Datica Podcast

April 7, 2020

ONC Final Rules on Information Blocking - Part 2

In this episode of 4x4 Health, we continue our conversation with Michael Lipinski, Director of the Regulatory Affairs Division within the office of policy in the Office of the National Coordinator for Health Information Technology (ONC) and Mark Knee, JD, a Senior Policy Advisor with the ONC Office of Policy. Both Mike and Mark are at ground zero when it comes to the federal government’s current efforts to promote interoperability and the free exchange of health data.

In part-one of this two-part episode, we covered the overall intent of the rules and dig into the details related to information blocking. In this portion, we cover the planned roll out and enforcement of the rules.


Dr. Dave Levin: Welcome to 4 x 4 Health, sponsored by Datica. Datica, bringing healthcare to the cloud. Check them out at www.datica.com. I'm your host, Dr Dave Levin. Today we continue our conversation with Michael Lipinski, director of the regulatory affairs division within the office of policy and the office of the national coordinator for health information technology, usually referred to as ONC and also Mark Knee, JD, a senior policy advisor with the ONC office of policy. Michael leads ONCs development of regulations and contributes to HHS policies, regulations and initiatives that support the US healthcare system through the adoption and use of Health IT, electronic health information exchange and patients access to their health information. Mark works on federal Health IT policy and regulatory affairs with a focus on information block. Both Mike and Mark are at ground zero when it comes to the federal government's current efforts to promote interoperability and the free exchange of health data.

The recently released final rules from ONC on interoperability and information blocking are getting an enormous attention, as they should. These are some of the most important issues in Health IT today. Mike and Mark have played key roles in developing these final rules.

In part one of our discussion, Mike and Mark discussed the overall intent of the rules and the topic of information blocking. In part two, we take a look at the plans to roll out and enforce these new rules as well as some thoughts on how things will evolve and how others can get involved.

Tell us a little bit more about how the rules will be enforced. So we can have rules, but if we don't have teeth in a way to enforce them, then it's uncertain how many people really up and comply and follow. So tell us a little bit more about the thinking behind the enforcement and how that will roll out over time.

Michael Lipinski: Sure. I'll take that. This is Mike. So it's interconnected. So let's start there. Some of the three actors go over the three act, well, three now actors, because in the final role, which we didn't mention yet, is that we took health information network and health information exchanges and we've defined them the same. So they're now just one definition. So you have those, you have what we call our Health IT developers of certified Health IT, and then you have healthcare providers.

So the first part about Health IT developers of certified Health IT, they also have what's called a condition of certification under the certification program that says they cannot Info block and that focuses mainly on their certified Health IT, actions associated with their certified Health IT and ONC enforces that.

The rest of information blocking can be investigated by, so that's for providers and health information networks and developers as well can be investigated by the offices and inspector general. And that's the department of health and human services offices inspector general. And then there's a process eventually that will be set out for how that works because certain entities, developers and health information networks and exchanges are going to be under the statute subject to civil monetary penalties, up to a million dollars per violation. So right now, the office of inspector general has a rule with OMB. That rule needs to go out, get comment on it and be finalized before OIG will take any actions. And if you look in our rule, they talk about that and they say that there would be no enforcement from them until their rule was final and they would exercise discretion not to take any action between the time their role was final and if our compliance dates started. So our rule has compliance date and right now once our rule finally publishes, which has not happened yet, it'll be six months before any of those entities I just mentioned, developers, providers, health information networks have to comply with the information blocking provision. So let's say that OIG's final rule doesn't come out until six months after that. That in between period OIG as indicated in our rule from a department perspective that they would be, they would exercise discretion not to enforce during that time frame.

Providers, one last thing to mention about providers. So they're subject to appropriate disincentives and those appropriate disincentives have to be identified by the secretary through notice and comment rulemaking, that has not yet occurred. So that's a still another part. So there's clearly a few dominoes to fall before actual enforcement actions will happen. So you have compliance dates have to commence, you have to have procedures in place by OIG on that side. And then for providers besides those two points, the third domino to fall would be, you would need to have a rulemaking completed that identifies appropriate disincentives for them.

Dr. Dave Levin: Got it. So I heard a couple things in there. When this, as this all evolves out and it's in place if there is a complaint about potential information blocking, then the OIG can investigate, and the remedy can be significant fines. But I also heard you talk about certification of Health IT, so take a minute for members of our audience that aren't familiar with that. What do you mean by certification of Health IT and why would anybody care about that?

