Animal and Plant Health Inspection Service
International Trade Administration
National Institute of Standards and Technology
National Oceanic and Atmospheric Administration
Navy Department
Federal Energy Regulatory Commission
Agency for Healthcare Research and Quality
Centers for Disease Control and Prevention
Centers for Medicare & Medicaid Services
Community Living Administration
Food and Drug Administration
National Institutes of Health
Substance Abuse and Mental Health Services Administration
Coast Guard
Federal Emergency Management Agency
U.S. Customs and Border Protection
Fish and Wildlife Service
Employment and Training Administration
Federal Aviation Administration
Maritime Administration
Comptroller of the Currency
Internal Revenue Service
Consult the Reader Aids section at the end of this issue for phone numbers, online resources, finding aids, and notice of recently enacted public laws.
To subscribe to the Federal Register Table of Contents electronic mailing list, go to https://public.govdelivery.com/accounts/USGPOOFR/subscriber/new, enter your e-mail address, then follow the instructions to join, leave, or manage your subscription.
Federal Aviation Administration (FAA), Department of Transportation (DOT).
Final rule.
We are adopting a new airworthiness directive (AD) for all Fokker Services B.V. Model F.27 Mark 100, 200, 300, 400, 500, 600, and 700 airplanes. This AD was prompted by a report of a main landing gear (MLG) collapse due to a broken drag stay; an investigation revealed that the drag stay failure was due to fatigue cracks, introduced by incorrect machining of the affected drag stay tube during production. This AD requires an inspection of the drag stay unit to determine the signal indication, and related investigative and corrective actions if necessary. We are issuing this AD to address the unsafe condition on these products.
This AD is effective April 8, 2019.
The Director of the Federal Register approved the incorporation by reference of certain publications listed in this AD as of April 8, 2019.
For Fokker service information identified in this final rule, contact Fokker Services B.V., Technical Services Dept., P.O. Box 1357, 2130 EL Hoofddorp, the Netherlands; telephone +31 (0)88-6280-350; fax +31 (0)88-6280-111; email
You may examine the AD docket on the internet at
Tom Rodriguez, Aerospace Engineer, International Section, Transport Standards Branch, FAA, 2200 South 216th St., Des Moines, WA 98198; telephone and fax 206-231-3226.
We issued a notice of proposed rulemaking (NPRM) to amend 14 CFR part 39 by adding an AD that would apply to all Fokker Services B.V. Model F.27 Mark 100, 200, 300, 400, 500, 600, and 700 airplanes. The NPRM published in the
We are issuing this AD to address fatigue cracking, which could lead to MLG collapse and result in damage to the airplane during landing and consequent injury to passengers.
The European Aviation Safety Agency (EASA), which is the Technical Agent for the Member States of the European Union, has issued EASA AD 2018-0015, dated January 25, 2018 (referred to after this as the Mandatory Continuing Airworthiness Information, or “the MCAI”), to correct an unsafe condition for all Fokker Services B.V. Model F.27 Mark 100, 200, 300, 400, 500, 600, and 700 airplanes. The MCAI states:
In 1993, an occurrence was reported concerning an MLG collapse due to a broken drag stay on a Fokker F27 Mark 500 RFV (rough field version/configuration). The investigation revealed that the drag stay failure was due to fatigue cracks, introduced by incorrect machining (not smooth, with a notch) of the affected drag stay tube bore during production.
This condition, if not detected and corrected, could lead to MLG collapse, possibly resulting in damage to the aeroplane during landing and consequent injury to occupants.
To address this unsafe condition, DALG [Dowty Aerospace Landing Gear] issued SB [service bulletin] 32-169B and SB 32-82W (both later revised), and Fokker Services issued SB F27/32-167, to provide inspection instructions. Consequently, the Civil Aviation Authority of the Netherlands (CAA-NL) issued AD (BLA) 93-169 (later revised) [which corresponded to FAA AD 97-04-08, Amendment 39-9932 (62 FR 7924, February 21, 1997), and applies to certain Fokker Model F27 Mark 050, 100, 200, 300, 400, 600, and 700 airplanes], requiring a one-time ultrasonic inspection to identify the type of drag stay tube installed (with stepped or straight bore) on each affected drag stay unit, inspection of the affected drag stay tubes for the presence of cracks, and, depending on findings, re-identification.
After CAA-NL AD (BLA) 93-169/2 was issued, another occurrence was reported on an F27 Mark 500 RFV. Investigation results determined that the drag stay tube of the second occurrence had not been inspected as required by CAA-NL AD (BLA) 93-169, due to misinterpretation of the instructions of Fokker SB F27/32-167. Prompted by these findings, Fokker Services issued SB F27-32-171, providing additional inspection instructions, and CAA-NL issued AD NL-2005-003 (EASA approval 2005-3869) [which corresponds to FAA AD 2006-25-06, Amendment 39-14847 (71 FR 71475, December 11, 2006) and applies to Fokker Services B.V. Model F.27 Mark 500 airplanes] to require repetitive inspections of the affected drag stay tubes to detect cracks and,
Since those SBs and [CAA-NL] ADs were issued, the applicable CMM [component maintenance manual] were changed, although with incorrect P/N information, as a result of which an affected drag stay tube with a non-conforming bore radius may inadvertently have been installed on an aeroplane. Prompted by these findings, the applicable CMM were corrected and re-issued, and SLS issued Service Letter (SL) F27-W-8 to inform the operators, and Fokker Services introduced the relevant corrections in the F27 Mark 100 through Mark 700 Illustrated Parts Catalogue (IPC) in September 2017.
Installation of an affected drag stay tube with a non-conforming bore radius, on an MLG drag stay unit that has been re-identified,
For the reasons described above, this [EASA] AD requires a one-time inspection of the affected drag stay units to determine whether an affected drag stay tube is installed, repetitive inspections of those that have an affected drag stay tube installed, and, depending on findings, accomplishment of applicable corrective action(s) [which includes replacement of the drag stay tube].
With the issuance of this [EASA] AD and [EASA] AD 2018-0016 [dated January 25, 2018], the requirements of CAA-NL AD (BLA) 93-169/2 dated 29 April 1994 are no longer necessary and that AD is also cancelled.
EASA AD 2018-0016, dated January 25, 2018, applies to Model F.27 Mark 500 airplanes and has been added to the Required Airworthiness Action List.
You may examine the MCAI in the AD docket on the internet at
We gave the public the opportunity to participate in developing this final rule. We received no comments on the NPRM or on the determination of the cost to the public.
We reviewed the relevant data and determined that air safety and the public interest require adopting this final rule as proposed, except for minor editorial changes. We have determined that these minor changes:
• Are consistent with the intent that was proposed in the NPRM for addressing the unsafe condition; and
• Do not add any additional burden upon the public than was already proposed in the NPRM.
Fokker Services B.V. has issued Service Bulletin SBF27-32-173, dated November 30, 2017. This service information describes procedures for an inspection of the drag stay unit to determine the signal indication, and related investigative and corrective actions if necessary. This service information is reasonably available because the interested parties have access to it through their normal course of business or by the means identified in the
Dowty Aerospace Landing Gear issued Service Bulletin 32-82W, Revision 2, dated July 29, 1994; and Service Bulletin 32-169B, Revision 2, dated July 29, 1994. This service information describes procedures for reworking the drag stay tube. These documents are distinct since they apply to different airplane models.
This service information can be obtained from SAFRAN Landing Systems by the means identified in the
We estimate that this AD affects 1 airplane of U.S. registry. We estimate the following costs to comply with this AD:
We have received no definitive data that would enable us to provide cost estimates for the on-condition actions specified in this AD.
Title 49 of the United States Code specifies the FAA's authority to issue rules on aviation safety. Subtitle I, section 106, describes the authority of the FAA Administrator. Subtitle VII: Aviation Programs, describes in more detail the scope of the Agency's authority.
We are issuing this rulemaking under the authority described in Subtitle VII, Part A, Subpart III, Section 44701: “General requirements.” Under that section, Congress charges the FAA with promoting safe flight of civil aircraft in air commerce by prescribing regulations for practices, methods, and procedures the Administrator finds necessary for safety in air commerce. This regulation is within the scope of that authority because it addresses an unsafe condition that is likely to exist or develop on products identified in this rulemaking action.
This AD is issued in accordance with authority delegated by the Executive Director, Aircraft Certification Service, as authorized by FAA Order 8000.51C. In accordance with that order, issuance of ADs is normally a function of the Compliance and Airworthiness Division, but during this transition period, the Executive Director has delegated the authority to issue ADs applicable to transport category airplanes and associated appliances to the Director of the System Oversight Division.
This AD will not have federalism implications under Executive Order 13132. This AD will not have a substantial direct effect on the States, on the relationship between the national government and the States, or on the distribution of power and responsibilities among the various levels of government.
For the reasons discussed above, I certify that this AD:
(1) Is not a “significant regulatory action” under Executive Order 12866,
(2) Is not a “significant rule” under the DOT Regulatory Policies and Procedures (44 FR 11034, February 26, 1979),
(3) Will not affect intrastate aviation in Alaska, and
(4) Will not have a significant economic impact, positive or negative, on a substantial number of small entities
Air transportation, Aircraft, Aviation safety, Incorporation by reference, Safety.
Accordingly, under the authority delegated to me by the Administrator, the FAA amends 14 CFR part 39 as follows:
49 U.S.C. 106(g), 40113, 44701.
This AD is effective April 8, 2019.
This AD affects AD 2006-25-06, Amendment 39-14847 (71 FR 71475, December 11, 2006) (“AD 2006-25-06”) and AD 97-04-08, Amendment 39-9932 (62 FR 7924, February 21, 1997) (“AD 97-04-08”).
This AD applies to all Fokker Services B.V. Model F.27 Mark 100, 200, 300, 400, 500, 600, and 700 airplanes, certificated in any category.
Air Transport Association (ATA) of America Code 32, Main landing gear.
This AD was prompted by a report of a main landing gear (MLG) collapse due to a broken drag stay; an investigation revealed that the drag stay failure was due to fatigue cracks, introduced by incorrect machining of the affected drag stay tube during production. We are issuing this AD to address fatigue cracking, which could lead to MLG collapse and result in damage to the airplane during landing and consequent injury to passengers.
Comply with this AD within the compliance times specified, unless already done.
(1) For purposes of this AD, an affected drag stay unit is SAFRAN Landing Systems (previously Messier-Dowty, Dowty Aerospace) MLG drag stay unit, part number (P/N) 200261001, P/N 200261002, P/N 200261003, P/N 200261004, P/N 200485001, P/N 200485002, P/N 200485003, P/N 200485004, P/N 200684001, P/N 200684002, P/N 200684003, or P/N 200684004.
(2) For purposes of this AD, an affected drag stay tube is a SAFRAN Landing Systems (previously Messier-Dowty, Dowty Aerospace) MLG drag stay tube, P/N 200259300, which has a change in section (stepped bore).
Within 12 months after the effective date of this AD, do an ultrasonic inspection of each affected drag stay unit to determine the configuration of the drag stay tube, in accordance with step F. of the Accomplishment Instructions of Fokker Service Bulletin SBF27-32-173, dated November 30, 2017.
(1) If, during the inspection required by paragraph (h) of this AD, an affected drag stay unit is found to have a straight bore drag stay tube, P/N 200485300, installed: Before further flight, re-identify that affected drag stay unit in accordance with step I.(2), I.(3), or I.(4), as applicable, of the Accomplishment Instructions of Fokker Service Bulletin SBF27-32-173, dated November 30, 2017.
(2) If, during the inspection required by paragraph (h) of this AD, an affected drag stay unit is found to have an affected drag stay tube, P/N 200259300, installed with a correct radius: Before further flight, re-identify the affected drag stay unit in accordance with step J.(1), J.(2), or J.(3), as applicable, of the Accomplishment Instructions of Fokker Service Bulletin SBF27-32-173, dated November 30, 2017.
(3) If, during the inspection required by paragraph (h) of this AD, an affected drag stay unit is found to have an affected drag stay tube, P/N 200259300, installed with an incorrect radius: Before further flight, re-identify the affected drag stay unit in accordance with step K.(1), K.(2), or K.(3), as applicable, of the Accomplishment Instructions of Fokker Service Bulletin SBF27-32-173, dated November 30, 2017.
For affected drag stay units having P/N 200261002, P/N 200261003, P/N 200485002, P/N 200485003, P/N 200684002, or P/N 200684003: Within 12 months after the effective date of this AD, do an ultrasonic inspection of the affected drag stay tube for any cracking, in accordance with step G. of the Accomplishment Instructions of Fokker Service Bulletin SBF27-32-173, dated November 30, 2017.
(1) If, during the ultrasonic inspection, a crack indication is found, before further flight, replace the affected drag stay tube with a serviceable part, in accordance with step H. of the Accomplishment Instructions of Fokker Service Bulletin SBF27-32-173, dated November 30, 2017.
(2) For affected drag stay units having P/N 200261002, P/N 200485002, or P/N 200684002 (drag stay units with incorrect bore radius drag stay tubes): If, during the ultrasonic inspection, no indication of cracking is found, within 1,500 flight cycles after that inspection, and, thereafter, at intervals not to exceed 1,500 flight cycles until the next scheduled MLG overhaul, repeat the ultrasonic inspection of the affected drag stay tube in accordance with step G. of the Accomplishment Instructions of Fokker Service Bulletin SBF27-32-173, dated November 30, 2017.
As of the effective date of this AD, no person may install, on any airplane, a drag stay unit (which includes installation of a replacement MLG), unless it has been determined that no affected drag stay tube is installed; or the installed affected drag stay tube has been reworked during the MLG overhaul in accordance with the instructions of Appendix B of Dowty Aerospace Landing Gear Service Bulletin 32-82W, Revision 2, dated July 29, 1994 (for Model F.27 Mark 500 airplanes), or Dowty Aerospace Landing Gear Service Bulletin 32-169B, Revision 2, dated July 29, 1994 (for Model F.27 Mark 100, 200, 300, 400, 600, and 700 airplanes), as applicable; or has passed an inspection (confirmed correct bore radius) in accordance with the Accomplishment Instructions of Fokker Service Bulletin SBF27-32-173, dated November 30, 2017. For the purpose of this AD, removal of an MLG or an affected drag stay unit from an airplane and re-installing that MLG or drag stay unit on the same airplane is not “installation.”
Accomplishing the actions required by this AD terminates all requirements of AD 2006-25-06 and AD 97-04-08.
This paragraph provides credit for the applicable actions specified in paragraph (k) of this AD, if those actions were performed before the effective date of this AD using Dowty Aerospace Landing Gear Service Bulletin 32-82W, Revision 1, dated September 10, 1993, or Dowty Aerospace Landing Gear Service Bulletin 32-169B, Revision 1, dated September 10, 1993.
The following provisions also apply to this AD:
(1)
(2)
(1) Refer to Mandatory Continuing Airworthiness Information (MCAI) EASA AD 2018-0015, dated January 25, 2018, for related information. This MCAI may be found in the AD docket on the internet at
(2) For more information about this AD, contact Tom Rodriguez, Aerospace Engineer, International Section, Transport Standards Branch, FAA, 2200 South 216th St., Des Moines, WA 98198; telephone and fax 206-231-3226.
(3) Dowty Aerospace Landing Gear service information identified in this AD, and not incorporated by reference, is available from Safran Landing Systems, One Carbon Way, Walton, KY 41094; telephone (859) 525-8583; fax (859) 485-8827.
(1) The Director of the Federal Register approved the incorporation by reference (IBR) of the service information listed in this paragraph under 5 U.S.C. 552(a) and 1 CFR part 51.
(2) You must use this service information as applicable to do the actions required by this AD, unless this AD specifies otherwise.
(i) Fokker Service Bulletin SBF27-32-173, dated November 30, 2017.
(ii) [Reserved]
(3) For Fokker service information identified in this AD, contact Fokker Services B.V., Technical Services Dept., P.O. Box 1357, 2130 EL Hoofddorp, the Netherlands; telephone +31 (0)88-6280-350; fax +31 (0)88-6280-111; email
(4) You may view this service information at the FAA, Transport Standards Branch, 2200 South 216th St., Des Moines, WA. For information on the availability of this material at the FAA, call 206-231-3195.
(5) You may view this service information that is incorporated by reference at the National Archives and Records Administration (NARA). For information on the availability of this material at NARA, call 202-741-6030, or go to:
Federal Aviation Administration (FAA), DOT.
Final rule.
We are adopting a new airworthiness directive (AD) for certain The Boeing Company Model 737-400 series airplanes. This AD was prompted by reports of cracking in the splice plate on the lower sill of the overwing emergency exit doors. This AD requires repetitive inspections for such cracking and applicable on-condition actions. We are issuing this AD to address the unsafe condition on these products.
This AD is effective April 8, 2019.
The Director of the Federal Register approved the incorporation by reference of a certain publication listed in this AD as of April 8, 2019.
For service information identified in this final rule, contact Boeing Commercial Airplanes, Attention: Contractual & Data Services (C&DS), 2600 Westminster Blvd., MC 110-SK57, Seal Beach, CA 90740-5600; telephone 562-797-1717; internet
You may examine the AD docket on the internet at
James Guo, Aerospace Engineer, Airframe Section, FAA, Los Angeles ACO Branch, 3960 Paramount Boulevard, Lakewood, CA 90712-4137; phone: 562-627-5357; fax: 562-627-5210; email:
We issued a notice of proposed rulemaking (NPRM) to amend 14 CFR part 39 by adding an AD that would apply to certain The Boeing Company Model 737-400 series airplanes. The NPRM published in the
We gave the public the opportunity to participate in developing this final rule. We have considered the comments received. Boeing indicated no objection to the NPRM. Commenters Zack Jones and Josep Clapes stated their support for the NPRM.
We reviewed the relevant data, considered the comments received, and determined that air safety and the public interest require adopting this final rule as proposed, except for minor editorial changes. We have determined that these minor changes:
• Are consistent with the intent that was proposed in the NPRM for addressing the unsafe condition; and
• Do not add any additional burden upon the public than was already proposed in the NPRM.
We reviewed Boeing Alert Requirements Bulletin 737-53A1380 RB, dated July 18, 2018. This service information describes procedures for repetitive high frequency eddy current inspections for cracking in the splice plate on the lower sill of the overwing emergency exit doors and applicable on-condition actions. This service information is reasonably available
We estimate that this AD affects 85 airplanes of U.S. registry. We estimate the following costs to comply with this AD:
We estimate the following costs to do any necessary on-condition actions that would be required. We have no way of determining the number of aircraft that might need these on-condition actions:
Title 49 of the United States Code specifies the FAA's authority to issue rules on aviation safety. Subtitle I, section 106, describes the authority of the FAA Administrator. Subtitle VII: Aviation Programs, describes in more detail the scope of the Agency's authority.
We are issuing this rulemaking under the authority described in Subtitle VII, Part A, Subpart III, Section 44701: “General requirements.” Under that section, Congress charges the FAA with promoting safe flight of civil aircraft in air commerce by prescribing regulations for practices, methods, and procedures the Administrator finds necessary for safety in air commerce. This regulation is within the scope of that authority because it addresses an unsafe condition that is likely to exist or develop on products identified in this rulemaking action.
This AD is issued in accordance with authority delegated by the Executive Director, Aircraft Certification Service, as authorized by FAA Order 8000.51C. In accordance with that order, issuance of ADs is normally a function of the Compliance and Airworthiness Division, but during this transition period, the Executive Director has delegated the authority to issue ADs applicable to transport category airplanes and associated appliances to the Director of the System Oversight Division.
This AD will not have federalism implications under Executive Order 13132. This AD will not have a substantial direct effect on the States, on the relationship between the national government and the States, or on the distribution of power and responsibilities among the various levels of government.
For the reasons discussed above, I certify that this AD:
(1) Is not a “significant regulatory action” under Executive Order 12866,
(2) Is not a “significant rule” under DOT Regulatory Policies and Procedures (44 FR 11034, February 26, 1979),
(3) Will not affect intrastate aviation in Alaska, and
(4) Will not have a significant economic impact, positive or negative, on a substantial number of small entities under the criteria of the Regulatory Flexibility Act.
Air transportation, Aircraft, Aviation safety, Incorporation by reference, Safety.
Accordingly, under the authority delegated to me by the Administrator, the FAA amends 14 CFR part 39 as follows:
49 U.S.C. 106(g), 40113, 44701.
This AD is effective April 8, 2019.
None.
This AD applies to The Boeing Company Model 737-400 series airplanes, certificated in any category, line numbers 1487 through 3132 inclusive.
Air Transport Association (ATA) of America Code 53, Fuselage.
This AD was prompted by reports of cracking in the splice plate on the lower sill of the overwing emergency exit doors. We are issuing this AD to address cracking in the splice plate, which, if not addressed, could result in the inability of a principal structural element to sustain limit loads and possible rapid decompression of the fuselage.
Comply with this AD within the compliance times specified, unless already done.
Except as specified by paragraph (h) of this AD: At the applicable times specified in the “Compliance” paragraph of Boeing Alert Requirements Bulletin 737-53A1380 RB, dated July 18, 2018, do all applicable actions identified in, and in accordance with, the Accomplishment Instructions of Boeing Alert Requirements Bulletin 737-53A1380 RB, dated July 18, 2018.
Guidance for accomplishing the actions required by this AD can be found in Boeing Alert Service Bulletin 737-53A1380, dated July 18, 2018, which is referred to in Boeing Alert Requirements Bulletin 737-53A1380 RB, dated July 18, 2018.
(1) For purposes of determining compliance with the requirements of this AD: Where Boeing Alert Requirements Bulletin 737-53A1380 RB, dated July 18, 2018, uses the phrase “the original issue date of Requirements Bulletin 737-53A1380 RB,” this AD requires using “the effective date of this AD.”
(2) Where Boeing Alert Requirements Bulletin 737-53A1380 RB, dated July 18, 2018, specifies contacting Boeing for repair instructions: This AD requires doing the repair and applicable on-condition actions before further flight using a method approved in accordance with the procedures specified in paragraph (i) of this AD.
(1) The Manager, Los Angeles ACO Branch, FAA, has the authority to approve AMOCs for this AD, if requested using the procedures found in 14 CFR 39.19. In accordance with 14 CFR 39.19, send your request to your principal inspector or local Flight Standards District Office, as appropriate. If sending information directly to the manager of the certification office, send it to the attention of the person identified in paragraph (j)(1) of this AD. Information may be emailed to:
(2) Before using any approved AMOC, notify your appropriate principal inspector, or lacking a principal inspector, the manager of the local flight standards district office/certificate holding district office.
(3) An AMOC that provides an acceptable level of safety may be used for any repair, modification, or alteration required by this AD if it is approved by the Boeing Commercial Airplanes Organization Designation Authorization (ODA) that has been authorized by the Manager, Los Angeles ACO Branch, FAA, to make those findings. To be approved, the repair method, modification deviation, or alteration deviation must meet the certification basis of the airplane, and the approval must specifically refer to this AD.
(1) For more information about this AD, contact James Guo, Aerospace Engineer, Airframe Section, FAA, Los Angeles ACO Branch, 3960 Paramount Boulevard, Lakewood, CA 90712-4137; phone: 562-627-5357; fax: 562-627-5210; email:
(2) Service information identified in this AD that is not incorporated by reference is available at the addresses specified in paragraphs (k)(3) and (k)(4) of this AD.
(1) The Director of the Federal Register approved the incorporation by reference (IBR) of the service information listed in this paragraph under 5 U.S.C. 552(a) and 1 CFR part 51.
(2) You must use this service information as applicable to do the actions required by this AD, unless the AD specifies otherwise.
(i) Boeing Alert Requirements Bulletin 737-53A1380 RB, dated July 18, 2018.
(ii) [Reserved]
(3) For service information identified in this AD, contact Boeing Commercial Airplanes, Attention: Contractual & Data Services (C&DS), 2600 Westminster Blvd., MC 110-SK57, Seal Beach, CA 90740-5600; telephone 562-797-1717; internet
(4) You may view this service information at the FAA, Transport Standards Branch, 2200 South 216th St., Des Moines, WA. For information on the availability of this material at the FAA, call 206-231-3195.
(5) You may view this service information that is incorporated by reference at the National Archives and Records Administration (NARA). For information on the availability of this material at NARA, call 202-741-6030, or go to:
Federal Aviation Administration (FAA), DOT.
Final rule.
We are adopting a new airworthiness directive (AD) for certain The Boeing Company Model 737-600, -700, -700C, -800, -900, and -900ER series airplanes. This AD was prompted by reports of passenger service units (PSUs) becoming detached from the supporting airplane structure in several Model 737 series airplanes. This AD requires modifying the PSUs and life vest panels by replacing the existing inboard lanyard and installing two new lanyards on the outboard edge of the PSUs and life vest panels; measuring the distance between the hooks of the torsion spring of the lanyard assembly; replacing discrepant lanyard assemblies; and re-identifying serviceable lanyard assemblies. We are issuing this AD to address the unsafe condition on these products.
This AD is effective April 8, 2019.
The Director of the Federal Register approved the incorporation by reference of a certain publication listed in this AD as of April 8, 2019.
