"> ONC’s Interim Final Rule Extends Compliance Deadlines – Drummond Group

ONC’s Interim Final Rule Extends Compliance Deadlines

ONC’s Interim Final Rule Extends Compliance Deadlines 600 445 Drummond Group

The Office of the National Coordinator for Health Information Technology (ONC) recently released an Interim Final Rule (IFR) providing additional flexibility enabling the healthcare community to effectively respond to the public health emergency related to COVID-19. The IFR – Information Blocking and the ONC Health IT Certification Program: Extension of Compliance Dates and Timeframes in Response to the COVID-19 Public Health Emergency – extends compliance dates and timeframes for information blocking and certain 2015 Edition health IT criteria and Conditions and Maintenance of Certification requirements. The IFR also addresses additional updates, clarifications and corrections.

Although compliance deadlines have been extended, the momentum to deliver patients access to their health information continues to be a driving force for the health IT industry. Over the past several months, Drummond heard from many health IT developers regarding the impact of the Cures updates. We know many of you are choosing to continue testing and certification in 2021 as planned for several of the Cures requirements. We encourage all customers to stay the course and continue planning for the Cures updates to ensure compliance is achieved well before the deadline.

Real World Testing

We know many are awaiting additional guidance regarding real world testing (RWT). The IFR delayed the initial plan and initial results submission by one year, which means Dec. 15, 2021, is the new deadline to have initial plans available on the CHPL. Drummond will require submission by no later than Nov. 15, 2021,  to ensure your plan is accepted.

Due to the new compliance deadline, Drummond is not currently accepting test plans for review, but will continue to work with the ONC to provide developers with additional information. Plans are in the works to release additional guidance documents during the first two quarters in 2021 prior to opening our submission process.

Rule Changes

These tables highlight the updated timelines, adopted standards, as well as pertinent corrections and clarifications from the IFR. In addition, the ONC has released several helpful documents here.


Compliance Dates


Adopted Standards


Corrections/Clarifications

Compliance Dates

Provision Final Rule Interim Final Rule
Condition of Certification (CoC) – Information Blocking – (§ 170.401) Nov. 2, 2020 April 5, 2021
CoC – Assurances – (§ 170.402(a)(1)) – Will not take any action that constitutes information blocking or actions that inhibit access, exchange, and use of electronic health information (EHI) Nov. 2, 2020 April 5, 2021
CoC – Assurances – (§ 170.402(a)(2) and (3), and (b)(1)) – Other June 30, 2020 April 5, 2021
CoC – Communications – (§ 170.403) – Communications requirements, except for § 170.403(b)(1) where ONC removed the notice requirement for 2020 June 30, 2020 April 5, 2021
CoC – API – (§ 170.404(b)(4)) – Compliance for current API criteria Nov. 2, 2020 April 5, 2021
CoC – API – (§ 170.404(b)(3)) – Rollout of new standardized API functionality certified to § 170.315(g)(10) May 2, 2022 Dec. 31, 2022
CoC – Real World Testing – 2015 Edition health IT certification criteria updates – EHI export. See Assurances below May 2, 2022 Dec. 31, 2022
CoC – Assurances – (§ 170.402(a)(4) and (b)(2)) – EHI Export Rollout § 170.315(b)(10) May 1, 2023 Dec. 31, 2023
CoC – Communications – (§ 170.403(b)(1)) – Notice to all customers with which developer has contracts or agreements containing provisions that contravene Communications CoC Annually beginning in CY 2020 Annually beginning in CY 2021
CoC – Initial Attestations – (§ 170.406) April 1-30, 2021 attestation window for attestation period running June 30, 2020 through March 31, 2021 April 1-30, 2022

(annual Cycle begins 1 year later)

CoC – Real World Testing – (§ 170.405(b)(1) and (2)) – Submit initial plan and initial results submission Plan: Dec.15, 2020

 

Results: March 15, 2022

Plan: Dec. 15, 2021

 

Results: March 15, 2023

USCDI – Update to the USCDI standard for § 170.315 (b)(1), (b)(2), (e)(1), (f)(5), (g)(6), (g)(9), and (g)(10) May 2, 2022 Dec. 31, 2022
New and Revised Certification Criteria – Update standards or implement for § 170.315 (b)(3), (b)(7), (b)(8), (c)(3), (d)(2), (d)(3), (d)(10), (d)(12), and (d)(13) May 2, 2022 Dec. 31, 2022

 

Adopted Standards

Current Standard New Standard Adopted in IFR

 

Update
USCDI v1 §170.213 USCDI, July 2020 Errata, Version 1 (v1)

 

Corrections to applicable standards
US Core Implementation Guide §170.215 HL7 FHIR US Core IG STU Release 3.1.1, August 28, 2020

 

Technical corrections and minor clarifications
CMS QRDA Implementation Guide (latest available at time of FR publication) §170.205(h)(3) and §170.205(k)(3) 2020 CMS QRDA I and QRDA III Implementation Guides

 

Adopting most recent version of CMS QRDA IGs

Corrections/Clarifications

2015 Cures Criteria Correction/Clarification

 

170.315(b.3) E-Prescribing Corrected typo “RxFillIndicator” to “RxFillIndicatorChange”

 

170.315(d.2) Auditable Events, 170.315(d.3) Audit Reports, and 170.315(d.10) Auditing Actions

 

Remove “7.1.3 Duration of Access” (E2147-18) requirement from 2015 certification criteria
170.315(f.5) Electronic Case Reporting Error identified stating developers were required to conform to HL7 Clinical Document Architecture standard and companion guide in 170.205(a)(4) and (5). It was only Intended for developers certifying to (f.5) required to conform to data classes expressed in standards in USCDI or CCDS for the period before 12/31/2022.

 

170.315(g.10) Standardized API for Patient and Population Services Clarified health IT modules must:

§  Support the issuance of an initial refresh token to native applications that are capable of securing a refresh token;

§  “For subsequent connections, an application capable of storing a client secret must be issued a refresh token valid for a new period of no less than three months”.  Replaced earlier wording of “new refresh token” and clarified that the “new period” applies to the extended or renewed duration of the “refreshed” refresh token; and

§  Issue a refresh token that is valid for a new period of no less than 3 months to only applications that are capable of storing a client secret.

170.210(g) Synchronized Clocks Removed reference to obsolete standard RFC 1305. Clarifies RFC 5905 and NTP v4 was already approved for §170.210 on September 4, 2012.

 

Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

Click to enable/disable Google Analytics tracking code.
Click to enable/disable Google Fonts.
Click to enable/disable Google Maps.
Click to enable/disable video embeds.
Our website uses cookies, some from third-party services. Define your Privacy Preferences and/or agree to our use of cookies.