Healthit.gov  > Health IT Dashboard  > 2015 Update to Congress on the Adoption of Health Information Technology > Full Report

Introduction | 2015 Update to Congress on the Adoption of Health Information Technology

In today's connected society, a variety of sources, platforms, and settings generate electronic health information that can inform health goals, behaviors, and decisions. These information sources extend well beyond traditional health care services to create a more expansive, continual pool of vital information. To unlock the full power of information to improve individual health and well-being, essential electronic health information must be available when and where it matters most.

The collaborative efforts of government and private industry must build upon the current health IT infrastructure to prioritize actions that:

Improving the secure availability and use of pertinent health information allows individuals to take ownership of their health, partner with their health care providers and others on care preferences and decisions, and reach their health and quality of life goals. It bolsters the delivery of health care and long-term services and supports, allows communities to reduce health disparities, and improves public health agencies' ability to detect, track, manage, and prevent illness outbreaks and individual harm. Information also fuels research and innovation, spurring advancements in scientific discovery.

This report assesses the current health IT landscape. It also considers methods that may broaden health IT and information use, and offers potential suggestions for Congress to evaluate. The report is divided into four sections that:

Critical Actions

Current Health IT Landscape

The Strategic Plan articulates a mission of improving the health and well-being of individuals and communities through the use of technology and health information that is accessible when and where it matters most. Since the passage of the HITECH Act in 2009, there has been tremendous growth in health IT use among professionals and hospitals eligible for the EHR Incentive Programs. Despite this growth, only 41 percent of non-federal acute care hospitals have clinical information from their patients' outside encounters at the point-of-care.4 Additionally, when seeking care for a medical problem within the last year, about one in three individuals reported experiencing one or more gaps in information exchange.5 In October 2015, ONC released the Interoperability Roadmap, which articulates collective efforts of public and private stakeholders to address these barriers and expand the interoperable health IT ecosystem to make critical health information electronically available when and where it matters most.

Federal agencies are purchasers, regulators, developers, and users of health IT. In their various roles, federal agencies set policy and insure, pay for care, or provide direct patient care for tens of millions of Americans. Federal agencies also protect and promote population and community health by investing in health and human services and in infrastructure. Additionally, federal agencies develop and implement policies and regulations to advance innovation, support research, promote competition, and protect individual and community safety, privacy, and security. This section describes key actions that the federal government took in 2015 to facilitate the adoption of a nationwide system for the electronic use and exchange of health information.

Through ongoing work, as a Department, HHS and our partners must build upon the current health information infrastructure and work together to focus on three key areas:

Federal Health IT Strategic Plan: 2015-2020

The Federal Health IT Strategic Plan (Strategic Plan) represents the collective efforts of more than 35 federal partners to modernize the health IT infrastructure so it can support the use of electronic information from a multitude of sources for a multitude of purposes. The Strategic Plan sets a 5-year vision and mission for the direction that federal health IT programs and policies should take in the years ahead. The vision is four-fold: (1) high-quality care, (2) lower costs, (3) a healthy population, and (4) engaged people. The mission is to improve the health and well-being of individuals and communities through the use of technology and health information that is accessible when and where it matters most.

To support that work, the Strategic Plan lays out a series of principles upon which federal agencies agree to collaborate with one another and with state, territorial, local, tribal, and private stakeholders, including:

The Strategic Plan establishes a long-term vision for federal partners to work together, and there are short-term initiatives on which agencies are collaborating to advance health IT and information use. The federal partners that use and influence the use of health IT are committed to work in concert to achieve the Strategic Plan's goals and objectives that support this national effort. Partners will hold themselves publicly accountable and work with stakeholders to assess progress as the health IT infrastructure advances and new health and technology needs arise.

There is already significant work underway. Federal agencies and offices have begun implementing certain activities and strategies included in the Strategic Plan. This work ranges from detailed and more specific action plans to significant federal initiatives. The Interoperability Roadmap, the HHS Health IT Patient Safety Action and Surveillance Plan, and the Draft FDASIA Health IT Report respectively provide more granular information on actions related to interoperability, patient safety, and the health IT regulatory framework. Another component of Strategic Plan implementation involves the Department of Defense's (DoD) efforts to efficiently improve health care for the active duty military, veterans, and beneficiaries by modernizing the EHR for the Military Health System and establishing seamless medical data sharing between DoD and the Veterans Affairs (VA), and with the private sector.

The Federal Health IT Strategic Plan Framework lays out the Plan's vision, mission, and goals. The Plan lays out a vision of high-quality care, lower costs, healthy population, and engaged people, and a mission to improve the health and well-being of individuals and communities through the use of technology and health information that is accessible when and where it matters most. The Plan presents four goals to accomplish this vision and mission. Goal 1 to advance person-centered and self-managed health. Goal 2 to transform health care delivery and community health. Goal 3 to foster research, scientific knowledge, and innovation. Goal 4 to enhance nation's health IT infrastructure.
Interoperability Roadmap

ONC is committed to advancing a comprehensive interoperability agenda through the Interoperability Roadmap. The Interoperability Roadmap outlines a path to short term success and lays out a long-term vision. The Interoperability Roadmap was developed with extensive input from federal agencies, Congress, and health IT stakeholders, including consumers, health care providers, health IT developers, and public health organizations.

In a recent study by the Government Accountability Office (GAO) of non-federal efforts to help achieve health information interoperability, GAO identified five key challenges to EHR interoperability. These challenges include insufficient EHR interoperability standards; variation in state privacy laws; accurate patient health record matching; interoperability costs; and the need for governance and trust among entities.6 The Interoperability Roadmap addresses these fundamental challenges to interoperability and contains detailed proposals for collaboration through four critical pathways. These pathways identify priority actions that can begin to improve interoperability in the near term and create a foundation for additional long-term improvements in information sharing and system innovation.

Four Critical Interoperability Pathways

The Interoperability Roadmap includes milestones, calls to action, and commitments, which are structured to lay a focused series of steps and activities that all stakeholders must take to achieve interoperability that enables a learning health system. The Interoperability Roadmap focuses on the near-term (i.e., by the end of 2017) actions and roles that health IT stakeholders should perform to make immediate progress and impacts with respect to interoperability. It also emphasizes actions to build on the technology and investments made to date, while continuing to seek ways to support innovation and move beyond EHRs as the sole data source to a wide range of health information technologies used by individuals, providers, and researchers. The goals and milestones in the Interoperability Roadmap serve as guides and a coordination tool, which ONC, its federal partners, and industry can collectively use to measure progress.

For interoperability to make rapid progress, stakeholders need the right drivers in place from a regulatory and payment perspective; policy and technical components will need to be implemented in similar or compatible ways; and new ways to measure our progress, with a focus on outcomes.

To stimulate more collaborative business arrangements and uninterrupted information flow, the federal government will pursue incentives that private payers and other stakeholders can also apply. Primarily, these will center on shifting reimbursement policies from fee-for-service to alternative payment models that reward value-based care. This shift requires a rich source of information, collaborative partnerships, and robust predictive analytics to succeed. Applying financial levers will begin to change the culture toward more open information sharing and trusted electronic health information exchange.

Interoperability, the ability to easily and securely share electronic health information among systems, underpins our ability to implement delivery system reform, precision medicine, and broader health reform goals. With implementation of the Interoperability Roadmap, ONC and its federal partners will work to provide clear guidance and oversight to help stakeholders better understand existing and emerging policies and legal requirements, and continue to collaborate with private stakeholders to address prioritized actions. It will take the collective effort of providers, hospitals, and health systems to align organizational policies to advance interoperability.

Individuals, their families, and chosen caregivers must have access to their electronic health information when and where they need it. Such access is one step toward empowering consumers to better manage their health and work with their providers to make health decisions. Having the right information at the right time supports team-based care, strong care coordination, and effective patient and family engagement, which many provider communities have recognized are fundamental to an efficient and effective care delivery system. Secure exchange of electronic health information can further reinforce the types of relationships that rely on and reward interoperable systems and practices.

