Specific HIT Provisions of the 21st Century Cures Act

Depositphotos 152095818 XL
Dec 28, 2016

Specific HIT Provisions of the 21st Century Cures Act

Written by Dan Golder

Category: Regulatory

As we mentioned in our last blog post, the IT provisions of this bill are particularly interesting. We’ll look at each topic and provide a bit of insight as we walk through what the 21st Century Cures Act means for HIT.

Administrative Burden

HHS is tasked with developing a strategy and recommendations to meet the goal of reducing the regulatory and administrative burden related to the use of Electronic Health Records, including: Meaningful use, MIPS, APMs, Hospital Value-Based Purchasing Program and HIT Certification (among many other more general topics also mentioned as needing to be a part of this strategic plan to reduce the reporting burden of health care providers).

Delegation of Documentation

As part of the efforts to reduce administrative burden, physicians will now officially be able to delegate EHR documentation to a scribe who is not a physician, so long as the physician has signed and verified the documentation.

EHR Certification for Pediatrics (and other specialties)

Within 18 months, recommendations are due for the voluntary certification of HIT for use by pediatric health providers, and these recommendations will be adopted within 24 months of enactment of the 21st Century Cures Act. In addition to pediatrics, public comments are being requested to help address potential certifications for other specialties.

Information Blocking

There is quite a bit of focus in the act on information blocking. Specifically the act states that:

  • HIT developers or entities must not take any action that would constitute information blocking or any other action that may inhibit the appropriate exchange, access and use of electronic health information.
  • HIT developers must publish application programming interfaces (APIs) to assist with the access and exchange of health information.
  • HIT developers must successfully test the “real world use” of their technology for interoperability.
  • HIT developers must attest that they are not engaging in any form of information blocking.

These information blocking rules apply to HIT developers, exchanges or networks, and health care providers (although providers may not be penalized for failures of HIT developers).

Penalties for information blocking can be levied for up to $1,000,000 per violation.

Hardship Exceptions

EPs, ECs (under MIPS) and EHs can receive hardship exceptions for a year if their EHR technology is decertified

EHR Reporting

Within 12 months, stakeholders will develop reporting criteria for the 21st Century Cures Act, including: security, usability and user-centered design, interoperability, certification testing and other categories as appropriate to measure the performance of EHR technology.

Areas of focus will include:

  • Enabling users to order tests and review results
  • Submitting, editing and retrieving data from registries
  • Accessing and exchanging information through:
    • HIEs
    • Medical devices
    • Federal, State and local agencies
    • Other health care providers or applicable users
    • Patient generated information
  • Providing the patient (or an authorized designee) with a copy of their health information in an electronic format
  • Providing accurate patient information (patient matching)
  • Other performance or accessibility categories (as appropriate)

$15 million in grant funding has been set aside to develop the reporting requirements necessary to support the needs of the 21st Century Cures Act.


Interoperability will be defined as technology that enables the secure exchange of electronic health information, allows for complete access, exchange and use, and does not constitute information blocking.

Trusted Exchange Framework

To help accomplish this, the 21st Century Cures Act will establish a “trusted exchange framework” including:

  • A common method for authentication
  • A common set of rules for trusted exchange
  • Organizational and operational policies to enable the exchange
  • Process for filing and adjudicating non-compliance
  • Directory of participating health information networks who have adopted the common agreement

Note that while the 21st Century Cures Act does not require health information networks to adopt the trusted exchange framework, the act makes it clear that other Federal agencies are free to require its adoption.

Provider Digital Contact Information

In concert with the trusted exchange framework, within 3 years, a provider digital contact information index will be established, providing digital contact information for health professionals and health facilities. Information will be available at both the individual provider level and at the health facility or practice level.

