On January 17, 2023, the California Health and Human Services Agency (CalHHS) released updated drafts of four policies and procedures (P&Ps) under the California Data Exchange Framework (DxF) to support the implementation of the Data Sharing Agreement (DSA) among DxF participants for public comment:
- California Information Blocking Prohibitions
- Technical Requirements for Exchange
- Real-Time Exchange
- Early Exchange
In light of the upcoming January 31, 2023, deadline for certain California health care organizations subject to the DxF to execute the DSA, and January 31, 2024, deadline to begin sharing health and social services information (HSSI), which is defined broadly n the DSA, affected health care organizations should consider whether to submit comments to the draft P&Ps and evaluate their compliance obligations if the P&Ps are finalized as proposed.
This On the Subject discusses key requirements and implications of the draft P&Ps and potential areas for comment. For more information on the DxF, please see our On the Subject concerning 10 things providers should know about the DxF.
IN DEPTH
CalHHS Requests Public Comments by February 14, 2023
CalHHS has requested comments regarding the four draft P&Ps and an amendment to the Privacy Standards and Security Safeguards P&P (that addresses the destruction of information about an individual that a participant receives in error) by February 14, 2023. Stakeholders are encouraged to suggest revisions and express any concerns related to the P&Ps. Additionally, CalHHS has developed a list of questions for public input related to the requirements and content of the P&Ps. For example, CalHHS asks whether participants that engage in the early exchange of HSSI before January 31, 2024 should be required to comply with the P&Ps (which do not take effect until January 31, 2024). The answer to this question and others posed by CalHHS will have material impacts on how organizations participate in and comply with the DxF. If you would like help developing comments on the draft P&Ps or responding to the questions posed by CalHHS, please contact Daniel Gottlieb or your regular McDermott contact.
California Information Blocking Prohibitions Borrow from Federal Guidelines, but Differ in Key Regards
Like prior drafts of the California Information Blocking Prohibitions P&P, the latest draft broadly prohibits participants from undertaking any practice that is likely to interfere with access, exchange or use of HSSI for the required purposes listed in CalHHS’s Permitted, Required and Prohibited Purposes P&P. The draft P&P incorporates by reference the information blocking exceptions under the final rule (ONC Final Rule) adopted by the US Department of Health and Human Services Office of the National Coordinator for Health Information Technology (ONC) under the information blocking provisions of the 21st Century Cures Act subject to certain differences discussed below. For more information about the ONC Final Rule, see our Special Report.
As of the prior Information Blocking Prohibitions P&P draft, CalHHS created two categories of participants:
- Participants that are already subject to the ONC Final Rule
- Participants that are not subject to the ONC Final Rule.
Participants That Are Subject to the ONC Final Rule
Under the Information Blocking Prohibitions P&P, a participant that is subject to the ONC Final Rule is deemed in compliance with the P&P if the participant meets an information blocking exception to the ONC Final Rule with respect to HSSI, except that the P&P specifically excludes its Fees and Licensing Exceptions.
As a result, participants may not rely on the Fees Exception to charge fees for the exchange or use of electronic health information (EHI), as defined in the ONC Final Rule, or other HSSI. In addition, it appears that CalHHS intends to prohibit participants from relying on the Licensing Exception to charge royalties or other fees for licenses to application programming interfaces (APIs) and other interoperability elements to exchange or use HSSI. In its list of questions for public input, CalHHS notes that the draft P&P does not permit participants to use the Licensing or Fees Exceptions to withhold HSSI requested for required purposes, and asks if there are any circumstances under which a participant should be able to charge fees to license technology needed for the exchange of HSSI that is required under the DSA or charge fees to another participant in connection with required HSSI exchange.
We expect this question to elicit a wide range of contradictory comments from stakeholders, including stakeholders that are not participants but may be contractually required by participants to comply with DxF requirements, such as electronic health record (EHR) vendors or interoperability software developers. If a participant does not execute an agreement with a qualified health information organization (QHIO), as defined in the DSA, and instead elects to execute an agreement with an EHR vendor, interoperability software developer or other entity that facilitates health information exchange to meet the participant’s obligations under the DxF, the DSA requires the participant to obtain reasonable assurances from the entity that the entity will enable the participant to comply with the minimum requirements for data exchange in the P&Ps.
EHR vendors typically charge license fees for APIs and other technology used to access and share HSSI and may object to the DxF’s fee restrictions. On the other hand, health plans, mobile health app developers, and other software and service companies that seek HSSI to provide data-enabled services to health care providers will likely support the fee restrictions to avoid obligations to pay revenue shares and other fees to access and use HSSI.
Participants That Are Not Subject to the ONC Final Rule
Participants that are not covered actors under the ONC Final Rule are deemed to be in compliance with the P&P if they meet one of the ONC Final Rule exceptions to the information blocking prohibition, other than the Fees and Licensing Exceptions, and subject to some minor definitional changes to the Preventing Harm Exception and a requirement that any denial of access under the Privacy Exception be consistent with applicable law and/or the Individual Access P&P.
Availability of the ONC Final Rule’s Content and Manner Exception
While the Information Blocking Prohibitions P&P does not allow either category of participant to rely on the Fees or Licensing Exceptions, the P&P does allow all participants to rely upon the ONC Final Rule’s Content and Manner Exception. The Content and Manner Exception requires covered actors that fulfill a request for EHI in a manner other than the manner requested by the party seeking EHI to ensure that their fees for fulfilling the request satisfy the Fees Exception and that any license of interoperability elements in relation to the request satisfies the Licensing Exception. This inconsistency may indicate that CalHHS will permit participants and requestors an opportunity to mutually agree on the terms and associated fees for access to HSSI in the manner sought by the requestor. Participants should consider seeking guidance from CalHHS to understand its intent with respect to the Content and Manner Exception either as part of a general comment or in response to CalHHS’s specific question discussed above.