Delivery System Reform Efforts

Systems, processes, and tools supported by health IT and health IT infrastructure can simplify and expedite care transformation. Building on efforts and tools initiated by the Affordable Care Act, HHS is augmenting reform in three important and interdependent ways to transform the health system. This transformed system will use incentives to motivate higher-value care by increasingly tying payment to value through alternative payment models; it will change how care is delivered by requiring greater teamwork and integration, more effective coordination of providers across settings, and greater attention by providers to population health; and it will harness the power of information to improve care for patients.7

A key component of delivery system reform efforts is expanding the use of alternative payment models that reward quality over quantity and linking fee-for-service payments to quality and value. Electronic sharing of health information is an important element of how care is delivered under these delivery system reform models because data sharing is necessary in order for any system to tie payment to value through alternative payment models as a means of using incentives to motivate higher-value care. Furthermore, delivery system reform that includes electronic sharing of health information has the potential to change how care is delivered by requiring greater teamwork and integration, more effective coordination of providers across settings, and greater attention by providers to population health and harnessing the power of information to improve care for patients.

In September 2015, HHS announced $685 million in awards to 39 national and regional health care networks and supporting organizations to test strategies to help equip more than 140,000 clinicians with the tools and support needed to improve quality of care, increase patients' access to information, and reduce costs. The Transforming Clinical Practice Initiative is one of the largest federal investments designed to test strategies to support doctors and other clinicians in all 50 states through collaborative and peer-based learning networks. The awards support 29 medical group practices, regional health care systems, and regional extension centers in offering peer-to-peer support to primary and specialty physicians, nurse practitioners, physician assistants, clinical pharmacists, and their practices.In addition, the awards support 10 national organizations and health care professional associations in providing a system for workforce development. These awards are part of a comprehensive strategy advanced by the Affordable Care Act that enables new levels of coordination, continuity, and integration of care, while transitioning volume-driven systems to value-based, patient-centered, health care services.8

ONC activities focus on the delivery system reform goal to improve the way information is shared among providers to create a better, smarter, and healthier system. ONC certifies that health IT products adhere to interoperability standards. Such efforts by ONC in the ONC Health IT Certification Program provide support to stakeholders focused on sharing health information, and work with agencies across HHS to reinforce the use of health information interoperability and the adoption of health IT through a variety of policies and programs.

HHS announced measurable goals and a timeline to move the Medicare program, and the health care system at large, toward paying providers based on the quality, rather than the quantity, of care they give patients. A key goal of this initiative is to have 30 percent of Medicare payments tied to alternative payment models by the end of 2016 and 50 percent of payments by the end of 2018. The health IT infrastructure will need to enable the expansion of successful alternative payment models in a way that supports providers' ability to deliver high quality care to all their patients while reducing overall costs. Supportive health IT resources may include all-payer claims databases, registries, EHRs, health information exchanges, federal claims systems, and other data sources.

Medicare and Medicaid EHR Incentive Programs

In 2009, the HITECH Act authorized the EHR Incentive Programs to provide incentive payments to eligible professionals and hospitals for the adoption and meaningful use of certified EHR technology. CMS designed the EHR Incentive Programs to consist of three stages. Stage 1 began in 2011, which encouraged the adoption of EHR technology and focused on requiring providers to capture essential health information in a structured format in accordance with ONC set certification criteria. Stage 2 built on that foundation and incorporated requirements designed to support advanced clinical processes and to encourage health information exchange through certified EHR technology. In 2014, CMS and ONC jointly published the 2014 CEHRT Flexibility final rule9 to allow providers additional flexibility in the edition of ONC certified EHR technology used and to provide flexibility in when providers were required to start Stage 2.

According to data drawn from the EHR Incentive Programs, as of December 2015, more than 482,000 health care professionals (72 percent of eligible professionals) and 4,880 hospitals and critical access hospitals (CAHs) (99 percent of eligible hospitals and CAHs) received payment for adopting, implementing, upgrading, or demonstrating meaningful use of certified EHR technology in the Medicare and Medicaid EHR Incentive Programs. Over 300,000 unique providers have successfully attested under Stage 1 of meaningful use in the Medicare EHR Incentive Program, and over 60,000 providers (49 percent of eligible professionals and 77 percent of eligible hospitals and CAHs) have attested under Stage 2. Since 2011, more than $8.2 billion in Medicare EHR Incentive Program payments were made to Medicare eligible professionals, more than $4.2 billion Medicaid EHR Incentive Program payments were made to Medicaid eligible professionals, and more than $18.8 billion payments were made to eligible hospitals and CAHs.

Stage 3 of the EHR Incentive Programs

In October 2015, CMS published the EHR Incentive Programs Final Rule, which modified program participation in 2015 through 2017 to realign with the evolving health IT environment and adjust requirements based on provider progress toward key goals. The final rule included provisions to:

The final rule also outlined the Stage 3 requirements for 2017 and subsequent years. Stage 3 focuses on the advanced use of EHRs to support health information exchange and interoperability, quality measurement and care improvement, and patient and family engagement.

Stage 3 increases flexibility and reduces overall reporting burden for providers by, among other things:

In the final rule, CMS also announced a 60-day public comment period to facilitate additional feedback about Stage 3 of the EHR Incentive Programs going forward, in particular with the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), which established the Merit-based Incentive Payment System (MIPS) and consolidates certain aspects of a number of quality measurement and federal incentive programs into one more efficient framework. CMS will use this feedback to inform future policy developments for the EHR Incentive Programs, as well as consider it during rulemaking to implement MACRA, which they expect to release in the spring of 2016. In addition, CMS recently released a separate request for information10 in the fall of 2015 to begin receiving public comment on how MACRA can be implemented.

MACRA alters the EHR Incentive Programs such that the existing Medicare payment adjustment for eligible professionals under 1848(a)(7)(A) of the Act will end in calendar year 2018, and certain aspects of meaningful use will be incorporated under MIPS that will apply to payments beginning in calendar year 2019. CMS has noted that they will continue to consider the needs of the program in light of MACRA.

2015 Edition Final Rule

Through rulemaking, ONC's Health IT Certification Program has finalized three editions of certification criteria and one update to an edition; (2011 Edition, 2014 Edition, 2014 Edition Release 2, and 2015 Edition). In the 2015 Edition final rule3, certification criteria were adopted to further evolve the ONC Health IT Certification Program to support interoperability and health information exchange across systems and throughout the care continuum. The 2015 Edition final rule supports goals in the Strategic Plan and the Interoperability Roadmap of improving the capture and secure exchange of health information across the care continuum.

The 2015 Edition final rule includes the adoption of health IT certification criteria that support patient care, patient participation in care delivery, and electronic exchange of interoperable health information. In addition, the final rule enhances the ONC Health IT Certification Program by including provisions for more rigorous testing of health IT exchange capabilities, establishing explicit requirements for in-the-field surveillance and transparency of health IT, and by making granular information about certified health IT publicly available through an open data certified health IT product list (CHPL). These steps help to improve the reliability of certified health IT and to make more information available to providers regarding certified health IT products.

Key goals of the 2015 Edition final rule include:

Final 2016 Interoperability Standards Advisory

The Interoperability Standards Advisory (ISA) represents the model by which the ONC provides guidance on the best available interoperability standards and implementation specifications for industry use toward specific health care purposes. The ISA's scope focuses on clinical health IT interoperability. The scope of future advisories may expand as necessary and appropriate to support the Interoperability Roadmap's evolution as well as other national priorities.

ONC published the draft 2016 ISA for public comment, and issued a final 2016 ISA in December 2015. The ISA is a coordinated catalog of existing and emerging standards and implementation specifications developed and used to meet specific interoperability needs. In short, the advisory provides a single resource for those looking for federally recognized national interoperability standards and guidance.