For service information identified in this final rule, contact Boeing Commercial Airplanes, Attention: Contractual & Data Services (C&DS), 2600 Westminster Blvd., MC 110 SK57, Seal Beach, CA 90740-5600; telephone 562-797-1717; internet
You may examine the AD docket on the internet at
Scott Craig, Aerospace Engineer, Cabin Safety and Environmental Systems Section, FAA, Seattle ACO Branch, 2200 South 216th St., Des Moines, WA 98198; phone and fax: 206-231-3566; email:
We issued a notice of proposed rulemaking (NPRM) to amend 14 CFR part 39 by adding an AD that would apply to certain The Boeing Company Model 737-600, -700, -700C, -800, -900, and -900ER series airplanes. The NPRM published in the
We issued a supplemental NPRM (SNPRM) to amend 14 CFR part 39 by adding an AD that would apply to certain The Boeing Company Model 737-600, -700, -700C, -800, -900, and -900ER series airplanes. The SNPRM published in the
We are issuing this AD to address PSUs and life vest panels detaching from the supporting airplane structure, which could lead to passenger injuries and impede passenger and crew egress during evacuation.
We gave the public the opportunity to participate in developing this final rule. The following presents the comments received on the SNPRM and the FAA's response to each comment.
JeJu Air requested that we consider adding actions similar to those in the SNPRM for PSU-mounted LCD panels. JeJu Air noted that they experienced an incident in which four PSU-mounted LCD panels dropped during flight, resulting in minor injuries to several passengers. JeJu Air stated that PSU-mounted LCD panels are not subject to routine inspections through a manufacturer's maintenance planning document. The commenter added that the PSU-mounted LCD panels are heavier than normal PSUs and therefore could be riskier for passengers if they fall.
We acknowledge the commenter's concern. However, making the requested change would require issuance of a second SNPRM with another public comment period, delaying the issuance of a final rule. To delay this action would be inappropriate, since we have determined that an unsafe condition exists and that PSU modifications and lanyard replacements must be made to ensure continued safety. We will consider additional rulemaking to address PSU-mounted LCD panels. We have not changed this AD in this regard.
Boeing requested that we revise the applicability of the proposed AD (in the SNPRM) to The Boeing Company Model 737-600, -700, -700C, -800, -900, and -900ER series airplanes “as identified in Boeing Service Bulletin 737-25-1707, Revision 1, dated May 18, 2018.” Boeing stated that including airplanes beyond those identified in Boeing Service Bulletin 737-25-1707, Revision 1, dated May 18, 2018, would not add to the safety of the operating fleet. Boeing added that airplanes with potentially affected lanyard assemblies, whether included in reworked airplanes, installed during production, or issued in kits, are all categorized and addressed in Boeing Service Bulletin 737-25-1707, Revision 1, dated May 18, 2018.
We disagree with the commenter's request. The PSUs and lanyard assemblies are rotable parts that can be installed on airplanes that previously did not have affected PSUs and lanyard assemblies installed. Therefore, the applicability of this AD, “all The Boeing Company Model 737-600, -700, -700C, -800, -900, and -900ER series airplanes, certificated in any category, without a Boeing Sky Interior (BSI),” ensures that no PSUs without the updated lanyard assemblies are installed and the unsafe condition is addressed on all affected airplanes. We have not changed this AD in this regard.
Boeing requested that we revise the “Differences Between This SNPRM and the Service Information” section of the SNPRM to note that the effectivity of Boeing Service Bulletin 737-25-1707, Revision 1, dated May 18, 2018, is limited to “line numbers 1 through 6099,” rather than “line numbers 1 through 6009.”
We acknowledge this typographical error. However, the “Differences Between This SNPRM and the Service Information” section does not carry over into this AD. Therefore, we have not changed this AD in this regard.
American Airlines (AAL) requested that we remove a requirement in the proposed AD (in the SNPRM) to identify new lanyard assemblies as serviceable by adding a permanent white mark. AAL noted that Figure 1, step 3 of Boeing Service Bulletin 737-25-1707, Revision 1, dated May 18, 2018, which is Required for Compliance (RC), says to “Identify the lanyard assembly as serviceable with a permanent white mark, that can be easily seen when the PSU is lowered.” The commenter stated that new lanyards received in certain kits are deemed serviceable, but not identified with a white mark. AAL asked why the parts would be marked at installation rather than inspection or fabrication, which seems to place the burden on installers to determine the lanyard assembly is serviceable.
We disagree with the commenter's request. Some previously delivered lanyard assembly kits contained lanyards that were manufactured incorrectly and might not properly secure the PSU in the event of an accident. By inspecting and identifying the lanyard assembly during installation, operators can ensure that the correct lanyard assembly is installed on an airplane. On some airplanes, a correct lanyard assembly may already be installed and only needs to be identified with a white mark. Boeing Service Bulletin 737-25-1707, Revision 1, dated May 18, 2018, clearly identifies a serviceable lanyard assembly, and the white mark is an important part of that definition. We have not changed this AD in this regard.
AAL requested that the Boeing 737NG Aircraft Maintenance Manual (AMM) 25-23-61 provide more detailed instructions for removing and installing the PSU. AAL noted that Boeing Service Bulletin 737-25-1707, Revision 1, dated May 18, 2018, provides detailed instructions for attaching the lanyard clip to the PSU rail, but the AMM does not provide the same level of instructions. We infer that the commenter is asking us to require Boeing to update the AMM to provide more details.
We acknowledge the commenter's request. The AMM is identified as an affected publication in Boeing Service Bulletin 737-25-1707, Revision 1, dated May 18, 2018; however, this AD does not require compliance with the AMM, and the AMM is not part of an RC step in the service bulletin. The AMM is referred to as one source of information for removing and installing the PSU, but as noted in paragraph (i)(4)(ii) of this AD, operators may rely on their own accepted methods in accordance with the operator's maintenance or inspection program for those steps. In addition, Boeing Service Bulletin 737-25-1707, Revision 1, dated May 18, 2018, provides adequate details to address the unsafe condition in this AD. Therefore, we have not changed this AD in this regard.
AAL stated that Boeing Service Bulletin 737-25-1707, dated September 24, 2015, provided a work-hours task total of 1.35 work-hours per PSU. The commenter added that Boeing Service
We agree to clarify the Costs of Compliance section of this AD. Boeing Service Bulletin 737-25-1707, Revision 1, dated May 18, 2018, separates the work-hour estimates into multiple tables based on group configurations and the type of work to be done. Adding all of the work-hours from the applicable tables for a given configuration, the total work-hours estimate is higher for certain configurations. Therefore, the estimated costs in this AD represent the highest work-hours and parts cost for all configurations. We have not changed this AD in this regard.
We reviewed the relevant data, considered the comments received, and determined that air safety and the public interest require adopting this final rule as proposed, except for minor editorial changes. We have determined that these minor changes:
• Are consistent with the intent that was proposed in the SNPRM for addressing the unsafe condition; and
• Do not add any additional burden upon the public than was already proposed in the SNPRM.
We reviewed Boeing Service Bulletin 737-25-1707, Revision 1, dated May 18, 2018. This service information describes procedures for modifying the PSUs and life vest panels by replacing the existing inboard lanyard and installing two new lanyards on the outboard edge of the PSUs and life vest panels, measuring the distance between the hooks of the torsion spring of the lanyard assembly, replacing any discrepant lanyard assemblies, and re-identifying serviceable lanyard assemblies. This service information is reasonably available because the interested parties have access to it through their normal course of business or by the means identified in the
We estimate that this AD affects 2,015 airplanes of U.S. registry. We estimate the following costs to comply with this AD:
According to the manufacturer, some or all of the costs of this AD may be covered under warranty, thereby reducing the cost impact on affected individuals. We do not control warranty coverage for affected individuals. As a result, we have included all known costs in our cost estimate.
Title 49 of the United States Code specifies the FAA's authority to issue rules on aviation safety. Subtitle I, section 106, describes the authority of the FAA Administrator. Subtitle VII: Aviation Programs, describes in more detail the scope of the Agency's authority.
We are issuing this rulemaking under the authority described in Subtitle VII, Part A, Subpart III, Section 44701: “General requirements.” Under that section, Congress charges the FAA with promoting safe flight of civil aircraft in air commerce by prescribing regulations for practices, methods, and procedures the Administrator finds necessary for safety in air commerce. This regulation is within the scope of that authority because it addresses an unsafe condition that is likely to exist or develop on products identified in this rulemaking action.
This AD is issued in accordance with authority delegated by the Executive Director, Aircraft Certification Service, as authorized by FAA Order 8000.51C. In accordance with that order, issuance of ADs is normally a function of the Compliance and Airworthiness Division, but during this transition period, the Executive Director has delegated the authority to issue ADs applicable to transport category airplanes and associated appliances to the Director of the System Oversight Division.
This AD will not have federalism implications under Executive Order 13132. This AD will not have a substantial direct effect on the States, on the relationship between the national government and the States, or on the distribution of power and responsibilities among the various levels of government.
For the reasons discussed above, I certify that this AD:
(1) Is not a “significant regulatory action” under Executive Order 12866,
(2) Is not a “significant rule” under DOT Regulatory Policies and Procedures (44 FR 11034, February 26, 1979),
(3) Will not affect intrastate aviation in Alaska, and
(4) Will not have a significant economic impact, positive or negative, on a substantial number of small entities under the criteria of the Regulatory Flexibility Act.
Air transportation, Aircraft, Aviation safety, Incorporation by reference, Safety.
Accordingly, under the authority delegated to me by the Administrator, the FAA amends 14 CFR part 39 as follows:
49 U.S.C. 106(g), 40113, 44701.
This AD is effective April 8, 2019.
None.
This AD applies to all The Boeing Company Model 737-600, -700, -700C, -800, -900, and -900ER series airplanes, certificated in any category, without a Boeing Sky Interior (BSI).
Air Transport Association (ATA) of America Code 25, Equipment/furnishings.
This AD was prompted by reports of passenger service units (PSUs) becoming detached from the supporting airplane structure in several Model 737 series airplanes during survivable accidents. We are issuing this AD to address PSUs and life vest panels detaching from the supporting airplane structure, which could lead to passenger injuries and impede passenger and crew egress during evacuation.
Comply with this AD within the compliance times specified, unless already done.
Within 60 months after the effective date of this AD, do all applicable actions identified as “RC” (required for compliance) in, and in accordance with, the Accomplishment Instructions of Boeing Service Bulletin 737-25-1707, Revision 1, dated May 18, 2018.
As of the applicable time specified in paragraph (h)(1) or (h)(2) of this AD, no person may install on any airplane a PSU or life vest panel, unless the lanyard assembly has been updated as required by paragraph (g) of this AD.
(1) For airplanes that have PSUs or life vest panels without the updated lanyard assemblies installed: After modification of the airplane as required by this AD.
(2) For airplanes that have PSUs or life vest panels with the updated lanyard assemblies installed: As of the effective date of this AD.
(1) The Manager, Seattle ACO Branch, FAA, has the authority to approve AMOCs for this AD, if requested using the procedures found in 14 CFR 39.19. In accordance with 14 CFR 39.19, send your request to your principal inspector or local Flight Standards District Office, as appropriate. If sending information directly to the manager of the certification office, send it to the attention of the person identified in paragraph (j) of this AD. Information may be emailed to:
(2) Before using any approved AMOC, notify your appropriate principal inspector, or lacking a principal inspector, the manager of the local flight standards district office/certificate holding district office.
(3) An AMOC that provides an acceptable level of safety may be used for any repair, modification, or alteration required by this AD if it is approved by the Boeing Commercial Airplanes Organization Designation Authorization (ODA) that has been authorized by the Manager, Seattle ACO Branch, FAA, to make those findings. To be approved, the repair method, modification deviation, or alteration deviation must meet the certification basis of the airplane, and the approval must specifically refer to this AD.
(4) For service information that contains steps that are labeled as Required for Compliance (RC), the provisions of paragraphs (i)(4)(i) and (i)(4)(ii) of this AD apply.
(i) The steps labeled as RC, including substeps under an RC step and any figures identified in an RC step, must be done to comply with the AD. If a step or substep is labeled “RC Exempt,” then the RC requirement is removed from that step or substep. An AMOC is required for any deviations to RC steps, including substeps and identified figures.
(ii) Steps not labeled as RC may be deviated from using accepted methods in accordance with the operator's maintenance or inspection program without obtaining approval of an AMOC, provided the RC steps, including substeps and identified figures, can still be done as specified, and the airplane can be put back in an airworthy condition.
For more information about this AD, contact Scott Craig, Aerospace Engineer, Cabin Safety and Environmental Systems Section, FAA, Seattle ACO Branch, 2200 South 216th St., Des Moines, WA 98198; phone and fax: 206-231-3566; email:
(1) The Director of the Federal Register approved the incorporation by reference (IBR) of the service information listed in this paragraph under 5 U.S.C. 552(a) and 1 CFR part 51.
(2) You must use this service information as applicable to do the actions required by this AD, unless the AD specifies otherwise.
(i) Boeing Service Bulletin 737-25-1707, Revision 1, dated May 18, 2018.
(ii) [Reserved]
(3) For service information identified in this AD, contact Boeing Commercial Airplanes, Attention: Contractual & Data Services (C&DS), 2600 Westminster Blvd., MC 110-SK57, Seal Beach, CA 90740-5600; telephone 562-797-1717; internet
(4) You may view this service information at the FAA, Transport Standards Branch, 2200 South 216th St., Des Moines, WA. For information on the availability of this material at the FAA, call 206-231-3195.
(5) You may view this service information that is incorporated by reference at the National Archives and Records Administration (NARA). For information on the availability of this material at NARA, call 202-741-6030, or go to:
Federal Aviation Administration (FAA), Department of Transportation (DOT).
Final rule.
We are adopting a new airworthiness directive (AD) for certain Dassault Aviation Model FAN JET FALCON and FAN JET FALCON SERIES C, D, E, F, and G airplanes. This AD was prompted by a determination that new and more restrictive airworthiness limitations and maintenance requirements are necessary. This AD requires revising the existing maintenance or inspection program, as applicable, to incorporate new or more restrictive airworthiness limitations and maintenance requirements. We are issuing this AD to address the unsafe condition on these products.
This AD is effective April 8, 2019.
The Director of the Federal Register approved the incorporation by reference of a certain publication listed in this AD as of April 8, 2019.
For service information identified in this final rule, contact Dassault Falcon Jet Corporation, Teterboro Airport, P.O. Box 2000, South Hackensack, NJ 07606; telephone 201-440-6700; internet
You may examine the AD docket on the internet at
Tom Rodriguez, Aerospace Engineer, International Section, Transport Standards Branch, FAA, 2200 South 216th St., Des Moines, WA 98198; telephone and fax 206-231-3226.
We issued a notice of proposed rulemaking (NPRM) to amend 14 CFR part 39 by adding an AD that would apply to certain Dassault Aviation Model FAN JET FALCON and FAN JET FALCON SERIES C, D, E, F, and G airplanes. The NPRM published in the
The European Aviation Safety Agency (EASA), which is the Technical Agent for the Member States of the European Union, has issued EASA AD 2018-0193, dated September 3, 2018 (referred to after this as the Mandatory Continuing Airworthiness Information, or “the MCAI”), to correct an unsafe condition for certain Dassault Aviation Model FAN JET FALCON and FAN JET FALCON SERIES C, D, E, F, and G airplanes. The MCAI states:
In June 1988, the Federal Aviation Administration sponsored a conference on ageing aircraft, during which the decision was taken to pay particular attention to those. The ATA [Air Transport Association] and the AIA [Aerospace Industries Association] committed themselves to identify and to set up procedures to ensure continued structural integrity on ageing aircraft. Prompted by these actions, Dassault developed the SSIP [Supplemental Structural Inspection Program], aiming to guarantee the airworthiness of the Fan Jet Falcon aeroplane which reach and exceed half of the Limit of Validity. The airworthiness limitations and certification maintenance instructions for the affected Fan Jet Falcon aeroplanes, which are approved by EASA, are currently defined and published in the ALS [airworthiness limitations section]. These instructions have been identified as mandatory for continued airworthiness.
Failure to accomplish these instructions could result in an unsafe condition.
Previously, EASA issued AD 2008-0221 to require accomplishment of the maintenance tasks, and implementation of the airworthiness limitations, as specified in ALS at Revision 7.
Since that [EASA] AD was issued, Dassault issued ALS Revisions 8 and 9, which introduced new and more restrictive maintenance requirements and/or airworthiness limitations.
For the reason described above, this [EASA] AD takes over the requirements for Fan Jet Falcon aeroplanes from EASA AD 2008-0221 and requires accomplishment of the actions specified in the ALS.
Once new [EASA] ADs have been published for all the types addressed by EASA AD 2008-0221, EASA plans to cancel that AD.
The unsafe condition is fatigue cracking and damage in principal structural elements; such fatigue cracking and damage could result in reduced structural integrity of the airplane. Because we determined that a separate FAA AD should be issued for each airplane model due to different ALS requirements, we did not issue an AD that corresponded to EASA AD 2008-0221.
You may examine the MCAI in the AD docket on the internet at
We gave the public the opportunity to participate in developing this final rule. We have considered the comment received; the commenter, Bienvenu Badinenganyi, stated no objection to the NPRM.
We reviewed the relevant data, considered the comment received, and determined that air safety and the public interest require adopting this final rule as proposed, except for minor editorial changes. We have determined that these minor changes:
• Are consistent with the intent that was proposed in the NPRM for addressing the unsafe condition; and
• Do not add any additional burden upon the public than was already proposed in the NPRM.
Dassault has issued Chapter 5-40-01, Airworthiness Limitations, DMD 44729, Revision 9, dated November 29, 2017, of the Dassault Aviation Falcon 20 Maintenance Manual. This service information includes life limits for certain airframe components, and describes airworthiness limitations for safe life limits and certification maintenance requirements. This service information is reasonably available because the interested parties have access to it through their normal course of business or by the means identified in the
We estimate that this AD affects 61 airplanes of U.S. registry. We estimate the following costs to comply with this AD:
We have determined that revising the existing maintenance or inspection program takes an average of 90 work-hours per operator, although we recognize that this number may vary from operator to operator. In the past, we have estimated that this action takes 1 work-hour per airplane. Since operators incorporate maintenance or inspection program changes for their affected fleet, we have determined that a per-operator estimate is more accurate than a per-airplane estimate. Therefore, we estimate the total cost per operator to be $7,650 (90 work-hours × $85 per work-hour).
Title 49 of the United States Code specifies the FAA's authority to issue rules on aviation safety. Subtitle I, section 106, describes the authority of the FAA Administrator. Subtitle VII: Aviation Programs, describes in more detail the scope of the Agency's authority.
We are issuing this rulemaking under the authority described in Subtitle VII, Part A, Subpart III, Section 44701: “General requirements.” Under that section, Congress charges the FAA with promoting safe flight of civil aircraft in air commerce by prescribing regulations for practices, methods, and procedures the Administrator finds necessary for safety in air commerce. This regulation is within the scope of that authority because it addresses an unsafe condition that is likely to exist or develop on products identified in this rulemaking action.
This AD is issued in accordance with authority delegated by the Executive Director, Aircraft Certification Service, as authorized by FAA Order 8000.51C. In accordance with that order, issuance of ADs is normally a function of the Compliance and Airworthiness Division, but during this transition period, the Executive Director has delegated the authority to issue ADs
This AD will not have federalism implications under Executive Order 13132. This AD will not have a substantial direct effect on the States, on the relationship between the national government and the States, or on the distribution of power and responsibilities among the various levels of government.
For the reasons discussed above, I certify that this AD:
(1) Is not a “significant regulatory action” under Executive Order 12866,
(2) Is not a “significant rule” under the DOT Regulatory Policies and Procedures (44 FR 11034, February 26, 1979),
(3) Will not affect intrastate aviation in Alaska, and
(4) Will not have a significant economic impact, positive or negative, on a substantial number of small entities under the criteria of the Regulatory Flexibility Act.
Air transportation, Aircraft, Aviation safety, Incorporation by reference, Safety.
Accordingly, under the authority delegated to me by the Administrator, the FAA amends 14 CFR part 39 as follows:
49 U.S.C. 106(g), 40113, 44701.
This AD is effective April 8, 2019.
None.
This AD applies to Dassault Aviation Model FAN JET FALCON and FAN JET FALCON SERIES C, D, E, F, and G airplanes, certificated in any category, all serial numbers, on which the Dassault Fan Jet Falcon Supplemental Structural Inspection Program (Dassault Service Bulletin (SB) 730), has been embodied into the airplane's maintenance program.
Air Transport Association (ATA) of America Code 05, Time Limits/Maintenance Checks.
This AD was prompted by a determination that new and more restrictive airworthiness limitations and maintenance requirements are necessary. We are issuing this AD to address, among other things, fatigue cracking and damage in principal structural elements; such fatigue cracking and damage could result in reduced structural integrity of the airplane.
Comply with this AD within the compliance times specified, unless already done.
Within 90 days after the effective date of this AD, revise the existing maintenance or inspection program, as applicable, to incorporate the airworthiness limitations specified in Chapter 5-40-01, Airworthiness Limitations, DMD 44729, Revision 9, dated November 29, 2017, of the Dassault Aviation Falcon 20 Maintenance Manual. The initial compliance time for accomplishing the actions is at the applicable time specified in Chapter 5-40-01, Airworthiness Limitations, DMD 44729, Revision 9, dated November 29, 2017, of the Dassault Aviation Falcon 20 Maintenance Manual; or within 90 days after the effective date of this AD; whichever occurs later. Where the threshold column in the table in paragraph B, Mandatory Maintenance Operations, of Chapter 5-40-01, Airworthiness Limitations, DMD 44729, Revision 9, dated November 29, 2017, of the Dassault Aviation Falcon 20 Maintenance Manual specifies a compliance time in years, those compliance times start from the date of issuance of the original airworthiness certificate or date of issuance of the original export certificate of airworthiness.
After accomplishing the revision required by paragraph (g) of this AD, no alternative actions (
The following provisions also apply to this AD:
(1)
(2)
(1) Refer to Mandatory Continuing Airworthiness Information (MCAI) EASA AD 2018-0193, dated September 3, 2018, for related information. This MCAI may be found in the AD docket on the internet at
(2) For more information about this AD, contact Tom Rodriguez, Aerospace Engineer, International Section, Transport Standards Branch, FAA, 2200 South 216th St., Des Moines, WA 98198; telephone and fax 206-231-3226.
(1) The Director of the Federal Register approved the incorporation by reference (IBR) of the service information listed in this paragraph under 5 U.S.C. 552(a) and 1 CFR part 51.
(2) You must use this service information as applicable to do the actions required by this AD, unless this AD specifies otherwise.
(i) Chapter 5-40-01, Airworthiness Limitations, DMD 44729, Revision 9, dated November 29, 2017, of the Dassault Aviation Falcon 20 Maintenance Manual.
(ii) [Reserved]
(3) For service information identified in this AD, contact Dassault Falcon Jet Corporation, Teterboro Airport, P.O. Box 2000, South Hackensack, NJ 07606; telephone 201-440-6700; internet
(4) You may view this service information at the FAA, Transport Standards Branch, 2200 South 216th St., Des Moines, WA. For information on the availability of this material at the FAA, call 206-231-3195.
(5) You may view this service information that is incorporated by reference at the National Archives and Records Administration (NARA). For information on the availability of this material at NARA, call 202-741-6030, or go to:
Federal Aviation Administration (FAA), Department of Transportation (DOT).
Final rule.
We are adopting a new airworthiness directive (AD) for certain Gulfstream Aerospace LP Model Gulfstream G150 airplanes. This AD was prompted by reports of corrosion in the solder joints of the upper and lower front relay box connectors to the printed circuit board. This AD requires replacement of the existing relay boxes with modified boxes. We are issuing this AD to address the unsafe condition on these products.
This AD is effective April 8, 2019.
The Director of the Federal Register approved the incorporation by reference of a certain publication listed in this AD as of April 8, 2019.
For service information identified in this final rule, contact Gulfstream Aerospace Corporation, P.O. Box 2206, Mail Station D-25, Savannah, GA 31402-2206; telephone 800-810-4853; fax 912-965-3520; email
You may examine the AD docket on the internet at
Tom Rodriguez, Aerospace Engineer, International Section, Transport Standards Branch, FAA, 2200 South 216th St., Des Moines, WA 98198; telephone and fax 206-231-3226.
We issued a notice of proposed rulemaking (NPRM) to amend 14 CFR part 39 by adding an AD that would apply to certain Gulfstream Aerospace LP Model Gulfstream G150 airplanes. The NPRM published in the
We are issuing this AD to address corrosion in the front relay box connector solder joints. If not addressed, this condition could cause false crew alerting system (CAS) messages, such as slats unbalance, auto slats fail, and Mach trim fail, which could interfere with continued safe operation of the airplane.
The Civil Aviation Authority of Israel (CAAI), which is the aviation authority for Israel, has issued Israeli Airworthiness Directive ISR-I-24-2018-09-7, dated October 1, 2018 (referred to after this as the Mandatory Continuing Airworthiness Information, or “the MCAI”), to correct an unsafe condition for certain Gulfstream Aerospace LP Model Gulfstream G150 airplanes. The MCAI states:
The existing Upper and Lower Front Relay Box might be prone to corrosion in the relay box connector's solder joint to the printed circuit board. As a result various CAS [crew alerting system] messages such as slats unbalance and auto slats fail, Mach trim fail, etc . . . might be reported [and could interfere with continued safe operation of the airplane]. To prevent this condition, replacement of existing relay boxes with modified boxes featuring an added acrylic conformal coating should be performed.
Five occurrences on G150 model in last 3 years had been reported.
You may examine the MCAI in the AD docket on the internet at
We gave the public the opportunity to participate in developing this final rule. We received no comments on the NPRM or on the determination of the cost to the public.
