Assistant Secretary Tripathi Details Challenges with API Data Exchange. Micky Tripathi, Ph.D., Assistant Secretary for Health Technology, National Coordinator, Office of the National Coordinator for Health It (ASTP ONC) detailed several challenges ASTP ONC has encountered in the nation’s drive toward leveraging application programming interfaces (APIs) to exchange health information, including: (i) Publicly accessible API documentation not being available or not usable; (ii) Third-party application developers effectively being closed out; (iii) API users being prevented from connecting with providers; (iv) Third-party APII developers serving patients being presented with false regulatory hurdles; and (v) Failure to respond to API access requests. Dr. Tripathi committed ASTP ONC to work with ONC-Authorized Certification Bodies, engaging with the Office of the Inspector General, and hearing from more API Users to monitor the health information sharing landscape for areas where help is needed. ASTP ONC expects to: (i) Monitor and enforce; (ii) Engage with developers; (iii) Develop educational resources; and (iv) Improve feedback channels. 

ASTP ONC Releases Draft FHIR® Action Plan. ASTP ONC released the Draft Federal FHIR® Action Plan, developed to help guide federal investment in and adoption of the Health Level 7 (HL7®) Fast Health Interoperability Resources (FHIR®) standard. This draft action plan provides direction now that FHIR has matured and is being used more broadly by federal agencies to help facilitate shared decision-making, improve care coordination, and deepen patient engagement. In addition, recent regulations published by ASTP and CMS – ASTP’s Health, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing (HTI-1) Final Rule; the Centers for Medicare & Medicaid Services' (CMS) Interoperability and Prior Authorization Final Rule; and ASTP’s Health, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability (HTI-2) proposed rule – begin to lay out a path for the next generation of FHIR capabilities.

Federal agencies and implementation partners are encouraged to use this draft action plan to help: (i) Identify and address common needs; (ii) Coordinate asks of the FHIR standards community and implementation partners; and (iii) Reuse and advance capabilities that have widespread adoption across industry and federal use cases to help benefit each other’s funded initiatives, avoiding redundancy and duplication of efforts. In this draft version of the action plan, ASTP ONC welcomes feedback from federal agencies, the standards development community, and subject matter experts. It will be updated to reflect improvements based on the recommendations received and periodically thereafter. Comments on the draft action plan are accepted year-round. 

ASTP ONC Announces Attestations Submission Window Now Open. ASTP ONC announced that the attestations submission window is now open and will remain open for Certified Health IT developers to submit their attestations through October 31, 2024. Certified Health IT Developers will submit their attestations to ONC-Authorized Certification Bodies (ONC-ACBs) for review using the Certified Health IT Product List (CHPL). For any questions about Attestations requirements or CHPL registration, please visit the Attestations Resource Guide or contact your ONC-ACB directly. 

CMS Announces MIPS EUC Policy Due to Recent Hurricanes. In response to Hurricanes Helene and Francine, the Centers for Medicare & Medicaid Services (CMS) has determined that the Merit-based Incentive Payment System (MIPS) automatic Extreme and Uncontrollable Circumstances (EUC) policy will apply to MIPS eligible clinicians in designated affected counties of Florida, Georgia, North Carolina, South Carolina, Tennessee, and Louisiana. The HHS Public Health Emergency (PHE) declaration includes: 

• Hurricane Helene: Florida, Georgia, North Carolina, South Carolina, and Tennessee  

• Hurricane Francine: Louisiana   

Federal Emergency Management Agency (FEMA) disaster declaration:   

• Hurricane Helene: DR-4828-FL, DR-4830-GA, DR-4827-NC, DR-4829-SC, and DR-4832-TN  

