HHS has extended the comment period for two proposed interoperability rules, the agency announced Friday morning.
The CMS and the Office of the National Coordinator for Health Information Technology released their long-awaited interoperability and data-blocking proposals in February. The proposals outline how regulators will require providers and insurers to share medical data with patients, such as through application programming interfaces that connect electronic health records systems with third-party apps.
The public comment periods for both rules are now set to close June 3, a 30-day extension from the original May 3 deadline.
The extension follows requests from numerous stakeholders, including providers, vendors and industry groups. In March, 21 trade groups and IT vendors—including the American Medical Association and the College of Healthcare Information Management Executives—sent the CMS and the ONC a joint letter requesting, at minimum, a 30-day extension to respond to the proposed rules.
"An extension of the comment period will provide more adequate time to allow thoughtful analysis of the proposed rules and their impacts and to fully address the proposed rules' multiple requests for comments and information embedded within the documents," it reads.
Two other considerations, beyond industry requests, heavily factored into the department's decision to extend the comment period, ONC chief Dr. Don Rucker told Modern Healthcare.
One component related to confusion over whether providers would be held accountable for how patients use their health data. "We heard a number of comments from stakeholders that reflected, I think, a bit of a misunderstanding about HIPAA," Rucker said.
To address this concern, HHS launched a webpage to address common questions about the use of third-party apps under HIPAA. When a patient shares protected health information with a third-party app, the provider organization is not liable for subsequent use or disclosure of this data, as long as the app developer is not a business associate of the group, according to Rucker.
Individual patients would be able to decide what types of third-party apps to use, he said.
"Do I want to use applications with extensive secondary reuse of data, like Facebook?" Rucker said, as an example. "Or do I want to do things like, for example, banking apps that have a lot of trust? Or use folks with business models like Apple, that have very specific promises about privacy?"
The second consideration related to another interoperability proposal released by the ONC—the second draft of its Trusted Exchange Framework and Common Agreement, which the agency opened feedback on Friday morning.
The first draft framework, released in early 2018, detailed principles for promoting nationwide interoperability, including setting federally recognized data-sharing standards for health information networks. The ONC said it would tap a private-sector organization to develop and implement the framework based on baseline requirements set forth by the ONC.
"Once we knew that (TEFCA) was available for release and next steps … we wanted to provide the chance for people to have some awareness of both the ONC/CMS interoperability rules, as well as the Trusted Exchange Framework, if that were to factor into their comments," Rucker said. "There's not a lot of direct overlap, but they're obviously in a very tightly adjacent space."
The updated draft of TEFCA extends timelines for participating entities to implement the required changes and adds the first draft of a technical framework for qualified health information networks.
The public comment period for TEFCA closes June 17.