Specifically, the 2016 ISA includes significant structural changes (previewed earlier this fall for comment). These changes expanded the ISA's depth and breadth. Most notably, the 2016 ISA includes six informative characteristics for each standard and implementation specification referenced. These characteristics are intended to help provide stakeholders with more context regarding the relative maturity and adoptability of standards and implementation specifications. They also help set a baseline that will allow ONC to track industry progress over time as standards and implementation specifications get updated and retired, move from draft to final, mature from pilot to production, and grow from low to high adoption.

The ISA is a continuous, annual process where ONC advises on updates and improvements in order to keep pace with developments in the health IT industry. ONC will start soliciting public comments in early 2016 to bring to the Health IT Standards Committee (HITSC) and to inform the draft 2017 ISA which will be published in summer 2016. Additionally, ONC is working with industry on a number of fronts, including new standards activities (e.g., Fast Healthcare Interoperability Resources), pilots, and promoting industry-led collaborations such as the Argonaut project.

Precision Medicine Initiative

The President launched the Precision Medicine Initiative (PMI) in January 2015. The mission of PMI is to enable a new era of medicine through research, technology, and policies that empower patients, researchers, and providers to work together toward development of individualized care. Accelerating progress in health IT interoperability will be critical to achieving the vision of precision medicine. ONC's role to support PMI is to: (1) recommend standards and policies to support privacy and security of participant data; (2) identify standards that support a participant-driven approach to data contribution; and (3) identify opportunities for innovative collaboration around pilots and testing of standards that support health IT interoperability for research.

In September 2015, the Health IT Standards Committee's Precision Medicine Task Force made recommendations on standards to support precision medicine, classifying standards development work into three categories: (1) standards readily applicable for PMI; (2) standards that are still emerging and promising but require further piloting and testing in the field; and (3) areas where there are gaps in standards and further standards development work is still needed. This work was carried out in close coordination with the Office of Science and Technology Policy (OSTP) at the White House, the National Institutes of Health (NIH), and the Food and Drug Administration (FDA). Representatives from the other PMI agencies also participated in the task force. The Initiative is now entering the next phase of development with the PMI agencies, including NIH, FDA, and ONC, beginning to implement some of the key elements of PMI.

Patient-Centered Outcomes Research Data Infrastructure

HHS's Office of the Secretary receives funds transferred from the Patient-Centered Outcomes Research Trust Fund annually between 2011 and 2019 to build data capacity for patient-centered outcomes research, with a cumulative estimated total of over $140 million. These funds are managed by the HHS Assistant Secretary for Planning and Evaluation. The goal for these investments is to enable a comprehensive, interoperable, and sustainable data network infrastructure to collect, link, and analyze data from multiple sources to facilitate patient-centered outcomes research. Projects funded from this trust fund are being led by agencies and offices across HHS, including FDA, ONC, the Centers for Disease Control and Prevention (CDC), and CMS, among others. These projects include the Structured Data Capture Initiative and Data Access Framework Initiative.

ONC-Funded Grant Award Programs

ONC announced more than $38 million in grant awards to 20 organizations from 19 states across the country to further efforts toward achieving better care, smarter spending, and healthier people. This includes closing health IT gaps to further the health of individuals and communities. The grant award programs are community and state-based initiatives that help advance health information sharing, enable community members to work together to improve population health, improve the interoperability of health IT systems, and continue efforts to train and nurture the health IT workforce. The grant awards build on programs funded under the HITECH Act.

The successes from the initial HITECH programs saw major accomplishments such as bringing query-based exchange to 37 states, creating a series of learning guides for doctors and health care organizations, and reaching the original Community College Consortia to Educate Health Information Technology Professionals Program workforce goal with 19,773 graduates. Newly funded grant awards will further HHS's efforts to improve the way providers are paid, improve and innovate in care delivery, and share information more broadly to providers, consumers, and others to support better health care decisions while maintaining privacy.

Advancing Interoperability and Health Information Exchange

ONC entered into cooperative agreements for Advancing Interoperability & Health Information Exchange with 12 states or state-designated entities representing all ten HHS regions to assist in moving this vision forward. Awardees are working with ONC to accomplish the following objectives:

Awardees are working with a variety of health care stakeholders focusing on target populations that include individuals and a wide range of clinical and non-clinical caregivers across the entire care continuum. This includes individuals and providers who are not eligible for the EHR Incentive Programs.

Community Health Peer Learning Program

The Community Health Peer Learning Program builds upon the success of the 17 Beacon Communities with a particular focus on supporting population health improvements at the community level. These funds will help clinicians, administrators, organizations, and communities continue to learn, grow, and improve the health of residents while on the path to interoperable health IT. The Community Health Peer Learning Program leverages and cultivates cross-community partnerships around population health challenges through peer learning, subject matter expert guidance, and stakeholder engagement.

ONC has partnered with AcademyHealth (academyhealth.org) to recruit communities across the country through a "call for application" to participate in the collaborative peer learning program. These communities will work to address their population health challenge through improved data aggregation, data portability, and data analysis. In addition to impactful, measurable outcomes addressing community-level population health challenges, this program is working to translate individual community progress into data solutions, best practices, and tools which can be shared with non-participating communities nationwide to accelerate and achieve similar health data sharing successes.

The Workforce Training Program

In continued recognition of the need to invest in the skills and knowledge base of our health care workforce members nationwide, ONC's Workforce Training Program is training 6,000 incumbent health care workers to use new health information technologies in a variety of settings, including: team-based care environments, long-term care facilities, patient-centered medical homes, accountable care organizations, hospitals, and clinics.

Additionally, grantees are using award funds to update training materials from the previous Workforce Curriculum Development program funded under HITECH and expand the curriculum to include the following four key topic areas: population health, care coordination, new care delivery and payment models, and value based and person-centered care.

Patient Safety

Additionally, the 2015 Edition final rule requires the identification of the quality management system (QMS) used in the development, testing, implementation, and maintenance of certified capabilities in health IT, and the QMS identified by the developer must be consistent with federal QMS standards or QMS standards developed by standards developing organizations. The 2015 Edition final rule includes requirements that improve patient-matching criteria to help ensure that accurate and precise patient data is available for information exchange. It also includes requirements that health IT be able to record, access, and exchange the Unique Device Identifiers of patients' implantable devices in a standardized way, which will facilitate access for providers across the patient's care continuum to the implantable device information and allow providers to consider more information about the patient when making care decisions.

Patient Safety Roadmap

In 2015, ONC announced the release of the Health IT Safety Center Roadmap (Patient Safety Roadmap) report, which was developed under contract by RTI International with input from a task force of stakeholders selected and convened by RTI to inform their work. These stakeholders represented diverse interests ranging from clinicians and hospitals that use health IT systems to developers, patient safety organizations, governmental agencies, academic researchers, and other leaders in the field of patient safety and, in particular, health IT safety.

The input from members of the RTI-convened task force was consistent across the diverse perspectives represented on the point that the safety collaborative should promote health IT safety by convening interested parties, performing focused work to identify and disseminate best practices, and serve as the leading voice in addressing patient safety generally and health IT-related safety issues more specifically. The idea of HHS supporting collaborative activities and processes such as the Patient Safety Roadmap describes was originally brought forward in a series of proposals beginning with a report by the National Academy of Medicine (formerly the Institute of Medicine) titled Health IT and Patient Safety: Building Safer Systems for Better Care.