We reviewed the relevant data and determined that air safety and the public interest require adopting this final rule as proposed, except for minor editorial changes. We have determined that these minor changes:
• Are consistent with the intent that was proposed in the NPRM for addressing the unsafe condition; and
• Do not add any additional burden upon the public than was already proposed in the NPRM.
Gulfstream has issued Service Bulletin 150-24-193, dated March 30, 2018. This service information describes procedures for removing and replacing the upper and lower front relay boxes. This service information is reasonably available because the interested parties have access to it through their normal course of business or by the means identified in the
We estimate that this AD affects 81 airplanes of U.S. registry. We estimate the following costs to comply with this AD:
According to the manufacturer, some or all of the costs of this AD may be covered under warranty, thereby reducing the cost impact on affected individuals. We do not control warranty coverage for affected individuals. As a result, we have included all known costs in our cost estimate.
Title 49 of the United States Code specifies the FAA's authority to issue rules on aviation safety. Subtitle I, section 106, describes the authority of the FAA Administrator. Subtitle VII: Aviation Programs, describes in more detail the scope of the Agency's authority.
We are issuing this rulemaking under the authority described in Subtitle VII, Part A, Subpart III, Section 44701: “General requirements.” Under that section, Congress charges the FAA with promoting safe flight of civil aircraft in air commerce by prescribing regulations for practices, methods, and procedures the Administrator finds necessary for safety in air commerce. This regulation is within the scope of that authority because it addresses an unsafe condition that is likely to exist or develop on products identified in this rulemaking action.
This AD is issued in accordance with authority delegated by the Executive Director, Aircraft Certification Service, as authorized by FAA Order 8000.51C. In accordance with that order, issuance of ADs is normally a function of the Compliance and Airworthiness Division, but during this transition period, the Executive Director has delegated the authority to issue ADs applicable to transport category airplanes and associated appliances to the Director of the System Oversight Division.
This AD will not have federalism implications under Executive Order 13132. This AD will not have a substantial direct effect on the States, on the relationship between the national government and the States, or on the distribution of power and responsibilities among the various levels of government.
For the reasons discussed above, I certify that this AD:
(1) Is not a “significant regulatory action” under Executive Order 12866,
(2) Is not a “significant rule” under the DOT Regulatory Policies and Procedures (44 FR 11034, February 26, 1979),
(3) Will not affect intrastate aviation in Alaska, and
(4) Will not have a significant economic impact, positive or negative, on a substantial number of small entities under the criteria of the Regulatory Flexibility Act.
Air transportation, Aircraft, Aviation safety, Incorporation by reference, Safety.
Accordingly, under the authority delegated to me by the Administrator, the FAA amends 14 CFR part 39 as follows:
49 U.S.C. 106(g), 40113, 44701.
This AD is effective April 8, 2019.
None.
This AD applies to Gulfstream Aerospace LP (Type Certificate previously held by Israel Aircraft Industries, Ltd.) Model Gulfstream G150 airplanes, certificated in any category, serial numbers 201 through 326 inclusive.
Air Transport Association (ATA) of America Code 24, Electrical power.
This AD was prompted by reports of corrosion in the solder joints of the upper and lower front relay box connectors to the printed circuit board. We are issuing this AD to address corrosion in the front relay box connector solder joints. If not addressed, this condition could cause false crew alerting system (CAS) messages, such as slats unbalance, auto slats fail, and Mach trim fail, which could interfere with continued safe operation of the airplane.
Comply with this AD within the compliance times specified, unless already done.
Within 36 months after the effective date of this AD, remove the upper front relay box, Israel Aerospace Industries (IAI) part number (P/N) 25G8130301-510/-512/-514/-516, and replace with IAI P/N 25G8130301-516, upgraded to MOD A, and remove the lower front relay box, IAI P/N 25G8130300-512/-516/-518/-520, and replace with an improved lower front relay box, IAI P/N 25G8130300-520, upgraded to MOD A, in accordance with the Accomplishment Instructions of Gulfstream Service Bulletin 150-24-193, dated March 30, 2018.
As of the applicable compliance time specified in paragraph (h)(1) or (h)(2) of this AD, do not install relay box IAI P/N 25G8130301-510/-512/-514/-516 or IAI P/N 25G8130300-512/-516/-518/-520 on any airplane, except relay box IAI P/N 25G8130301-516 or IAI P/N 25G8130300-520 that has been upgraded to MOD A as specified in paragraph (g) of this AD may be installed.
(1) For airplanes that have IAI P/N 25G8130301-510/-512/-514/-516 or IAI P/N 25G8130300-512/-516/-518/-520 installed as of the effective date of this AD: After modification of the airplane as required by this AD.
(2) For airplanes that do not have IAI P/N 25G8130301-510/-512/-514/-516 or IAI P/N 25G8130300-512/-516/-518/-520 installed as of the effective date of this AD: As of the effective date of this AD.
(1) Although Gulfstream Service Bulletin 150-24-193, dated March 30, 2018, specifies to return parts to the manufacturer, this AD does not include that requirement.
(2) Although Gulfstream Service Bulletin 150-24-193, dated March 30, 2018, specifies to submit certain information to the manufacturer, this AD does not include that requirement.
The following provisions also apply to this AD:
(1)
(2)
(1) Refer to Mandatory Continuing Airworthiness Information (MCAI) Israeli Airworthiness Directive ISR-I-24-2018-09-7, dated October 1, 2018, for related information. This MCAI may be found in the AD docket on the internet at
(2) For more information about this AD, contact Tom Rodriguez, Aerospace Engineer, International Section, Transport Standards Branch, FAA, 2200 South 216th St., Des Moines, WA 98198; telephone and fax 206-231-3226.
(1) The Director of the Federal Register approved the incorporation by reference (IBR) of the service information listed in this paragraph under 5 U.S.C. 552(a) and 1 CFR part 51.
(2) You must use this service information as applicable to do the actions required by this AD, unless this AD specifies otherwise.
(i) Gulfstream Service Bulletin 150-24-193, dated March 30, 2018.
(ii) [Reserved]
(3) For service information identified in this AD, contact Gulfstream Aerospace Corporation, P.O. Box 2206, Mail Station D-25, Savannah, GA 31402-2206; telephone 800-810-4853; fax 912-965-3520; email
(4) You may view this service information at the FAA, Transport Standards Branch, 2200 South 216th St., Des Moines, WA. For information on the availability of this material at the FAA, call 206-231-3195.
(5) You may view this service information that is incorporated by reference at the National Archives and Records Administration (NARA). For information on the availability of this material at NARA, call 202-741-6030, or go to:
In rule document 2019-02687, appearing on pages 4991 through 4993, in the issue of Wednesday, February 20, 2019, make the following correction:
Federal Energy Regulatory Commission, DOE.
Final rule.
In this final rule, the Federal Energy Regulatory Commission (Commission) amends its regulations related to interlocking officers and directors to clarify and update the requirements for both applicants and holders.
This rule will become effective May 3, 2019.
Lindsay Orphanides (Technical Information), Office of Energy Market Regulation, Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426, (202) 502-8372,
Mary Ellen Stefanou (Legal Information), Office of the General Counsel, Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426, (202) 502-8989,
1. On July 19, 2018, the Commission issued a Notice of Proposed Rulemaking (NOPR),
2. Comments were filed by Edison Electric Institute (EEI), NRG Power Marketing LLC (NRG), Just Energy (U.S.) Corp. (Just Energy), Electric Power Supply Association (EPSA), National Rural Electric Cooperative Association (NRECA), National Grid USA (National Grid), and Golden Spread Electric Cooperative, Inc. (Golden Spread). All comments were generally supportive of the proposed changes. Some commenters requested clarification on certain proposed changes, while others proposed additional changes. We address these issues below.
3. Section 45.2 of the Commission's regulations describes the types of interlocking positions that require Commission authorization, including those between a public utility and entities authorized by law to underwrite or participate in the marketing of public utility securities.
• The person does not participate in any deliberations or decisions of the public utility regarding the selection of the bank, trust company, banking association, or firm to underwrite or participate in the marketing of securities of the public utility, if the person serves as an officer or director of a bank, trust company, banking association, or firm that is under consideration in the deliberation process;
• the bank, trust company, banking association, or firm of which the person is an officer or director does not engage in the underwriting of, or participate in the marketing of, securities of the public utility of which the person holds the position of officer or director;
• the public utility for which he/she serves or proposes to serve as an officer or director selects underwriters by competitive procedures; or
• the issuance of securities of the public utility for which the person serves or proposes to serve as an officer or director has been approved by all Federal and State regulatory agencies having jurisdiction over the issuance.
4. EEI, Golden Spread, Just Energy, and NRECA all support the Commission's proposed revision to § 45.2 of its regulations.
5. Golden Spread states in its comments that it is unclear from the NOPR if the Commission will require continued reporting of interlocking positions between a public utility and a bank, trust company, banking association, or firm that is authorized by law to underwrite or participate in the marketing of public utility securities in Form No. 561. If not, Golden Spread states that the Commission may wish to cross reference to § 45.2 or clarify § 46.5 of its regulations.
6. We will revise the language in § 45.2 as proposed in the NOPR, which brings the Commission's regulations into conformance with the changes made by Congress to FPA section 305(b)(2) in 1999.
7. In response to Golden Spread's comments, we clarify that the Commission will continue to require the reporting of interlocking positions between a public utility and a bank, trust company, banking association, or firm that is authorized by law to underwrite or participate in the marketing of public utility securities in Form No. 561 under § 46.5 of the Commission's regulations as the statutory directive to report such information has not changed.
8. The Commission proposed in the NOPR to revise § 45.3(a) of its regulations, which currently states that “late-filed applications will be denied” and § 45.9(b), which currently states that “[f]ailure to timely file the informational report will constitute a failure to satisfy this condition and will constitute automatic denial.” The Commission stated that it expects its regulations to be followed but recognizes that good faith errors and oversights may occasionally result in the inadvertent violation of the timing of FPA section 305(b)'s filing requirements. In addition, the Commission stated that it expects applicants to be attentive to their obligation to timely file for the required authorizations and make every effort to ensure they act in accordance with the statutory directives in FPA section 305(b). Further, the Commission stated that, if an error or oversight occurs, it expects that those errors and oversights will be expeditiously identified and rectified, and applications to hold interlocking director positions be promptly filed. Therefore, the Commission proposed to delete the above-quoted language, and replace it with language providing for consideration of late-filed applications for interlocking positions on a case-by-case basis.
9. EEI, Golden Spread, Just Energy, National Grid, NRECA, and NRG all support the Commission's proposed changes to §§ 45.3(a) and 45.9(b). EEI takes issue with the Commission's statement in the NOPR preamble that, “[i]n cases where occasional errors and oversights occur, the Commission expects that those errors and oversights will be expeditiously identified and rectified, and applications to hold interlocking director positions promptly filed.”
10. We adopt the changes to §§ 45.3(a) and 45.9(b) of the Commission's regulations proposed in the NOPR that will allow for consideration of late-filed applications for interlocking positions on a case-by-case basis.
11. We decline to amend our statement in the NOPR preamble to state that the Commission's expectation is that errors and oversights be expeditiously rectified “when errors and oversights are discovered,” as suggested by EEI. We expect that errors and oversights be both promptly identified and expeditiously rectified, and we reiterate our expectation—grounded in the statute
12. The Commission proposed in the NOPR to revise §§ 45.4 and 45.5 of its regulations to clarify that supplemental applications and notices of change need not be filed in the case of a person already authorized to hold interlocks identified in § 45.9(a) who may assume new or different positions that are still among those identified by § 45.9(a). The Commission stated that such changes in positions among related public utilities are already reported in the annual Form No. 561s, and separate filings under § 45.4 or § 45.5 are unnecessary. The NOPR specifically stated that the holder of interlocking officer and director positions must file a notice of change when he/she no longer holds any interlocking positions within the scope of the statute and regulations because no longer holding any interlocking positions would constitute a “material or substantial change.”
13. EEI, Golden Spread, Just Energy, National Grid, NRECA, and NRG all support the Commission's proposed revisions to §§ 45.4 and 45.5.
14. EEI asks the Commission to add two points to its proposal to revise §§ 45.4 and 45.5. First, EEI asks for clarification that the Commission “means a notice is required only when the officer or director resigns or withdraws from all pre-authorized interlocking officer and director positions, not just from one such position, as that would comport with the logic of the changes the Commission is adopting as to subsection 45.5(b).”
15. Second, EEI also asks the Commission to specify that § 45.9(c) does not require an additional informational report in the case of new or different interlocking positions within a holding company system for an individual that has already filed a § 45.9 informational report.
16. Golden Spread asks the Commission to consider making an additional edit to § 45.5(b) to change the requirement for filing a notice of change (
17. Just Energy recommends the Commission adopt a number of clarifying edits to §§ 45.4(c) and 45.9(a)(3) and (b). In § 45.4(c), Just Energy proposes that the Commission describe interlocking positions that “qualify for automatic authorization pursuant” to § 45.9(a), as opposed to positions that “are identified” in § 45.9(a). Just Energy suggests that, in § 45.9(a)(3), the Commission authorize interlocking positions of an officer or director of more than one public utility where such officer or director is already authorized under this part to hold positions as officer or director of those “or any other public utilities” where the interlock involves affiliated public utilities. Just Energy's proposed amendment to § 45.9(b) would create a new paragraph (b)(2) that states that a person is “exempt from filing an informational report pursuant to [section] 45.4.”
18. Just Energy also states that it supports the proposal that officers and directors do not need to file a notice of change when they leave some but not other positions within a corporate family, and instead report interlock changes among affiliates in the applicable Form No. 561. Just Energy accordingly recommends additional amendments to amended § 45.5(b) to state that a notice of change under this section would not be required if the only change to be reported is “a resignation or withdrawal from fewer than all positions held between or among affiliated public utilities, a reelection or reappointment to a position that was previously authorized,” or holding a different or additional interlocking position “that would qualify for automatic authorization pursuant to” § 45.9(a). Just Energy states that its proposed amendments address the Commission's clarification regarding partial resignations and harmonize § 45.5 with the proposed amendments regarding appointments with affiliated entities.
19. We adopt the NOPR's proposed revisions to §§ 45.4 and 45.5 of the Commission's regulations to state that supplemental applications and notices of change need not be filed in the case of a person already authorized to hold interlocks identified in § 45.9(a) who may assume new or different positions that are still among those identified by § 45.9(a), with certain clarifications and amendments discussed below.
20. In response to EEI, we clarify that the change to § 45.5(b) adopted in this final rule means that, in the case of interlocking positions that are identified in § 45.9(a), a notice of change now need only be filed when the officer or director resigns or withdraws as an officer or director from
21. We also clarify in response to EEI that § 45.9(c) does not require an additional informational report when an officer or director has a new or different interlocking position within a holding company system compared to what was reported when he/she originally filed an informational report under § 45.9. Instead, he/she need only include the new or different interlocking position(s) in the annual Form No. 561.
22. We agree with Golden Spread's proposal to alter the timing of the notice of change filing requirement from 30 days to within 60 days of the triggering event. We think this change is reasonable because 30 days may be too short a period to comply with the regulation, and allowing for 60 days may result in more accurate filings. We therefore amend § 45.5(b) to state that the filing of a notice of change shall be made within 60 days.
23. We adopt Just Energy's proposed amendments to §§ 45.4(c), 45.9(a)(3) and (b), and 45.5(b). We find that the amendments proposed by Just Energy more clearly state the revisions adopted by this final rule.
24. In the NOPR, the Commission recognized the growing complexity of corporate structures. Thus, the Commission proposed to revise § 45.8(c)(1) of its regulations to state that applicants under part 45 do not need to list in their applications those public utilities that do not have officers or directors.
25. EEI, Golden Spread, and NRG support the Commission's proposed revision to § 45.8(c)(1). Golden Spread “agrees that if such structures exist and do not have officers and directors, such information would be extraneous.”
26. We adopt the NOPR's proposed revisions to § 45.8(c)(1) of the Commission's regulations to state that applicants under part 45 do not need to list in their applications those public utilities that do not have officers or directors. While we are not aware of any applications that have been filed where a company does not have any officers or any directors, we understand from EEI that such companies do exist.
27. In response to Golden Spread and NRECA, we are not aware that any material information would be lost by making this change. We expect the universe of companies that do not have any officers or directors to be small, as it is still atypical for a company to have neither officers nor directors. We also note that, under § 45.2(a), the obligation to make the appropriate filings extends to any person elected or appointed to perform executive duties or functions similar to those ordinarily performed by presidents, vice presidents, directors and others.
28. In the NOPR, the Commission proposed to revise § 45.9 of its regulations to add the word “person” when defining the corporate relationships within the scope of the automatic authorizations addressed in § 45.9. The Commission recognized that public utilities can be owned not just by a corporate entity but by a natural person, and that the regulations should reflect this possibility.
29. EEI, Golden Spread, and NRECA support the Commission's proposed revision to § 45.9. Golden Spread adds that it thinks this proposed change does not apply to cooperative governance structures.
30. We adopt the proposed revision to § 45.9 of the Commission's regulations to add the word “person” when defining the corporate relationships within the scope of the automatic authorizations addressed in § 45.9. Given that some public utilities can be and are now owned by natural persons, a change in the regulations to reflect this development is warranted.
31. The Commission proposed in the NOPR to update its regulations in part 46 to remove § 46.2(b), because the definitions were rendered obsolete as a result of the enactment of the Energy Policy Act of 2005 and the concurrent repeal of the Public Utility Holding Company Act of 1935 (PUHCA 1935).
32. EEI, Golden Spread, and NRECA all support the removal of § 46.2(b) and the update of part 46 to change “Rural Electrification Administration” to “Rural Utilities Service.”
33. We adopt the proposed removal of § 46.2(b) from the Commission's regulations, as it is now outdated, and we update part 46 of the Commission's regulations to change “Rural Electrification Administration” to “Rural Utilities Service” to reflect the change in name of that organization.
34. EEI requests that the Commission amend § 45.1(a)(3) of its regulations by changing the closing phrase “a public utility” to “such public utility,” as stated in the opening sentence of FPA section 305(b)(1). EEI asserts that this change to the regulations would align the regulations with the statute, and it would recognize that Congress intended to require approval for interlocking director and officer positions between a utility and an electrical supplier only when the supplier supplies equipment to the utility involved, not just to other utilities. EEI also states that this change also would conform the part 45 regulations with one another.
35. We adopt EEI's suggested amendment to § 45.1(a)(3) of the Commission's regulations by changing the closing phrase “a public utility” to “such public utility.” We agree with EEI that this change will better align the regulations with the statute, and recognize that Congress intended to require approval for interlocking director and officer positions between a utility and an electrical supplier only when the supplier supplies electrical equipment to the utility involved, and not just to any utility.
36. EEI asks the Commission to modify its current definition of “electrical equipment.” EEI asserts that the definition of electrical equipment has been inappropriately construed too broadly in some cases. EEI requests that the Commission delete from the current § 46.2(f) definition the footnoted cross-reference to the Uniform System of Accounts and clarify that the definition applies to both parts 45 and 46 of the Commission's regulations. EEI asserts that the current definition found in § 46.2(f) is straightforward,
37. We decline to delete from the current § 46.2(f) definition of electrical equipment the footnoted cross-reference to the Uniform System of Accounts. We disagree that the cross-reference to the Uniform System of Accounts results in a definition of electrical equipment that is too broad. In this regard, we note that, in establishing the definition of electrical equipment in § 46.2(f), the Commission stated that the footnoted reference to the Commission's Uniform System of Accounts was “a guide only,” acknowledging that certain items found in the accounts listed are clearly not “electrical equipment” within the scope of § 46.2(f).
38. We do clarify that, as necessary, the Commission, in evaluating applications and reporting under part 45, will continue to look to § 46.2(f) and the footnoted reference to the Uniform System of Accounts for guidance in determining what constitutes electrical equipment under part 45.
39. EEI, EPSA, Just Energy, and NRG ask the Commission to create a blanket authorization for interlock holders at companies within holding company systems without captive customers.
40. EEI requests that the Commission revisit the need for interlocking directorate applications and reporting to cover officers and directors who hold positions involving, within a holding company system, multiple companies that do not have captive customers, such as exempt wholesale generators and qualifying facilities, or positions involving such companies and their securities underwriters
41. EPSA requests that the Commission consider granting a blanket authorization to public utilities without any captive customers, to allow individuals to concurrently hold positions as an officer or director of more than one public utility within the corporate holding company, or positions of officer or director of a public utility and a company supplying electrical equipment to a public utility within the corporate holding company.
42. EPSA argues that this category of public utility, which includes independent power producers that are structured as merchant sellers of power only, are incapable of and do not pose a danger of imposing excessive charges or allocating unreasonable costs to customers, flouting state regulation in any way, or harming customers through a general lack of economy of management, operation, inefficiency, or inadequacy of services. EPSA asserts that, with independent entities, any mismanagement or uneconomic transactions are not passed on to customers, but are borne exclusively by shareholders. EPSA proposes that blanket authorizations be granted solely to those utilities on an intra-holding company basis.
43. EPSA suggests that, to provide oversight to companies eligible for its proposed blanket authorization, “an entity with market-based rate authority and previously granted a blanket authorization for interlocking positions within its holding company could declare in its triennial market-based rate authorization filings that its holding company structure remains fully independent, and therefore that entity continues to pose no threat of harm to captive customers as a result of affiliate abuse concerns and, as such, does not pose a threat to pass on rate increases driven by affiliate contracts or contracts between independent companies with a common set of officers or directors.”
44. EPSA asserts that granting blanket authorization to intra-holding company independent power producers and marketers without captive customers is a logical outgrowth of the NOPR and is consistent with the NOPR's intent, and would serve to reduce regulatory burdens and modernize these regulations to better reflect the modern state of the electricity generation and sales landscape.
45. Just Energy requests that the Commission grant blanket authorizations to public utilities that are not franchised utilities and are not affiliated with a franchised utility. Under Just Energy's proposal, officers and directors of such public utilities and their affiliates would not be required to seek prior authorization, but would disclose all appointments and changes on their annual Form No. 561.
46. NRG asks the Commission to issue a “narrow and discrete” blanket authorization for individuals holding officer positions in affiliated entities all under the same holding company structure without any captive customers, regardless of whether those positions are with public utilities, electrical equipment supply companies, or fuel supply companies.
47. Like EPSA, NRG compares its requested blanket authorization to section 203 blanket authorizations.
48. Although NRG asserts that the Commission could provide for a blanket authorization as requested with no further notice because it is a “logical outgrowth” of the NOPR, NRG suggests that the Commission could also issue, out of an abundance of caution, a supplemental notice describing the blanket authorization.
49. We decline to create a blanket authorization for persons holding interlocking positions between affiliated companies without any captive customers. The current requirements impose minimal burdens, and the commenters have not made a sufficient case for granting their requested relief of a blanket authorization.
50. The burden that would be avoided by a blanket authorization for individuals serving as officers or directors at multiple companies in a holding company system is minimal. Currently, in such scenarios, each individual must file only once—and then only a relatively minor submittal—for authorization (under § 45.9 of the Commission's regulations), and then each individual needs to file only an annual report pursuant to FPA section 305(c) each April 30 thereafter,
51. In response to EPSA and NRG's comparison of an interlock blanket authorization to blanket authorizations in the FPA section 203 context, we note that, although the Commission implemented blanket authorizations in the section 203 context, it was done in response to the Energy Policy Act of 2005, which revised FPA section 203 by adding FPA section 203(a)(5), which required the Commission to adopt procedures for the expeditious consideration of applications under that section.
52. Golden Spread and NRECA filed comments requesting the creation of an online submission process/database for interlock filings. Golden Spread requests that the Commission consider moving the interlocking directorate application, updating/supplementing, termination process, and annual Form No. 561 to an online submission process. Golden Spread argues that the current system is paper intensive and an online system could streamline compliance associated with parts 45 and 46 and would create an opportunity for more robust relational databases wherein the Commission would be better able to track compliance with its interlocking directorate program.
53. We support modernizing our systems and processes. However, we will not propose a new submission process or database in this proceeding, but may consider the creation of an online process/database in the future.
54. Just Energy states that it is not uncommon for market participants to have to appoint, remove, or reappoint personnel to officer positions to accommodate routine business needs that are not always foreseeable or permanent. For example, Just Energy states that a company may need to make a person an officer in order to have signature authority for a transaction, or when someone is on medical leave. Just Energy requests that these administrative, ministerial, or temporary appointments not require any Commission approval or reporting, arguing that they do not pose the kinds of threats contemplated by Congress when it adopted section FPA 305(b), and are burdensome to both the Commission and to public utilities.
55. We acknowledge that an exemption from the filing requirements for certain temporary appointments to interlocking positions reflects the reality of the world, where a position may be unexpectedly left vacant due to death, illness, etc. and a company must quickly appoint someone to temporarily fill the now-vacant position on an “acting” basis. We therefore find that a person seeking to hold an interlocking position covered by § 45.2 that would otherwise require an automatic authorization filing under § 45.9 may be appointed to fill the vacant position temporarily, for 90 days or less, without the necessity of seeking Commission approval or of reporting in, for example, Form No. 561. To implement this change, we add a new paragraph (c) to § 45.1, as well as additional language to § 45.9(b) that exempts a person holding a temporary interlocking position pursuant to the new § 45.1(c) from the requirement to submit an informational report.
