The American Hospital Association expressed concerns over the proposed rule for healthcare IT interoperability, HTI-2, from the Office of the National Coordinator for Health IT (ONC), arguing against "burdensome" encryption requirements.

The ONC's HTI-2 proposed rule aims to enhance healthcare data interoperability and information sharing and builds on the previous HTI-1 final rule.

Major changes

It proposes major changes to the health IT certification program, expanding its scope to include technologies used by payers and public health agencies, marking the first time the program extends beyond electronic health records.

It also revises information blocking regulations, introducing new exceptions, and codifies the Trusted Exchange Framework and Common Agreement (TEFCA) requirements.

In an open letter to Dr. Micky Tripathi, the assistant secretary for technology policy at the ONC, the AHA praised aspects such as alignment with CMS APIs, enhancing the United States Core Data for Interoperability (USCDI), and promoting public health data exchange.

One key concern however was the higher accountability standard for data sharing imposed on providers compared to payers. "Providers would still be held to a higher accountability standard," the letter read.

Aggressive timeline

The AHA also criticized the aggressive timeline for USCDI Version 4, suggesting it be extended to allow smaller hospitals to comply, calling deadlines "too aggressive."

The organizations opposed new encryption requirements, arguing they would be burdensome and costly without providing clear benefits and urged the ONC to align encryption rules with existing cybersecurity practices.

The AHA expressed concerns about the governance structure of TEFCA, calling for more direct oversight from the ONC. They also requested clearer guidelines on the suspension of Qualified Health Information Networks (QHINs).

However, the AHA expressed general support for several provisions in the HTI-2 proposed rule, including maintaining a strong commitment to patient data protection, and endorsed efforts to improve public health data interoperability.

The AHA consists of roughly 5,000 member hospitals, health systems and other healthcare organizations. The AHA's letter follows a similar missive earlier this week from the EHR Association, which argued regulations with "this level of negative market impact for health IT developers" would likely result in "disruption and stress" for providers who participate in CMS payment programs.

While healthcare stakeholders appear generally optimistic about HTI-2, others have also expressed concerns over tight compliance timelines and the limited potential for unstructured data usage under the proposed rule.

Nathan Eddy is a healthcare and technology freelancer based in Berlin.
Email the writer: nathaneddy@gmail.com
Twitter: @dropdeaded209