This Patient Safety Roadmap describes a Health IT Safety Collaborative that would serve as a trusted convener of public and private stakeholders to create a learning health system for health IT and patient safety. The non-regulatory, multi-stakeholder format envisioned would be intended to promote the disclosure of more safety-enhancing content and serve as a center of collaboration and shared purpose. This work builds on many of the successes in helping to protect patients by organizations and individuals all across the nation. It also points to some steps needed to respond to unintended consequences of the transition from paper records to health IT and to realize more quickly the potential for even safer, more usable health IT to further improve the general safety of health care. ONC welcomes the opportunity to work with Congress to determine opportunities to further advance the goals of the Health IT Safety Collaborative:

Moving forward, ONC's goal is to realize the vision of a comprehensive federal focus on health IT safety, and the Health IT Safety Collaborative is a key aspect of that health IT safety portfolio. ONC's FY 2017 Budget includes a legislative proposal to establish a Health IT Safety Collaborative. As outlined in the Patient Safety Roadmap, the Health IT Safety Collaborative would leverage existing structures and resources in order to foster collaboration across the many diverse stakeholders who affect and are affected by the safe design, implementation, and use of health IT. ONC looks forward to building further upon the vision in the Patient Safety Roadmap in continued partnership with the health IT community.

Partnerships to Foster Patient Safety Measurement

Advancing health IT safety requires engagement beyond the government. HHS continued its ongoing collaborative work with outside stakeholders, patients, hospitals, and providers. ONC is currently working with the National Quality Forum (NQF) to develop multi-stakeholder consensus around health IT safety measurement priorities, create an organizing framework for health IT safety measures, and identify potential health IT safety measures and current gaps.

Actions to Enhance the Privacy and Security of Electronic Health Information

New Privacy and Security Requirements Included in the 2015 Edition Final Rule

In the 2015 Edition final rule, ONC further advances privacy and security goals by modifying ONC's Health IT Certification Program's approach to privacy and security certification criteria to impact how privacy and security functionalities are to be built into the software. This means that if a provider chooses to buy certified health IT products, the certified product should already have certain privacy and security functionalities built in. These new and enhanced certification criteria cannot guarantee the health IT product is secure. However, these technical requirements shift the responsibility onto the developers and manufacturers to demonstrate their compliance with ONC's Health IT Certification Program's requirements. Because privacy and security functionality and cybersecurity issues continue to evolve, ONC regularly evaluates available technical standards and may add updated certification criteria that support the privacy and security of electronic health information.

Specifically, in the 2015 Edition final rule, the Secretary adopted a criterion for the Data Segmentation for Privacy Standard (DS4P)11. This technical standard allows providers to flag sensitive health information (e.g., drug and alcohol rehabilitation data, behavioral health, or HIV information) that is entitled to more protections, while still enabling that data to be included in an electronic data stream. Without DS4P, the sensitive health information would be either not exchanged, or exchanged via fax. Thus, DS4P supports the interoperable exchange of sensitive health information for individuals that have health data that may receive additional protections under applicable law.

Additionally, ONC added security requirements to the API certification criteria to ensure that consumer apps are authenticated, data is encrypted, at rest is a technical default, and data exchanges are audited. Lastly, the 2015 Edition final rule certification criteria includes requirements that EHRs certified under the ONC Health IT Certification Program allow patients to choose to transmit their data to third parties of their choosing via either encrypted email (i.e., Direct protocol) or unencrypted email, as is the patient's right under the HIPAA Privacy Rule, 45 CFR 164.524.

Guide to Privacy and Security of Electronic Health Information and Educational Video

In April 2015, ONC in collaboration with Office for Civil Rights (OCR) published the revised Guide to Privacy and Security of Electronic Health Information (Guide). Last published in 2011, ONC and OCR updated this Guide to bring new, practical information about privacy and security to small and medium-sized provider practices, other information technology professionals (many of whom may be considered Business Associates under HIPAA), and the public.

The Guide includes practical information on issues like cybersecurity, patient access through certified health IT, secure electronic communication between patients and their providers, and other EHR technology features available under the 2014 Edition final rule. The Guide also includes new, practical examples of the HIPAA Privacy and Security Rules in action, to help stakeholders understand how those rules apply to their businesses and the people they serve. These practical examples are a first step in a larger collaborative effort with OCR to ensure that stakeholders more accurately understand how HIPAA today supports interoperability.

ONC also worked with OCR to release the "Your Medical Records: What You Need to Know" educational video for patients about their right to access health information, why it is important, and what they can do with that information once they electronically access it. Health care providers can use and share this video to encourage individuals to learn more about their right and benefits of accessing personal health information and how to get that access.

Electronic Consent Management: Landscape Assessment, Challenges, and Technology

ONC released the Electronic Consent Management Technology Landscape Assessment that documents input an ONC contractor collected from various stakeholders, including health information organizations (HIOs), health care providers, and health IT developers. The scope of the assessment documents whether there are significant technical barriers to widespread electronic consent management, based on how some HIOs, providers, and developers manage patient consent when they share health information via health information exchange as of 2014. The conclusion of the report indicates there are not technical barriers to widespread electronic consent management, but there are policy challenges.

Actions to Improve Security and Cybersecurity

In 2015, several large-scale data breaches were reported to OCR by entities it regulates. These breaches affected over a hundred million Americans. To improve cybersecurity protection in the health and public health sectors, the 2015 Edition final rule includes several technical requirements intended to improve the technical security capabilities of certified health IT products, such as the encryption default at rest described above. The rule, however, specifies requirements only for certified health IT products.

To help improve cybersecurity in the health and public health sectors, and consistent with Executive Order 13961, in 2015 and for 2016, ONC supports efforts of the HHS Assistant Secretary for Preparedness and Response to improve cyber threat sharing across the health and public health sectors. Additionally, in 2015 ONC and OCR updated their jointly published Security Risk Assessment tool for small and medium sized providers to fix bugs and update browser functionality. Finally, ONC also coordinates these and other cybersecurity efforts with key federal security agencies such as Department of Homeland Security, the Federal Bureau of Investigation, and the National Security Council.

ONC also launched new webpages in January 2015 focusing on cybersecurity for the health care industry.12 The webpages highlight ONC's continued effort to promote the use and adoption of the National Institute of Standards and Technology (NIST) Cybersecurity Framework for Critical Infrastructure Cybersecurity13 and include an updated "Top 10 Tips for Cybersecurity in Healthcare."14

Finally, in November 2015, ONC launched a task force charged by the two ONC Federal Advisory Committees with identifying substantive privacy and security concerns regarding the operation of APIs in health care, and with developing recommendations for ONC on how to address concerns the Task Force identifies.

Health IT Progress Update

This section of the report primarily uses the most recently available data to provide a snapshot of the nation's health IT environment through 2014. The data reported is collected through annual surveys, resulting in a lag time between data collection and data reporting.

Progress on Health IT Adoption and Use

Well-designed health IT can propel a health care system based on trust, value, and quality improvement. Electronic health information and health IT can support care models that are best suited to complement and uphold individuals' choices and needs as they establish and achieve their health goals. Further, knowledge of how providers use information and technology and engage their patients with it will guide individuals to select providers that can support their health goals and improve overall health equity.

High-quality, accurate, and relevant electronic health information improves the ability of providers to manage and advance population health. Interoperable electronic health information provides a foundation to measure, report, and provide feedback on care quality for a number of public-facing and internal purposes. Expanded use of health IT that combines beneficial decision supports and appropriate clinical quality measures will help the nation to achieve continuous quality improvement and important health outcomes.

Electronic Health Record Adoption by Physicians and Hospitals

Hospitals and physician offices across the nation have made great efforts in transitioning from paper to electronic systems and processes since the HITECH Act passed. In 2008, health IT adoption was in its nascent stages. Approximately four in ten office-based physicians reported having an EHR,15 while one in ten hospitals had adopted an EHR with advanced functionalities. The combined efforts of initiatives like the Regional Extension Centers, the ONC Health IT Certification Program, use of standard terminologies, and the EHR Incentives Programs have brought the nation past a tipping point in the use of health IT.

