Health Data, Technology, and Interoperability: Certification Program Updates,Algorithm Transparency, and Information Sharing (HTI-1) Proposed Rule

“ONC seeks to implement provisions of the 21st Century Cures Act and make updates to the ONC Health IT Certification Program (Certification Program) with new and updated standards, certification criteria, and
implementation specifications in 45 CFR Part 170. The proposed rule also includes multiple requests for
information (RFI) to inform potential future rulemaking. RFI topic areas include electronic prior authorization, lab interoperability, predictive decision support interventions, and advanced Fast Healthcare Interoperability Resource (FHIR®) capabilities, among others across parts 170 and 171. We look forward to receiving public comment on these proposals and direct interested parties to the following link in order to comment healthit.gov/proposedrule.

[Select] Proposal Highlights

  • Proposing adoption of United States Core Data for Interoperability (USCDI) Version 3 to replace USCDI Version 1 as the standard in § 170.213 by January 1, 2025.
  • Updating the Certification Program’s standards, criteria, and requirements, including for:
    • Standardized Application Programming Interfaces (APIs), including adoption of the Smart App Launch Implementation Guide v2;
    • Clinical decision support (CDS) with several new transparency requirements for Health IT Modules that enable or interface with technology intended to support decision making based on predictive models or algorithms; and
    • New functionality that enables a provider to flag whether specific pieces of a patient’s USCDI data should be restricted from subsequent use or disclosure [..]

[Select] Revised Standards and Criteria

ONC is proposing several revisions to certification criteria and standards adopted in 45 CFR Part 170. The
proposals across this section would: (1) improve interoperability through more modern standards and newer versions of existing standards; (2) assist partner agencies such as CMS and the CDC in fulfilling their missions through certified health IT; (3) improve care delivery for clinicians and care experience for individuals by improving access to more interoperable data – consistently and reliably – for patient care and individual access; (4) require transparency on how a predictive algorithm used for clinical decision-making is designed, developed, trained, evaluated, and should be used.

  • USCDI v3 Updates
    • ONC proposes to adopt USCDI v3 as a new baseline, which would coexist with existing requirements for USCDI v1 until it expires on January 1, 2025.
    • ONC proposes to adopt the C-CDA Companion Guide Release 3* and FHIR US Core IG 5.0.1,** which would coexist with existing standards until January 1, 2025. [..]

*It is also our understanding that HL7 is working on updating the C-CDA R2.1 Companion Guide (Release 4) for USCDI v3. If the C-CDA Companion Guide Release 4 (R4) is published before the date of publication of the final rule, it is our intention to adopt the updated Companion Guide R4 that provides guidance and clarifications for specifying data in USCDI v3.
**Based on the annual US Core release cycle, we believe US Core IG v6.0.0 will be published before ONC issues a final rule. Therefore, it is our intention to adopt the updated US Core IG v6.0.0 that provides guidance for specifying data in USCDI v3.

  • Standardized API for Patient and Population Services
    • ONC proposes to adopt the Smart App Launch Implementation Guide v2, which would replace the Smart App Launch Implementation Guide v1 as the standard by January 1, 2025.
    • ONC proposes to amend the API Condition and Maintenance of Certification requirements for Service Base URLs which support patient-facing apps by identifying and requiring the use of standardized formats for FHIR endpoints.
    • ONC proposes to revise the requirement in § 170.315(g)(10)(vi) to specify that Health IT Modules presented for certification must be able to revoke an authorized application’s access at a patient’s direction within one hour of the request. [..]
  • Patient Requested Restrictions
    • ONC proposes to adopt new requirements for certified health IT specifically in support of the HIPAA Privacy Rule’s “right to request a restriction” on uses and disclosures (see also 45 CFR 164.522(a)).
    • These requirements would include a new certification criterion, an addition to ONC’s Privacy and Security Framework under the Program, and a revision to an existing criterion to support additional tools for implementing patient requested restrictions.”

Fact sheet, Office of the National Coordinator for Health Information Technology, April 2023