56. We note that this temporary appointment exemption would, in practice, apply only in a narrow set of circumstances—where a person
57. Finally, we note that a person cannot be re-appointed for multiple 90-day periods to the same interlocking position and still consider it a temporary position that continues to be exempt from the automatic authorization requirements. Under such circumstances, the individual who seeks to hold a position for more than 90 days
58. Just Energy, in asserting that it is costly and burdensome for individuals, and in many cases their employers, to comply with the rules as written, states that the Commission's estimates that informational filings cost $632.00 each, and that notices of change cost $19.25, are too low. In support, Just Energy asserts that: (1) Each filing must be customized to the individual; (2) the officer or director must verify the reportable positions; (3) a notary may be required for the attestation; (4) a corporate secretary may have to pull information on positions held to verify the submission; (5) corporate structure information may need to be pulled to verify that the ownership chain qualifies for an informational filing; (6) someone reviews the materials; (7) someone makes revisions to the filing; (8) someone collects signatures; and (9) someone makes the filing.
59. We disagree that we have underestimated the costs of informational filings and notices of change. We note that the cost estimates stated in the NOPR and in this final rule are estimates of average costs. While the costs of some informational filings and notices of change will be higher than the stated averages, some will also be less than the stated averages.
60. The collection of information contained in this final rule is subject to review by the Office of Management and Budget (OMB) under section 3507(d) of the Paperwork Reduction Act (PRA).
61. The revisions enacted by this final rule would clarify and update the requirements
62. While the Commission expects that the regulatory revisions herein will reduce the burdens on affected entities, the Commission nonetheless solicits public comments regarding the accuracy of the burden and cost estimates below.
63.
FERC-520 is divided into two types of applications: full and informational. The full application, as specified in 18 CFR 45.8, implements the FPA requirement under section 305(b) that it is unlawful for any person to concurrently hold the positions of officer or director of more than one public utility; or a public utility and a financial institution that is authorized to underwrite or participate in the marketing of public utility securities; or a public utility and an electrical equipment supplier to such public utility, unless authorized by the Commission. In order to obtain authorization, an applicant must demonstrate that neither public nor private interests will be adversely affected by the holding of the positions. The full application provides the Commission with information about any interlocking position for which the applicant seeks authorization including, but not limited to, a description of
An informational (abbreviated) application, as specified in 18 CFR 45.9, allows an applicant to receive automatic authorization for an interlocked position upon receipt of the filing by the Commission. The informational application applies only to those individuals who seek authorization as: (1) An officer or director of two or more public utilities where the same holding company owns, directly or indirectly, that percentage of each utility's stock (of whatever class or classes) which is required by each utility's by-laws to elect directors; (2) an officer or director of two public utilities, if one utility is owned, wholly or in part, by the other and, as its primary business, owns or operates transmission or generation facilities to provide transmission service or electric power for sale to its owners; or (3) an officer or director of more than one public utility, if such person is already authorized under part 45 to hold different positions as officer or director of those utilities where the interlock involves affiliated public utilities.
FERC-520 also includes the requirement to file a notice of change if there are new positions or changes to the positions held. The Commission is revising its requirements and, among other things, will no longer require a notice of change when a person is merely changing positions within a holding company system. This change is expected to reduce the number of filed notices of change by 50 percent annually (from 200 filings to 100 filings) and to reduce the corresponding total burden.
64. The Commission is required to prepare an Environmental Assessment or an Environmental Impact Statement for any action that may have a significant adverse effect on the human environment.
65. The Regulatory Flexibility Act of 1980 (RFA)
66. This final rule will apply to those individuals seeking to hold and those currently holding interlocking positions. In order to obtain authorization, an applicant must demonstrate that neither public nor private interests will be adversely affected by the holding of the interlocking positions.
67. There are an estimated 16 respondents who could file full applications over the course of a year, who would provide one response annually with an estimated time commitment of 50 hours per response, and a resulting estimated cost of $3,950.00 per respondent. There are an estimated 500 respondents who could file informational applications over the course of a year, who would provide one response annually with an estimated time commitment of 8 hours per response, and a resulting estimated cost of $632.00 per respondent. In addition, there are an estimated 100 respondents who could file a notice of change annually with an estimated time commitment of 0.25 hours, and a resulting cost of $19.75 per respondent. Therefore the average annual cost for each of the 616 respondents is $618.79. That cost is not significant. More importantly, this final rule reduces industry cost by eliminating the need for the filing of some notices of change.
68. The Commission certifies that this final rule will not have a significant economic impact on a substantial number of small entities.
69. In addition to publishing the full text of this document in the
70. From the Commission's Home Page on the internet, this information is available on eLibrary. The full text of this document is available on eLibrary in PDF and Microsoft Word format for viewing, printing, and/or downloading. To access this document in eLibrary, type the docket number excluding the last three digits of this document in the docket number field.
71. User assistance is available for eLibrary and the Commission's website during normal business hours from FERC Online Support at (202) 502-6652 (toll free at 1-866-208-3676) or email at
72. These regulations are effective May 3, 2019. The Commission has determined that this rule is not a “major rule” as defined in section 351 of the
Electric utilities, Reporting and recordkeeping requirements.
Antitrust, Electric utilities, Holding companies, Reporting and recordkeeping requirements.
By the Commission.
In consideration of the foregoing, the Commission amends parts 45 and 46, chapter I, title 18,
16 U.S.C. 791a-825r, 2601-2645; 31 U.S.C. 9701; 42 U.S.C. 7101-7352; 3 CFR 142.
(a) * * *
(3) Officer or director of a public utility and of any company supplying electrical equipment to such public utility.
(c) Notwithstanding paragraphs (a) and (b) of this section, any person may temporarily hold an interlocking position described in § 45.2 for no more than 90 days within a twelve-month period without applying for Commission authorization under § 45.8 and without complying with the requirements for authorization under § 45.9.
(d) A person that holds or proposes to hold an interlocking position as officer or director of a public utility and of a corporation described by paragraph (b)(2) of this section shall not require authorization to hold such positions in the following circumstances—
(1) The person does not participate in any deliberations or decisions of the public utility regarding the selection of the bank, trust company, banking association, or firm to underwrite or participate in the marketing of securities of the public utility, if the person serves as an officer or director of a bank, trust company, banking association, or firm that is under consideration in the deliberation process;
(2) The bank, trust company, banking association, or firm of which the person is an officer or director does not engage in the underwriting of, or participate in the marketing of, securities of the public utility of which the person holds the position of officer or director;
(3) The public utility for which the person serves or proposes to serve as an officer or director selects underwriters by competitive procedures; or
(4) The issuance of securities of the public utility for which the person serves or proposes to serve as an officer or director has been approved by all Federal and State regulatory agencies having jurisdiction over the issuance.
(a) The holding of positions within the purview of section 305(b) of the Act shall be unlawful unless the holding shall have been authorized by order of the Commission. Nothing in this part shall be construed as authorizing the holding of positions within the purview of section 305(b) of the Act prior to order of the Commission on application therefor. Applications must be filed and authorization must be granted prior to holding any interlocking positions within the purview of section 305(b) of the Act; the Commission will consider late-filed applications on a case-by-case basis. The term “holding,” as used in this part, shall mean acting as, serving as, voting as, or otherwise performing or assuming the duties and responsibilities of officer or director within the purview of section 305(b) of the Act.
(c)
(b)
(c) * * *
(1) Name of utility, unless said utility does not have officers or directors.
(a) * * *
(1) Officer or director of one or more other public utilities if the same holding company or person owns, directly or indirectly, that percentage of each utility's stock (of whatever class or classes) which is required by each utility's by-laws to elect directors;
(3) Officer or director of more than one public utility, if such officer or director is already authorized under this part to hold positions as officer or director of those or any other public utilities where the interlock involves affiliated public utilities.
(b)
(i) Is already authorized to hold interlocking positions of the type governed by this section;
(ii) Is exempt from filing an informational report pursuant to § 45.4; or
(iii) Will hold a temporary interlocking position pursuant to § 45.1(c).
(2) The Commission will consider failures to timely file the informational report on a case-by-case basis.
16 U.S.C. 792-828c; 16 U.S.C. 2601-2645; 42 U.S.C. 7101-7352; E.O. 12009, 3 CFR 142.
(a)
(c)
(e)
Internal Revenue Service (IRS), Treasury.
Final regulations and removal of temporary regulations.
This document contains final regulations that amend the utility allowance regulations concerning the low-income housing credit under section 42 of the Internal Revenue Code (Code). These final regulations extend the principles of the current submetering rules. The current rules address situations in which a building owner purchases a utility from a utility company and then separately charges the tenants for the utility. In those situations, if the utility costs paid by a tenant are based on actual consumption in the tenant's submetered, rent-restricted unit and if certain other requirements are satisfied, then the charges for the utility are treated as paid by the tenant directly to the utility company, even though the payment passes through the building owner. The final regulations extend these principles and apply to situations in which a building owner sells to tenants energy that is produced from a renewable source and that the owner did not purchase from or through a local utility company. The final regulations affect owners of low-income housing projects that claim the credit, the tenants in those low-income housing projects, and the State and local housing credit agencies that administer the credit.
Dillon Taylor, (202) 317-4137 (not a toll-free number).
On March 3, 2016, the Department of the Treasury (Treasury Department) and the IRS published in the
In the same issue of the
After consideration of all the comments, the proposed regulations are adopted as amended by this Treasury Decision.
The temporary regulations in TD 9755 applied the submetering principles to energy that the building owner sold to tenants if the energy was “produced from a renewable source” and if the owner had acquired it from the renewable source without the intervention of a local utility company. Qualification for this submetering treatment, however, depended on the charges to the tenants for this energy being comparable to local utility rates. That is, under the temporary regulations, to the extent that tenants consumed this energy, the rate charged by the building owner could not exceed the rate at which the local utility company would have charged the tenants if they had instead acquired the energy from that company.
A commenter requested that the final regulations clarify how a building
The final regulations resolve both of these issues. Addressing the reference-rate issue, the final regulations require that the rate that the owner charges must not exceed the highest rate at which the tenants might have obtained energy from a local utility company. This criterion has several advantages over alternatives. For example, it is easily administrable (as compared, for example, with a requirement that the owner's rate not exceed the “most typical rate” in the community). Also, the criterion protects an owner's qualifying rate from being disqualified by the introduction of new rates in the community (as might be the case, for example, if the reference for the criterion were the average or median of local rates).
Regarding the evidentiary issue, in determining the acceptability of the rate that a building owner charges tenants, the owner may rely on the rates published by local utility companies.
The temporary regulations in TD 9755 provide that, for purposes of qualifying for submetering treatment, energy is “produced from a renewable source” if it is energy that is produced from energy property described in section 48; energy that is produced from a facility described in section 45(d)(1), (2), (3), (4), (6), (9), or (11); or energy that is described in guidance published for this purpose in the Internal Revenue Bulletin. Sections 45 and 48 of the Code determine whether a taxpayer is entitled to certain energy-related credits. A commenter requested that the final regulations clarify the extent to which these cross-references to “energy property” and “facility” incorporate the various requirements for earning those credits.
The final regulations clarify that the building owner need not own the source from which the utility is produced and need not qualify for, or receive, any credit under section 45 or 48 associated with the source. Indeed, energy may qualify as “produced from a renewable resource” even if potential entitlement to credits under these Code sections has expired. Thus, the final regulations clarify that they refer to “energy property” and “facility” as a means of describing certain types of production of renewable energy but that they do not also incorporate any other criteria from those Code sections.
Under section 42(g)(1) and (2), a residential unit may qualify as a low-income unit only if it is “rent-restricted.” The amount that qualifies as restricted rent is determined based on the assumption that most utilities are generally covered by that rent.
This regulation is not subject to review under section 6(b) of Executive Order 12866 pursuant to the Memorandum of Agreement (April 11, 2018) between the Department of the Treasury and the Office of Management and Budget regarding review of tax regulations. Therefore, a regulatory impact assessment is not required. It has also been determined that the Regulatory Flexibility Act (5 U.S.C. chapter 6) does not apply because the regulations do not impose a collection of information on small entities. Pursuant to section 7805(f) of the Internal Revenue Code, this proposed rule preceding these final regulations was submitted to the Chief Counsel for Advocacy of the Small Business Administration for comment on its impact on small business and no comments were received.
The principal author of this regulation is James W. Rider, formerly of the Office of the Associate Chief Counsel (Passthroughs and Special Industries). However, other personnel from the Treasury Department and the IRS participated in its development.
Income taxes, Reporting and recordkeeping requirements.
Accordingly, 26 CFR part 1 is amended as follows:
26 U.S.C. 7805 * * *
Sections 1.42-6, 1.42-8, 1.42-9, 1.42-10, 1.42-11, and 1.42-12, also issued under 26 U.S.C. 42(n).
The revisions and additions read as follows:
(e) * * *
(1) * * *
(i) The utility consumed in the unit is described in paragraph (e)(1)(i)(A) or (e)(1)(i)(B) of this section;
(B) The utility is not purchased from or through a local utility company and is produced from a renewable source (within the meaning of paragraph (e)(1)(i)(C) of this section).
(C) For purposes of paragraph (e)(1)(i)(B) of this section, a utility is produced from a renewable source if—
(
(
(
(D) Determinations under paragraphs (e)(1)(i)(C)(
(iv) * * *
(B) To the extent that the utility consumed is described in paragraph (e)(1)(i)(B) of this section, the utility rate charged to the tenants of the unit does not exceed the highest rate that the tenants would have paid if they had obtained the utility from a local utility company. In determining whether a rate satisfies the preceding sentence, a building owner may rely on the rates published by local utility companies.
The revisions and addition read as follows:
(a) * * *
(5) * * *
(i) * * *
(E) Section 1.42-10(e), except as provided in paragraph (a)(5)(iii) of this section.
(ii) Except as provided in paragraph (a)(5)(iii) of this section, a building owner may apply the provisions described in paragraphs (a)(5)(i)(A) through (E) of this section to the building owner's taxable years beginning before March 3, 2016. Otherwise, the utility allowance provisions that apply to those taxable years are contained in § 1.42-10, as contained in 26 CFR part 1, revised as of April 1, 2015.
(iii) The provisions in § 1.42-10(e)(1)(i) introductory text, (e)(1)(i)(B) through (D), and (e)(1)(iv)(B) apply to a building owner's taxable years beginning on or after March 4, 2019. A building owner, however, may apply these provisions to earlier taxable years. Otherwise, the submetering provisions that apply to taxable years beginning after March 3, 2016, and before March 4, 2019, are contained in § 1.42-10 and § 1.42-10T as contained in 26 CFR part 1 revised as of April 1, 2016. In addition, a building owner may apply those submetering provisions to taxable years beginning before March 3, 2016.
Coast Guard, DHS.
Final rule.
The Coast Guard is updating District 7 regulations to reflect the current status of identified regulated navigation areas, special local regulations, safety zones, and security zones within the District. This rule removes safety zones and special local regulations for rules where the enforcement period has expired or where the event is no longer held. This rule also removes special local regulations where the event no longer meets the criteria for a permitted event and is not suitable for coverage under a special local regulation in accordance with Coast Guard regulations.
This rule is effective April 3, 2019.
To view documents mentioned in this preamble as being available in the docket, go to
For information about this document, call or email Paul Lehmann, District Seven Prevention Division, U.S. Coast Guard; telephone 301-415-6796, email
This rulemaking project was identified as part of the Coast Guard's Regulatory Reform Task Force initiative. These District 7 field regulation changes were identified as part of the deregulation identification process required by Executive Order 13771 (Reducing Regulation and Controlling Regulatory Costs), Executive Order 13777 (Enforcing the Regulatory Reform Agenda Deregulatory Process), and associated guidance issued in 2017. This rule provides updates and clarifications to existing regulatory text in title 33 of the Code of Federal Regulations (CFR) parts 100 and 165.
This rule removes safety zones and special local regulations for regulations where the enforcement period has expired or where the event is no longer held. This rule also removes special local regulations where the event no longer meets the criteria for a permitted event and is not suitable for coverage under a special local regulation in accordance with 33 CFR 100.35. District 7 has determined that normal navigation rules cover the safety of participants and spectators at these events adequately. If a change in circumstance indicates that additional safety measures are necessary, the Coast Guard might choose to promulgate new regulations for safety zones at these events at that time.
The changes to 33 CFR part 100 are specifically authorized under 33 U.S.C. 1233, which vests the Commandant of the Coast Guard with authority to issue regulations to promote the safety of life on navigable waters during regattas or marine parades. The changes to 33 CFR part 165 are authorized under the general authority of 22 U.S.C. 1231, which grants the Secretary of the Department of Homeland Security broad authority to issue, amend, or repeal regulations necessary to implement 33 U.S.C. chapter 25, Ports and Waterways Safety Program. The Secretary has delegated rulemaking authority under 33 U.S.C. 1231 to the Commandant via Department of Homeland Security Delegation No. 0170.1.
The Coast Guard is issuing this rule without prior notice and opportunity to
This rule removes the temporary special local regulations 33 CFR 100.T07-0110, 100.T07-0192, and 100.35T07-0297. As discussed in the preamble for each of the associated
This rule removes the temporary safety zone regulations 33 CFR 165.T07-0040, 165.T07-0161, 165.T07-0320 and 165.T07-0347. As discussed in the preamble for each of the accompanying
None of these regulations—temporary special local regulations or temporary safety zones—have been enforced past the intended expiration period.
This rule removes certain entries in the list of recurring special local regulations in Captain of the Port (COTP) Zones Miami and Key West found in the table to 33 CFR 100.701. The Coast Guard has looked into each of these events and has found no evidence to indicate that these events are still being held. The entries being removed from this list for COTP Miami are Rotary Club of Fort Lauderdale New River Raft Race, Red Bull Candola, West Palm Beach Triathlon, and West Palm Beach World Championship. The entries being removed from this list for COTP Key West are The Bogey, The Bacal, and Miami to Key Largo Sailboat Race.
This rule removes special local regulations in COTP Zone Key West where the events in question no longer meet the criteria for permitted events and, therefore, are not suitable for coverage under a special local regulation in accordance with 33 CFR 100.35. District 7 has determined that the safety of participants and spectators at these events can be adequately covered by the normal navigational rules. If a change in circumstances indicates that additional safety measures are necessary, the Coast Guard might decide at that time to promulgate regulations for safety zones for these events. The entries being removed from this list for COTP Key West in the table to 33 CFR 100.701 are Blessing of the Fleet, Wreckers Cup Races, Boot Key Harbor Christmas Boat Parade, Key Colony Beach Holiday Boat Parade, Key Largo Boat Parade, and Key West Lighted Boat Parade.
The Coast Guard is removing paragraph (d) from 33 CFR 165.778 regarding the effective period of the security zone for the Port of Mayaguez. Paragraph (d) states the section had an effective period that ended April 29, 2009. Paragraph (d) conflicts with the effective information stated in the
We developed this rule after considering numerous statutes and Executive orders related to rulemaking. Below we summarize our analyses based on these statutes or Executive orders.
Executive Orders 13563 (Improving Regulation and Regulatory Review) and 12866 (Regulatory Planning and Review) direct agencies to assess the costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). Executive Order 13563 emphasizes the importance of quantifying both costs and benefits, of reducing costs, of harmonizing rules, and of promoting flexibility. Executive Order 13771 (Reducing Regulation and Controlling Regulatory Costs) directs agencies to reduce regulation and control regulatory costs and provides that “for every one new regulation issued, at least two prior regulations be identified for elimination, and that the cost of planned regulations be prudently managed and controlled through a budgeting process.”
The Office of Management and Budget (OMB) has not designated this rule a “significant regulatory action,” under section 3(f) of Executive Order 12866. Accordingly, OMB has not reviewed it. OMB considers this rule to be an Executive Order 13771 deregulatory action.
The Coast Guard is revising its regulations to provide updates and clarifications to existing regulatory text in title 33 of the Code of Federal Regulations (CFR) parts 100 and 165.
The Regulatory Flexibility Act of 1980, 5 U.S.C. 601-612, as amended, requires Federal agencies to consider the potential impact of regulations on small entities during rulemaking. The term “small entities” comprises small businesses, not-for-profit organizations that are independently owned and operated and are not dominant in their fields, and governmental jurisdictions with populations of less than 50,000. This rule will not impose any impacts on any entities. This means that there will be no economic impacts on any entities. Therefore, the Coast Guard certifies under 5 U.S.C. 605(b) that this rule will not have a significant economic impact on a substantial number of small entities.
Under section 213(a) of the Small Business Regulatory Enforcement Fairness Act of 1996, Public Law 104-121, we want to assist small entities in understanding this rule so that they can better evaluate its effects on them and participate in the rulemaking. If the rule would affect your small business, organization, or governmental jurisdiction and you have questions concerning its provisions or options for compliance, please contact the person in the
Small businesses may send comments on the actions of Federal employees who enforce, or otherwise determine compliance with, Federal regulations to the Small Business and Agriculture Regulatory Enforcement Ombudsman and the Regional Small Business Regulatory Fairness Boards. The Ombudsman evaluates these actions annually and rates each agency's responsiveness to small business. If you wish to comment on actions by employees of the Coast Guard, call 1-888-REG-FAIR (1-888-734-3247). The Coast Guard will not retaliate against small entities that question or complain about this rule or any policy or action of the Coast Guard.
This rule does not call for a new collection of information under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501-3520). This rule does not change any of the burdens in the collections currently approved by OMB.
A rule has implications for federalism under Executive Order 13132 (Federalism) if it has a substantial direct effect on States, on the relationship between the national government and the States, or on the distribution of power and responsibilities among the various levels of government. We have analyzed this rule under that Order and have determined that it is consistent with the fundamental federalism principles and preemption requirements described in Executive Order 13132.
Also, this rule does not have tribal implications under Executive Order 13175, Consultation and Coordination with Indian Tribal Governments, because it does not have a substantial direct effect on one or more Indian tribes, on the relationship between the Federal Government and Indian tribes, or on the distribution of power and responsibilities between the Federal Government and Indian tribes. If you believe this rule has implications for federalism or Indian tribes, please contact the person listed in the
The Unfunded Mandates Reform Act of 1995, 2 U.S.C. 1531-1538, requires Federal agencies to assess the effects of their discretionary regulatory actions. In particular, the Act addresses actions that may result in the expenditure by a State, local, or tribal government, in the aggregate, or by the private sector of $100,000,000 (adjusted for inflation) or more in any 1 year. Although this rule will not result in such an expenditure, we do discuss the effects of this rule elsewhere in this preamble.
We have analyzed this rule under Department of Homeland Security Management Directive 023-01, and Commandant Instruction M16475.lD (COMDTINST M16475.1D), which guide the Coast Guard in complying with the National Environmental Policy Act of 1969 (42 U.S.C. 4321-4370f). Our determination is that this action is one of a category of actions that do not individually or cumulatively have a significant effect on the human environment. A Record of Environmental Consideration supporting this determination is available in the docket where indicated under the
This rule meets the criteria for categorical exclusion (CATEX) under paragraphs L54, L60, and L61 in Appendix A of DHS Directive 023-01. CATEX L54 pertains to promulgation of regulations that are editorial or procedural; CATEX L60 pertains to regulations for establishing, disestablishing, or changing Regulated Navigation Areas and security or safety zones; and CATEX L61 pertains to special local regulations issued in conjunction with a regatta or marine parade. This rule amends the Coast Guard District 7 field regulations by incorporating updates and clarifications to existing regulatory text in title 33 CFR parts 100 and 165. These changes generally pertain to removing certain obsolete special event regulations or clarifying the intended effective period of the security zone for the Port of Mayaguez (33 CFR 165.778).
The Coast Guard's Regulatory Reform Task Force Initiative identified these regulation changes, which are consistent with the Coast Guard's maritime safety and stewardship missions.
Marine safety, Navigation (water), Reporting and recordkeeping requirements, Waterways.
Harbors, Marine safety, Navigation (water), Reporting and recordkeeping requirements, Security measures, Waterways.
For the reasons stated in the preamble, the Coast Guard amends 33 CFR parts 100 and 165 as follows:
33 U.S.C. 1233; 33 CFR 1.05-1.
33 U.S.C. 1231; 50 U.S.C. 191; 33 CFR 1.05-1, 6.04-1, 6.04-6, and 160.5; Department of Homeland Security Delegation No. 0170.1.
Coast Guard, DHS.
Temporary final rule.
The Coast Guard is establishing a temporary safety zone for all navigable waters between mile marker 0.0 and mile marker 3.0 of the Cumberland River in Smithland, Kentucky. The safety zone is needed to protect personnel, vessels, and personal property from potential hazards created by vessel wake during a high water event. Entry of vessels or persons into this zone is prohibited unless specifically authorized by the Captain of the Port Sector Ohio Valley or a designated representative.
This rule is effective without actual notice from March 4, 2019 until March 15, 2019. For the purposes of enforcement, actual notice will be used from February 26, 2019 until March 4, 2019. This rule will be enforced from February 26, 2019 to March 15, 2019, unless the lower gauge at Smithland Lock and Dam falls below 50 feet, in which case the enforcement of this rule will be terminated.
To view documents mentioned in this preamble as being available in the docket, go to
If you have questions on this rule, call or email MST2 Dylan Caikowski, Marine Safety Unit Paducah, U.S. Coast Guard; telephone 270-442-1621 ext. 2120, email
The Coast Guard is issuing this temporary rule without prior notice and opportunity to comment pursuant to authority under section 4(a) of the Administrative Procedure Act (APA) (5 U.S.C. 553(b)). This provision authorizes an agency to issue a rule without prior notice and opportunity to comment when the agency for good cause finds that those procedures are “impracticable, unnecessary, or contrary to the public interest.” Under 5 U.S.C. 553(b)(B), the Coast Guard finds that good cause exists for not publishing a notice of proposed rulemaking (NPRM) with respect to this rule because it is impracticable. We must establish this emergency safety zone by February 26, 2019 to ensure the safety of residents and the protection of personal property near the riverfront in Smithland, Kentucky during a high water event.