Figure 1: Possession of certified EHR among office-based physicians and hospitals

Figure 1 depicts the percent of office-based physicians and hospitals who possess a certified electronic health record

SOURCE: (1) Centers for Disease Control and Prevention, National Center for Health Statistics, National Electronic Health Records Survey; (2) ONC/American Hospital Association (AHA), AHA Annual Survey Information Technology Supplement
NOTES: A certified EHR is EHR technology that meets the technological capability, functionality, and security requirements adopted by the Department of Health and Human Services. Possession means that the provider has a legal agreement with the EHR vendor, but is not equivalent to adoption.

According to survey data, in 2014, three-quarters of office-based physicians report using a certified16 EHR17. As of 2014, more than eight in ten physicians had adopted any EHR, which is almost double the EHR adoption rate in 2008. Nearly three-quarters of physicians had adopted a certified EHR, and a little over half of office-based physicians were using all functionalities associated with a Basic EHR (51%).18 Rates of Basic EHR adoption were lower because only six in ten physicians were using the "viewing imaging results" functionality, a criterion of the Basic EHR definition. Adoption of each of the other Basic EHR criterion was above 80 percent.

According to survey data, nearly all hospitals (97 percent) reported having a certified EHR technology19 in 2014.20 Additionally, there was significant growth in Basic EHR adoption,21 a historical measure that predates the EHR Incentive Programs.22 In 2014, three out of four (76 percent) hospitals had adopted at least a Basic EHR. This represents an increase of 27 percent from 2013 and an eight-fold increase since 2008. Seventy percent of small hospitals (less than 100 beds), rural hospitals, and critical access hospitals had adopted a Basic EHR with clinician notes.

Individual Access to Electronic Health Information and Use of Health IT

In 2014, nearly four in ten Americans were offered electronic access to their medical record.5 The proportion of Americans offered online access to their medical records rose by more than a third between 2013 and 2014. In 2014, 55 percent of individuals who were offered access viewed their information at least once within a 12-month period. Among individuals who viewed their data at least once, over one-third downloaded their data and around one in ten transmitted their health information electronically or shared it with their health care provider.

Individual use of certain types of information technology to interact with health care providers, view personal health information, and track health and wellness grew.23 In 2014, close to half of individuals used selected types of health IT and other IT, which was a significant increase from 2013. Use of mobile health applications increased, as 17 percent of individuals used a smart phone health application in 2014. Individuals' use of one or more of these varying types of IT significantly grew between 2013 and 2014, from 39 to 48 percent. Approximately one in five individuals used text messaging to communicate with their health care provider, triple the rate from 2012. Nearly one-third of individuals emailed their provider in 2014, compared to less than one in four individuals in 2013.

Six out of ten hospitals provide patients with the ability to electronically view, download, and transmit their health information.24 This is a significant increase from 2013, where one in ten (10 percent) hospitals provided the capability. Most hospitals allow patients to transmit (66 percent) and download (82 percent) health information; however nearly all hospitals (91 percent) allow patients to view their health information electronically.

Figure 2: Percent of non-federal acute care hospitals that provide patients with the capability to electronically view, download, and transmit their health information

Figure 2 depicts the percent of non-federal acute care hospitals that provide patients with the capability to electronically view, download, and transmit their health information

SOURCE: ONC/American Hospital Association (AHA), AHA Annual Survey Information Technology Supplement, 2012 - 2014
NOTES: *Significantly different from previous year (p < 0.05). Data regarding View, Download, and Transmit were not collected in 2012.

Increasingly, hospitals are adopting various types of electronic patient and family engagement capabilities.20 In 2014, nearly three-quarters of hospitals (72 percent) had the capability to allow patients to electronically request an amendment to their own health information. This is more than double the amount of hospitals that had this capability in previous years. Four in ten hospitals allow patients to request prescription refills (39 percent) or schedule appointments online (41 percent). Over two-thirds of hospitals allow their patients to pay bills online (67 percent). One in three hospitals (32 percent) allows patients to submit their own data electronically. Over half of hospitals (51 percent) allow their patients to send and receive secure messages electronically.

More than half of physicians electronically shared health information with their patients in 2014.25 Physicians' electronic information sharing with patients had double-digit increases between 2013 and 2014. In 2014, 42 percent more physicians granted their patients view, download, or transmit access to their electronic health information and 52 percent of physicians exchanged secure messages with their patients, a 30 percent increase between 2013 and 2014.

Figure 3: Proportion of office-based physicians who electronically shared health information with patients in 2013 and 2014

Figure 3 depicts the percent of office-based physicians who electronically shared health information with patient in 2013 and 2014

SOURCE: 2013 and 2014 National Electronic Health Record Surveys
NOTES: *Statistically different from 2013 value (p < 0.05). Electronically share with patients shows the proportion of unique providers who either exchange secure messages or provide patients access to their electronic health information.

Health Information Exchange and Interoperability

Interoperability is the ability of a system to exchange electronic health information with and use health information from other systems without special effort on the part of the user. For the health IT infrastructure to reach its potential to improve health and care, it must facilitate the appropriate and effective use of progressively complex clinical and non-clinical electronic health information across a multitude of settings for a multitude of purposes. Interoperability that brings a broader scope of electronic health information to individuals beyond the care delivery system will support healthier people and stronger communities.

The industry has achieved interoperability for some needs (e.g., e-prescribing). In other cases, barriers such as technical standards, compelling financial incentives, and information blocking have prevented persistent information exchange and interoperability. This section provides a progress update on measures of exchange and interoperability among hospitals, ambulatory providers, and public health.

Health Information Exchange among Ambulatory Providers

In 2014, four in ten office-based physicians report sharing patient health information electronically.25 Although the proportion of physicians who electronically shared patient health information with other providers increased 7 percent between 2013 and 2014, only four in ten physicians electronically shared patient health information with other providers in 2014.

Figure 4 depicts the percent of office-based physicians who electronically shared patient health information with any providers and electronically shared patient health information outside their organization in 2014

SOURCE: 2014 National Electronic Health Record Survey

Rates of electronic sharing with long-term care, behavioral health, and home health providers were lower than rates of electronic sharing with ambulatory care providers.25 Electronic sharing by physicians was more commonly performed with providers within their own organization than with providers located in outside organizations. One-quarter of physicians reported electronically sharing patient health information with ambulatory care providers located in outside organizations; fewer than one in ten physicians reported sharing with unaffiliated hospitals. A majority of physicians who shared health information with ambulatory care providers did so with ambulatory care providers outside their organization. In contrast, most sharing between physicians and hospitals was between affiliated partners.

Figure 5: Percent of office-based physicians electronically sharing patient information with selected provider types, 2014

Figure 5 depicts the percent of office-based physicians who electronically shared patient health information in 2014 with ambulatory care providers, hospitals, home health providers, behavioral health providers, and long-term care providers

SOURCE: 2014 National Electronic Health Record Survey.
NOTES: The proportion of physicians who reported sharing information with either an unaffiliated hospital or outside organization's ambulatory care provider was similar to the proportion of physicians who shared information with outside organization's ambulatory care providers. Most physicians who shared with unaffiliated hospitals also shared with ambulatory care providers outside their organization.

Health Information Exchange among Hospitals

Three-quarters of hospitals electronically exchanged health information with outside providers in 2014.26 Hospitals' electronic health information exchange with hospitals or ambulatory care providers outside their organization increased by 85 percent from 2008 to 2014, and increased by 23 percent since the previous year (2013). Close to seven in ten hospitals (69 percent) electronically exchanged health information with ambulatory providers outside of their system in 2014. This represents a 92 percent increase since 2008 and a 21 percent increase since 2013. In 2014, the exchange gap among hospitals and outside hospitals and ambulatory providers began to narrow as hospital-to-hospital exchange increased by 55 percent between 2013 and 2014.

