Health Data Interoperability Rule Finalized with Focus on Trusted Exchange Framework
Regulators have recently finalized a scaled-down version of a comprehensive rule aimed at enhancing health data interoperability. The final regulation primarily focuses on provisions related to the Trusted Exchange Framework and Common Agreement (TEFCA), a governance framework for data exchange. However, several sections that were included in the proposed rule, such as certification criteria for health IT tools used by public health agencies and payers, were not included in the final rule.
According to a spokesperson for the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health Information Technology, the scope of the rule and the significant number of comments received made it challenging to finalize the proposed regulation in its entirety quickly. However, it is possible that the omitted proposals may be included in subsequent final regulations.
The Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability rule, also known as HTI-2, does not contain provisions for certification criteria aimed at facilitating public health data exchange, a critical need during the COVID-19 pandemic. Similarly, certification standards for payer application programming interfaces, which could streamline prior authorization requests, are also absent from the final rule.
Nevertheless, the ASTP/ONC spokesperson mentioned that these provisions could be addressed in future rulemaking efforts. The focus of the final rule is primarily on TEFCA, which sets technical requirements and exchange policies for companies to establish clinical information sharing networks nationwide. Currently, there are seven designated Qualified Health Information Networks (QHINs), with Oracle Health expressing interest in applying for QHIN status.
The finalized regulation outlines requirements for designating QHINs, including the ability to exchange data among multiple unaffiliated organizations and meeting transaction volume demands. Organizations seeking QHIN status must adhere to privacy and security policies, such as undergoing an annual security assessment conducted by an independent third party.
Additionally, the regulation implements standards for onboarding QHINs and establishes policies for suspending and terminating networks. A new TEFCA Manner Exception is also introduced, stating that organizations exclusively exchanging data via TEFCA will not be considered to be engaging in information blocking if certain criteria are met.
The regulation is set to be published in the Federal Register on December 16 and will become effective 30 days later. This final rule represents a significant step towards promoting reliability, privacy, security, and trust in health data exchange networks across the healthcare industry.