Under 5 U.S.C. 553(d)(3), the Coast Guard finds that good cause exists for making this rule effective less than 30 days after publication in the
The Coast Guard is issuing this rule under authority in 46 U.S.C. 70034. The Captain of the Port Sector Ohio Valley (COTP) has determined a safety zone is needed to protect personnel, vessels, and personal property from potential hazards created by vessel wake during a high water event.
This rule establishes a safety zone from February 26, 2019 to March 15, 2019 or when the lower gauge at Smithland Lock and Dam falls below 50 feet, whichever occurs first. The safety zone will cover all navigable waters between mile marker 0.0 and mile marker 3.0 of the Cumberland River in Smithland, Kentucky. The duration of the zone is intended to protect personnel, vessels, and the personal property in these navigable waters during the high water event. No vessel or person will be permitted to enter the safety zone without obtaining permission from the COTP or a designated representative. The COTP or a designated representative will inform the public through broadcast notices to mariners of any changes in the planned schedule.
We developed this rule after considering numerous statutes and Executive orders related to rulemaking. Below we summarize our analyses based on a number of these statutes and Executive orders, and we discuss First Amendment rights of protestors.
Executive Orders 12866 and 13563 direct agencies to assess the costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits. Executive Order 13771 directs agencies to control regulatory costs through a budgeting process. This rule has not
This regulatory action determination is based on the size, duration, and location of the safety zone. This safety zone will only be enforced for 18 days on a three-mile stretch of the Cumberland River near Smithland, Kentucky, while the area is experiencing a high water event. The enforcement of the zone will be terminated once the lower gauge at Smithland Lock and Dam falls below 50 feet, whichever occurs first. While entry is prohibited, vessels may request permission from the COTP or a designated representative to enter the zone.
The Regulatory Flexibility Act of 1980, 5 U.S.C. 601-612, as amended, requires Federal agencies to consider the potential impact of regulations on small entities during rulemaking. The term “small entities” comprises small businesses, not-for-profit organizations that are independently owned and operated and are not dominant in their fields, and governmental jurisdictions with populations of less than 50,000. The Coast Guard certifies under 5 U.S.C. 605(b) that this rule will not have a significant economic impact on a substantial number of small entities.
While some owners or operators of vessels intending to transit the temporary safety zone may be small entities, for the reasons stated in section V.A above, this rule will not have a significant economic impact on any vessel owner or operator.
Under section 213(a) of the Small Business Regulatory Enforcement Fairness Act of 1996 (Pub. L. 104-121), we want to assist small entities in understanding this rule. If the rule would affect your small business, organization, or governmental jurisdiction and you have questions concerning its provisions or options for compliance, please contact the person listed in the
Small businesses may send comments on the actions of Federal employees who enforce, or otherwise determine compliance with, Federal regulations to the Small Business and Agriculture Regulatory Enforcement Ombudsman and the Regional Small Business Regulatory Fairness Boards. The Ombudsman evaluates these actions annually and rates each agency's responsiveness to small business. If you wish to comment on actions by employees of the Coast Guard, call 1-888-REG-FAIR (1-888-734-3247). The Coast Guard will not retaliate against small entities that question or complain about this rule or any policy or action of the Coast Guard.
This rule will not call for a new collection of information under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501-3520).
A rule has implications for federalism under Executive Order 13132, Federalism, if it has a substantial direct effect on the States, on the relationship between the national government and the States, or on the distribution of power and responsibilities among the various levels of government. We have analyzed this rule under that Order and have determined that it is consistent with the fundamental federalism principles and preemption requirements described in Executive Order 13132.
Also, this rule does not have tribal implications under Executive Order 13175, Consultation and Coordination with Indian Tribal Governments, because it does not have a substantial direct effect on one or more Indian tribes, on the relationship between the Federal Government and Indian tribes, or on the distribution of power and responsibilities between the Federal Government and Indian tribes. If you believe this rule has implications for federalism or Indian tribes, please contact the person listed in the
The Unfunded Mandates Reform Act of 1995 (2 U.S.C. 1531-1538) requires Federal agencies to assess the effects of their discretionary regulatory actions. In particular, the Act addresses actions that may result in the expenditure by a State, local, or tribal government, in the aggregate, or by the private sector of $100,000,000 (adjusted for inflation) or more in any one year. Though this rule will not result in such an expenditure, we do discuss the effects of this rule elsewhere in this preamble.
We have analyzed this rule under Department of Homeland Security Directive 023-01 and Commandant Instruction M16475.1D, which guide the Coast Guard in complying with the National Environmental Policy Act of 1969 (42 U.S.C. 4321-4370f), and have determined that this action is one of a category of actions that do not individually or cumulatively have a significant effect on the human environment. This rule involves a temporary safety zone that will cover all navigable waters between mile marker 0.0 and mile marker 3.0 of the Cumberland River in Smithland, Kentucky. The safety zone is intended to protect personnel, vessels, and personal property in these navigable waters during a high water event. It is categorically excluded from further review under paragraph L60(a) of Appendix A, Table 1 of DHS Instruction Manual 023-01-001-01, Rev. 01. A Record of Environmental Consideration supporting this determination is available in the docket where indicated under
The Coast Guard respects the First Amendment rights of protesters. Protesters are asked to contact the person listed in the
Harbors, Marine safety, Navigation (water), Reporting and record keeping requirements, Security measures, Waterways.
For the reasons discussed in the preamble, the Coast Guard amends 33 CFR part 165 as follows:
46 U.S.C. 70034; 46 U.S.C. 70051; 33 CFR 1.05-1; 6.04-1, 6.04-6, and 160.5; Department of Homeland Security Delegation No. 0170.1.
(a)
(b)
(c)
(d)
(2) Persons or vessels desiring entry to or passage through the safety zone must request permission from the COTP or a designated representative. They may be contacted on VHF-FM channel 16 or by telephone at 502-779-5400.
(3) If permission is granted, all persons and vessels shall comply with the instructions of the COTP or designated representative.
(e)
Coast Guard, DHS.
Final rule.
The Coast Guard is modifying the Navy Pier Southeast Safety Zone within the Chicago Harbor. This action is necessary to alleviate congestion near the Chicago Lock during regularly scheduled fireworks events. The current safety zone encompasses part of the lock restricting vessels during events. This rule allows the lock to remain in full operation during the fireworks display.
This rule is effective April 3, 2019.
To view documents mentioned in this preamble as being available in the docket, go to
If you have questions about this rule, call or email LT John Ramos, Waterways Management Division, Marine Safety Unit Chicago, U.S. Coast Guard; telephone (630) 986-2155, email
The Captain of the Port (COTP) Lake Michigan is modifying the size of the established safety zone outlined in 33 CFR 165.931 (a) to allow for the Chicago Lock to remain open during fireworks displays. The current safety zone encompasses all waters of Lake Michigan within Chicago Harbor bounded by coordinates beginning at 41°53′26.5″ N, 087°35′26.5″ W; then south to 41°53′7.6″ N, 087°35′26.3″ W; then west to 41°53′7.6″ N, 087°36′23.2″ W; then north to 41°53′26.5″ N, 087°36′24.6″ W; then east back to the point of origin (NAD 83). The safety zone in this final rule still ensures a safe distance for spectators while allowing the Chicago Lock to remain open during the duration of the fireworks. The area in this final rule encompasses all waters of Lake Michigan within Chicago Harbor bounded by coordinates beginning at 41°53′23.3″ N, 087°36′04.5″ W; then south to 41°53′11.8″ N, 087°36′04.1″ W; then west to 41°53′12.1″ N, 087°35′40.5″ W; then north to 41°53′23.6″ N, 087°35′40.07″ W; then east back to the point of origin (NAD 83).
On September 13, 2018 the Coast Guard published a notice of proposed rulemaking (NPRM) in the
Included in the NPRM was an invitation to make comments on the proposed regulatory action for the modification of the size of the Navy Pier Southeast Safety Zone. The Coast Guard received 14 comments during the comment period, which ended October 15, 2018.
The Coast Guard is issuing this rule under authority in 33 U.S.C. 1231. The COTP Lake Michigan has determined that modifying the preexisting safety zone will reduce congestion near the Chicago Lock. This rule would not significantly change the regulatory language found in 33 CFR 165.931. The change will only moderately reduce the size of the safety zone with updated coordinates, found in 33 CFR 165.931 (a). The purpose of this rule is to protect the safety of vessels and persons in the safety zone before, during, and after scheduled events while allowing the Chicago Lock to remain open for vessel traffic.
As noted above, The Coast Guard received fourteen (14) comments on our NPRM published September 13, 2018. There were ten (10) comments that supported modifying the size of the safety zone to allow the Chicago Lock and Dam to remain open, allowing vessels to proceed during the Fireworks Display. There were two (2) comments that were unrelated to the modification of the Safety Zone and two (2) comments that addressed congestion and the safety issues of modifying the size of the Safety Zone.
One of these comments misinterpreted the authority under which the safety zone is issued. The commenter refers to 50 U.S.C. 191 but that statute provides the authority for security zones. See, 33 CFR 165.9(c). As noted above in the “Legal Authority and Need for Rule” section, this rule is under authority in 33 U.S.C. 1231.
The other comment failed to comprehend that the safety zone in this final rule does allow vessel traffic to safely proceed through the Chicago Lock without entering the safety zone. The safety zone in this final rule was evaluated and we determined that the reduction in size could be accomplished safely while allowing the Chicago Lock to remain open for vessel traffic. Allowing the Lock to remain open alleviates vessel congestion that is also a safety concern.
After review, the Coast Guard amended this final rule by updating the coordinates outlined in the NPRM to take into account applicable comments and suggestions. The new safety zone will encompass all waters of Lake Michigan within Chicago Harbor bounded by coordinates beginning at 41°53′23.3″ N, 087°36′04.5″ W; then south to 41°53′11.8″ N, 087°36′04.1″ W; then west to 41°53′12.1″ N, 087°35′40.5″ W; then north to 41°53′23.6″ N, 087°35′40.07″ W; then east back to the point of origin (NAD 83).
This rule does reduce the size of the safety zone outlined in 33 CFR 165.931 (a), but the size of the new safety zone still ensures a safe distance for spectators as well as vessels entering and exiting the locks. These new coordinates will allow vessels transiting to and from the lock to proceed North or South, while still maintaining a safe distance from the Fireworks Display. No vessel or person will be permitted to enter the safety zone without obtaining permission from the COTP or a designated representative.
We developed this rule after considering numerous statutes and Executive orders related to rulemaking. Below we summarize our analyses based on a number of these statutes and Executive orders, and we discuss First Amendment rights of protestors.
Executive Orders 12866 and 13563 direct agencies to assess the costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits. Executive Order 13771 directs agencies to control regulatory costs through a budgeting process. This rule has not been designated a “significant regulatory action” under Executive Order 12866. Accordingly, this rule has not been reviewed by the Office of Management and Budget (OMB), and, pursuant to OMB guidance, it is exempt from the requirements of Executive Order 13771.
This regulatory action determination is based on the size, location, duration, and time-of-day of the safety zone. Vessel traffic will be able to safely transit around this safety zone which would impact a small designated area for less than 1 hour during the scheduled events. Indeed, this action will allow for greater transit than the pre-existing safety zone.
The Regulatory Flexibility Act of 1980, 5 U.S.C. 601-612, as amended, requires Federal agencies to consider the potential impact of regulations on small entities during rulemaking. The term “small entities” comprises small businesses, not-for-profit organizations that are independently owned and operated and are not dominant in their fields, and governmental jurisdictions with populations of less than 50,000. The Coast Guard received no comments from the Small Business Administration on this rulemaking. The Coast Guard certifies under 5 U.S.C. 605(b) that this rule will not have a significant economic impact on a substantial number of small entities.
While some owners or operators of vessels intending to transit the safety zone may be small entities, for the reasons stated in section V.A above, this rule will not have a significant economic impact on any vessel owner or operator.
Under section 213(a) of the Small Business Regulatory Enforcement Fairness Act of 1996 (Pub. L. 104-121), the Coast Guard wants to assist small entities in understanding this rule. If the rule would affect your small business, organization, or governmental jurisdiction and you have questions concerning its provisions or options for compliance, please contact the person listed in the
Small businesses may send comments on the actions of Federal employees who enforce, or otherwise determine compliance with, Federal regulations to the Small Business and Agriculture Regulatory Enforcement Ombudsman and the Regional Small Business Regulatory Fairness Boards. The Ombudsman evaluates these actions annually and rates each agency's responsiveness to small business. If you wish to comment on actions by employees of the Coast Guard, call 1-888-REG-FAIR (1-888-734-3247). The Coast Guard will not retaliate against small entities that question or complain about this rule or any policy or action of the Coast Guard.
This rule will not call for a new collection of information under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501-3520).
A rule has implications for federalism under Executive Order 13132, Federalism, if it has a substantial direct effect on the States, on the relationship between the national government and the States, or on the distribution of power and responsibilities among the various levels of government. The Coast Guard has analyzed this rule under that Order and has determined that it is consistent with the fundamental federalism principles and preemption requirements described in Executive Order 13132.
Also, this rule does not have tribal implications under Executive Order 13175, Consultation and Coordination with Indian Tribal Governments, because it does not have a substantial direct effect on one or more Indian tribes, on the relationship between the Federal Government and Indian tribes, or on the distribution of power and responsibilities between the Federal Government and Indian tribes. If you believe this rule has implications for federalism or Indian tribes, please contact the person listed in the
The Unfunded Mandates Reform Act of 1995 (2 U.S.C. 1531-1538) requires Federal agencies to assess the effects of their discretionary regulatory actions. In particular, the Act addresses actions that may result in the expenditure by a State, local, or tribal government, in the aggregate, or by the private sector of $100,000,000 (adjusted for inflation) or more in any one year. Though this rule will not result in such an expenditure, we discuss the effects of this rule elsewhere in this preamble.
The Coast Guard has analyzed this rule under Department of Homeland Security Directive 023-01 and Commandant Instruction M16475.1D, which guide the Coast Guard in complying with the National Environmental Policy Act of 1969 (42 U.S.C. 4321-4370f), and have determined that this action is one of a category of actions that do not individually or cumulatively have a significant effect on the human environment. This rule involves a safety zone enforced intermittently, and for no longer than the time necessary to protect vessels and persons during scheduled Fireworks Displays. It is categorically excluded from further review under L60 (a) of Appendix A, Table 1 of DHS Instruction Manual 023-01-001-01, Rev. 01. A Record of Environmental Consideration supporting this reduction in size of a preexisting safety zone is available in the docket where indicated under
The Coast Guard respects the First Amendment rights of protesters. Protesters are asked to contact the person listed in the
Harbors, Marine safety, Navigation (water), Reporting and recordkeeping requirements, Security measures, Waterways.
For the reasons discussed in the preamble, the Coast Guard amends 33 CFR part 165 as follows:
33 U.S.C. 1231; 50 U.S.C. 191; 33 CFR 1.05-1, 6.04-1, 6.04-6, and 160.5; Department of Homeland Security Delegation No. 0170.1.
(a)
Coast Guard, DHS.
Temporary final rule.
The Coast Guard establishes two security zones. One of the zones is a temporary fixed security zone for the receiving facility's mooring basin while the Liquefied Natural Gas Carrier (LNGC) MARAN GAS MYSTRAS is moored at the facility. The other zone is a moving security zone encompassing all navigable waters within a 500-yard radius around the LNGC MARAN GAS MYSTRAS while the vessel transits with cargo in the La Quinta Channel and Corpus Christi Ship Channel in Corpus Christi, TX. The security zones are needed to protect personnel, vessels, and the marine environment from potential hazards created by Liquified Natural Gase (LNG) cargo aboard the vessel. Entry of vessels or persons into these zones is prohibited unless specifically authorized by the Captain of the Port Sector Corpus Christi.
This rule is effective without actual notice from March 4, 2019 until March 15, 2019. For the purposes of enforcement, actual notice will be used from February 28, 2019 until March 4, 2019.
To view documents mentioned in this preamble as being available in the docket, go to
If you have questions on this rule, call or email Petty Officer Kevin Kyles, Sector Corpus Christi Waterways Management Division, U.S. Coast Guard; telephone 361-939-5125, email
The Coast Guard is issuing this temporary rule without prior notice and opportunity to comment pursuant to authority under section 4(a) of the Administrative Procedure Act (APA) (5 U.S.C. 553(b)). This provision authorizes an agency to issue a rule without prior notice and opportunity to comment when the agency for good cause finds that those procedures are “impracticable, unnecessary, or contrary to the public interest.” Under 5 U.S.C. 553(b)(3)(B), the Coast Guard finds that good cause exists for not publishing a notice of proposed rulemaking (NPRM) with respect to this rule because it is impracticable. We must establish these security zones by February 26, 2019 and lack sufficient time to provide a reasonable comment period and then consider those comments before issuing the rule.
Under 5 U.S.C. 553(d)(3), the Coast Guard finds that good cause exists for making this rule effective less than 30 days after publication in the
The Coast Guard is issuing this rule under authority in 46 U.S.C. 70034. The Captain of the Port Sector Corpus Christi (COTP) has determined that potential hazards associated with Liquefied Natural Gas Carrier (LNGC) MARAN GAS MYSTRAS between February 28, 2019 and March 15, 2019 will be a security concern while the vessel is moored at the receiving facility and within a 500-yard radius of the vessel while the vessel is loaded with cargo.
This rule establishes two security zones around LNGC MARAN GAS MYSTRAS from February 28, 2019 through March 15, 2019. A fixed security zone will be in effect in the mooring basin bound by 27°52′53.38″ N, 097°16′20.66″ W on the northern shoreline; thence to 27°52′45.58″ N, 097°16′19.60″ W; thence to 27°52′38.55″ N, 097°15′45.56″ W; thence to 27°52′49.30″ N, 097°15′45.44″ W; thence west along the shoreline to 27°52′53.38″ N, 097°16′20.66″ W, while LNGC MARAN GAS MYSTRAS is moored. A moving security zone will cover all navigable waters within a 500-yard radius of the LNGC MARAN GAS MYSTRAS while the vessel transits outbound with cargo through the La Quinta Channel and Corpus Christi Ship Channel. No vessel or person will be permitted to enter the security zones without obtaining permission from the COTP or a designated representative.
Entry into these security zones is prohibited unless authorized by the COTP or a designated representative. A designated representative is a commissioned, warrant, or petty officer of the U.S. Coast Guard assigned to units under the operational control of USCG Sector Corpus Christi. Persons or vessels desiring to enter or pass through the zones must request permission from the COTP or a designated representative on VHF-FM channel 16 or by telephone at 361-939-0450. If permission is granted, all persons and vessels shall comply with the instructions of the COTP or designated representative. The COTP or a designated representative will inform the public through Broadcast Notices to Mariners (BNMs) of the enforcement times and dates for these security zones.
We developed this rule after considering numerous statutes and Executive orders related to rulemaking. Below we summarize our analyses based on a number of these statutes and Executive orders, and we discuss First Amendment rights of protestors.
Executive Orders 12866 and 13563 direct agencies to assess the costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits. Executive Order 13771 directs agencies to control regulatory costs through a budgeting process. This rule has not been designated a “significant regulatory action,” under Executive Order 12866. Accordingly, this rule has not been reviewed by the Office of Management and Budget (OMB), and pursuant to OMB guidance it is exempt from the requirements of Executive Order 13771.
This regulatory action determination is based on the size, duration, and location of the security zone. This rule will impact a small designated area of the Corpus Christi Ship Channel and La Quinta Channel while the vessel is moored at the receiving facility and during the vessel's transit while loaded with cargo. Moreover, the Coast Guard will issue BNMs via VHF-FM marine channel 16 about the zones and the rule allows vessels to seek permission to enter the zones.
The Regulatory Flexibility Act of 1980, 5 U.S.C. 601-612, as amended, requires Federal agencies to consider the potential impact of regulations on small entities during rulemaking. The term “small entities” comprises small businesses, not-for-profit organizations that are independently owned and operated and are not dominant in their fields, and governmental jurisdictions with populations of less than 50,000. The Coast Guard certifies under 5 U.S.C. 605(b) that this rule will not have a significant economic impact on a substantial number of small entities.
While some owners or operators of vessels intending to transit the temporary moving security zone may be small entities, for the reasons stated in section V.A above, this rule will not have a significant economic impact on any vessel owner or operator.
Under section 213(a) of the Small Business Regulatory Enforcement Fairness Act of 1996 (Pub. L. 104-121), we want to assist small entities in understanding this rule. If the rule would affect your small business, organization, or governmental jurisdiction and you have questions concerning its provisions or options for compliance, please contact the person listed in the
Small businesses may send comments on the actions of Federal employees who enforce, or otherwise determine compliance with, Federal regulations to the Small Business and Agriculture Regulatory Enforcement Ombudsman and the Regional Small Business Regulatory Fairness Boards. The Ombudsman evaluates these actions annually and rates each agency's responsiveness to small business. If you wish to comment on actions by employees of the Coast Guard, call 1-888-REG-FAIR (1-888-734-3247). The Coast Guard will not retaliate against small entities that question or complain about this rule or any policy or action of the Coast Guard.
This rule will not call for a new collection of information under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501-3520).
A rule has implications for federalism under Executive Order 13132, Federalism, if it has a substantial direct effect on the States, on the relationship between the national government and the States, or on the distribution of power and responsibilities among the various levels of government. We have analyzed this rule under that Order and have determined that it is consistent with the fundamental federalism principles and preemption requirements described in Executive Order 13132.
Also, this rule does not have tribal implications under Executive Order 13175, Consultation and Coordination with Indian Tribal Governments, because it does not have a substantial direct effect on one or more Indian tribes, on the relationship between the Federal Government and Indian tribes, or on the distribution of power and responsibilities between the Federal Government and Indian tribes. If you believe this rule has implications for federalism or Indian tribes, please contact the person listed in the
The Unfunded Mandates Reform Act of 1995 (2 U.S.C. 1531-1538) requires Federal agencies to assess the effects of their discretionary regulatory actions. In particular, the Act addresses actions that may result in the expenditure by a State, local, or tribal government, in the aggregate, or by the private sector of $100,000,000 (adjusted for inflation) or more in any one year. Though this rule will not result in such an expenditure, we do discuss the effects of this rule elsewhere in this preamble.
We have analyzed this rule under Department of Homeland Security Directive 023-01 and Commandant Instruction M16475.1D, which guide the Coast Guard in complying with the National Environmental Policy Act of 1969 (42 U.S.C. 4321-4370f), and have determined that this action is one of a category of actions that do not individually or cumulatively have a significant effect on the human environment. This rule involves a temporary fixed security zone while LNGC MARAN GAS MYSTRAS is moored at the receiving facility mooring basin bound by 27°52′53.38″ N, 097°16′20.66″ W on the northern shoreline; thence to 27°52′45.58″ N, 097°16′19.60″ W; thence to 27°52′38.55″ N, 097°15′45.56″ W; thence to 27°52′49.30″ N, 097°15′45.44″ W; thence west along the shoreline to 27°52′53.38″ N, 097°16′20.66″ W, and a temporary moving security zone while the vessel transits with cargo within the La Quinta Channel and Corpus Christi Ship Channel, that will prohibit entry within 500-yard radius of LNGC MARAN GAS MYSTRAS. It is categorically excluded from further review under paragraph L60(a) of Appendix A, Table 1 of DHS Instruction Manual 023-01-001-01, Rev. 01. A Record of Environmental Consideration supporting this determination is available in the docket where indicated under
The Coast Guard respects the First Amendment rights of protesters. Protesters are asked to contact the person listed in the
Harbors, Marine safety, Navigation (water), Reporting and recordkeeping requirements, Security measures, Waterways.
For the reasons discussed in the preamble, the Coast Guard amends 33 CFR part 165 as follows:
46 U.S.C. 70034; 46 U.S.C. 70051; 33 CFR 1.05-1, 6.04-1, 6.04-6, and 160.5; Department of Homeland Security Delegation No. 0170.1.
(a)
(1) The mooring basin bound by 27°52′53.38″ N, 097°16′20.66″ W on the northern shoreline; thence to 27°52′45.58″ N, 097°16′19.60″ W; thence to 27°52′38.55″ N, 097°15′45.56″ W; thence to 27°52′49.30″ N, 097°15′45.44″ W; thence west along the shoreline to 27°52′53.38″ N, 097°16′20.66″ W, while LNGC MARAN GAS MYSTRAS is moored.
(2) All navigable waters encompassing a 500-yard radius around the Liquefied Natural Gas Carrier (LNGC) MARAN GAS MYSTRAS while transiting outbound with cargo through the La Quinta Channel and Corpus Christi Ship Channel.
(b)
(c)
(d)
(2) Persons or vessels desiring to enter or pass through the zones must request permission from the COTP or a designated representative on VHF-FM channel 16 or by telephone at 361-939-0450.
(3) If permission is granted, all persons and vessels shall comply with the instructions of the COTP or designated representative.
(e)
Office of Career, Technical, and Adult Education, Department of Education.
Final regulations.
