Mark J. Segal, PhD., Principal, Digital Health Policy Advisors, has authored an excellent blog post for our friends at Executives for Health Innovation. If you are tracking regulatory compliance related to HITECH and 21st Century CURES, Mark’s Summer of Interoperability blog post is a must-read. 

Below, our President, Marilee Benson, offers her thoughts on Mark’s blog and dives into some of the areas she is most closely tracking, including big news from California!

FEDERAL Information Sharing Efforts

Enhanced patient access to their data is a key focus of 21st Century CURES. Existing national networks like Carequality already support patient requests as a permitted purpose, but network participants are not required to respond to patient requests. There are good reasons why network participants might be concerned. 3rd party PHR type app builders do not fall under HIPAA rules and participants want assurance that the proper patient identity vetting is occurring. In addition, legacy IHE / XCA based exchange methodologies that are the predominant technical implementation across networks like Carequality today, are not consistent with the ONC’s push towards modern, FHIR-based exchange. The FHIR pilot at Carequality had some success but identified some questions that needed to be answered prior to moving to a broader audience. 

None of these issues are insurmountable. Carequality workgroups continue their work to address the “patient request” adoption obstacles and ultimately have the goal of requiring participation under the right terms and conditions. I feel that the national networks hold the most promise to enhancing patient access to their data. It is too daunting for a PHR / Patient App vendor to connect individually to a broad range of different patient portals, regardless of the technical standards being used. The national networks (and soon, TEFCA) solve the harder problem; the business / legal trust framework problem, so they have a very important role to play.

Incentives / Enforcement is needed if we expect healthcare providers, HIEs / HINs, and vendors to prioritize compliance with the data blocking rules. They have a lot on their plates. It is natural that they will focus their compliance efforts on those areas that carry the most risk and liability. HHS-OIG is the key player for enforcement related to two of the three Actors as defined under the data sharing rules. I’ll be watching to see if we do get a September publish date for the Final Rule on assessing civil monetary penalties (CMPs) for information blocking by the Actor categories subject to the Information Blocking prohibition: Certified HIT Vendors and Health Information Networks / Health Information Exchanges (HIN/HIE).  Under the CURES Act, in the context of information blocking, providers are specifically exempted from CMP’s. 

Which brings me to another important milestone, potential HHS disincentives for Providers who “information block”. Before the end of 2022, HHS may also issue a long-awaited proposed rule on “appropriate disincentives” for Providers, who are not subject to OIG-determined CMPs, per Cures. This will be the final piece of the puzzle from an incentives / Enforcement point of view at the federal level.

CALIFORNIA joins other states in mandating Healthcare Data Exchange

States also have something to say about encouraging healthcare data sharing. Notably, California is now mandating data exchange via a law passed last year. The data sharing law requires all health and human services providers to sign a statewide data-sharing agreement. Covered organizations include hospitals, doctor’s offices, nursing homes, public health agencies, laboratories, mental and behavioral health providers, substance use treatment facilities, insurance plans, public health departments, and emergency services.

The final version of the agreement was published on July 5. Most participants will have six months to sign the agreement and a year to begin sharing data. Per CALHHS the key dates are: 

January 31, 2023: 

  • CalHHS and the California State Association of Counties will encourage as many county health, public health, and social services providers to connect to the Data Exchange Framework—with all state and local public health agencies exchanging health information in real-time with participating health care entities.
  • The Data Exchange Framework data sharing agreement will be executed by the following entities: General acute care hospitals, physician organizations and medical groups, skilled nursing facilities, health service plans and disability insurers, Medi-Cal managed care plans, clinical laboratories, and acute psychiatric hospitals.

January 31, 2024: 

  • By January 31, 2024, all participating entities will exchange health information or provide access to health information to and from every other entity in real time for treatment, payment, or health care operations.

If your head is spinning – join the club!  It is truly an incredible year for accelerating healthcare data exchange. 

Federal and State efforts are building on a strong foundation built by the national networks such as ehealth Exchange, Commonwell, DirectTrust, and trust frameworks such as Carequality. But the gaps (and thus the opportunities) are huge. 

We are excited here at Zen to be a Carequality Implementer, onboarding many healthcare organizations to the national networks. We also enable data exchange between regional /state health information exchanges, counties, healthcare vendors, EMS agencies, Digital Health Apps, payers, and providers / hospitals. It is an exciting time, but new requirements can be overwhelming. 

Thank you to the Zen Team for always being up to the task. We’ll keep working hard so you don’t have to.

-Marilee Benson 

President, Zen Healthcare IT


Zen Healthcare IT Case Study


Download Full Case Study PDF


Enter your name and email to instantly access the case study.