Figure 6: Percent of non-federal acute care hospitals that electronically exchanged laboratory results, radiology reports, clinical care summaries, or medication lists with ambulatory care providers or hospitals outside their organization: 2008-2014

Figure 6 depicts the percent of non-federal acute care hospitals that electronically exchanged laboratory results, radiology reports, clinical care summaries, or medication lists with ambulatory care providers or hospitals outside their organization from 2008 to 2014.

SOURCE: ONC/American Hospital Association (AHA), AHA Annual Survey Information Technology Supplements, 2008 - 2014.
NOTES: *Significantly different from previous year (p < 0.05).

Over three-quarters (78 percent) of hospitals sent patient summary of care records; however, only about half (56 percent) received summary of care records from outside sources.26 Four in ten hospitals (40 percent) were able to use (i.e., integrate) summary of care records received without manual entry. Nearly half of hospitals (48 percent) reported their providers engaged in electronically finding (i.e., querying) their patients' health information from sources outside their organization or hospital system.

Figure 7: Percent of U.S. non-federal acute care hospitals that electronically find patient health information, and send, receive, and use patient summary of care records from sources outside their health system, 2014

Figure 7 depicts the percent of non-federal acute care hospitals that electronically find patient health informaton, and send, receive, and use patient summary of care records from sources outside their health system in 2014.

SOURCE: ONC/American Hospital Association (AHA), AHA Annual Survey Information Technology Supplement, 2014.
NOTES: Find is the only interoperable exchange activity not specific to summary of care records. Find refers to query. Send and Receive include routine exchange using secure messaging using an EHR, using a provider portal, OR via health information exchange organization or other third party. Use requires that the records are integrated into the hospital's EHR system without the need for manual entry.

Rates of both sending and receiving summary of care records between hospitals and ambulatory care providers outside their hospital system are higher than rates of electronic exchange with long-term care providers and behavioral health care providers.26 Approximately half of hospitals send data to outside hospitals and ambulatory care providers; whereas four in ten (42 percent) hospitals reported sending summary of care records to long-term care providers (inside and outside their system) and fewer than three in ten (28 percent) hospitals reported sending summary of care records to behavioral health providers (inside and outside their system). While approximately three in ten hospitals received summary of care records from outside hospitals and ambulatory care providers, only one in six hospitals reported receiving summary of care records from long-term care providers (17 percent) and behavioral health providers (16 percent).

Figure 8: Rates of sending and receiving summary of care records between hospitals and other providers (by provider type)

Figure 8 depicts the rates of sending and receiving summary of care records between hospitals and other providers by outside hospitals, outside ambulatory care providers, long-term care providers, behavioral health providers.

SOURCE: ONC/American Hospital Association (AHA), AHA Annual Survey Information Technology Supplement, 2014.
NOTES: Does not include eFax. Summary of care records are in a structured format (e.g., CCDA). Exchange with long-term care providers and behavioral health providers includes both those inside and outside the hospital's health system.

Four in ten non-federal acute care hospitals nationwide reported having the necessary clinical information available electronically from outside providers or sources when treating a patient that was seen by another provider or setting. This represents a baseline estimate regarding whether hospitals have essential patient health information electronically available at the point of care from sources outside their system. The availability of key clinical information at the point of care has important implications for patient safety and care coordination.27, 28 Increasing the availability of information is also critical to support the expansion of care transformation efforts nationwide.29

About one-quarter of hospitals reported that they engaged in all four interoperable exchange activities (e.g., find, send, receive, and use).4 Hospitals engaging in more interoperable exchange activities had significantly higher rates of necessary patient information electronically available from outside sources and providers. Nearly nine in ten hospitals that conducted all four activities associated with interoperability had information available from outside settings, which is nine times higher than hospitals that did not conduct any of these activities.

Health Information Exchange with Public Health Entities

Electronic reporting to public health agencies improves the timeliness and completeness of data necessary to identify disease outbreaks and track disease trends over time.30, 31 To promote electronic information exchange between hospitals and public health agencies, the EHR Incentive Programs include objectives to promote electronic reporting of data regarding immunizations, emergency department visits ("syndromic surveillance"), and infectious disease laboratory results.32, 33

Most hospitals were located in jurisdictions that had the ability to receive electronic information; however, the capacity to receive that information was not the same across all measures.34 Seventy-two percent of Stage 2 hospitals reported, without exclusion, on all applicable public health measures, compared to 5 percent of Stage 1 hospitals. Immunization registry reporting had the highest overall rate at 73 percent, but less than half of participating hospitals reported on either the electronic laboratory reporting or syndromic surveillance measures. One factor driving this difference was the ability of the local public health agencies to receive the data electronically. For example, among Stage 2 hospitals for which reporting was mandated, 21 percent reported that their local jurisdiction could not receive their electronic syndromic surveillance data, 15 percent reported their jurisdiction could not receive their electronic laboratory results data, and 9 percent reported their jurisdiction could not accept their electronic immunization data.

In 2014, 90 percent of eligible professionals participating in Stage 2 of the Medicare EHR Incentive Program electronically reported immunizations to local registries.35 Electronic reporting to Immunization Information Services (IIS) was an optional measure for participants at Stage 1 of the Medicare EHR Incentive Program, and a required measure for Stage 2. Seventy-two percent of participating Medicare professionals who vaccinate reported electronically to an IIS in 2014. Since 2011, electronic IIS reporting among eligible professionals participating in the Medicare EHR Incentive Program has risen by almost half.36 Concurrently, the percentage of professionals whose local jurisdiction cannot receive electronic messages dropped by half.

Key Barriers

Despite progress in health IT adoption, use, and exchange, many barriers remain to fully modernize and expand integration of the U.S. health IT infrastructure so that individuals, their providers, and communities can use it to help achieve health and wellness goals. This section outlines key barriers, grouped by health IT adoption, interoperability, and safety.

Health IT Adoption Across the Care Continuum

Under current law, Medicare and Medicaid programs have no authority to provide financial incentives for the adoption of certified EHR technology among psychiatric hospitals, community mental health centers, residential and outpatient mental health and substance use disorder treatment clinics, and non-physician mental health professionals. Only eligible facilities (hospitals and critical access hospitals) and eligible professionals (physicians and dentists, as well as some nurse practitioners, certified nurse midwives, physician assistants in Federally Qualified Health Centers (FQHCs), optometrists, and chiropractors) can currently receive incentives under the EHR Incentive Programs.

Behavioral Health Providers

As of 2012,37 only 2 percent of psychiatric hospitals had adopted EHRs.38 While 20 percent of community mental health centers had EHRs in all of their clinic sites in 2012, only 2 percent of community mental health centers reported that they could meet the requirements of the EHR Incentive Programs.39 EHRs that do not meet these requirements might not have the safety- and quality-enhancing functionalities of certified EHR technology. In addition, these systems might not be fully interoperable with certified EHR technology, or have the privacy and security functionalities40 needed for behavioral health providers to exchange health information across the continuum of care.41, 42

Since current EHR adoption rates among behavioral health providers and facilities are low, integrating and coordinating behavioral health and medical care requires health IT infrastructure to promote and support adoption among behavioral health providers. The adoption and meaningful use of EHRs by behavioral health providers is essential to the pursuit of high-quality care, lower costs, a healthy population, and engaged people. Treating the whole person, inclusive of mental health and substance use disorders, is a key strategy driving current delivery system reform efforts.

Long-Term and Post-Acute Care Providers

There are no authorities under current law for Medicare to provide financial incentives for the adoption of certified health IT among long-term care providers. Long-term care providers play a critical role in health care delivery system reform, but they lag in adoption of EHRs. Long-term care providers have a frequent need to exchange health information with other providers to ensure continuity of care for the patients they serve.