The Secretary removes outdated and superseded regulations for eight programs in the State Vocational and Applied Technology Education Programs and National Discretionary Programs of Vocational Education as authorized under the Carl D. Perkins Vocational and Applied Technology Act of 1990 (Perkins II). The eight programs are: The Career, Technical and Applied Technology Education Programs—General Provisions, the Indian Vocational Education Program, the Native Hawaiian Vocational Education Program, the State Vocational and Applied Technology Education Program, the State-Administered Tech-Prep Education Program, the Tribally Controlled Postsecondary Vocational Institutions Program, the Vocational Education Research Program, and the National Center or Centers for Research in Vocational Education (the eight programs). These program regulations are outdated with the exception of certain regulations under the Indian Vocational Education Program.
These regulations are effective March 4, 2019.
Hugh Reid, U.S. Department of Education, 400 Maryland Avenue SW, Room 11114 PCP, Washington, DC 20202-2500. Telephone: (202) 245-7491. Email:
If you use a telecommunications device for the deaf (TDD) or a text telephone (TTY), call the Federal Relay Service (FRS), toll free at 1-800-877-8339.
On February 24, 2017, President Trump signed Executive Order 13777, “Enforcing the Regulatory Reform Agenda,” which established a Federal policy “to alleviate unnecessary regulatory burdens” on the American people. Section 3(a) of the Executive Order directed each Federal agency to establish a regulatory reform task force, the duty of which is to evaluate existing regulations and “make recommendations to the agency head regarding their repeal, replacement, or modification.” Accordingly, the Secretary removes 34 CFR part 400, §§ 401.1-401.22 and 401.30 and 401.31, and parts 402, 403, 406, 410, 411 and 413, published in the
The State-Administered Tech-Prep Education Program was not re-authorized in the Strengthening Career and Technical Education for the 21st Century Act (Perkins V) that was signed on July 31, 2018, and takes effect July 1, 2019. As such, we are removing the related regulations in 34 CFR part 406. Generally, the regulations for the other seven programs listed in the above chart are outdated due to the passage of the Carl D. Perkins Vocational and Technical Education Act of 1998 (Perkins III). These seven programs were updated in Perkins III and subsequently in the Carl D. Perkins Career and Technical Education Act of 2006 (Perkins IV) and Perkins V. However, the regulations related to these seven programs, have not been updated to reflect statutory changes in Perkins III-V, so we are removing those regulations. Although the statutory authority still exists for these seven program (not including The State-Administered Tech-Prep Education Program, which was not re-authorized), the regulations are outdated and do not reflect the most current statutory language. Therefore, we are removing those regulations, with the exception of 34 CFR 401.1 (formerly 401.23), which still applies to the Native American Career and Technical Education Program (NACTEP).
The requirements in 34 CFR 401.1 (formerly 401.23), regarding the Secretary's decision not to make an award under the Indian Vocational Education Program (now NACTEP) subject to a hearing, are not outdated. NACTEP is one of the successor programs to the Indian Vocational Education Program, and was established in Perkins IV.
The purpose of the Vocational and Applied Technology Education Programs was to make the United States more competitive in the world economy by developing more fully the academic and occupational skills of all segments of the population, and the purpose would be achieved principally through concentrating resources on improving educational programs leading to academic and occupational skill competencies needed to work in a technologically advanced society.
This Perkins II regulation provided such general program provisions as the following:
(1) Purposes, which aligned with the purposes in Sec. 2 of Perkins II and were superseded by the purposes of Sec. 2 of Perkins III and subsequently by Sec. 2 of Perkins IV and Perkins V, respectively.
(2) Definitions, which aligned with the definitions in Secs. 232(d), 347, 371, 390, and 521 of Perkins II, and were superseded by the definitions in Sec. 3 of Perkins III; and subsequently by the definitions in Sec. 3 of Perkins IV, and Perkins V, respectively.
(3) Conditions for which funds under the Perkins Act were to be used for the joint funding of programs, which aligned with joint funding requirements in Sec. 511 of Perkins II, and were superseded by the joint funding requirements in Sec. 321 of Perkins III. Those requirements were subsequently superseded by Sec. 321 of Perkins IV, and Sec. 221 of Perkins V.
(4) Requirements for establishing the State Committee of Practitioners (Committee), aligned with Sec. 115 of Perkins II, which further clarified the State board convene the Committee on a regular basis to review, comment on, and propose revisions on a draft State proposal that the State board developed for a system of core standards and measures of performance for vocational programs. Perkins III did not include a requirement for establishing the Committee, and superseded that requirement in Sec. 113(b) indicating that each eligible agency, with input from eligible recipients, shall establish performance measures for a State. That requirement for establishing performance measures for a State with input from eligible recipients was subsequently superseded in Sec. 113(b) of Perkins IV, which was reauthorized in Perkins V.
(5) Governing student assistance, aligned with Sec. 507 of Perkins II regarding student assistance costs and was superseded by the requirement for student assistance costs in Sec. 325 of Perkins III. The requirement regarding student assistance costs was subsequently superseded by Sec. 324 of Perkins IV and Sec. 224 of Perkins V.
The purpose of the Indian Vocational Education Program was to provide financial assistance to projects that provide vocational education for the benefit of Indians. The regulations provided such general provisions as the definitions relative to the program, eligibility for a program award, and what activities could be funded. In addition, the regulations specified how one applied for an award, how the Secretary made the award, and what conditions must be met after the award. The regulations aligned with Sec. 103 of Perkins II, which provided directions to the Secretary to enter into grants with eligible applicants. Sec. 103 of Perkins II was updated by Perkins III, Sec. 116—Native American programs, under which grants were awarded under the Native American Vocational and Technical Education program. The requirements were subsequently updated by Perkins IV, Sec. 116—Native American programs, under which grants were awarded for NACTEP. Recently, Perkins V Sec. 116—Native American programs, also made minor revisions and updates to the NACTEP program. Although there have been minor revisions and updates under each reauthorization of the Perkins Act regarding some of the program requirements, the program purpose and administration supporting grants to improve CTE programs that benefit Native Americans has remained the same.
Title 34 CFR 401.1 (formerly 401.23) remains in effect, as it contains the requirements for when an applicant requests a hearing in response to the Secretary's decision not to make an award under the Indian Vocational
The purpose of the Native Hawaiian Vocational Education Program was to provide financial assistance to projects responsible for vocational training and related activities for the benefit of native Hawaiians. This regulation provided such general provisions as the definitions relative to the program, eligibility for a program award, and what activities could be funded. In addition, the regulation specified how the Secretary made the award and what conditions must be met by a grantee after the award. This regulation aligned with Sec. 103 of Perkins II, which provided directions to the Secretary to enter into grants with eligible applicants. Sec. 103 of Perkins II was updated by Perkins III, Sec. 116—Native American programs, under which grants were awarded for the Native Hawaiian Vocational and Technical Education program. The requirement in Perkins III was subsequently updated by Sec. 116—Native American programs of Perkins IV, under which grants were awarded for the Native Hawaiian Career and Technical Education program, and was also superseded by Perkins V Sec. 116—Native American programs. Specifically, in Sec. 116(h) of Perkins III, and subsequently in Sec. 116(h) of Perkins IV and Perkins V, it was clarified that grants to plan, conduct, and administer programs, or portions thereof that are consistent with the purposes of section 116 of each Act, were for the benefit of Native Hawaiians.
The purpose of the State Vocational and Applied Technology Education Program was for the Secretary to assist States, local educational agencies, postsecondary educational institutions, and other agencies and institutions to administer and conduct vocational education programs that were authorized by Perkins II. The requirements in the Perkins II regulations for the State Vocational and Applied Technology Education Program aligned with Title I—Vocational Education Assistance to the States in Perkins II, Part A—Allotment and Allocation and Part B—State Organizational and Planning Responsibilities. The Perkins II requirements were superseded by requirements under Perkins III, Title I—Vocational and Technical Education Assistance to the States—Part A—Allotment and Allocation, Part B—State Provisions and Part C—Local Provisions. The Perkins III requirements were subsequently superseded by requirements in Title I—Career and Technical Education Assistance to the States Part A—Allotment and Allocation, Part B—State Provisions and Part C—Local Provisions under both Perkins IV and Perkins V.
The purposes of the Tech-Prep Education Program were to: (1) Plan for and develop four-year or six-year programs designed to provide a tech-prep education program leading to a two-year associate degree or certificate; and (2) plan and develop comprehensive links between secondary schools and postsecondary educational institutions. The requirements in the Perkins II regulations for the State-Administered Tech-Prep Education Program aligned with Title III, Part E—Tech-Prep Education. The Perkins II requirements were superseded by Title II—Tech-Prep Education under Perkins III and Perkins IV, respectively. Beginning in fiscal year 2010, Federal appropriations for Title II—Tech-Prep Education under Perkins IV ceased, and Perkins V did not authorize the program.
The purpose of the Tribally Controlled Postsecondary Vocational Institutions Program was to provide grants for the operation and improvement of tribally controlled postsecondary vocational institutions in order to continue and expand educational opportunities for Indian students, and improve and expand the physical resources of those institutions. This regulation provided such general provisions as the definitions relative to the program, eligibility for a program award, and what activities could be funded. In addition, the regulation specified how the Secretary made the award and what conditions must be met after the award. This regulation aligned with Perkins II, Title III—Special Programs—Part H—Tribally Controlled Postsecondary Vocational Institutions. The requirements in Perkins II were updated by Perkins III, Sec. 117—Tribally Controlled Postsecondary Vocational Institutions, and subsequently updated by Sec. 117—Tribally Controlled Postsecondary Career and Technical Institutions of Perkins IV and Perkins V.
The purpose of the Vocational Education Research Program was to: (1) Improve access to vocational educational programs for individuals with disabilities, individuals who were disadvantaged, men and women who were entering nontraditional occupations, adults who were in need of retraining, single parents, displaced homemakers, single pregnant women, individuals with limited English proficiency, and individuals who were incarcerated in correctional institutions; (2) support research and development activities that make the United States competitive in the world economy; (3) improve the competitive process by which research projects were awarded; (4) support the dissemination of findings of research related to Department-funded projects; and (5) support research activities that were readily applicable to the vocational education setting. This regulation indicated how the Secretary made an award, and was aligned with Sec. 402—Research Objectives and Sec. 403—Research Activities of Perkins II. The requirements in Perkins II was superseded by Perkins III, Sec. 114(c)—Research, Development, Dissemination, Evaluation and Assessment, which indicated that the Secretary through grants, contracts, or cooperative agreements, carry out research, development, dissemination, evaluation and assessment, capacity building, and technical assistance with regard to vocational and technical education programs. Sec. 114(c) of Perkins III was subsequently superseded by Perkins IV
The purpose of the National Centers for Research in Vocational Education was to support: (1) Applied research; and (2) development and dissemination and training for vocational education. This regulation provided such general provisions as the definitions relative to the program, eligibility for a program award, and what activities could be funded. In addition, the regulation specified how the Secretary made the award and what conditions must be met after the award. The regulation aligned with Perkins II, Sec. 404—National Center or Centers for Research in Vocational Education. This Perkins II section was superseded by Sec. 114(c)(5) of Perkins III, which established the requirements for a national research center or centers, and was subsequently superseded by the requirements in Sec. 114(d)(4) of Perkins IV to establish a national research center. The Perkins IV, Sec. 114(d)(4) requirements were superseded by Sec. 114(d)(4) of Perkins V, which requires that the Secretary, after consultation with the Director of the Institute of Education Sciences, the Commissioner for Education Research, and the States, to award a grant, contract, or cooperative agreement, to carry out research activities.
Under the Administrative Procedures Act (5 U.S.C. 553) (APA), the Department generally offers interested parties the opportunity to comment on proposed regulations. However, the APA provides that an agency is not required to conduct notice-and-comment rulemaking when the agency, for good cause, finds that the requirement is impracticable, unnecessary, or contrary to the public interest (5 U.S.C. 553(b)(B) and (d)(3)). There is good cause to waive rulemaking in this case because this final regulatory action merely removes regulations that are superseded by statute and, therefore, outdated and unnecessary. This regulatory action adopts no new regulations and does not establish or affect substantive policy. Therefore, under 5 U.S.C. 553(b)(B), the Secretary has determined that proposed regulations are unnecessary, and, thus, waives notice and comment rulemaking.
The APA also requires that regulations be published at least 30 days before their effective date, unless the agency has good cause to implement its regulations sooner (5 U.S.C. 553(d)(3)). Because the final regulations merely reflect statutory changes and remove outdated or unnecessary regulatory provisions, the Secretary has good cause to waive the 30-day delay in the effective date of these regulatory changes under 5 U.S.C. 553(d)(3).
Under Executive Order 12866, the Secretary must determine whether this regulatory action is “significant” and, therefore, subject to the requirements of the Executive order and subject to review by the Office of Management and Budget (OMB). Section 3(f) of Executive Order 12866 defines a “significant regulatory action” as an action likely to result in a rule that may—
(1) Have an annual effect on the economy of $100 million or more, or adversely affect a sector of the economy, productivity, competition, jobs, the environment, public health or safety, or State, local or tribal governments or communities in a material way (also referred to as an “economically significant” rule);
(2) Create serious inconsistency or otherwise interfere with an action taken or planned by another agency;
(3) Materially alter the budgetary impacts of entitlement grants, user fees, or loan programs or the rights and obligations of recipients thereof; or
(4) Raise novel legal or policy issues arising out of legal mandates, the President's priorities, or the principles stated in the Executive order.
This regulatory action is not a significant regulatory action subject to review by OMB under section 3(f) of Executive Order 12866.
Under Executive Order 13771, for each new regulation that the Department proposes for notice and comment or otherwise promulgates that is a significant regulatory action under Executive Order 12866, it must identify two deregulatory actions. For FY 2019, no regulations exceeding the agency's total incremental cost allowance will be permitted. These regulations are a deregulatory action under E.O. 13771 and therefore the two-for-one requirements of E.O. 13771 do not apply.
We have also reviewed these regulations under Executive Order 13563, which supplements and explicitly reaffirms the principles, structures, and definitions governing regulatory review established in Executive Order 12866. To the extent permitted by law, Executive Order 13563 requires that an agency—
(1) Propose or adopt regulations only upon a reasoned determination that their benefits justify their costs (recognizing that some benefits and costs are difficult to quantify);
(2) Tailor their regulations to impose the least burden on society, consistent with obtaining regulatory objectives and taking into account—among other things, and to the extent practicable—the costs of cumulative regulations;
(3) In choosing among alternative regulatory approaches, select those approaches that maximize net benefits (including potential economic, environmental, public health and safety, and other advantages; distributive impacts; and equity);
(4) To the extent feasible, specify performance objectives, rather than specifying the behavior or manner of compliance that regulated entities must adopt; and
(5) Identify and assess available alternatives to direct regulation, including providing economic incentives—such as user fees or marketable permits—to encourage the desired behavior, or provide information that enables the public to make choices.
Executive Order 13563 also requires an agency “to use the best available techniques to quantify anticipated present and future benefits and costs as accurately as possible.” The Office of Information and Regulatory Affairs of OMB has emphasized that these techniques may include “identifying changing future compliance costs that might result from technological innovation or anticipated behavioral changes.”
We are issuing this regulatory action only upon a reasoned determination that its benefits justify its costs. In choosing among alternative regulatory approaches, we selected the approach that maximizes net benefits. Based on the analysis that follows, the Department believes that these regulations are consistent with the principles in Executive Order 13563.
We also have determined that this regulatory action would not unduly interfere with State, local, and Tribal governments in the exercise of their governmental functions.
This regulatory action is necessary to comply with Executive Order 13777 and to remove outdated and superseded regulations from the Code of Federal Regulations.
This regulatory action is a benefit to the public, grant recipients, and the Department as the action will remove any confusion that might be caused by maintaining outdated and superseded regulations in the CFR.
The Department has also analyzed the costs of this regulatory action and has determined that it will impose no additional costs. As detailed earlier, this regulatory action removes outdated and superseded regulations for eight programs.
Pursuant to 5 U.S.C. 601(2), the Regulatory Flexibility Act applies only to rules for which an agency publishes a general notice of proposed rulemaking. The Regulatory Flexibility Act does not apply to this rulemaking because there is good cause to waive notice and comment under 5 U.S.C. 553.
This rule does not contain any new information collection requirements. The information collection OMB Control Number 1830-0503, active during the Perkins II regulations with an annual cost to the Federal Government of $94,160, expired March 31, 2010. The only previously OMB-approved information collection under the Perkins II regulations that has been renewed, updated, and remains currently active is OMB Control Number 1830-0029. This information is used for the Perkins State Plan Guide and expires on September 30, 2019.
Some of these programs are subject to Executive Order 12372 and the regulations in 34 CFR part 79. One of the objectives of the Executive order is to foster an intergovernmental partnership and a strengthened federalism. The Executive order relies on processes developed by State and local governments for coordination and review of proposed Federal financial assistance.
You may also access documents of the Department published in the
Accounting, Administrative practice and procedure, Adult education, Aged, Agriculture, American Samoa, Bilingual education, Blind, Business and industry, Civil rights, Colleges and universities, Communications, Community development, Community facilities, Copyright, Credit, Cultural exchange programs, Educational facilities, Educational research, Education, Education of disadvantaged, Education of individuals with disabilities; Educational study programs, Electric power, Electric power rates, Electric utilities, Elementary and secondary education, Energy conservation, Equal educational opportunity, Federally affected areas, Government contracts, Grant programs, Grant programs—agriculture, Grant programs—business, Grant programs—communications, Grant programs—education, Grant programs—energy, Grant programs—health, Grant programs—housing and community development, Grant programs—social programs, Grants administration, Guam, Home improvement, Homeless, Hospitals, Housing, Human research subjects, Indians, Indians—education, Infants and children, Insurance, Intergovernmental relations, International organizations, Inventions and patents, Loan programs, Loan programs—social programs, Loan programs—agriculture, Loan programs—business, Loan programs—communications, Loan programs—energy, Loan programs—health, Loan programs—housing and community development, Manpower training programs, Migrant labor, Mortgage insurance, Nonprofit organizations, Northern Mariana Islands, Pacific Islands Trust Territories, Privacy, Renewable energy, Reporting and recordkeeping requirements, Rural areas, Scholarships and fellowships, School construction, Schools, Science and technology, Securities, Small businesses, State and local governments, Student aid, Teachers, Telecommunications, Telephone, Urban areas, Veterans, Virgin Islands, Vocational education, Vocational rehabilitation, Waste treatment and disposal, Water pollution control, Water resources, Water supply, Watersheds, Women.
Administrative practice and procedure, Grant programs—education, Grant programs—Indians, Indians—education, Reporting and recordkeeping requirements, Vocational education.
Grant programs—education, Hawaiian Natives, Reporting and recordkeeping requirements, Vocational education.
Business and industry, Colleges and universities, Elementary and secondary education, Grant programs—education, Prisoners, Reporting and recordkeeping requirements, Sex discrimination, Vocational education, Women.
Colleges and universities, Elementary and secondary education, Grant programs—education, Reporting and recordkeeping requirements, Vocational education.
Grant programs—education, Grant programs—Indians, Indians—education, Reporting and recordkeeping requirements, Vocational education.
Education of disadvantaged, Education of individuals with disabilities, Educational research, Grant programs—education, Prisoners, Reporting and recordkeeping requirements, Vocational education, Women.
Colleges and universities, Educational research, Grant programs—education, Reporting and recordkeeping requirements, Vocational education.
For the reasons discussed in the preamble, and under the authority of section 414 of the Department of Education Organization Act, 20 U.S.C. 3474, and section 437 of the General Education Provisions Act (20 U.S.C. 1221e-3), the Secretary of Education amends chapter IV of title 34 of the Code of Federal Regulations as follows:
20 U.S.C. 2313(b), 25 U.S.C. 5321.
(a) After receiving written notice from an authorized official of the Department that the Secretary will not award a grant or cooperative agreement to an eligible applicant, an Indian tribal organization has 30 calendar days to make a written request to the Secretary for a hearing to review the Secretary's decision.
(b) Within 10 business days of the Department's receipt of a hearing request, the Secretary designates a Department employee who is not assigned to the Office of Career, Technical, and Adult Education to serve as a hearing officer. The hearing officer conducts a hearing and issues a written decision within 75 calendar days of the Department's receipt of the hearing request. The hearing officer establishes rules for the conduct of the hearing. The hearing officer conducts the hearing solely on the basis of written submissions unless the officer determines, in accordance with standards in 34 CFR 81.6(b), that oral argument or testimony is necessary.
(c) The Secretary does not make any award under this part to an Indian tribal organization until the hearing officer issues a written decision on any appeal brought under this section.
Environmental Protection Agency (EPA).
Final rule.
The Environmental Protection Agency (EPA) is approving State Implementation Plan (SIP) revisions submitted by the Commonwealth of Massachusetts. The revisions establish a 2011 base year emissions inventory, an emissions statement certification, revisions to an existing stationary source registration program, and requirements to be undertaken during air pollution emergencies. These SIP revisions were submitted to meet Clean Air Act requirements with respect to EPA's 1997 ozone, 2008 ozone, and 2010 SO
This rule is effective on April 3, 2019.
EPA has established a docket for this action under Docket Identification No. EPA-R01-OAR-2018-0771. All documents in the docket are listed on the
Bob McConnell, Environmental Engineer, Air Quality Planning Unit, Air Programs Branch (Mail Code OEP05-02), U.S. Environmental Protection Agency, Region 1, 5 Post Office Square, Suite 100, Boston, Massachusetts 02109-3912; (617) 918-1046;
Throughout this document whenever “we,” “us,” or “our” is used, we mean EPA. The term “the Commonwealth” refers to Massachusetts.
On December 4, 2018, (83 FR 62532), EPA published a notice of proposed rulemaking (NPRM) for the Commonwealth of Massachusetts. The NPRM proposed approval of a 2011 base year emissions inventory, an emissions statement certification, revisions to an existing stationary source registration program, and requirements to be undertaken during air pollution emergencies. The 2011 emissions inventory and the emissions statement
We did not receive any comments on our NPRM.
EPA is approving SIP revisions submitted by the Commonwealth of Massachusetts representing a 2011 base year emissions inventory, an emissions statement certification, and revisions to 310 CMR 7.12, Source Registration. We are also converting our previous conditional approval of 310 CMR 8.00, The Prevention and/or Abatement of Air Pollution Episodes and Air Pollution Incident Emergencies, to a full approval.
In this rule, the EPA is finalizing regulatory text that includes incorporation by reference. In accordance with requirements of 1 CFR 51.5, the EPA is finalizing the incorporation by reference of 310 CMR 7.12, Source Registration, and 310 CMR 8.00, The Prevention and/or Abatement of Air Pollution Episodes and Air Pollution Incident Emergencies, described in the amendments to 40 CFR part 52 set forth below. The EPA has made, and will continue to make, these documents generally available through
Under the Clean Air Act, the Administrator is required to approve a SIP submission that complies with the provisions of the Act and applicable Federal regulations. 42 U.S.C. 7410(k); 40 CFR 52.02(a). Thus, in reviewing SIP submissions, EPA's role is to approve state choices, provided that they meet the criteria of the Clean Air Act. Accordingly, this action merely approves state law as meeting Federal requirements and does not impose additional requirements beyond those imposed by state law. For that reason, this action:
• Is not a significant regulatory action subject to review by the Office of Management and Budget under Executive Orders 12866 (58 FR 51735, October 4, 1993) and 13563 (76 FR 3821, January 21, 2011);
• This action is not an Executive Order 13771 regulatory action because this action is not significant under Executive Order 12866;
• Does not impose an information collection burden under the provisions of the Paperwork Reduction Act (44 U.S.C. 3501
• Is certified as not having a significant economic impact on a substantial number of small entities under the Regulatory Flexibility Act (5 U.S.C. 601
• Does not contain any unfunded mandate or significantly or uniquely affect small governments, as described in the Unfunded Mandates Reform Act of 1995 (Pub. L. 104-4);
• Does not have federalism implications as specified in Executive Order 13132 (64 FR 43255, August 10, 1999);
• Is not an economically significant regulatory action based on health or safety risks subject to Executive Order 13045 (62 FR 19885, April 23, 1997);
• Is not a significant regulatory action subject to Executive Order 13211 (66 FR 28355, May 22, 2001);
• Is not subject to requirements of Section 12(d) of the National Technology Transfer and Advancement Act of 1995 (15 U.S.C. 272 note) because application of those requirements would be inconsistent with the Clean Air Act; and
• Does not provide EPA with the discretionary authority to address, as appropriate, disproportionate human health or environmental effects, using practicable and legally permissible methods, under Executive Order 12898 (59 FR 7629, February 16, 1994).
In addition, the SIP is not approved to apply on any Indian reservation land or in any other area where EPA or an Indian tribe has demonstrated that a tribe has jurisdiction. In those areas of Indian country, the rule does not have tribal implications and will not impose substantial direct costs on tribal governments or preempt tribal law as specified by Executive Order 13175 (65 FR 67249, November 9, 2000).
The Congressional Review Act, 5 U.S.C. 801
Under section 307(b)(1) of the Clean Air Act, petitions for judicial review of this action must be filed in the United States Court of Appeals for the appropriate circuit by May 3, 2019. Filing a petition for reconsideration by the Administrator of this final rule does not affect the finality of this action for the purposes of judicial review nor does it extend the time within which a petition for judicial review may be filed, and shall not postpone the effectiveness of such rule or action. This action may not be challenged later in proceedings to enforce its requirements. (See section 307(b)(2).)
