All posts in category Health IT Regulation

HIPAA Security Rule Part Three: Risk-Based and Industry-Aligned Approaches Recommended

By the EHR Association Privacy & Security Workgroup

This three-part blog series shares the EHR Association’s stance on OCR’s proposed changes to the HIPAA Security Rule. Part one focused on our overarching concerns and issues with proposed definitions. Part two and this installment highlight our concerns with OCR’s proposed expectations. 

The HIPAA Security Rule is overdue for modernization, given the rapid pace of technological change and increasing cybersecurity threats. While we support OCR’s intent to strengthen protections for electronic protected health information (ePHI), our analysis of the HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information raised concerns and questions we hope will be addressed before finalization.

(more…)
Leave a comment
by EHR Association on May 9, 2025  •  Permalink
Posted in Health IT Regulation, Privacy and Security
Tagged , , , ,

Posted by EHR Association on May 9, 2025

https://ehrablog.org/2025/05/09/hipaa-security-rule-part-three-risk-based-and-industry-aligned-approaches-recommended/

Finding the Right Balance: Smart Deregulation in Health IT

by Leigh Burchell (Altera Digital Health), Chair, EHR Association Executive Committee

The current administration has made deregulation a central policy priority, aiming to reduce burden and costs in as many sectors of the economy as possible, including health care. This is exemplified by the January 2025 Executive Order 14192: Unleashing Prosperity Through Deregulation, which requires federal agencies to eliminate ten regulations for each new one introduced. 

As the trade association for health IT developers, we believe that smart deregulation should focus on removing outdated, redundant, and low-value requirements with ASTP/ONC and CMS playing a role more focused on driving improvements in standardized interoperability and health data exchange. Health IT regulation should support—not hinder—the industry’s collective ability to deliver safe, effective, and innovative technology solutions, without compromising the progress made or devaluing the investments in health IT over the last fifteen years. As always, we remain committed to working alongside federal agencies within the construct of a regulatory environment that benefits providers, developers, and—most importantly—patients.

(more…)
Leave a comment
by EHR Association on March 13, 2025  •  Permalink
Posted in Health IT Regulation, Public Policy and Health IT
Tagged , , , , , , , , , , ,

Posted by EHR Association on March 13, 2025

https://ehrablog.org/2025/03/13/finding-the-right-balance-smart-deregulation-in-health-it/

EHR Association’s Statement on HHS Strategic Plan for AI In Healthcare

By the EHR Association AI Task Force

On January 10, 2025, the Assistant Secretary of Technology Policy (ASTP) released the U.S. Department of Health and Human Services (HHS) Strategic Plan for the Use of Artificial Intelligence in Health, Human Services, and Public Health.

In the press release announcing its release, HHS described the Strategic Plan as establishing both the strategic framework and operational roadmap for responsibly leveraging emerging technologies to enhance HHS’s core mission while maintaining its commitment to safety, effectiveness, equity, and access. It also outlines the ways HHS will deliver on its goal of being a global leader in innovating and adopting responsible AI that achieves unparalleled advances in the health and well-being of all Americans.

We need to ensure that Americans are safeguarded from risks. Deployment and adoption of AI should benefit the American people, and we must hold stakeholders across the ecosystem accountable to achieve this goal.

“At HHS, we are optimistic about the transformational potential of AI,” said Deputy Secretary Andrea Palm. “These technologies hold unparalleled ability to drive innovation through accelerating scientific breakthroughs, improving medical product safety and effectiveness, improving health outcomes through care delivery, increasing access to human services, and optimizing public health. However, our optimism is tempered with a deep sense of responsibility. We need to ensure that Americans are safeguarded from risks. Deployment and adoption of AI should benefit the American people, and we must hold stakeholders across the ecosystem accountable to achieve this goal.”

Key Plan Points

The Strategic Plan outlines how HHS will mobilize an approach to improve the quality, safety, efficiency, accessibility, equitability, and outcomes in health and human services through the innovative, safe, and responsible use of AI by focusing on four key goals:

  1. Catalyze health AI innovation and adoption to unlock new ways to use AI to improve people’s lives;
  2. Promote trustworthy AI development and ethical and responsible use to avoid potential harm;
  3. Democratize AI technologies and resources to promote equitable access for all; and
  4. Cultivate AI-empowered workforces and organizational cultures to allow staff to make the best use of AI.