Michael Lipinski: Sure. Yeah, I had alluded to that a little bit earlier too, right when I talked about there's like essentially two rules here. And the one that focused on interoperability in particular is related to certified Health IT. So way back when I started with ONC in 2009, part of the ARRA, which was the recovery act. There was another act inside that called the HITECH act, which set up the certification program that ONC administers and required providers participating in Medicare and Medicaid programs to adopt certified Health IT. The theory being that this would lead to more use of electronic Health IT, to try to digitize healthcare. Make it more accessible that way as well. And that there were certain functionalities that would help improve efficiencies for providers and improve care for patients. So that was where it all started and the certification program has been ongoing since that time and the certified Health IT, is what we set out standards and functional requirements and now Congress has given ONC the ability to regulate behaviors of developers as well. So I think that part had been missing for a long period of time. All we were doing was saying, yes, this product can do this and roll that out to your provider. But then they were like, as you've alluded to throughout this conversation behaviors, subtle sometimes in which would affect the use of the product or the exchange and access of the electronic health information. So now ONC oversees some of the behaviors. We talked in depth about the communication piece. So we oversee that for certified Health IT now, and that involves the info blocking too. If a developer takes any action with their product, that could be information blocking. ONC would be able to look, investigate that. They could take an action under the program, such as banning the developer from future certification or even if necessary, decertifying the product. But we look at all those different things, they'll have to do real world testing now of their products. So that's making sure that product still works in the environment and the care setting in which it's implemented. So that's the other part of this equation that certification matters.

So it's trying to lay the foundation for functionality of the Health IT and then info blocking is trying to make sure in all instances that information is available. So to give you another kind of distinction between the two. Developers, certified Health IT, we oversee again, like I said, the certified Health IT, but they as an entity under information blocking can be subject to information blocking with any of their Health IT or any of their actions. So if they had a non-certified API that, they had some practices around that, that could be information blocking potentially, depending on the circumstances and whether an exception applies. But it's broader than just their certified Health IT that they would be subject to information blocking for. So hopefully that helps draw the distinction for you, but if not, I can hopefully try to clarify it.

Dr. Dave Levin: Yeah, it's really helpful. And part of what has fascinated me and watching those play out is the way the ONC and CMS have coordinated their actions to make this potentially much more effective. So as you alluded to, ONC certifies the technology. Establishes the performance standards and certifies that they meet them. CMS for its part is saying, if you want to be paid for certain kinds of programs provider, you need to adopt and use certified technology. And that plus the information block and rules that address behavior is really sort of completes the whole package, if you will. So it's a series of carrots and sticks that span different departments of HHS but appear to fit together very nicely. And of course we'll see how it plays out in the real world. So you touched on some of this but give us a sense of the high-level timeline, what are going to be some of the key events in the coming months as this stuff really begins to roll out and take effect. What should our audience be looking for?

Mark Knee: Yes. So I’ll start and then Mike can add on. So in the coming months we're going to continue working with all of our federal partners, begin working with the office of the inspector general and CMS as you mentioned, and the office of civil rights and the FCC and we're going to continue to work with them to make sure that all the information we're getting out there is helpful to folks. We're going to move forward with our implementation activities within our office and also just continue hearing from the public about what's going on and how we can address those issues on an ongoing basis as we work to implement and eventually enforce the final rule.

Dr. Dave Levin: Mike

Michael Lipinski: Sure. I'll also mention we have on our website, health feedback form. So on www.healthit.gov, it's a great place to start. In terms of if you have either an information blocking complaint you want to lodge or really if you just have questions about the rule. And in that regard, we're setting up what are called Q and A's now. So we'll have webinars where it'll be opportunity for the public to ask questions as they're going through this understandably long rule, 1200 pages. So I know it's going to take them some time and we want to give them that time. Cause we know there are other priorities right now too. So read the rule, come with your questions. There'll be up on our website, www.healthit.gov these webinars where you can ask questions about the rule and we'll try to answer them on the spot. If not, sometimes it requires us to go back, think it over, make sure we have a response that we can, that is correct, quality controlled and then gets out to the masses. So, not just the person listening to that webinar who happens to listen to recording the webinar, we can post it on our website. So that happens occasionally. And then obviously once the compliance timelines start, you're going to have to make sure if you're an actor to, you're complying with info blocking, but developers obviously they have, they need to get, would have to start going sooner in terms of developing their product and rolling it out to meet the compliance timelines. So I think, a lot will be happening in the near future, both from us and the education perspective, but also the entities are regulated by this rule, starting to take actions to fulfill their responsibilities under the rule.