Environmental protection, Air pollution control, Carbon monoxide, Incorporation by reference, Lead, Nitrogen dioxide, Ozone, Particulate matter, Reporting and recordkeeping requirements, Sulfur oxides, Volatile organic compounds.
Part 52 of chapter I, title 40 of the Code of Federal Regulations is amended as follows:
42 U.S.C. 7401
The revision and addition reads as follows:
(c) * * *
(e) The Commonwealth of Massachusetts submitted base year emission inventories representing emissions for calendar year 2011 for the Dukes county marginal 8-hour ozone nonattainment area on February 9, 2018, as a revision to the Massachusetts SIP. The 2011 base year emission inventory requirement of section 182(a)(1) of the Clean Air Act, as amended in 1990, has been satisfied for this area. The inventory consists of emission estimates of volatile organic compounds and nitrogen oxides, and applies to point, area, non-road mobile, on-road mobile and biogenic sources. The inventories were submitted as revisions to the Massachusetts SIP in partial fulfillment of obligations for nonattainment areas under EPA's 2008 8-hour ozone standard.
(l) On February 9, 2018, Massachusetts submitted a certification that its air emissions reporting requirements applicable to stationary sources meet the emission statement requirements of section 182(a)(3)(B) of the Clean Air Act. The certification was submitted as a SIP revision in partial fulfillment of obligations for nonattainment areas under EPA's 2008 8-hour ozone standard.
National Marine Fisheries Service (NMFS), National Oceanic and Atmospheric Administration (NOAA), Commerce.
Temporary rule; closure of the General category January fishery for 2019.
NMFS closes the General category fishery for large medium and giant (
Effective 11:30 p.m., local time, February 28, 2019, through May 31, 2019.
Uriah Forest-Bulley, 978-675-2154, Sarah McLaughlin, 978-281-9260, or Larry Redd, 301-420-8503.
Regulations implemented under the authority of the Atlantic Tunas Convention Act (ATCA; 16 U.S.C. 971
NMFS is required, under § 635.28(a)(1), to file a closure notice with the Office of the Federal Register for publication when a BFT quota (or subquota) is reached or is projected to be reached. On and after the effective date and time of such notification, for the remainder of the fishing year or for a specified period as indicated in the notification, retaining, possessing, or landing BFT under that quota category is prohibited until the opening of the subsequent quota period or until such date as specified in the notice.
The base quota for the General category is 555.7 mt. See § 635.27(a). Each of the General category time periods (January, June through August, September, October through November, and December) is allocated a subquota or portion of the annual General category quota. Although it is called the “January” subquota, the regulations allow the General category fishery under this quota to continue until the subquota is reached or March 31, whichever comes first. The baseline subquotas for each time period are as follows: 29.5 mt for January; 277.9 mt for June through August; 147.3 mt for September; 72.2 mt for October through November; and 28.9 mt for December. Any unused General category quota rolls forward from one time period to the next and is available for use in subsequent time periods within the fishing year. Effective January 1, 2019, NMFS transferred 19.5 mt of the 28.9-mt General category quota allocated for the December 2019 period to the January 2019 period, resulting in an adjusted subquota of 49 mt for the January period and a subquota of 9.4 mt for the December 2019 period (83 FR 67140, December 28, 2018). Effective February 8, 2019, NMFS transferred 26 mt from the Reserve category to the General category January 2019 subquota period, resulting in an adjusted subquota of 75 mt for the January period and 3.5 mt for the Reserve category (84 FR 3724, February 13, 2019). Effective February 25, 2019, NMFS transferred an additional 25 mt from the Reserve category to the General category, in the same notice as NMFS made the annual reallocation of Purse Seine category quota to the Reserve category, resulting in an adjusted subquota of 100 mt for the General category 2019 January subquota period and 143 mt for the Reserve category (FR document 2019-03554 filed for public inspection, February 25, 2019).
Based on the best available landings information for the General category BFT fishery, NMFS has determined that the adjusted General category January 2019 subquota of 100 mt has been reached (
Fishermen may catch and release (or tag and release) BFT of all sizes, subject to the requirements of the catch-and-release and tag-and-release programs at § 635.26. All BFT that are released must be handled in a manner that will maximize their survival, and without removing the fish from the water, consistent with requirements at § 635.21(a)(1). For additional information on safe handling, see the “Careful Catch and Release” brochure available at
NMFS will continue to monitor the BFT fisheries closely. Dealers are required to submit landing reports within 24 hours of a dealer receiving BFT. Late reporting by dealers compromises NMFS' ability to timely implement actions such as quota and retention limit adjustment, as well as closures, and may result in enforcement actions. Additionally, and separate from the dealer reporting requirement, General and HMS Charter/Headboat category vessel owners are required to report the catch of all BFT retained or discarded dead within 24 hours of the landing(s) or end of each trip, by accessing
Depending on the level of fishing effort and catch rates of BFT, NMFS may determine that additional adjustments are necessary to ensure available subquotas are not exceeded or to enhance scientific data collection from, and fishing opportunities in, all geographic areas. If needed, subsequent adjustments will be published in the
The Assistant Administrator for NMFS (AA) finds that it is impracticable and contrary to the public interest to provide prior notice of, and an opportunity for public comment on, this action for the following reasons:
The regulations implementing the 2006 Consolidated HMS FMP and amendments provide for inseason retention limit adjustments and fishery closures to respond to the unpredictable nature of BFT availability on the fishing grounds, the migratory nature of this species, and the regional variations in the BFT fishery. These fisheries are currently underway and delaying this action would be contrary to the public interest as it could result in BFT landings further exceeding the January subquota, which could result in the need to reduce quota for the General category later in the year and thus could affect later fishing opportunities. Therefore, the AA finds good cause under 5 U.S.C. 553(b)(B) to waive prior notice and the opportunity for public comment. For all of the above reasons, there is good cause under 5 U.S.C. 553(d) to waive the 30-day delay in effectiveness.
This action is being taken under § 635.28(a)(1) (BFT fishery closures), and is exempt from review under Executive Order 12866.
16 U.S.C. 971
National Marine Fisheries Service (NMFS), National Oceanic and Atmospheric Administration (NOAA), Commerce.
Temporary rule; closure.
NMFS is prohibiting directed fishing for Pacific cod by catcher vessels greater than or equal to 50 feet length overall (LOA) using hook-and-line gear in the Central Regulatory Area of the Gulf of Alaska (GOA). This action is necessary to prevent exceeding the A season allowance of the 2019 Pacific cod total allowable catch apportioned to catcher vessels greater than or equal to 50 feet LOA using hook-and-line gear in the Central Regulatory Area of the GOA.
Effective 1200 hours, Alaska local time (A.l.t.), February 27, 2019, through 1200 hours, A.l.t., June 10, 2019.
Josh Keaton, 907-586-7228.
NMFS manages the groundfish fishery in the GOA exclusive economic zone according to the Fishery Management Plan for Groundfish of the Gulf of Alaska (FMP) prepared by the North Pacific Fishery Management Council under authority of the Magnuson-Stevens Fishery Conservation and Management Act. Regulations governing fishing by U.S. vessels in accordance with the FMP appear at subpart H of 50 CFR part 600 and 50 CFR part 679. Regulations governing sideboard protections for GOA groundfish fisheries appear at subpart B of 50 CFR part 680.
The A season allowance of the 2019 Pacific cod total allowable catch (TAC) apportioned to catcher vessels greater than or equal to 50 feet LOA using hook-and-line gear in the Central Regulatory Area of the GOA is 319 metric tons (mt), as established by the final 2018 and 2019 harvest specifications for groundfish of the GOA (83 FR 8768, March 1, 2018).
In accordance with § 679.20(d)(1)(i), the Administrator, Alaska Region, NMFS (Regional Administrator) has determined that the A season allowance of the 2019 Pacific cod TAC apportioned to catcher vessels greater than or equal to 50 feet LOA using hook-and-line gear in the Central Regulatory Area of the GOA will soon be reached. Therefore, the Regional Administrator is establishing a directed fishing allowance of 259 mt and is setting aside the remaining 60 mt as bycatch to support other anticipated groundfish fisheries. In accordance with § 679.20(d)(1)(iii), the Regional Administrator finds that this directed fishing allowance has been reached. Consequently, NMFS is prohibiting directed fishing for Pacific cod by catcher vessels greater than or equal to 50 feet LOA using hook-and-line gear in the Central Regulatory Area of the GOA. While this closure is effective the maximum retainable amounts at § 679.20(e) and (f) apply at any time during a trip.
This action responds to the best available information recently obtained from the fishery. The Assistant Administrator for Fisheries, NOAA (AA), finds good cause to waive the requirement to provide prior notice and opportunity for public comment pursuant to the authority set forth at 5 U.S.C. 553(b)(B) as such requirement is impracticable and contrary to the public interest. This requirement is impracticable and contrary to the public interest as it would prevent NMFS from responding to the most recent fisheries data in a timely fashion and would delay the directed fishing closure of Pacific cod by catcher vessels greater than or equal to 50 feet LOA using hook-and-line gear in the Central Regulatory Area of the GOA. NMFS was unable to publish a notice providing time for public comment because the most recent, relevant data only became available as of February 26, 2019.
The AA also finds good cause to waive the 30-day delay in the effective date of this action under 5 U.S.C. 553(d)(3). This finding is based upon the reasons provided above for waiver of prior notice and opportunity for public comment.
This action is required by § 679.20 and is exempt from review under Executive Order 12866.
16 U.S.C. 1801
Animal and Plant Health Inspection Service, USDA.
Proposed rule.
We are proposing to amend the domestic quarantine regulations for pale cyst nematode by adding procedures that would allow persons to review and comment on the protocols for regulating and deregulating quarantine and associated areas. As part of this proposal, we are making the protocols publicly available. We are proposing these actions in response to a court order requiring the Animal and Plant Health Inspection Service to facilitate public input into the development of protocols for deregulating fields for pale cyst nematode. The changes we propose would make the protocols more accessible and give persons the opportunity to comment on their development.
We will consider all comments that we receive on or before May 3, 2019.
You may submit comments by either of the following methods:
•
•
Supporting documents and any comments we receive on this docket may be viewed at
Ms. Evelia Sosa, Assistant Director, Pest Management, PHP, PPQ, APHIS, 4700 River Road, Unit 137, Riverdale, MD 20737; (301) 851-2217;
The pale cyst nematode (PCN,
Section 414 of the Plant Protection Act (PPA, 7 U.S.C. 7714) provides that the Secretary of Agriculture may, under certain conditions, hold, seize, quarantine, treat, apply other remedial measures to destroy or otherwise dispose of any plant, plant pest, plant product, article, or means of conveyance that is moving, or has moved into or through the United States or interstate if the Secretary has reason to believe the article is a plant pest or is infested with a plant pest at the time of movement.
The PCN regulations in 7 CFR part 301 (Subpart—Pale Cyst Nematode, §§ 301.86 through 301.86-9, referred to below as the regulations) set out quarantine and movement restrictions for regulated articles from fields infested with PCN and associated fields.
Section 301.86-3 sets out procedures for determining the areas quarantined for PCN. Paragraph (a) of § 301.86-3 states that, in accordance with the criteria listed in § 301.86-3(c), the Administrator of the Animal and Plant Health Inspection Service (APHIS) will designate as a quarantined area each field that has been found to be infested with PCN, each field that has been found to be associated with an infested field, and any area that the Administrator considers necessary to quarantine because of its inseparability for quarantine enforcement purposes from infested or associated fields.
Under § 301.86-3(c), APHIS designates a field as being infested if PCN is found in that field. A field is designated as an associated field, meaning that the field is at risk for PCN, if it meets certain criteria. These include any field in which PCN host crops were grown in the last 10 years,
Paragraph (d) of § 301.86-3 states that an infested field will be removed from quarantine when a protocol approved by the Administrator as sufficient to support removal of infested fields from quarantine has been completed and the field has been found to be free from PCN based on the protocol. The removal from quarantine of any associated fields also requires steps under an approved protocol.
The PCN regulations were first established in an interim rule published September 12, 2007 (72 FR 51975-51988, Docket No. APHIS-2006-0143), after parts of Bingham and Bonneville Counties, ID, were quarantined upon discovery of PCN in several potato fields in 2006. The interim rule restricted the interstate movement of potatoes and other regulated articles from the quarantined area to prevent the spread of PCN to non-infested areas of the United States. We included in § 301.86-3 of the interim rule the provision that an infested field will be removed from quarantine when a 3-year biosurvey protocol approved by APHIS has been
On April 29, 2009 (74 FR 19374-19382, Docket No. APHIS-2006-0143), we published a final rule based on our evaluation of public comments that we received on the interim rule and input from an independent science panel. Based on our review of this information, we determined that including the 3-year biosurvey protocol in the regulations as the only approach for deregulating fields precluded the potential use of other methods that would be sufficient for evaluating fields for PCN, so we broadened the approach in § 301.86-3(d)(1) to read “a protocol approved by the Administrator as sufficient to support removal of infested fields from quarantine.” We stated in the final rule that we would continue to solicit stakeholder input as we develop the field removal protocol and update affected producers and other interested parties on our progress.
On April 28, 2015, a group of Idaho potato farmers subject to the PCN quarantine filed a complaint against APHIS in the U.S. District Court in Idaho. Among the allegations in the complaint was that APHIS violated provisions of the PPA and the Administrative Procedure Act (APA) by not developing accessible regulations and failing to follow notice and comment requirements of the APA. The plaintiffs alleged that the final rule contemplated further rulemaking through the creation of protocols to be used to support removal of infested and associated fields from regulation. Because APHIS had not publically issued the protocol referenced in the final rule, the plaintiffs stated they were unclear as to what methods and data APHIS drew on in deciding whether to deregulate infested and associated fields, making the requirements imposed on the plaintiffs vague and impossible to satisfy. The complaint asked the court to set aside the final rule and end the quarantine and regulation of all fields owned and farmed by the plaintiffs.
In a decision filed March 20, 2018,
We are responding to the court order in this rulemaking by proposing to include procedures in the regulations for public notice and comment of the PCN deregulation protocols. Although not ordered to do so by the court, we are proposing to do the same for the criteria APHIS uses to make initial designations of fields. We are proposing to amend § 301.86-3, paragraphs (c) and (d), to provide that any substantive changes to the protocols will first be announced in a
The protocols are available for comment on the
This proposed rule has been determined to be not significant for the purposes of Executive Order 12866 and, therefore, has not been reviewed by the Office of Management and Budget. This proposed rule is not expected to be an Executive Order 13771 regulatory action because this proposed rule is not significant under Executive Order 12866.
In accordance with the Regulatory Flexibility Act, we have analyzed the potential economic effects of this action on small entities. The analysis is summarized below. Copies of the full analysis are available by contacting the person listed under
According to the Small Business Administration, entities whose main activity is potato farming (classified under NAICS 111211) are considered small if they have $750,000 or less in annual receipts. Based on the 2012 Census of Agriculture, there were about 24,000 farms in Idaho, of which around 800 were considered to be primarily potato farms. Bingham and Bonneville Counties had 122 and 36 potato farms, respectively. There were about 2,000 farms in Idaho with farm sales greater than $500,000, of which around 1,200 farms had farm sales greater than $1 million. According to the 2012 Census, 142 of Bingham County's 1,265 farm operations (about 11 percent) had farm sales greater than $500,000, while in Bonneville County, 56 of the 893 farm operations (about 6 percent) had farm sales greater than $500,000. Although the distribution of potato farms with farm sales above $500,000 (or $750,000) is not known, it is reasonable to conclude that many of the potato farms in Bingham and Bonneville counties are under the threshold and would be considered as small business entities.
However, the proposed rule would not impose new or additional burdens on small entities as this is an administrative action for which there would be no additional costs.
Under these circumstances, the Administrator of the Animal and Plant Health Inspection Service has determined that this action would not have a significant economic impact on a substantial number of small entities.
This program/activity is listed in the Catalog of Federal Domestic Assistance under No. 10.025 and is subject to Executive Order 12372, which requires intergovernmental consultation with State and local officials. (See 2 CFR chapter IV.)
This proposed rule has been reviewed under Executive Order 12988, Civil Justice Reform. If this proposed rule is adopted: (1) All State and local laws and regulations that are inconsistent with
This proposed rule contains no reporting, recordkeeping, or third party disclosure requirements under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501
Agricultural commodities, Plant diseases and pests, Quarantine, Reporting and recordkeeping requirements, Transportation.
Accordingly, we propose to amend 7 CFR part 301 as follows:
7 U.S.C. 7701-7772 and 7781-7786; 7 CFR 2.22, 2.80, and 371.3.
Section 301.75-15 issued under Sec. 204, Title II, Public Law 106-113, 113 Stat. 1501A-293; sections 301.75-15 and 301.75-16 issued under Sec. 203, Title II, Public Law 106-224, 114 Stat. 400 (7 U.S.C. 1421 note).
The revisions read as follows:
(c) * * *
(1)
(d)
(2)
(3)
(4)
Federal Aviation Administration (FAA), DOT.
Notice of proposed rulemaking (NPRM).
This action proposes to amend Class E surface airspace and Class E airspace areas extending upward from 700 feet or more above the surface of the earth at Dickinson-Theodore Roosevelt Regional Airport (formerly Dickinson Municipal Airport) in Dickinson, ND. The FAA is proposing this action as the result of an airspace review caused by the decommissioning of the Dickinson non-directional radio beacon (NDB). The geographic coordinates for the airport in the associated airspace and the airport name would be updated to coincide with the FAA's aeronautical database. Also, the Dickinson VHF omni-directional radio range and tactical air navigational aid (VORTAC) is no longer needed in the description of the E-5 airspace and will be removed. Airspace redesign is necessary for the safety and management of instrument flight rules (IFR) operations at these airports.
Comments must be received on or before April 18, 2019.
Send comments on this proposal to the U.S. Department of Transportation, Docket Operations, West Building Ground Floor, Room W12-140, 1200 New Jersey Avenue SE, Washington, DC 20590, telephone (202) 366-9826, or (800) 647-5527. You must identify FAA Docket No. FAA-2019-0033; Airspace Docket No. 19-AGL-3, at the beginning of your comments. You may also submit comments through the internet at
FAA Order 7400.11C, Airspace Designations and Reporting Points, and subsequent amendments can be viewed online at
FAA Order 7400.11, Airspace Designations and Reporting Points, is published yearly and effective on September 15.
John Witucki, Federal Aviation Administration, Operations Support Group, Central Service Center, 10101 Hillwood Parkway, Fort Worth, TX 76177; telephone (817) 222-5900.
The FAA's authority to issue rules regarding aviation safety is found in Title 49 of the United States Code. Subtitle I, Section 106 describes the authority of the FAA Administrator. Subtitle VII, Aviation Programs, describes in more detail the scope of the agency's authority. This rulemaking is promulgated under the authority described in Subtitle VII, Part A, Subpart I, Section 40103. Under that section, the FAA is charged with prescribing regulations to assign the use of airspace necessary to ensure the safety of aircraft and the efficient use of airspace. This regulation is within the scope of that authority as it would amend Class E airspace at Dickinson-Theodore Roosevelt Regional Airport, in support of standard instrument approach procedures for IFR operations at the airport.
Interested parties are invited to participate in this proposed rulemaking by submitting such written data, views, or arguments, as they may desire. Comments that provide the factual basis supporting the views and suggestions presented are particularly helpful in developing reasoned regulatory decisions on the proposal. Comments are specifically invited on the overall regulatory, aeronautical, economic, environmental, and energy-related aspects of the proposal. Communications should identify both docket numbers and be submitted in triplicate to the address listed above. Commenters wishing the FAA to acknowledge receipt of their comments on this notice must submit with those comments a self-addressed, stamped postcard on which the following statement is made: “Comments to Docket No. FAA-2019-0033; Airspace Docket No. 19-AGL-3.” The postcard will be date/time stamped and returned to the commenter.
All communications received before the specified closing date for comments will be considered before taking action on the proposed rule. The proposal contained in this notice may be changed in light of the comments received. A report summarizing each substantive public contact with FAA personnel concerned with this rulemaking will be filed in the docket.
An electronic copy of this document may be downloaded through the internet at
You may review the public docket containing the proposal, any comments received, and any final disposition in person in the Dockets Office (see the
This document proposes to amend FAA Order 7400.11C, Airspace Designations and Reporting Points, dated August 13, 2018, and effective September 15, 2018. FAA Order 7400.11C is publicly available as listed in the
The FAA is proposing an amendment to Title 14 Code of Federal Regulations (14 CFR) part 71 by amending Class E surface airspace to within a 4.1-mile radius (reduced from 4.4 miles) of Dickinson-Theodore Roosevelt Regional Airport, Dickinson, ND and removing the extension to the southeast associated with the Dickinson non-directional radio beacon. Also, propose amending Class E airspace extending upward from 700 feet above the surface within a 6.6-mile radius (reduced from 8.3 miles) of the Dickinson-Theodore Roosevelt Regional Airport and removing the extension to the southeast associated with the Dickinson non-directional radio beacon. This action would enhance safety and the management of IFR operations at the airport. Also, the airport name and geographic coordinates would be adjusted to coincide with the FAA's aeronautical database. The Dickenson VORTAC is no longer needed to describe the airspace and will be removed.
Class E airspace designations are published in paragraphs 6002 and 6005 of FAA Order 7400.11C, dated August 13, 2018, and effective September 15, 2018, which is incorporated by reference in 14 CFR 71.1. The Class E airspace designation listed in this document will be published subsequently in the Order.
The FAA has determined that this proposed regulation only involves an established body of technical regulations for which frequent and routine amendments are necessary to keep them operationally current, is non-controversial and unlikely to result in adverse or negative comments. It, therefore: (1) Is not a “significant regulatory action” under Executive Order 12866; (2) is not a “significant rule” under DOT Regulatory Policies and Procedures (44 FR 11034; February 26, 1979); and (3) does not warrant preparation of a regulatory evaluation as the anticipated impact is so minimal. Since this is a routine matter that will only affect air traffic procedures and air navigation, it is certified that this proposed rule, when promulgated, would not have a significant economic impact on a substantial number of small entities under the criteria of the Regulatory Flexibility Act.
This proposal will be subject to an environmental analysis in accordance with FAA Order 1050.1F, “Environmental Impacts: Policies and Procedures” prior to any FAA final regulatory action.
Airspace, Incorporation by reference, Navigation (air).
Accordingly, pursuant to the authority delegated to me, the Federal Aviation Administration proposes to amend 14 CFR part 71 as follows:
49 U.S.C. 106(f), 106(g); 40103, 40113, 40120; E.O. 10854, 24 FR 9565, 3 CFR, 1959-1963 Comp., p. 389.
Within a 4.1-mile radius of the Dickinson-Theodore Roosevelt Regional Airport.
That airspace extending upward from 700 feet above the surface within a 6.6-mile radius of the Dickinson-Theodore Roosevelt Regional Airport.
Federal Aviation Administration (FAA), DOT.
Notice of proposed rulemaking (NPRM).
This action proposes to remove RNAV route Q-106 which currently extends between the SMELZ, FL, waypoint (WP) and the GADAY, AL, WP. With the implementation additional Q routes by the Florida Metroplex Q-route Project, the FAA has determined that Q-106 is no longer required.
Comments must be received on or before April 18, 2019.
Send comments on this proposal to the U.S. Department of Transportation, Docket Operations, 1200 New Jersey Avenue SE, West Building Ground Floor, Room W12-140, Washington, DC 20590; telephone: 1(800) 647-5527, or (202) 366-9826. You must identify FAA Docket No. FAA-2019-0060; Airspace Docket No. 18-ASO-20 at the beginning of your comments. You may also submit comments through the internet at
FAA Order 7400.11C, Airspace Designations and Reporting Points, and subsequent amendments can be viewed online at
FAA Order 7400.11, Airspace Designations and Reporting Points, is published yearly and effective on September 15.
Paul Gallant, Airspace Policy Group, Office of Airspace Services, Federal Aviation Administration, 800 Independence Avenue SW, Washington, DC 20591; telephone: (202) 267-8783.
The FAA's authority to issue rules regarding aviation safety is found in Title 49 of the United States Code. Subtitle I, Section 106 describes the authority of the FAA Administrator. Subtitle VII, Aviation Programs, describes in more detail the scope of the agency's authority. This rulemaking is promulgated under the authority described in Subtitle VII, Part A, Subpart I, Section 40103. Under that section, the FAA is charged with prescribing regulations to assign the use of the airspace necessary to ensure the safety of aircraft and the efficient use of airspace. This regulation is within the scope of that authority as it would modify the route structure as necessary to preserve the safe and efficient flow of air traffic within the National Airspace System.
Interested parties are invited to participate in this proposed rulemaking by submitting such written data, views, or arguments as they may desire. Comments that provide the factual basis supporting the views and suggestions presented are particularly helpful in developing reasoned regulatory decisions on the proposal. Comments are specifically invited on the overall regulatory, aeronautical, economic, environmental, and energy-related aspects of the proposal.
Communications should identify both docket numbers (FAA Docket No. FAA-2019-0060; Airspace Docket No. 18-ASO-20) and be submitted in triplicate to the Docket Management Facility (see
Commenters wishing the FAA to acknowledge receipt of their comments on this action must submit with those comments a self-addressed, stamped postcard on which the following statement is made: “Comments to FAA Docket No. FAA-2019-0060; Airspace Docket No. 18-ASO-20.” The postcard will be date/time stamped and returned to the commenter.