As participation in accountable care organizations (ACOs) and bundled payments expands, long-term care providers need to adopt and implement certified EHR technology with key functions specific to this setting of care in order to effectively deliver and coordinate care, which requires an investment in both technology and care process redesign. Effectively using EHRs could improve performance of skilled-nursing facilities in value-based purchasing and help with the sustainability of bundled payments involving post-acute care.

Long-term care and behavioral health care providers, in particular, have limited capabilities to electronically exchange data with outside providers.43, 44, 45 Hospitals' rates of both sending and receiving patient summary of care records to and from long-term care and behavioral health care providers were considerably lower than electronic exchange with outside hospitals and ambulatory care providers.4

Health IT Transparency

The persistent lack of transparency and access to reliable information about health IT products and services, including for electronic health information exchange, is a significant barrier to interoperability. This lack of transparency and reliable information about health IT products and services impacts the efficient functioning of health IT markets, reducing opportunities to advance interoperability through vigorous competition and innovation in the marketplace. In particular, providers cannot effectively compare solutions and select those that meet their needs when they lack access to basic information about the costs, limitations, and trade-offs of competing health IT products and services. This includes capabilities that will enable them to participate in new care delivery and payment models that leverage health information exchange and analytics. In addition, providers are more likely to become "locked in" to technologies, which diminishes incentives and opportunities for health IT developers to improve their technologies and compete to deliver more innovative, more advanced, and less expensive products and services that meet the needs of providers, patients, and the health care system.

For these reasons, improving transparency in health IT markets continues to be a major focus for ONC. In the 2015 Edition final rule, ONC introduced new and significantly enhanced transparency and disclosure obligations for developers by including provisions for more rigorous testing of health IT exchange capabilities, establishing explicit requirements for in-the-field surveillance and transparency of health IT, and by making granular information about certified health IT publicly available through an open data certified health IT product list (CHPL). Nevertheless, there are limits to the types of information that ONC can require developers to disclose. Additional transparency requirements would greatly enhance the ability of providers and other customers to access and easily compare more detailed information about specific costs, capabilities, limitations, and other performance characteristics of certified health IT, including capabilities for interoperable health information exchange. This would help providers make more informed purchasing decisions, and could create powerful economic incentives for health IT developers to solve technical challenges and rapidly improve the interoperability, usability, and other aspects of their technologies.

Interoperability Challenges

Although a number of successful electronic health information-sharing arrangements exist today, the broader health IT ecosystem must overcome at least three fundamental challenges to achieve extensive near- and long-term interoperability success. First, there is variation in how standards are tested and implemented. Second, there is significant variation in how health IT stakeholders interpret and implement government policies and legal requirements. Third, health IT stakeholders are reluctant to embrace supportive business practices that can reinforce and expand collaborative data use arrangements and foster meaningful consumer engagement and action.

These fundamental challenges are interrelated, and actions taken to address one challenge must also consider impacts on the others, and make adjustments as necessary. Because these challenges are long-standing and have been difficult to mitigate, health IT stakeholders have often focused on managing their individual information needs and practices. Approaching information exchange and shared use of information from the perspective of promoting a collective "greater good" and adopting long-range behavior and cultural change could lead to societal benefits, as well as create promising business opportunities and innovations.

Hospitals reported that a lack of exchange partners with the capability to electronically receive information was a barrier to interoperability for most hospitals.4 Frequently reported technical barriers were related to provider directories and patient matching. Common operational barriers experienced by hospitals included cumbersome workflows to send information from their EHR system, and recipients of patient summary of care records who did not consider the information useful. Additionally, few hospitals (10 percent) reported that they typically do not share data with outside providers.

Figure 9: Percent of U.S. non-federal acute care hospitals that identified the following issues when trying to electronically send, receive, or find patient health information to/from other care settings or organizations

Figure 9 depicts the percent of U.S. non-federal acute care hospitals that identified the several issues when trying to electronically send, receive, or find patient health information to/from other care settings or organizations.

SOURCE: ONC/American Hospital Association (AHA), AHA Annual Survey Information Technology Supplement, 2014

Policies Supporting Health Information Exchange

A key component to interoperable health information exchange is the development of consistent policies and operating practices for trading partners. Health IT governance ensures that those participating in the exchange and interoperability of health information can follow the same "rules of the road" and be held accountable to following those policies and practices. Where such policies and practices define and outline basic expectations for trading partners around health information exchange, interoperability and the exchange of information can improve.

Local or regional areas have done this through contract vehicles; however, to get to nationwide interoperability, stakeholders need to have common policies and practices that hold entities accountable and that federal agencies can require through their programs. ONC has committed to the development of a policy advisory on health information exchange by 2017 and will continue to examine a mechanism for health IT governance. ONC looks forward to working with Congress to determine ways to advance policies and practices that support provider-focused, person-centered interoperable health information exchange that advances health information exchange and deters information blocking.

Expose and Discourage Health Information Blocking

Information blocking occurs when persons or entities knowingly and unreasonably interfere with the exchange or use of electronic health information. These practices undermine efforts to advance the use of information and technology to improve health and health care.

Evidence and experience suggest that information blocking is occurring and may become even more prevalent as technical and other challenges of sharing electronic health information are reduced. Inevitably, some market participants will regard this trend towards greater data liquidity as contrary to their individual business interests and will seek to retain control over electronic health information in ways that limit its exchange and use.

Together with federal partners, ONC is aggressively pursuing all available administrative avenues to help target and address information blocking.46 Many of these actions are detailed in ONC's Report to Congress on Health Information Blocking47, released in 2015. ONC has already taken steps to address information blocking, such as through new certification requirements that require more aggressive surveillance of certified health IT capabilities in the field and that require health IT developers to disclose additional information about health IT limitations and types of costs. ONC and CMS have also made it easier for stakeholders to report information blocking through a new Health IT Complaint Form and are coordinating with other agencies to increase scrutiny of these business practices.

While these actions are important, preventing information blocking will require overcoming significant gaps in current knowledge, programs, and authorities that limit the ability of ONC and other federal agencies to effectively target, deter, and remedy this conduct. Most significantly, current law does not directly prohibit information blocking and provides no effective means to investigate and remedy it. In some circumstances, information blocking may interfere with an individual's legal rights under the HIPAA Rules to access and direct their protected health information. The HHS Office of Inspector General recently issued an alert on Information Blocking and the Federal Anti-Kickback Statute.48 However, while these and other laws prohibit certain kinds of information blocking in limited and narrow circumstances, federal and state law offer little protection against most kinds of information blocking.

In addition, many health IT developers require providers and their employees to adhere to broad non-disclosure and other contractual terms that prevent or discourage individuals from openly discussing information blocking and other concerns related to their developer's business practices or the performance of their technology. These practices make it difficult to expose information blocking, reliably estimate its full extent and impact, and develop effective policies to address this significant interoperability challenge. ONC continues to work with Congress to explore additional avenues for eliminating information blocking and ensuring continued progress towards the nation's health IT and health care goals.

Privacy and Security

Variation in State and Federal Privacy Laws

Many states have their own laws and regulations to protect the privacy of health information that apply in addition to HIPAA privacy protections and requirements on use and disclosure. These statutes and regulations vary from state-to-state, often narrowly targeting a particular population, health condition, information collection effort or specific type(s) of health care organizations. These diverse state laws are philosophically aligned towards preventing health-status discrimination. The laws' content, however, varies widely. The variation causes confusion among exchange partners, and makes it difficult and expensive to harness technology to ensure privacy compliance. This, in turn, impedes interoperability.

Safety and Usability Challenges

There is clear and emerging evidence that the broad scale implementation and use of health IT has augmented the general safety of health care, but there are still best practices to be agreed upon and more broadly and consistently implemented across the spectrum of health care providers and entities.