Technical Requirements for Exchange P&P May Be Burdensome for Participants
CalHHS intends for its draft Technical Requirements for Exchange P&P to define recommended and required exchanges of HSSI among participants and the technical standards to be used in those exchanges.
Required Exchange
Under the draft P&P, participants must exchange data with other participants in the following scenarios using nationally and federally adopted standards:
- In response to a request for HSSI from a participant
- When HSSI is created and becomes available electronically in connection with an order or request for services and delivery of those services by a participant
- When a participant requests admit, discharge or transfer (ADT) event notifications from a participant that is a hospital.
In addition, participant hospitals must notify at least one QHIO of an ADT event using HL7 Version 2.5 ADT messages or a later, compatible version. Participants may be able to meet this requirement through their EHRs.
Person Matching
A participant must use a standardized set of attributes and identifiers to determine whether electronic HSSI is appropriately linked to the correct patient (Person Matching) when it sends HSSI to or requests HSSI from another participant. Participants must use the following data attributes when requesting HSSI or responding to such requests: name; date of birth; home and/or mailing address, including previous addresses if known; phone numbers; and email addresses. Data attributes for Person Matching must also follow the guidelines established by the United States Core Data for Interoperability (USCDI) Version 2.
A participant that makes electronic requests for electronic HSSI from a participant using a health information network or health information exchange framework with a nationwide scope, including California, must make the requests using the Integrating the Healthcare Enterprise (IHE) Cross-Community Patient Discovery (XCPD) exchange profile for Person Matching and the IHE CrossCommunity Access (XCA) exchange profile to retrieve HSSI.
Interoperability Technical Standards
The draft Technical Requirements for Exchange P&P requires or encourages participants to use specific interoperability standards to exchange HSSI. For example, the draft P&P encourages participants to support electronic requests and electronic responses to requests for electronic HSSI using HL7 FHIR Release 4 and the US Core implementation guide. As highlighted in a recent letter from the HIMSS EHR Association to CalHHS Secretary Mark Ghaly, the associated compliance costs, short timeframes to comply with technical standards, and addressing gaps in the standards could prove burdensome.
Real-Time Exchange P&P Timeliness Requirements May Be Unrealistic
The draft Real-Time Exchange P&P requires participants to send HSSI to other participants in a “timely manner.” CalHHS has explained that the meaning of the phrase “timely manner” varies based on the DxF transaction pattern and its associated clinical context. Generally, the draft P&P expects participants to respond to HSSI requests associated with diagnostic, health or social services without delay. Practically, it is unclear what timeframes CalHHS would consider timely for HSSI exchange. The draft P&P does not acknowledge that response times will vary depending on the size or complexity of an HSSI data set or the technical capabilities of a requestor.
Stakeholders should consider commenting on the variables that might affect the timeliness of data exchange and recommending to CalHHS that it may be more practical to apply the real-time exchange requirements to a more focused scope of data or subset of HSSI, such as the data classes and elements in USCDI Version 2.
Compliance With the Early Exchange P&P Would Be Difficult
The Early Exchange P&P is the fourth draft P&P released by CalHHS for public comment. It allows participants to choose to engage in early exchange under the DSA by executing the DSA, verifying that their exchange partners have also executed the DSA, and complying with all published P&Ps. Under the draft P&P, early exchange participants must comply with new or updated P&Ps within 10 days of their publication date, regardless of the effective date written in the P&P. The short timeframe that early exchange participants would have to comply with new or updated P&Ps could be challenging, especially for more technical P&Ps that require participants to alter transaction patterns or adopt different technical or data standards or technology for data exchange. Stakeholders might consider requesting CalHHS to allow early exchange participants more time and flexibility to comply with new or updated P&Ps, especially given the uncertainty around the timing for finalization of the P&Ps.
The Penalties for Failure to Execute the DSA Remain Unclear
Neither California Health & Safety Code § 130290, the authorizing statute for the DxF, nor existing CalHHS guidance specify a penalty or consequence if a “mandatory” signatory refuses or fails to sign the DSA. While some observers expected Governor Newsom’s proposed budget to address penalties for failure to execute the DSA, the proposed budget released on January 10, 2023, was silent on the DxF. Governor Newsom may include a penalty for failure to execute the DSA in the May 2023 revision to the proposed budget, which will come after the deadline to sign the DSA on January 31, 2023.
Action Items
As CalHHS continues to develop the DxF, hospitals and other health care organizations required to participate in the DxF should consider the following steps:
- Review the draft P&Ps and the list of questions from CalHHS to determine whether to submit comments directly or through their representatives.
- Raise concerns with CalHHS about how the DxF Information Blocking Prohibitions P&P may complicate their ability to rely on certain exceptions in the ONC Final Rule and create compliance challenges.
- Contact trade associations, such as the California Hospital Association and California Medical Association, to share their concerns about the DxF and coordinate coalitions for more effective engagement with CalHHS.
- Evaluate interoperability solutions and other tools available through EHR and digital health vendors and nationwide networks or frameworks to identify options for exchanging HSSI in compliance with the P&Ps.
- Attend public webinars on the DxF to stay informed on P&P updates and new P&Ps.