Healthcare organizations and software developers may have trouble determining what data elements they need to exchange under new federal interoperability regulations, according to a trio of health information technology and management trade groups Monday.
Currently, the Office of the National Coordinator for Health Information Technology's data-sharing rule requires healthcare providers, health information exchanges and developers of health IT software that have earned approval from the agency's health IT certification program to share a limited set of data elements with patients and one another.
That changes in October 2022, when those healthcare groups will be required to share a broader set of health data, known as electronic health information, under the rule. ONC in the rule aligned its definition of EHI with a definition of health data used in the Health Insurance Portability and Accountability Act, known as the "designated record set."
The designated record set encompasses data that patients have a right to access under HIPAA.
As part of the data-sharing rule, software developers with ONC certification also will be required to offer a way to export such EHI by December 2023.
But requiring healthcare groups to share health data as defined by HIPAA's designated record set is more complicated than it sounds, according to a new report from the American Health Information Management Association, the American Medical Informatics Association and the Electronic Health Record Association.
"[HIPAA-covered] entities today generally interpret for themselves which records may be included in the DRS for compliance purposes," the report reads. "As a result … there is variation and discrepancy in how healthcare organizations decide which types of records are included in their DRS."
The report, a preliminary report that the trade groups are seeking industry feedback on, grew out of a task force the groups formed last year.
The task force's goal is to create consensus on the definition of EHI under the ONC's data-sharing rule, which it says will help organizations comply with the regulation.
"This preliminary report is a call to action for healthcare leaders to come together and advance a consensus-based approach to operationalizing the definition of EHI," said Lauren Riplinger, AHIMA's vice president of policy and government affairs, in a news release.
The task force identified roughly 50 data classes that it said met the definition of EHI in its report, including allergies, clinical notes and immunizations.
The data classes identified in the report are the "floor" of what might qualify as EHI, according to the task force, since what counts as EHI will likely evolve over time.
"Should a patient, caregiver or third-party ask for information that is not a data class examined in this report, it does not mean that the information requested is not necessarily part of the DRS or EHI," the report reads.
For some data, whether the information counts as EHI as defined by the ONC depends on its "status," according to the task force.
If data is unvalidated or in draft form—and therefore not used by providers when making decisions about treatment—it likely wouldn't meet the definition of EHI.
That could prove challenging for healthcare providers to consider when figuring out what data must be exchanged, since the status of data is difficult to track in IT systems, according to the task force.
Other challenges include data that has been in a patient's record for a long time still counts as EHI, as well as how to manage sensitive information like behavioral health data that are part of broader records.
An ONC spokesperson in an emailed statement said the agency is "encouraged by this collaboration" and encourages "this and other continued partnerships toward greater information as directed by the 21st Century Cures Act."