HIT Advisory Committee

This 25 member committee replaces both the HIT Policy Committee and the HIT Standards Committee. The HIT Advisory Committee will recommend policies to the National Coordinator supporting the adoption of plans and rules set forth as part of the 21st Century Cures Act. It will recommend standards, implementation specifications and certification criteria, and will focus on harmonization of standards, pilot testing, consistency, and consistency with the interoperability rules defined in the act. Duties will include:

  • Recommendations on policy framework to advance interoperability infrastructure
  • Recommendations on standards, implementation specifications and certification criteria
  • Rules relating to recommendations for standards, implementation specifications and certification criteria

Goals of the HIT Advisory Committee include:

Priority Target Areas

  • Achieving a health information technology infrastructure
  • The promotion and protection of privacy and security of health information, including an accounting of disclosures
  • Facilitating secure access by an individual to their PHI
  • Any other target areas as appropriate

Additional Target Areas

  • The use of HIT to improve the quality of health care
  • The use of technologies that address the needs of children and other vulnerable populations
  • The comprehensive collection of patient demographic data (including race, ethnicity, primary language and gender)
  • The use of self-service, telemedicine, home health care, and remote monitoring technologies
  • The use of technologies that meet the needs of diverse populations
  • The use of technologies that support data for use in quality and public reporting programs, public health, or drug safety
  • The use of technologies that allow individually identifiable health information to be rendered unusable, unreadable, or indecipherable to unauthorized individuals when such information is transmitted in a health information network or transported outside of the secure facilities or systems where the disclosing covered entity is responsible for security conditions
  • The use of certified health information technology for each individual in the United States
  • Additional priority target areas, if new circumstances arise that affect interoperability, privacy or security of health information or affect patient safety

Setting Priorities for Standards Adoption

The HIT Advisory Committee will identify priorities that focus on the existing incentive programs, including:

  • Meaningful Use
  • Merit-based Incentive Payment System
  • Alternative Payment Models
  • Hospital Value-Based Purchasing Program
  • Other value-based payment programs as appropriate

Other specified priorities include:

  • Quality of patient care
  • Public Health
  • Clinical research
  • Privacy and security of electronic health information
  • Innovation in the field of HIT
  • Patient safety
  • Usability of HIT
  • Individuals’ access to electronic health information
  • Other priorities as appropriate

The committee will also identify existing standards and implementation specifications that support the use and exchanged of electronic health information needed to meet these priorities, and will publish a report summarizing their recommendations, and prioritizing standards are implementation specifications.

This will also include specification of a “Core Set of Common Data Elements” to enhance the ability of certified HIT to capture, use and exchange structured electronic health information.

Leveraging Electronic Health Records to Improve Patient Care

Electronic health records will be required to be capable of transmitting to, and where applicable, receiving and accepting data from, registries.

Empowering Patients and Improving Patient Access to their Electronic Health Information

The act encourages partnerships between health information exchange organization and networks and health care providers, health plans, and other appropriate entities with the goal of offering patients access to their electronic health information in a single, longitudinal format that is easy to understand, secure and may be updated automatically.

Providers will receive education on ways of leveraging HIEs to provide patients with access to their electronic health information, clarifying any misunderstandings of providers about using HIEs, and the capabilities of HIEs to empower patients.

Guidance will be provided to HIEs related to best practices to ensure that electronic health information provided to patients is private and secure, accurate, verifiable and easily exchanged when a patient’s authorization is required.

Certification criteria may be revised to include:

  • Provisions for a single longitudinal format that is easy to understand, secure and may be updated automatically
  • Support for a patient to electronically communicate patient-reported information
  • Support for patient access to their personal electronic health information for research purposes at the option of the patient

GAO Study on Patient Matching

The GAO will conduct a study to ensure appropriate patient matching is achieved in order to:

  • Protect the privacy of patient information
  • Protect the security of patient information
  • Improve matching rates
  • Reduce matching errors
  • Reduce duplicate records

Steps may then be taken to:

  • Define additional data elements to assist in patient data matching
  • Agree on a set of required minimum set of elements that must be collected and exchanged
  • Require health records to have the ability to make certain fields required and use specific standards
  • Utilize other options as recommended

GAO Study on Patient Access to Health Information

The GAO will conduct another study to review patient access to their own PHI, including barriers to such access. Areas of concentration include:

