This first installment of the Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing and Public Health Interoperability, version two rule finalizes updates to the Trusted Exchange Framework and Common Agreement and makes some administrative corrections effective Jan. 15, 2025.

But it leaves questions about certifying artificial intelligence enhancements unanswered for now.

WHY IT MATTERS

The U.S. Health and Human Services said in Monday's publication of the new Health Data, Technology, and Interoperability: TEFCA rule that while it received 270 comment submissions on the range of proposals in the proposed HTI-2 draft, it only reviewed and responded to comments on a narrower set of proposals at this time.

The Assistant Secretary for Technology Policy/Office (ASTP) of the National Coordinator for Health Information Technology summarized and responded to comments related to TEFCA information blocking exceptions and made a few Health IT Certification Program administrative updates on Monday. 

For example, HTI-TEFCA updates specific requirements related to the expired provision permitting health IT to demonstrate security tagging of Consolidated-Clinical Document Architecture documents at the document level. 

The new final rule focuses on amended information blocking regulations that include definitions related to the TEFCA Manner Exception and implemented provisions to support the framework, according to Leigh Burchell of Altera Digital Health, who is the current vice-chair and incoming chair of the Electronic Health Records Association Executive Committee.

This first portion finalizing parts of HTI-2 allows ASTP to "solidify pillars" of TEFCA that "outgoing leadership wants to leave as a legacy," said Burchell said in a statement from the HIMSS EHR Association sent to Healthcare IT News Thursday.

Rounding out the updates are corrections to the ONC HTI-1 Final Rule, which add privacy and security certification requirements for algorithmic-based clinical decision support tools. 

While HTI-1 established a certification criterion for DSI, replacing the term "clinical decision support," the agency said it erred in neither proposing nor finalizing corresponding privacy and security requirements needed to certify DSI modules. 

"This omission was an oversight," the agency said.

However, comments related to the Insights Measures – a key to gaining HHS certification of health IT modules – "are still being reviewed and considered, and may be the subject of subsequent final rules related to such proposals in the future," the agency said.

THE LARGER TREND

The HTI-1 final rule, which implements the EHR Reporting Program provision of the 21st Century Cures Act by establishing certification requirements for HIT developers, became effective in March.

HTI-1 included requirements for certified health IT developers to report on metrics that provide insight into how certified health IT is used to support care delivery.

Developers have long been concerned about the scope of work required for AI transparency compliance and tight timelines for compliance, which the agency did not specify in HTI-1.

"We have not finalized proposed requirements that Health IT Modules clearly indicate when source attributes from other parties are unavailable," the agency said last year.

"As currently drafted, the Insights Measures are likely to produce data of questionable value – something we have been stressing to ASTP since publication of the HTI-1 proposed rule in 2023," Burchell said. 

"As we inch closer to the January 1, 2026, start date, the uncertainty of finalized measurements creates challenges. We hope that future rules finalizing HTI-2 proposals will include helpful and necessary clarifications."

The health IT industry is not the only group concerned about finalizing HTI-2. In October, The American Hospital Association expressed concern over "burdensome" encryption requirements and timelines in the proposed rule for healthcare IT interoperability.

ON THE RECORD

"We expect the remaining components of the HTI-2 proposed rule to be split into multiple other final rules," Burchell said in a statement. "In doing so, the EHR Association hopes that ASTP/ONC will prioritize the necessary additional technical corrections specific to health IT vendors, the most urgent of which relate to Insights Measures." 

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.