• Hurricane Francine: FEMA-4817-DR   

MIPS eligible clinicians in these areas will be automatically identified and have all 4 performance categories reweighted to 0% during the data submission period for the 2024 performance period (January 2 to March 31, 2025). This will result in a score equal to the performance threshold, and they'll receive a neutral payment adjustment for the 2026 MIPS payment year. However, if MIPS eligible clinicians in these areas submit data on 2 or more performance categories, they’ll be scored on those performance categories and receive a 2026 MIPS payment adjustment based on their 2024 MIPS final score. It is important to note that the MIPS automatic EUC policy does not apply to MIPS eligible clinicians participating in MIPS as a group, subgroup, virtual group, or Alternative Payment Model (APM) Entity. However, groups, virtual groups, and APM Entities can request reweighting through the EUC Exception application. Subgroups will inherit any reweighting approved for their affiliated group; they can’t request reweighting independent of their affiliated group’s status. Go here for additional information. 

Reminder: CMS Offers Hospital Price Transparency Tools and Oct. 21 Webinar. As of July 1, 2024, hospitals are required to use a CMS template layout and data specifications for making public standard charge information in a comprehensive machine-readable file (MRF). Starting January 1, 2025, hospitals are also required to encode additional data elements. CMS recommends using Hospital Price Transparency Tools to help you comply. These include: (i) Online Validator to check MRFs against the CMS template layout and data specifications; (ii) MRF file naming tool; and (iii) TXT file (generator tool to create the required file, technical specifications and requirements, and example). Hospital Price Transparency regulations require each hospital operating in the U.S. to publish a comprehensive MRF with the standard charges for all items and services the hospital provides. 

CMS will also host a webinar today, Monday Oct. 21 at 1 pm ET entitled Hospital Price Transparency: Encoding the January 2025 Requirements in the Machine- Readable File. Go here to register.  

New Survey Reports Higher Number of Cyberattacks, Increased Cyber Spending. The Ponemon Institute released a new report entitled “Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care 2024.” This is the third year Ponemon has conducted this survey. For the 2024 report, Institute researchers surveyed 648 IT and IT security professionals at U.S. health care organizations. 

Highlights in the report include: (i) 92% of organizations experienced a cyberattack in the past 12 months—up from 88% in 2023; (ii) The average cost of the single most expensive attack topped $4.7 million; (iii) 57% say AI is very effective in improving their security posture, but 63% are concerned that safeguarding sensitive data is a problem; (iv) 71% are using security awareness training programs to reduce their risks—an increase from 65% in 2023; (v) 61% say text messaging was the most attacked collaboration tool; and (vi) Careless users caused data loss and exfiltration at 31% of organizations. And 52% say that they are very concerned about employee error.  

NIST Publishes Cybersecurity Framework Spreadsheet. The National Institute of Standards and Technology (NIST) published a new Cybersecurity Framework (CSF) 1.1 to 2.0 Core Transition Changes Overview spreadsheet. NIST is providing this resource to compare and contrast CSF 1.1 and CSF 2.0. The  spreadsheet is designed to assist those organizations who are transitioning to the CSF 1.1 Organizational Profile, conducting mapping, or converting other CSF 1.1 Core content to use the CSF 2.0 Core. As well, this spreadsheet provides information regarding about how Categories and Subcategories have transitioned from NIST CSF 1.1 to 2.0.  Access the full NIST's Security Resource Center here. 

Survey: Patients Support Having Telehealth Options. The Deloitte Center for Health Solutions conducted a survey in July 2024 of more than 2,000 US consumers to understand their experiences with virtual health care. The Center also surveyed 51 US health system executives about their virtual health strategies. The findings from the survey suggest that while consumer demand for virtual and digital health services is high, the availability of these options remains inconsistent. About a quarter (24%) of survey respondents say they are willing to switch doctors to ensure access to virtual health options. Even though the percentage of surveyed consumers who have had a virtual health visit in the previous 12-month period increased only slightly from 42% in 2022 to 44% in 2024, their willingness to continue using virtual health has increased significantly. In 2024, nearly all consumers who have had a virtual visit (94%) expressed a willingness to have another one, up from 80% in 2020. Access the full survey results here.