Need for Health IT Safety Collaborative

The National Academy of Medicine recommended a consensus-based collaborative effort focused on health IT safety in a 2011 health IT and patient safety report49. The draft 2014 Food and Drug Administration Safety and Innovation Act (FDASIA) Health IT Report to Congress made a similar recommendation. ONC contracted with RTI International to develop a Patient Safety Roadmap describing structure and operations of a potential center of health IT collaboration. To inform the report, RTI selected and convened a task force of diverse stakeholders with expertise in health IT safety, including representatives from ONC, Agency for Healthcare Research and Quality (AHRQ), FDA, Federal Communications Commission (FCC), and CMS as well as private sector perspectives. The task force members across the spectrum of stakeholder perspectives indicated that a non-regulatory, health IT safety initiative - such as a "safety collaborative" - would be the most effective approach to addressing the unintended consequences of transitioning from paper records to health IT and to realize more quickly the potential for even safer, more usable health IT to further improve the general safety of health care.

HHS Efforts to Gather and Use Recommendations

Agencies within HHS use the annual budget requests (i.e., Congressional Justification of Estimates for Appropriations Committees) to make formal recommendations to Congress to advance health IT adoption and use across the health care delivery system.

ONC's FY 2017 Budget includes four legislative proposals, which aim to further the advancement of nationwide interoperability, reliability, and transparency of health IT. ONC is proposing additional authorities that would combat information blocking, enhance transparency, implement governance activities to guide business practices, and establish a Health IT Safety Collaborative.

Establish Health IT Governance Certification: Nationwide interoperability, reliability, and transparency cannot be accomplished through technical requirements alone. This proposal will allow ONC to establish standards, implementation specifications, and certification criteria related to the business policies, practices, and behavior of health IT entities.

Prohibit Information Blocking and Associated Business Practices: Current evidence and experience suggest that persons and entities are engaging in information blocking, interfering with the exchange and use of electronic health information. This proposal would provide a coordinated approach to explicitly prohibit information blocking and investigate and impose appropriate sanctions for offenders.

Require Health IT Transparency: This proposal would authorize the Secretary to require that certified health IT vendors submit ongoing and detailed information to the National Coordinator concerning the costs, capabilities, limitations, and other performance characteristics of certified health IT. ONC will be able to address the lack of transparency in health IT products and services, which stakeholders ranging from industry associations to Congress have identified as a serious problem impairing the efficient functioning of health IT markets.

Provide ONC Authority to Use Contracts, Grants, or Cooperative Agreements to Establish a Health IT Safety Collaborative and Provide Adequate Confidentiality Protections: Through this proposal, ONC will establish a Health IT Safety Collaborative that identifies and strengthens ways to encourage better reporting of health IT-related safety events. This public-private partnership will provide a confidential space for developers and providers to address concerns and cultivate new educational resources and training materials to build health IT safety competencies.

By coordinating and aligning patient safety activities between federal and private actors, the Health IT Safety Collaborative will ensure that approaches to health IT safety are properly implemented and evaluated. Members of the Collaborative will support and develop targeted solutions to health IT-related safety issues identified through evidence.

ONC also uses its convening authority to engage with a diverse group of private, non-profit, and public sector stakeholders to identify health IT policy issues and forge consensus-based solutions. By investigating alternative and creative solutions, ONC designs policies to remove barriers that limit market progress to achieve the meaningful use and optimization of health IT. These solutions must keep pace with the evolving health IT market by continuing to create new opportunities for investment and improve licensees' and purchasers' confidence in their health IT choices.

For example, ONC released draft versions of both the Strategic Plan and the Interoperability Roadmap for public comment. The insight collected from a diverse set of stakeholders focused on specific programs as well as overall directional improvements to the final versions of the Strategic Plan and Interoperability Roadmap.

Federal Advisory Committees

ONC maintains two Federal Advisory Committee Act (FACA) bodies, also known as advisory committees: the Health IT Policy Committee (HITPC) and the HITSC.

The HITPC makes recommendations to the National Coordinator on policy for the development and adoption of a nationwide health information infrastructure. ONC solicits recommendations from the HITPC to inform policy decisions and guide the development of pilots, studies, and other programs used to inform future stages of policy development.

The HITSC is charged with making recommendations to the National Coordinator on standards, implementation specifications, and certification criteria for the electronic exchange and use of health information. The HITSC makes such recommendations that can support federal health IT policies and are responsive to the needs of the health IT community and marketplace.

Several workgroups and task forces have formed as sub-committees to the parent FACAs. These workgroups meet periodically to discuss their topics, present their findings at HITPC and HITSC meetings, and make recommendations to the committees. The tables below illustrate the recommendations of the HITPC and HITSC in 2015. A full list of recommendations can be found on HITPC and HealthIT.gov.

Health IT Policy Committee's Report to Congress on Interoperability Barriers and Challenges

The Consolidated and Further Continuing Appropriations Act, 2015 was signed by the President on December 16, 2014. The Congressional request asked the HITPC to review the technical, operational, and financial barriers to interoperability, and the role of certification in advancing or hindering interoperability across various providers.

To address this request, the HITPC established the Clinical, Technical, Organizational, and Financial Barriers to Interoperability Task Force (Interoperability Task Force). The Interoperability Task Force went through a process to develop recommendations that included: a thorough review of past HITPC findings and recommendations, identification of consensus with past findings, as well as gaps, held two virtual hearings to hear from stakeholders, and finally the development of task force recommendations to the HITPC. The report is divided two sections: summary of past findings and recommended solutions. The HITPC transmitted the report to Congress on December 16, 2015.

Health IT Policy Committee Health Big Data Recommendations

On August 11, 2015, the HITPC approved the privacy and security health big data report of the Privacy and Security Workgroup. The workgroup focused its efforts on identifying potential gaps in privacy and security protections given prevailing frameworks. The workgroup also examined the degree to which existing laws and regulations facilitate an environment that enables information to be "leveraged for good" while still protecting individuals' privacy interests or protecting against discrimination. The report recommends that ONC and other federal stakeholders, including OCR, take several actions to support privacy and security related to health big data. This report and recommendations can be found on HealthIT.gov50.

Conclusion | 2015 Update to Congress on the Adoption of Health Information Technology

In the six years since the HITECH Act was enacted, the nation has seen dramatic advancement in the use and adoption of health IT. According to survey data, EHR adoption among hospitals and physicians continued to increase. In 2014, nearly all hospitals (97 percent) reported possessing certified EHR technology. Three-quarters of physicians report possessing a certified EHR.51. The combined efforts of initiatives like the Regional Extension Centers, the ONC Health IT Certification Program, use of standard terminologies, and the EHR Incentives Programs have brought us past a tipping point in the use of health IT. Today, the nation is firmly on the path to a digital health care system. Significant challenges continue to limit the widespread and effective sharing of electronic health information across the health care continuum. This includes issues that are deeply connected to interoperability, including information blocking; inconsistent implementation of technical standards; and divergent privacy, security, or trust policies. In some cases, standards do not yet exist or are nascent in industry use.

This report identified critical actions that are underway to address these key barriers. One effort, the Federal Health IT Strategic Plan 2015-2020 comprises key strategies from across the federal government to enhance the nation's health infrastructure to advance person-centered and self-managed health; transform health care delivery and community health; and foster research, scientific knowledge, and innovation. The Strategic Plan and the Interoperability Roadmap highlight important initiatives where health IT is foundational to achieve the respective goals of the initiative. Beginning in 2016, HHS will use this report as a vehicle to report on implementation progress.

Priority actions over the next year will focus on continuing to build the economic case for interoperability, including increasing incentives and improving the regulatory and business environments; coordinating with health IT stakeholders to enhance consumer access; coalesce around a shared set of technical standards; exposing and discouraging health information blocking; and ensuring the implementation of robust privacy and security protections. The nation needs an interoperable health system that empowers individuals to use their electronic health information to the fullest extent, enables providers and communities to deliver smarter, safer, and more efficient care, and promotes innovation at all levels.

See Report Notes >>>