By Leslie Francis for BiolawToday.org. First posted on HealthLawProfBlog.
Part 2 of a three-part series. Read Part 1 | Read Part 3
HHS published the NPRM for the 2015 edition of certification for EHRs on March 30, 2015, https://www.federalregister.gov/articles/2015/03/30/2015-06612/2015-edition-health-information-technology-health-it-certification-criteria-2015-edition-base. Comments are due May 29, 2015. The goals of this rulemaking are supporting interoperability with new vocabulary and content standards for structured recording of health information; facilitating data portability through enhanced application programming interface (API) capabilities; making the certification program open to more types of health IT; aligning certification with Meaningful Use (MU) stage 3; addressing disparities by providing certification for collection of social, psychological, and behavioral data and the segmentation of sensitive health information; ensuring privacy and security capabilities; improving patient safety through increased reliability and transparency of certified health IT products; and providing developers with increased capabilities for innovation. In my judgment, it is fair to say that the NPRM is quite friendly to innovation and less so to methods for addressing health disparities or ensuring relevant privacy and security capabilities. But it does include some very important advances that I detail in the remainder of this post.
On data segmentation of sensitive information for privacy, ONC proposes that for certification a health IT module must be able to send data with tagging at the document level for indication that the document is subject to restrictions. Segmentation must meet ONC’s Data Segmentation for Privacy (DS4P) standard implementation guideline technical requirements. Thus providers will be able to send information protected by the SAMHSA regulations, 42 CFR part 2. While clearly an important first step in protecting sensitive information, tagging at the document level has significant shortcomings. It will not permit separate management of data elements within documents, such as mental health or STD information within an internist’s medical history. It is most likely to be useful for records created for special purposes by providers, such as the substance abuse treatment records protected by SAMHSA. ONC clearly recognizes these challenges.
On the public health front, certified health IT modules must meet updated guidelines for transmission to immunization registries; because bidirectional exchange is a goal so that providers can get patients’ immunization histories, certification must also enable a provider to request a patient’s immunization history from a registry. Certification requirements for syndromic surveillance reporting in the ambulatory care setting are far more flexible than in the emergency department setting; for example, they make optional inclusion of any demographic data. Other public health reporting capabilities are also updated. Although MU-3 only requires “moving forward” towards effective interface with public health, these capabilities should help pave the way towards more robust public health capabilities.
To address disparities, the NPRM proposes that certification require standardized methods for recording sex, race and ethnicity. There must be an option for selecting one or more racial designations. Designations must use the “Race & Ethnicity—CDC” code system which allows recording data at a high degree of granularity to further accurate identification of disparities. The NPRM invites comments on methods for recording industry and occupation data, the usefulness to providers of this information, and whether other social, psychological and behavioral data should be included for certification. Standards for clinical quality measures to be reported to CMS will require filtering by identification of provider and practice site, patient insurance, patient age, patient sex, patient race and ethnicity, and patient problem list. This will allow accountable care organizations to report quality measures at the group and provider level and to identify disparities by patient demographic characteristics.