HHS says it will adopt a dynamic approach to AI to stay ahead of its rapid evolution while addressing emerging challenges that include Plan updates, continuous risk assessment, stakeholder engagement, and the implementation of robust safeguards that ensure ethical and equitable AI use.

The EHR Association Stance

The EHR Association AI Task Force shares the following thoughts on areas of the Strategic Plan that are of specific interest to the Association’s member companies and the providers who utilize their EHR and other health IT.

We are pleased to see plans to leverage USCDI, USCDI+, HL7, FHIR, and other data standards, along with a focus on TEFCA as a potential transport for information that may be utilized in AI workflows for training or insights. Leveraging the standardized data that already exists in many EHRs will accelerate development of solutions speaking a ‘common language’, as well as the opportunity to benefit from novel AI technologies in the future.

“We are pleased to see plans to leverage USCDI, USCDI+, HL7, FHIR, and other data standards, along with a focus on TEFCA as a potential transport for information that may be utilized in AI workflows for training or insights. Leveraging the standardized data that already exists in many EHRs will accelerate development of solutions speaking a ‘common language’, as well as the opportunity to benefit from novel AI technologies in the future. We are also encouraged to see the ‘human in the loop’ concept throughout the Strategic Plan as a strategy to mitigate risk, particularly at this state of AI maturity,” says Tina Joros (Veradigm), Chair, EHR Association AI Task Force.

When it comes to the expanded scope of HHS responsibilities to appropriately guide safe AI development as outlined in the Plan, Joros notes that “HHS acknowledges that healthcare stakeholders will increasingly use AI technologies and tools that fall outside the scope of FDA regulation or ASTP/ONC authority, including the HTI-1 regulation.”

She adds, “We support conversations about where additional authority may be necessary for HHS to offer meaningful incentives to create uniform standards across the entirety of the healthcare AI ecosystem and not just Certified Health IT. To the extent these incentives also extend to providers using Certified Health IT, they have the potential to spur adoption of AI and build a trusted, transparent system that will help mitigate the risk and cost of adopting new technologies.”

The recognition of the opportunity that exists through artificial intelligence in administrative workflows is a great callout. Innovation in this space can safely improve burnout, as well as the overall cost of healthcare delivery, and thus should be prioritized by policymakers and software developers.

The Association also commends HHS for recognizing the clinical risk inherent in the use of AI in healthcare. AI Task Force Vice Chair Stephen Speicher, MD (Flatiron Health), states: “It is important to take a risk-based approach to developing and deploying AI directly into the healthcare ecosystem. In the AI Strategic Plan, HHS appropriately recognizes the risks that can stem from using AI in high-risk clinical workflows, including diagnosis and treatment, as well as apprehensions about the topic felt by some providers and patients. The recognition of the opportunity that exists through artificial intelligence in administrative workflows is a great callout. Innovation in this space can safely improve burnout, as well as the overall cost of healthcare delivery, and thus should be prioritized by policymakers and software developers.”

Dr. Speicher also acknowledges the potential for AI to widen the technological divide that exists in the U.S. healthcare system and the importance of prioritizing equitable access to AI innovation across the ecosystem.

“A technological divide exists in healthcare in this country, with large high-volume centers in major cities frequently outpacing smaller centers caring for underserved communities,” he says. “We must ensure the deployment of AI technology in healthcare is accessible to small private practices as well as large academic medical centers and health systems to ensure that health equity improves over time in all care settings. Failing to prioritize this, as HHS calls out, risks a further divide in the quality of care available to individuals based on race, ethnicity, zip code, and other demographic factors.”

