X
GO
Resource Overview

General cybersecurity guidance would suggest that Health IT breach should not be considered a matter of "If", but rather a matter of "when". How an organization prepares and responds to an episode of breach is just as important as defending itself from breach. Unfortunately, Health Centers are seen as a domain with high potential for data breach and consequently it is critical for Health Center leadership to embrace breach mitigation across their entire organization vs being a matter to be addressed by their Health IT team.

Breach can occur through both internal and external network leaks, through malware such as Ransomware, and through physical means on site. The resources provided below are meant to provide general knowledge about breach mitigation and methods for mitigating against breach incidences.

Breach Mitigation and Response Resources
FAQ:  How will the upcoming changes to the Information Blocking and EHR certification requirements impact health centers?

FAQ: How will the upcoming changes to the Information Blocking and EHR certification requirements impact health centers?

October 2022

 

When will the new information blocking and EHR certification requirements be in effect?

What are the upcoming changes?

How will these changes impact health centers?

How will the scope of Information Blocking requirements change?

How should health centers expand their EHI scope?

How will EHR certification requirements change?

How should health centers leverage the new FHIR R4 capabilities?

 

 

When will the new Information Blocking and EHR certification requirements be in effect?

During the 4th quarter (October to December) of 2022, there are two major health information technology (HIT) requirement changes, with potential for significant implications to health centers. 

 

 

What are the upcoming changes?

  1. Expanding the scope of information required to be shared under the information blocking rule to include more EHR contents as of October 6, 2022; and
  2. Including Fast Healthcare Interoperability Resources (FHIR), release 4 (r4) as part of EHR certification requirements as of December 31, 2022.

 

 

How will these changes impact health centers?

The first will impact health centers immediately, starting in October 2022, with changing requirements for the information blocking regulations of the Cures Act for providers such as health centers; the second will change the functionalities of certified electronic health record (EHR) systems going into 2023 and beyond, with promising new capabilities for health centers.

 

 

How will the scope of Information Blocking requirements change?

As indicated in the ONC graphic below, as of October 6, 2022, one of the provisions of the Content and Manner Exception to the Information Blocking will expire.1 This means that the electronic health information (EHI) scope will include more than just data represented by the United States Core Data for Interoperability (USCDI) v1.2 

 

 

The above infographic shows the relationship between EHI and other relevant health care terminology. EHI includes electronic protected health information (ePHI) to the extent that it would be included in a designated record set (DRS), regardless of whether the group of records is used or maintained by or for a covered entity or business associate.

How should health centers expand their EHI scope?

To be compliant with the information blocking rule, health centers should ensure that their EHR will start to make available all EHI in the Designated Record Set (DRS),3 excluding psychotherapy notes. The scope of the DRS is defined by HIPAA,4 and includes all medical records used to make care decisions. For many providers this means making billing and claims records available, as well as the entire medical record. While this will simplify provider education and information segmentation, it will still be important for health centers to formally define their DRS, which is most commonly the official medical and billing records, excluding draft reports and intermediary notes.  

 

 

How will EHR certification requirements change?

As mentioned above, health center information blocking compliance is often dependent on EHR capabilities. By December 31, 2022,5 all certified EHR technologies should be updated to provide customers with FHIR R4 capabilities. 

FHIR, the Fast Healthcare Interoperability Resources standard, is an Application Programming Interface (API) that is designed to support patient and provider access to electronic health information “without special efforts.” Common technologies that use FHIR include mobile applications, the COVID Electronic Case Reporting (eCR) Now reporting effort, and the forthcoming Bureau of Primary Health Care (BPHC) Uniform Data System Patient-Level Submission (UDS+) reporting requirement.6 

 

 

How should health centers leverage the new FHIR R4 capabilities?

As vendors prepare to update and make FHIR R4 available to providers, health centers should explore their vendor’s support for these technologies, and how FHIR apps can be added to their EHR environment. In addition, health centers should anticipate the need to upgrade their EHR systems in early 2023 to access these new capabilities, if that is not already on their roadmap.

Health centers can expect to leverage the SMART-on-FHIR platform to expand their EHR’s functionalities.7 Based on FHIR and common internet standards, and increasingly adopted by EHR vendors, SMART-on-FHIR aims to create an “App store for Health'' model that makes it easier for programmers and researchers to create Apps that work broadly across different EHR platforms. Conceptually, this allows for functional extension to the EHR, similar to how apps extend smartphone functionalities. Making Electronic data More Available for Research and Public Health (MedMorph)8 is an example of SMART-on-FHIR technology that enables clinical data exchange between EHR systems, public health systems/authorities, data repositories, and research organizations. MedMorph is referenced as a key HL7 FHIR resource to review in preparation for UDS+.9  

The HITEQ Center is a HRSA-funded National Training and Technical Assistance Partner operated by JSI Research & Training, Inc. and Westat.This project is supported by the Health Resources and Services Administration (HRSA) of the U.S. Department of Health and Human Services (HHS) as part of awards totaling $779,625 with 0% financed with non-governmental sources. The contents are those of the author(s) and do not necessarily represent the official views of, nor an endorsement, by HRSA, HHS, or the U.S. Government. For more information, please visit HRSA.gov.

References

1 ONC, Understanding Electronic Health Information (EHI). https://www.healthit.gov/sites/default/files/page2/2021-12/Understanding_EHI.pdf
2 U.S. Core Data for Interoperability, 2019, version 1. https://www.healthit.gov/isa/sites/isa/files/inline-files/USCDI-v1-2019.pdf
3 Designated Record Set, 45 CFR 164.501.
https://www.hhs.gov/hipaa/for-professionals/faq/2042/what-personal-health-information-do-individuals/index.html#:~:text=Designated%20record%20sets%20include%20medical,See%2045%20CFR%20164.501.
5  ONC, On the Road to Cures Update: Certified API Technology. https://www.healthit.gov/buzz-blog/healthit-certification/on-the-road-to-cures-update-certified-api-technology
6 Fast Healthcare Interoperability Resources (FHIR) release 4 (R4), http://www.fhir.org/
7 https://smarthealthit.org/smart-on-fhir-api/
8 https://build.fhir.org/ig/HL7/fhir-medmorph/
9 bphc.hrsa.gov/data-reporting/uds-training-and-technical-assistance/uniform-data-system-uds-modernization-frequently-asked-questions-faq

Print
9095

Leave a comment

This form collects your name, email, IP address and content so that we can keep track of the comments placed on the website. For more info check our Privacy Policy and Terms Of Use where you will get more info on where, how and why we store your data.
Add comment

Acknowledgements

This resource collection was cultivated and developed by the HITEQ team with valuable suggestions and contributions from HITEQ Project collaborators.

Looking for something different or have something you think could assist?

HITEQ works to provide top quality resources, but know your needs can be specific. If you are just not finding the right resource or have a highly explicit need then please use the Request a Resource button below so that we can try to better understand your requirements.

If on the other hand you know of a great resource already or have one that you have developed then please get in touch with us by clicking on the Share a Resource button below. We are always on the hunt for tools that can better server Health Centers.

Request a Resource  Share a Resource
Quick Feedback Request
Highlighted Resources & Events
Need Assistance?
Would you like more assistance regarding Privacy and Security strategies or support in using any of the included resource sets?

  Request Support

 

Upcoming Events
The Quadruple Aim
Quadruple Aim

A Conceptual Framework

Improving the U.S. health care system requires four aims: improving the experience of care, improving the health of populations, reducing per capita costs and improving care team well-being. HITEQ Center resources seek to provide content and direction aligned with the goals of the Quadruple Aim

Learn More