  • When covered entities charge individuals for record requests
  • Examples of the amounts and types of fees charged
  • Extent to which covered entities are unable to provide the access requested by individuals
  • Instances in which third parties may request PHI through patients’ individual right of access, including instances where such requests may be used to circumvent appropriate fees that maybe charged to third parties
  • Opportunities that permit covered entities to charge appropriate fees to third parties, while providing patients with access to their PHI at low or no cost
  • Ability of providers to distinguish between requests originating from an individual and requests originating from third parties
  • Other circumstances that may inhibit the ability of providers to provide patient with access to their records

Improving Medicare Local Coverage Determinations

Each Medicare administrative contractor will be required to develop a local coverage determination for both the contractor’s website and the Medicare website, at least 45 days before the effective date, with the following information:

  • Determination information
  • Where and when the proposed determination was made public
  • Hyperlinks to the proposed determination and a response to comments submitted
  • A summary of evidence that was considered, including a list of the sources of such evidence
  • An explanation of the rationale that supports the determination

Medicare Pharmaceutical and Technology Ombudsman

CMS will now have a pharmaceutical and technology ombudsman, who shall receive and respond to complaints, grievances and requests that:

  • Are from entities that manufacture pharmaceutical, biotechnology, medical device, or diagnostic products
  • Are with respect to coverage, coding or payment for such products

Medicare Site-of-Service Price Transparency

Beginning in 2018, in order to facilitate price transparency, there will be a searchable, publically available website that will provide:

  • Estimated payment amounts for outpatient and ambulatory surgical center services
  • Estimated amount of beneficiary liability applicable to these items or services

Telehealth Services in Medicare

To support Telehealth services, CMS will provide to the House and Senate a report within one year to include:

  • Specifications of populations of Medicare beneficiaries who are dually eligible and those with chronic conditions whose care may be improved by telehealth services
  • Activities of the CMS Innovation Center that examine the use of telehealth services
  • Types of high-volume services (and related diagnoses) which might be suitable to be furnished by telehealth
  • Barriers that might prevent the expansion of telehealth services

MedPAC (Medicare Payment Advisory Commission) will provide the House and Senate a report to include:

  • Telehealth services for which payment can be made under the fee-for-service program
  • Telehealth services for which payment can be made under private health insurance plans
  • Ways in which payment for such services might be incorporated into fee-for-service programs

Any expansion of telehealth services under Medicare should:

  • Recognize that telemedicine is the delivery of safe, effective, quality health care services, by a health care provider, using technology as the mode of care delivery
  • Meet or exceed the conditions of coverage and payment with respect to the Medicare program if the service was furnished in person, including standards of care
  • Involve clinically appropriate means to furnish such services

Comments Regarding 21st Century Cures Act

There is quite a bit in the 21st Century Cures Act that will potentially have a significant impact on HIT. The act establishes multiple new regulatory vectors that have the potential to influence HIT in future rulemaking.

Here are a few of the potentially significant areas of emphasis contained in this act:

Interoperability and Information Blocking

These topics are mentioned in multiple places in the act. There is strong language (and a significant penalty of up to $1,000,000 per incident) regarding information blocking. Interoperability will be supported by the implementation of the new “Trusted Exchange Framework.”

Readers are encouraged to review these sections and provisions in detail.

HIT Advisory Committee

This is a new committee consolidating the old HIT Policy Committee and the HIT Standards Committees. This committee will have significant authority and scope, encompassing the existing incentive programs (MU, MIPS, APMs, VBPM, etc) and will essentially have authority to govern most aspects of HIT going forward.

Once specific target area for the HIT Advisory Committee that should not be overlooked is the goal of being able to render information unreadable/unusable while in transit (as this may prove to be very difficult to implement):

“The use of technologies that allow individually identifiable health information to be rendered unusable, unreadable, or indecipherable to unauthorized individuals when such information is transmitted in a health information network or transported outside of the secure facilities or systems where the disclosing covered entity is responsible for security conditions.”

In any event, the HIT Advisory Committee will be a significant rule making body with wide ranging influence.

GAO Studies

There are two studies that will be conducted by the General Accounting Office: Patient Matching and Patient Access. The results of these will likely significantly influence future rulemaking, and will be important in shaping the future of HIT and facilitating interoperability.

We’ll of course be watching this closely over the coming months, and will provide updates as we learn more.

Stay tuned!