Leave a comment
by EHR Association on January 15, 2025  •  Permalink
Posted in AI, EHRA News, Health IT Regulation
Tagged , , , , , ,

Posted by EHR Association on January 15, 2025

https://ehrablog.org/2025/01/15/ehr-associations-statement-on-hhs-strategic-plan-for-ai-in-healthcare/

EHR Association Statement on HTI-2 Final Rule

Following is the statement from the EHR Association on the Dec. 11, 2024 publication by ASTP/ONC of the Health Data, Technology, and Interoperability: Trusted Exchange Framework and Common Agreement (HTI-2) Final Rule, which will publish in the Federal Register on Dec. 16, 2024. The scaled-based rule finalizes certain proposals related to the Trusted Exchange Framework and Common Agreement (TEFCA). It also amends the information blocking regulations by including definitions related to the TEFCA Manner Exception and implements provisions to support the reliability, privacy, security, and trust within TEFCA.

“This first rule finalizing parts of the HTI-2 proposals was released on December 11, 2024, and the focus on TEFCA allows ASTP to solidify pillars of that program that outgoing leadership wants to leave as a legacy. We expect the remaining components of the HTI-2 proposed rule to be split into multiple other final rules. In doing so, the EHR Association hopes that ASTP/ONC will prioritize the necessary additional technical corrections specific to health IT vendors, the most urgent of which relate to Insights Measures. As currently drafted, the Insights Measures are likely to produce data of questionable value – something we have been stressing to ASTP since publication of the HTI-1 proposed rule in 2023. As we inch closer to the January 1, 2026, start date, the uncertainty of finalized measurements creates challenges. We hope that future rules finalizing HTI-2 proposals will include helpful and necessary clarifications.”

Leave a comment
by EHR Association on December 12, 2024  •  Permalink
Posted in EHRA News, Health IT Regulation
Tagged , , ,

Posted by EHR Association on December 12, 2024

https://ehrablog.org/2024/12/12/ehr-association-statement-on-hti-2-final-rule/

Election 2024: Potential Impacts on Health IT

By Stephanie Jamison (Greenway Health), Chair, EHR Association Executive Committee

With a new administration poised to enter office and Republicans set to control both the House and Senate, the anticipated impact of the 2024 election on health IT policy is a question many in the industry are contemplating as they consider policy priorities for the year ahead. 

In assessing what to expect from the next four years, we can consider both the previous Trump Administration and those areas where Congress has been vocal in its desire to put forward legislation. While the assumption is that healthcare is unlikely to be the highest priority for either the incoming administration or Congress—the most urgent focus areas will likely be border security, tax, trade, energy, and environmental regulations—technology is top-of-mind in many areas. Legislation addressing AI, cybersecurity, and data privacy is expected to be a focal point of a new Congress.

(more…)
Leave a comment
by EHR Association on December 9, 2024  •  Permalink
Posted in Health IT Regulation
Tagged , , , , , , ,

Posted by EHR Association on December 9, 2024

https://ehrablog.org/2024/12/09/election-2024-potential-impacts-on-health-it/

HTI-2: Immature Standards and Lopsided Mandates

By Danielle Friend (Epic), Chair, Standards & Interoperability Workgroup, and John Stamm (Epic), Vice Chair, Public Health Workgroup

Previous installments of this 3-part blog series on the EHR Association’s top concerns with HTI-2 focused on the overarching issues and specific issues with the complex web of proposed changes to Insights Measures. Our full comments to ASTP are available on our website.

Along with unrealistic compliance timeframes and out-of-sync cross-agency requirements, ASTP’s Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability (HTI-2) proposed rule creates substantial compliance burdens for providers, the EHR developers that support them, and public health agencies (PHAs) due to the laundry list of premature and/or unnecessary and lopsided requirements.

Three areas where these issues are quite prominent are HTI-2’s proposed requirements pertaining to standards, electronic prior authorization (ePA), and public health reporting.

(more…)
Leave a comment
by EHR Association on October 15, 2024  •  Permalink
Posted in Health IT Regulation
Tagged , , , , ,

Posted by EHR Association on October 15, 2024

https://ehrablog.org/2024/10/15/hti-2-immature-standards-and-lopsided-mandates/

« Older Posts
Newer Posts »

  • Categories

  • Follow EHRA on Twitter

  • Enter your email address to follow this blog and receive notifications of new posts by email.

    Join 198 other subscribers

  • Contact Us

    Kasey Nicholoff
    staff @ ehra.org

    Amanda Patanow
    Communications and Media
    ehracomms @ npccs.com