October 30, 2023

While there were multiple regulatory announcements in the news this week, we’ll recap the President’s Executive Order on AI and ONC’s proposed rule on appropriate provider disincentives.

White House

The White House announced that President Biden was issuing a new Executive Order (EO) on Safe, Secure, and Trustworthy Artificial Intelligence.  The EO contains several overarching themes, which includes New Standards for AI Safety and Security; Protecting Americans’ Privacy; Standing Up for Consumers, Patients, and Students; Promoting Innovation and Competition.

• Promote national cybersecurity by ensuring that creating an advanced cybersecurity program to leverage AI to find/fix vulnerabilities in critical software.
• Promote the responsible use of AI in health care; requires the creation of safety program to intake reports of AI harm/unsafe behaviors as well as remedy these complaints.
• Evaluate how government agencies collect and use commercially available information – including information obtained through data brokers.
• Seeks to prioritize federal support for promoting the development/deployment of privacy-preserving techniques. Additionally, establish guidelines for federal agency use in testing the efficacy of privacy-preserving techniques.

You can find the fact sheet at this website: EO on Safe, Secure, and Trustworthy Artificial Intelligence fact sheet

ONC

The ONC announced this morning that the long awaited NPRM on appropriate provider disincentives for committing information blocking will be published in the Federal Register on Wednesday, November 1^st.  The previously announced disincentives were intended for health information exchanges (HIEs), health information networks (HINs), and developers of Certified EHR Technology (CEHRT).

The identified disincentives would pertain to certain health care providers that also are Medicare-enrolled providers or suppliers.  Consequently, these disincentives are related to qualification as a meaningful EHR user under specific programs.

Some notable disincentives include:

• An eligible hospital or critical access hospital would not be classified as a meaningful EHR user under the MPI program for the associated reporting period. Financial disincentives differ according to the type of hospital.
• Similarly, a health care provider or group would not be classified as a meaningful EHR user under the MIPS program.
• Health care providers who are an ACO, participants in an ACO, or a supplier/provider of an ACO would not be eligible to participate for a minimum of 1 year. Ineligibility may result a provider being ineligible to join an ACO or removal from an ACO.

The Comment Period will be open from November 1^st, 2023 to January 2^nd, 2024. You can make a comment in a number of different ways; the simplest would be to click the “Submit a Formal Comment” button on the Federal Register page for the proposed rule (link below).

Upon finalization of the proposed rule, OIG would begin enforcing the provider disincentives.

ONC NPRM:  21st Century Cures Act: Establishment of Disincentives for Health Care Providers That Have Committed Information Blocking

ONC Press Release:  HHS Press Release: Appropriate Disincentives for Providers who Engage in Information Blocking

Additional News

October 2023 OCR Cybersecurity Newsletter: How Sanction Policies Can Support HIPAA Compliance (10/19/23)

FTC Amends Safeguards Rule to Require Non-Banking Financial Institutions to Report Data Security Breaches

Upcoming Events

ONC Tech Forum: Aligning USCDI, FHIR US Core, C-CDA and other Heath IT Standards – November 3, 2023

Information Blocking Disincentives Proposed Rule Information Session – November 15, 2023