "Release 4 will soon be the 'de facto version' for the industry and provides the first set of 'normative' FHIR resources so that future changes are backwards compatible for the first time," the organization said.

ONC also should require API access to “all data elements of a patient’s electronic health record” as the Cures Act requires. ONC’s proposed regulation essentially constricts electronic data access to just the Common Clinical Data Set or U.S. Core Data for Interoperability, the organization said. ONC's proposed approach would "effectively place a ceiling on the minimum data elements available for nationwide shared interoperability through standardized APIs," CDHI leaders said.

More specific definitions

In the proposed rule, ONC lays out four categories of health IT entities subject to the information blocking rules. The National Association of Accountable Care Organizations (NAACOS) requests ONC create a regulatory exceptions list to clarify the types of individuals and provider entities that are not included in definitions of health information exchanges (HIEs) and health information networks (HINs) for purposes of information blocking. The list should include value-based care entities like affordable care organizations (ACOs) and other provider groups, NAACOS said.

ONC also should adopt the HIPAA rules’ definition of healthcare provider as it's broader and more inclusive of alternative payment entities like ACOs. 

ONC’s proposed definition of electronic health information (EHI) is unnecessarily and overly broad and would be administratively complex to meet, NAACOS said. The group suggested changing the proposed definition to include information needed to support value-based care, specifically data captured in the USCDI data set. 

HIMSS also wants ONC to scale back the definitions of EHI and use a curtailed definition that focuses on using USCDI data classes as the current requirement in the near-term. The group also is asking ONC to combine the definitions of HIN and HIE and tighten up this newly merged category to clearly detail the entities that would and would not be considered an HIE or an HIN in the final rule.

Fees and APIs

Many groups are still concerned EHR vendors will charge practices excessive fees to connect their products with other health IT systems, health information exchanges, and third-party applications. MGMA called for the adoption of a tiered fee structure for APIs. "We also recommend oversight of the vendor sector and the creation of toll-free numbers, email addresses, and a website where practices can lodge fee-based complaints directly to ONC," the group said.

HIMSS said it is concerned that the fee structure in the proposed rule creates complexities that may lead to less innovation, increased administrative burden and a focus on cost recovery rather than the creation of novel ways to improve data access.

Focus on patient safety

In the proposed rule, ONC developed recommendations for a voluntary pediatric EHR system certification program and identified 10 clinical priorities where pediatric care differs from other care settings. In comments developed jointly by Pew Charitable Trusts, the American Academy of Pediatrics, MedStar Health and several other groups, stakeholders are urging ONC to take additional steps to improve patient safety and system usability for EHRs used in the care of children.

"ONC currently requires that EHR developers test their system with end-users, such as physicians and nurses. ONC should clarify that EHR developers must involve end-users that care for children—such as pediatricians and pediatric nurses—in the testing of the identified clinical priorities in pediatric care," the groups wrote.