Dr. Dave Levin: That's a really good summary. And you sort of anticipated one of my last questions, which was what should our listeners be doing to get involved? And what I heard was there's a great opportunity to get educated about the rules, series of webinars, other reference material that's on the website. And the ability to ask questions and get those answered as well. And I would encourage people to do that. This is going to have a major impact on Health IT in the United States in the coming months and years. And undoubtedly just like anything else that's complicated that we humans do, some of it's going to go better than we expected. And there'll be some surprises and some things that are disappointments as well. And what I’ve learned from speaking with you and watching the process is, it's very iterative. There is a genuine opportunity to get involved and I just want to share my own personal experience of how responsive the ONC has been and their genuine interest in the feedback. And so I’ll just add my voice to yours to encourage folks to do that and to share their points of view. I know it's valued by you guys and it's taken very, very seriously.

So what comes next for you? It sounds like a fair amount of iteration and the rest, anything big that's on the horizon that you can share with us?

Michael Lipinski: So yeah, obviously it's implementing the rule for sure. But I would have to acknowledge the elephant in the room. A lot of the work of ONC and the department is focused on COVID-19 for sure. And we hope everybody, all your listeners are out there are staying safe. I actually have a child who with underlying medical conditions, so we're making sure we're practicing social distancing and we're hoping everyone else does too. And this will pass. And the people that, who've educated and are the experts in the world will come up with treatment solutions as well as a vaccine in the future. So, I'm hoping for all that and trying to do my part in that regard. And so is Mark and all of us here at ONC and then as work goes on, there's a lot the department has been doing in this space and our agency has been trying to help other agencies like OCR with rulemakings that they're doing. Obviously with CMS is doing other rulemakings as well, whether it's the payment rules or interoperability rules. And then, yeah, the stakeholders have already seen the rule come out from CMS and OIG related to value-based care, making changes to the stark and anti-kickback laws. And so we're putting some efforts there. I mentioned Teska earlier, a lot of efforts there as well. Our HITAC is actually getting Neo over to go back to the COVID-19 is going to have a meeting later this week. That's our advisory committee. The HITAC act, excuse me, HITAC, Health IT Advisory Committee. They are having a meeting later this week to discuss, how Health IT can be used to help address COVID-19. So that's a lot what's going on right now.

Dr. Dave Levin: That's great. Mark, anything you want to add to that in terms of what's next, what’s going on that's big.

Mark Knee: No, I mean, I want to echo what Mike said. Of course we are very concerned and we're keeping up with everything that's going on with COVID-19. And as Mike said, our office is just very busy rolling out the rule and we're also, of course keeping an eye out for any future legislation that might be of interest to us. But for now, all hands-on deck to get this thing out and to roll it out in the best way possible so that everyone out there, stakeholders and the public and everyone understands what’s in the rule. That's of course of the utmost importance. And enable to prepare and be ready when the time comes that compliance deadline comes and we're going to begin with OIG or the rest of HHS enforcing the information blocking provisions of the rule. So a lot on our plate, but we talked about it. It's really exciting time for all of us and we think, this rule is a real game changer and we're excited to get it out there.

Dr. Dave Levin: Well I'm glad you raised the topic of COVID-19 also. And in preparing for this interview, I was thinking about, boy, where would we be today if we were two years down the road with these rules in place and high compliance. Our ability to deploy robust interventions in Health IT more quickly and more effectively, I think would be greatly enhanced. And that's part of the promise of the hard work you guys have been doing and the industry has been doing. And so I look forward to a time when we can deploy effective technology in a little bit more elegant and efficient way, and I think these rules will go a long way towards helping us with that.

We've been talking today with Mike Lipinski, director of the regulatory affairs division at ONC and Mark Knee, a senior policy advisor within the ONC office of policy. Mike and Mark, thanks so much for joining us today. We really appreciate the work that you and your colleagues have been doing at ONC and at CMS and your service to the country and your time today as well. Thank you. You've been listening to 4 x 4 Health, sponsored by Datica. Datica, bringing healthcare to the cloud. Check them out at www.datica.com. I hope you'll join us next time for another 4 x 4 discussion with healthcare innovators. Until then, I'm your host, Dr. Dave Levin. Thanks for listening.