All posts by EHR Association

What is Information Blocking? 

By the EHR Association Information Blocking Compliance Task Force

This blog marks the beginning of a series by the EHR Association on information blocking – what it is and what the “reasonable and necessary activities” are that constitute exceptions as defined by ASTP/ONC regulations. Given that it has been five years since the initial release of information blocking regulations and the recent renewal of focus on enforcing the law, this is an opportune time for a refresher on the topic.

Our goal with this series is to educate our membership and other impacted stakeholders on information blocking requirements and exceptions. This first installment shares the history and description of information blocking requirements. Future blogs will illustrate how we expect exceptions to be used and will highlight ambiguities and/or challenges with the framework that we believe will be insightful to regulators and other interested parties. 

(more…)
Leave a comment
by EHR Association on July 14, 2025  •  Permalink
Posted in Health IT Regulation, Information Blocking
Tagged , , , ,

Posted by EHR Association on July 14, 2025

https://ehrablog.org/2025/07/14/what-is-information-blocking/

Dr. Thomas Keane to Lead ASTP/ONC

Dr. Thomas Keane has been named Assistant Secretary for Technology Policy (ASTP) and National Coordinator for Health Information Technology (ONC). An engineer and physician, Dr. Keane previously served in ASTP and also as a Senior Advisor to the Deputy Secretary of HHS. 

“The EHR Association congratulates Dr. Thomas Keane on his appointment as Assistant Secretary for Technology Policy at HHS and National Coordinator for Health IT. Dr. Keane brings important expertise in health policy to the role,” says Leigh Burchell (Altera Digital Health), Chair of the EHR Association Executive Committee. “We’re pleased that his selection reflects HHS’ commitment to putting leadership in place that both recognizes the criticality of the ‘coordinator’ responsibilities and understands from prior experience the many complex use cases related to health data interoperability that the agency is tasked with supporting. We look forward to collaborating with Dr. Keane and ASTP to further the digitization of healthcare and explore regulatory refinements.”

Among other duties, Keane was an administrator of the COVID-19 Provider Relief Fund and led the development of the AHRQ National Nursing Home COVID Action Network. Dr. Keane worked as a finite element software developer and enterprise software engineer before training as an interventional radiologist.

Leave a comment
by EHR Association on June 3, 2025  •  Permalink
Posted in EHRA News
Tagged ,

Posted by EHR Association on June 3, 2025

https://ehrablog.org/2025/06/03/dr-thomas-keane-to-lead-astp-onc/

HIPAA Security Rule Part Three: Risk-Based and Industry-Aligned Approaches Recommended

By the EHR Association Privacy & Security Workgroup

This three-part blog series shares the EHR Association’s stance on OCR’s proposed changes to the HIPAA Security Rule. Part one focused on our overarching concerns and issues with proposed definitions. Part two and this installment highlight our concerns with OCR’s proposed expectations. 

The HIPAA Security Rule is overdue for modernization, given the rapid pace of technological change and increasing cybersecurity threats. While we support OCR’s intent to strengthen protections for electronic protected health information (ePHI), our analysis of the HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information raised concerns and questions we hope will be addressed before finalization.

(more…)
Leave a comment
by EHR Association on May 9, 2025  •  Permalink
Posted in Health IT Regulation, Privacy and Security
Tagged , , , ,

Posted by EHR Association on May 9, 2025

https://ehrablog.org/2025/05/09/hipaa-security-rule-part-three-risk-based-and-industry-aligned-approaches-recommended/

HIPAA Security Rule Part Two: Proposed Changes Require Clarity, Flexibility

By the EHR Association Privacy & Security Workgroup

This three-part blog series shares the EHR Association’s stance on OCR’s proposed changes to the HIPAA Security Rule. Part one focused on our overarching concerns and issues with proposed definitions. Part two focuses on several of the proposed standards.

Our analysis of proposed changes to the existing HIPAA Security Rule, released as HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information, revealed a mixed bag of positive changes and areas of concern. In the first installment of this blog series, we noted the EHR Association’s appreciation for its enhancements to the cybersecurity baseline. However, we expressed concern about the resources and costs required for regulated entities to comply with the overhauled mandates. We also reviewed the feedback we shared with OCR on its proposed changes to key definitions.

In this installment, we highlight our concerns with several of OCR’s proposed expectations, drawing attention to the need for greater clarity and offering recommendations to ease compliance burdens while achieving intended outcomes. 

(more…)
Leave a comment
by EHR Association on April 30, 2025  •  Permalink
Posted in Privacy and Security
Tagged , , , ,

Posted by EHR Association on April 30, 2025

https://ehrablog.org/2025/04/30/hipaa-security-rule-part-two-proposed-changes-require-clarity-flexibility/

HIPAA Security Rule Part One: Proposed Overhaul Closes Some Gaps, Opens Others

By the EHR Association Privacy & Security Workgroup

This three-part blog series shares the EHR Association’s stance on OCR’s proposed changes to the HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information. Part one is focused on our overarching concerns and issues with proposed definitions.

Proposed changes to the existing HIPAA Security Rule, released as HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information, include some long-overdue updates. However, the resources and costs required by healthcare provider organizations, health IT developers, and other regulated entities to comply with the sweeping changes will be too great for many to bear.

That was one of several important messages we shared with the HHS Office of Civil Rights (OCR) in our comment letter on the proposed rule

(more…)
Leave a comment
by EHR Association on April 28, 2025  •  Permalink
Posted in Privacy and Security
Tagged , , , , , , , ,

Posted by EHR Association on April 28, 2025

https://ehrablog.org/2025/04/28/hipaa-security-rule-part-one-proposed-overhaul-closes-some-gaps-opens-others/

Core Issues for Federal AI Regulations

By Tina Joros, JD (Veradigm), Chair, and Stephen Speicher, MD, MS (Flatiron Health), Vice Chair, EHR Association AI Task Force

The regulatory landscape for AI is on the cusp of dramatic change. As we await the release of the AI Action Plan called for in the January 2025 Removing Barriers to American AI Innovation Executive Order and as federal agencies review their existing AI policies, we have seen an influx of proposed laws at the state level to address concerns about the use of AI in healthcare technology. This increase in state-level activity may lead to regulatory fragmentation that makes it more complex for EHR vendors and health systems to build and support AI tools designed to help advance patient care.

This increased focus on AI is highly relevant to EHR Association members who continue to deploy software capabilities that comply with EHR certification program transparency requirements for the use of Decision Support Interventions (DSI) involving AI and machine learning (ML) capabilities. Most of our member companies are also developing, piloting, or have already deployed generative AI solutions that can be leveraged to resolve many challenges confronting the healthcare industry.

(more…)
Leave a comment
by EHR Association on April 7, 2025  •  Permalink
Posted in AI, Uncategorized
Tagged , , ,

Posted by EHR Association on April 7, 2025

https://ehrablog.org/2025/04/07/core-issues-for-federal-ai-regulations/

« Older Posts
Newer Posts »

  • Categories

  • Follow EHRA on Twitter

  • Enter your email address to follow this blog and receive notifications of new posts by email.

    Join 198 other subscribers

  • Contact Us

    Kasey Nicholoff
    staff @ ehra.org

    Amanda Patanow
    Communications and Media
    ehracomms @ npccs.com