All communications received on or before the specified comment closing date will be considered before taking action on the proposed rule. The proposal contained in this action may be changed in light of comments received. All comments submitted will be available for examination in the public docket both before and after the
An electronic copy of this document may be downloaded through the internet at
You may review the public docket containing the proposal, any comments received and any final disposition in person in the Dockets Office (see
An informal docket may also be examined during normal business hours at the office of the Eastern Service Center, Federal Aviation Administration, Room 210, 1701 Columbia Ave., College Park, GA 30337.
This document proposes to amend FAA Order 7400.11C, Airspace Designations and Reporting Points, dated August 13, 2018, and effective September 15, 2018. FAA Order 7400.11C is publicly available as listed in the
The FAA is proposing an amendment to Title 14 Code of Federal Regulations (14 CFR) part 71 to remove RNAV route Q-106. Q-106 extends between the SMELZ, FL, WP (northwest of the Lakeland, FL, VORTAC) and the GADAY, AL, WP (northeast of the Crestview, FL, VORTAC). The implementation of the Florida Metroplex Q-route Project (83 FR 43750; August 28, 2018), that became effective on November 8, 2018, increased the number of RNAV Q-routes that extend through the area served by Q-106. As a result, the FAA determined that Q-106 is obsolete and no longer required.
Q-routes are published in paragraph 2006 of FAA Order 7400.11C dated August 13, 2018, and effective September 15, 2018, which is incorporated by reference in 14 CFR 71.1. The Q-route listed in this document would be subsequently removed from the Order.
The FAA has determined that this proposed regulation only involves an established body of technical regulations for which frequent and routine amendments are necessary to keep them operationally current. It, therefore: (1) Is not a “significant regulatory action” under Executive Order 12866; (2) is not a “significant rule” under Department of Transportation (DOT) Regulatory Policies and Procedures (44 FR 11034; February 26, 1979); and (3) does not warrant preparation of a regulatory evaluation as the anticipated impact is so minimal. Since this is a routine matter that will only affect air traffic procedures and air navigation, it is certified that this proposed rule, when promulgated, will not have a significant economic impact on a substantial number of small entities under the criteria of the Regulatory Flexibility Act.
This proposal will be subject to an environmental analysis in accordance with FAA Order 1050.1F, “Environmental Impacts: Policies and Procedures” prior to any FAA final regulatory action.
Airspace, Incorporation by reference, Navigation (air).
In consideration of the foregoing, the Federal Aviation Administration proposes to amend 14 CFR part 71 as follows:
49 U.S.C. 106(f), 106(g); 40103, 40113, 40120; E.O. 10854, 24 FR 9565, 3 CFR, 1959-1963 Comp., p. 389.
Federal Energy Regulatory Commission, Department of Energy.
Notice of proposed rulemaking; correction.
This document contains corrections to the
Effective March 4, 2019.
On November 15, 2018, the Commission issued a “Notice of Proposed Rulemaking” (NOPR), in the above-captioned proceeding. This NOPR published in the
On February 21, 2019, the Commission issued a “Final Rule” in the above-captioned proceeding titled:
1. Correct the
Coast Guard, DHS.
Notice of proposed rulemaking.
The Coast Guard proposes to establish special local regulations for certain waters of the Bush River and Otter Point Creek. This action is necessary to provide for the safety of life on these navigable waters located at Edgewood, Harford County, MD, during a high-speed power boat racing event on May 11, 2019, and May 12, 2019. This proposed rulemaking would prohibit persons and vessels from being in the regulated area unless authorized by the Captain of the Port Maryland-National Capital Region or Coast Guard Patrol Commander. We invite your comments on this proposed rulemaking.
Comments and related material must be received by the Coast Guard on or before April 3, 2019.
You may submit comments identified by docket number USCG-2019-0083 using the Federal eRulemaking Portal at
If you have questions about this proposed rulemaking, call or email Mr. Ron Houck, U.S. Coast Guard Sector Maryland-National Capital Region; telephone 410-576-2674, email
The Carolina-Virginia Racing Association of Havre de Grace, MD has notified the Coast Guard that it will be conducting the Flying Point Park Outboard Regatta from 10 a.m. to 6 p.m. on May 11, 2019, and from 10 a.m. to 6 p.m. on May 12, 2019. The high-speed power boat racing event consists of approximately 60 participating outboard hydroplane and runabout race boats of various classes, 9 to 14 feet in length, with 4 to 12 boats racing in 3-lap heats, along a designated, marked racetrack-type course located in Bush River and Otter Point Creek at Edgewood, Harford County, MD. Hazards from the power boat racing event include participants operating within and adjacent to designated navigation channels and interfering with vessels intending to operate within those channels, as well as operating within approaches to local public boat ramps, private marinas and yacht clubs, and waterfront businesses. The Captain of the Port (COTP) Maryland-National Capital Region has determined that potential hazards associated with the power boat racing event would be a safety concern for anyone intending to operate within certain waters of Bush River and Otter Point Creek in Harford County, MD, operating in or near the event area.
The purpose of this rulemaking is to protect event participants, spectators and transiting vessels on certain waters of Bush River and Otter Point Creek before, during, and after the scheduled event. The Coast Guard proposes this rulemaking under authority in 33 U.S.C. 1233, which authorizes the Coast Guard to establish and define special local regulations.
The COTP Maryland-National Capital Region proposes to establish special local regulations to be enforced from 9:30 a.m. to 6:30 p.m. on May 11, 2019, and from 9:30 a.m. to 6:30 on May 12, 2019. The regulated area would cover all navigable waters of the Bush River and Otter Point Creek, from shoreline to shoreline, bounded to the north by a line drawn from the western shoreline of the Bush River at latitude 39°27′15″ N, longitude 076°14′39″ W and thence eastward to the eastern shoreline of the Bush River at latitude 39°27′03″ N, longitude 076°13′57″ W; and bounded to the south by the Amtrak Railroad Bridge, across the Bush River at mile 6.8, between Perryman, MD, and Edgewood, MD.
This proposed rule provides additional information about areas within the regulated area, their definitions, and the restrictions that would apply. These areas include a “Race Area”, “Buffer Zone” and “Spectator Area”.
The proposed duration of the special local regulations and size of the regulated area are intended to ensure the safety of life on these navigable waters before, during, and after the high-speed power boat races, scheduled from 10 a.m. until 6 p.m. on May 11, 2019, and May 12, 2019. The COTP and PATCOM would have authority to forbid and control the movement of all vessels and persons, including event participants, in the regulated area. When hailed or signaled by an official patrol, a vessel or person in the regulated area would be required to immediately comply with the directions given by the COTP or Coast Guard Patrol Commander (PATCOM). If a person or vessel fails to follow such directions, the Coast Guard may expel them from the area, issue them a citation for failure to comply, or both. Official Patrols are any vessel assigned or approved by the Commander, Coast Guard Sector Maryland-National Capital Region with a commissioned, warrant, or petty officer on board and displaying a Coast Guard ensign.
Except for Flying Point Park Outboard Regatta participants and vessels already at berth, a vessel or person would be required to get permission from the COTP or PATCOM before entering the regulated area. Vessel operators can request permission to enter and transit through the regulated area by contacting
If permission is granted by the COTP or PATCOM, a person or vessel would be allowed to enter the regulated area or pass directly through the regulated area as instructed. Vessels would be required to operate at a safe speed that minimizes wake while within the regulated area. Official patrol vessels will direct spectator vessels while within the regulated area. Vessels would be prohibited from loitering within the navigable channel. Only participant vessels and official patrol vessels would be allowed to enter the race area. A person or vessel not registered with the event sponsor as a participant or assigned as official patrols would be considered a spectator. Spectators are only allowed inside the regulated area if they remain within the designated spectator area. All spectator vessels must be anchored or operate at a No Wake Speed within the designated spectator area. Official patrol vessels will direct spectator vessels to the spectator area. Spectators must contact the Coast Guard Patrol Commander to request permission to pass through the regulated area. If permission is granted, spectators must pass directly through the regulated area at safe speed and without loitering.
The regulatory text we are proposing appears at the end of this document.
We developed this proposed rule after considering numerous statutes and Executive orders related to rulemaking. Below we summarize our analyses based on a number of these statutes and Executive orders and we discuss First Amendment rights of protestors.
Executive Orders 12866 and 13563 direct agencies to assess the costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits. Executive Order 13771 directs agencies to control regulatory costs through a budgeting process. This NPRM has not been designated a “significant regulatory action,” under Executive Order 12866. Accordingly, the NPRM has not been reviewed by the Office of Management and Budget (OMB), and pursuant to OMB guidance it is exempt from the requirements of Executive Order 13771.
This regulatory action determination is based on the size, duration and time of year of the regulated area, which would impact a small designated area of the Bush River and Otter Point Creek for 18 total enforcement hours. The Coast Guard would issue a Broadcast Notice to Mariners via VHF-FM marine channel 16 about the status of the regulated area. Moreover, the rule would allow vessels to seek permission to enter the regulated area, and vessel traffic would be able to safely transit the regulated area once the PATCOM deems it safe to do so.
The Regulatory Flexibility Act of 1980, 5 U.S.C. 601-612, as amended, requires Federal agencies to consider the potential impact of regulations on small entities during rulemaking. The term “small entities” comprises small businesses, not-for-profit organizations that are independently owned and operated and are not dominant in their fields, and governmental jurisdictions with populations of less than 50,000. The Coast Guard certifies under 5 U.S.C. 605(b) that this proposed rule would not have a significant economic impact on a substantial number of small entities.
While some owners or operators of vessels intending to transit the regulated area may be small entities, for the reasons stated in section IV.A above, this proposed rule would not have a significant economic impact on any vessel owner or operator.
If you think that your business, organization, or governmental jurisdiction qualifies as a small entity and that this rule would have a significant economic impact on it, please submit a comment (see
Under section 213(a) of the Small Business Regulatory Enforcement Fairness Act of 1996 (Pub. L. 104-121), we want to assist small entities in understanding this proposed rule. If the rule would affect your small business, organization, or governmental jurisdiction and you have questions concerning its provisions or options for compliance, please contact the person listed in the
This proposed rule would not call for a new collection of information under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501-3520).
A rule has implications for federalism under Executive Order 13132, Federalism, if it has a substantial direct effect on the States, on the relationship between the national government and the States, or on the distribution of power and responsibilities among the various levels of government. We have analyzed this proposed rule under that Order and have determined that it is consistent with the fundamental federalism principles and preemption requirements described in Executive Order 13132.
Also, this proposed rule does not have tribal implications under Executive Order 13175, Consultation and Coordination with Indian Tribal Governments, because it would not have a substantial direct effect on one or more Indian tribes, on the relationship between the Federal Government and Indian tribes, or on the distribution of power and responsibilities between the Federal Government and Indian tribes. If you believe this proposed rule has implications for federalism or Indian tribes, please contact the person listed in the
The Unfunded Mandates Reform Act of 1995 (2 U.S.C. 1531-1538) requires Federal agencies to assess the effects of their discretionary regulatory actions. In particular, the Act addresses actions that may result in the expenditure by a State, local, or tribal government, in the aggregate, or by the private sector of $100,000,000 (adjusted for inflation) or more in any one year. Though this proposed rule would not result in such an expenditure, we do discuss the effects of this rule elsewhere in this preamble.
We have analyzed this proposed rule under Department of Homeland Security Directive 023-01 and Commandant Instruction M16475.1D, which guide the Coast Guard in complying with the National Environmental Policy Act of 1969 (42 U.S.C. 4321-4370f), and have made a preliminary determination that this action is one of a category of actions that do not individually or cumulatively have a significant effect on the human environment. This proposed rule involves implementation of regulations within 33 CFR part 100 applicable to organized marine events on the navigable waters of the United States that could negatively impact the safety
The Coast Guard respects the First Amendment rights of protesters. Protesters are asked to contact the person listed in the
We view public participation as essential to effective rulemaking, and will consider all comments and material received during the comment period. Your comment can help shape the outcome of this rulemaking. If you submit a comment, please include the docket number for this rulemaking, indicate the specific section of this document to which each comment applies, and provide a reason for each suggestion or recommendation.
We encourage you to submit comments through the Federal eRulemaking Portal at
We accept anonymous comments. All comments received will be posted without change to
Documents mentioned in this NPRM as being available in the docket, and all public comments, will be in our online docket at
Marine safety, Navigation (water), Reporting and recordkeeping requirements, Waterways.
For the reasons discussed in the preamble, the Coast Guard proposes to amend 33 CFR part 100 as follows:
33 U.S.C. 1233; 33 CFR 1.05-1.
(a)
(b)
(1)
(2)
(3)
(4)
(c)
(2) Except for participants and vessels already at berth, a person or vessel within the regulated area at the start of enforcement of this section must immediately depart the regulated area.
(3) A spectator must contact the PATCOM to request permission to either enter or pass through the regulated area. The PATCOM, and official patrol vessels enforcing this regulated area, can be contacted on marine band radio VHF-FM channel 16 (156.8 MHz) and channel 22A (157.1 MHz). If permission is granted, the spectator may enter the designated Spectator Area or must pass directly through the regulated area as instructed by PATCOM. A vessel within the regulated area must operate at safe speed that minimizes wake. A spectator vessel must not loiter within the navigable channel while within the regulated area.
(4) A person or vessel that desires to transit, moor, or anchor within the regulated area must first obtain authorization from the COTP Maryland-National Capital Region or PATCOM. A person or vessel seeking such permission can contact the COTP Maryland-National Capital Region at telephone number 410-576-2693 or on Marine Band Radio, VHF-FM channel 16 (156.8 MHz) or the PATCOM on Marine Band Radio, VHF-FM channel 16 (156.8 MHz).
(5) Only participant vessels and official patrol vessels are allowed to enter the race area.
(6) Spectators are only allowed inside the regulated area if they remain within the designated spectator area. All spectator vessels must be anchored or operate at a No Wake Speed within the designated spectator area. Official patrol vessels will direct spectator vessels to the spectator area. Spectators must contact the Coast Guard Patrol Commander to request permission to pass through the regulated area. If permission is granted, spectators must pass directly through the regulated area at safe speed and without loitering.
(7) The Coast Guard will publish a notice in the Fifth Coast Guard District Local Notice to Mariners and issue a marine information broadcast on VHF-FM marine band radio announcing specific event date and times.
(d)
(e)
Environmental Protection Agency (EPA).
Proposed rule.
The Environmental Protection Agency (EPA) is proposing to approve changes to the Jefferson County portion of the Kentucky State Implementation Plan (SIP), submitted by the Commonwealth of Kentucky, through the Energy and Environment Cabinet (Cabinet), through a letter dated March 15, 2018. The proposed SIP revision was submitted by the Cabinet on behalf of the Louisville Metro Air Pollution Control District (District) and makes minor ministerial amendments to regulations regarding new and existing process operations.
Comments must be received on or before April 3, 2019.
Submit your comments, identified by Docket ID No. EPA-R04-OAR-2018-0609 at
Andres Febres, Air Regulatory Management Section, Air Planning and Implementation Branch, Air, Pesticides and Toxics Management Division, U.S. Environmental Protection Agency, Region 4, 61 Forsyth Street SW, Atlanta, Georgia 30303-8960. The telephone number is (404) 562-8966. Mr. Febres can also be reached via electronic mail at
EPA is proposing to approve changes to the Jefferson County portion of the Kentucky SIP that were provided to EPA through a letter dated March 15, 2018.
As mentioned in Section I of this document, the portion of Jefferson County's March 15, 2018, SIP revision that EPA is proposing to approve makes changes to two Jefferson County Air Quality Regulations. Specifically, the SIP revision updates the SIP-approved version of Regulation 6.09 to version 7, and the SIP-approved version of Regulation 7.08 to version 4.
Jefferson County's Regulation 6.09 provides for the control of emissions from existing process operations and includes standards for PM emissions, as well as nitrogen oxides (NO
Section 1.1 of the current SIP-approved version of Regulation 6.09 states that the provisions of this regulation apply to process operations that were either in existence or had an approved construction permit on or before September 1, 1976. With the amendments in version 7, Jefferson County makes minor edits to clarify that the provisions of this regulation apply to process operations that not only were in existence on or before September 1, 1976, but also to those process operations that had either commenced construction, reconstruction, or a modification by that date. In addition, Jefferson County rewords, for clarification purposes, the part of Section 1.1 that specifies that Regulation 6.09 applies to those process operations not otherwise covered under any other portion of Regulation 6, but the scope, meaning, and applicability of Regulation 6.09 remain the same.
Section 3 of the current SIP-approved version of Regulation 6.09 includes specific standards for PM emissions from existing process operations. With the amendments in version 7, Jefferson County deletes Sections 3.3 and 3.4 of Regulation 6.09. Section 3.3 contains an opacity standard for PM that limits process operation emissions to 20 percent opacity; and Section 3.4 contains a Mass emission standard for PM that limits process operation emissions to emissions rates provided in Table 1 of Regulation 6.09. Both standards for PM emissions are unnecessary because they are already established under sections 3.1 and 3.2 of Regulation 6.09. By deleting Sections 3.3 and 3.4, Jefferson County is not removing any emissions limit for existing process operations, but is simply removing redundancy in the current SIP-approved version of the regulation.
The March 15, 2018, SIP revision does not change the scope or meaning of Regulation 6.09, nor does it modify how the regulation works. These changes are minor and ministerial in nature and help to clean up and clarify the regulation of existing process operations. EPA has made the preliminary determination that the aforementioned changes will not have a negative impact on air quality in the area and is therefore proposing to approve version 7 of Regulation 6.09 into the Jefferson County portion of the Kentucky SIP.
Like Jefferson County's Regulation 6.09, Regulation 7.08 provides for the control of emissions from process operations, but these provisions apply to new process operations rather than existing ones. Jefferson County's March 15, 2018, SIP revision requests that EPA adopt version 4 of Regulation 7.08 into the SIP. Version 4 of Regulation 7.08 makes changes similar to those in version 7 of Regulation 6.09 by amending the two corresponding sections: Section 1,
Section 1 of the current SIP-approved version of Regulation 7.08 states that the provisions of this regulation apply to process operations that commenced construction after September 1, 1976. With the amendments in version 4, Jefferson County clarifies that the provisions of this regulation apply to process operations that not only had commenced construction after September 1, 1976, but also to those that had either commenced modification or reconstruction after this date. As with the changes in Regulation 6.09, Jefferson County also rewords, for clarification purposes, the provision in Section 1 that specifies that this regulation applies to those process operations not otherwise covered under any other portion of Regulation 7, but the scope, meaning, and applicability remain the same.
Section 3 of the current SIP-approved version of Regulation 7.08 includes specific standards for PM emissions of new process operations. With the amendments in version 4, Jefferson County deletes Section 3.2, which contains the 20 percent opacity limit for PM from process operation emissions. This opacity standard is unnecessary because it is already established in section 3.1.1 of Regulation 7.08. By deleting Section 3.2, Jefferson County is not removing any emissions limitation for new process operations, but is simply removing a redundancy that exists in the current SIP-approved version of the regulation.
Just as with Regulation 6.09 above, the March 15, 2018, SIP revision does not change the meaning or scope of Regulation 7.08, nor does it modify how the regulation works. These changes are minor and ministerial in nature and help to clean up and clarify the regulation of new process operations. EPA has made the preliminary determination that the aforementioned changes will not have a negative impact on air quality in the area and is therefore proposing to approve version 4 of Regulation 7.08 into the Jefferson County portion of the Kentucky SIP.
In this document, EPA is proposing to include in a final EPA rule regulatory text that includes incorporation by reference. In accordance with requirements of 1 CFR 51.5, EPA is proposing to incorporate by reference Jefferson County's Regulation 6.09,
EPA is proposing to approve changes to the Jefferson County portion of the Kentucky SIP that were provided to EPA through a letter dated March 15, 2018. Specifically, EPA is proposing to
Under the CAA, the Administrator is required to approve a SIP submission that complies with the provisions of the Act and applicable Federal regulations.
• Is not a significant regulatory action subject to review by the Office of Management and Budget under Executive Orders 12866 (58 FR 51735, October 4, 1993) and 13563 (76 FR 3821, January 21, 2011);
• Is not an Executive Order 13771 (82 FR 9339, February 2, 2017) regulatory action because SIP approvals are exempted under Executive Order 12866;
• Does not impose an information collection burden under the provisions of the Paperwork Reduction Act (44 U.S.C. 3501
• Is certified as not having a significant economic impact on a substantial number of small entities under the Regulatory Flexibility Act (5 U.S.C. 601
• Does not contain any unfunded mandate or significantly or uniquely affect small governments, as described in the Unfunded Mandates Reform Act of 1995 (Pub. L. 104-4);
• Does not have Federalism implications as specified in Executive Order 13132 (64 FR 43255, August 10, 1999);
• Is not an economically significant regulatory action based on health or safety risks subject to Executive Order 13045 (62 FR 19885, April 23, 1997);
• Is not a significant regulatory action subject to Executive Order 13211 (66 FR 28355, May 22, 2001);
• Is not subject to requirements of Section 12(d) of the National Technology Transfer and Advancement Act of 1995 (15 U.S.C. 272 note) because application of those requirements would be inconsistent with the CAA; and
• Does not provide EPA with the discretionary authority to address, as appropriate, disproportionate human health or environmental effects, using practicable and legally permissible methods, under Executive Order 12898 (59 FR 7629, February 16, 1994).
The SIP is not approved to apply on any Indian reservation land or in any other area where EPA or an Indian tribe has demonstrated that a tribe has jurisdiction. In those areas of Indian country, the rule does not have tribal implications as specified by Executive Order 13175 (65 FR 67249, November 9, 2000), nor will it impose substantial direct costs on tribal governments or preempt tribal law.
Environmental protection, Air pollution control, Carbon monoxide, Incorporation by reference, Lead, Nitrogen dioxide, Ozone, Particulate matter, Reporting and recordkeeping requirements, Sulfur oxides, Volatile organic compounds.
42 U.S.C. 7401
Federal Communications Commission.
Proposed rule.
In this document, the Commission proposes rules to implement these recently adopted amendments which expand and clarify the Act's prohibition on the use of misleading and inaccurate caller ID information. Specifically, this document proposes and seeks comment on modifications to the Commission's current Truth in Caller ID rules that largely track the language of the recent statutory amendments. The document also invites comment on what other changes to our Truth in Caller ID rules the Commission can make to better prevent inaccurate or misleading caller ID information from harming consumers. In doing so, the Commission takes another significant step in its multi-pronged approach to ending malicious caller ID spoofing.
Comments are due on or before April 3, 2019, and reply comments are due on or before May 3, 2019.
You may submit comments, identified by WC Docket Nos. 18-335 and 11-39, by any of the following methods:
•
•
For detailed instructions for submitting comments and additional information on the rulemaking process, see section III in the
Wireline Competition Bureau, Competition Policy Division, Alex Espinoza, at (202) 418-0849, or
This is a summary of the Commission's notice of proposed rulemaking (
1. As the Commission did when it initially adopted the Truth in Caller ID Act rules, in proposing rules to implement the recent amendments to section 227(e) of the Act, we largely track the relevant statutory language. We seek comment on our proposals to implement the new statutory language in our rules, generally, and with regard to each specific issue addressed below.
2. First, consistent with the recent amendments to section 227(e), we propose to extend the reach of our caller ID spoofing rules to include communications originating from outside the United States to recipients
3. We believe that the statutory language is clear and that mirroring that language will avoid creating ambiguity from any differences between the text of the statute and of our rules. For example, we interpret the term “person” in amended section 227(e) to have the same meaning as the Commission determined “person” to have in the
4. Also consistent with section 227(e) as amended, we propose to amend our rules to incorporate the phrase “in connection with any voice service or text messaging service” into the prohibition on causing “any caller identification service to transmit or display misleading or inaccurate caller identification information.” We seek comment on this proposal.
5. The current prohibition on caller ID spoofing in § 64.1604(a) of our rules does not specify that spoofing in connection with “any telecommunications service or interconnected VoIP service” is covered by the rule. However, because we are now proposing to include a wider universe of communications services within the prohibition on caller ID spoofing, we believe that explicitly identifying the services at issue better tracks the language of the statute and provides more direct notice to covered entities. Do commenters agree with this approach? Are there alternatives that we should consider? Does the phrase “in connection with” that precedes the phrase “any voice or text messaging service” warrant clarification or interpretation in our revised rules?
6. We also propose to adopt definitions of “text message,” “text messaging service,” and “voice service” and to revise the definitions of “caller identification information,” and “caller identification service” to implement Congress' intent to expand the scope of the prohibition on harmful caller ID spoofing. We seek comment on each proposed new or revised definition and invite commenters to propose different language to better reflect Congress' intent with respect to the expanded scope of covered communications. We propose to include these definitions in the definitions section of subpart P to our part 64 rules. We seek comment on this proposal and invite commenters to identify any unidentified consequences of that placement.
7.
8. Is our proposed definition sufficiently inclusive to capture all types of text messages that could be used for prohibited spoofing activity (but excluding messages that fall within the express statutory exclusions)? The definition would encompass messages that include “text, images, sounds, or other information.” Are commenters aware of examples of “information” that is not text, images or sounds that could comprise the content of a covered text message today, or did Congress include the phrase “other information” out of an abundance of caution to be as inclusive as possible given rapid changes in technology? We seek comment on any examples that may now, or in the future, exist and whether such examples should be identified and included in our rules to clarify the term “other information.”
9. The definition of text message in both section 227(e) as amended and in our proposed rules specifically include SMS and MMS as types of covered text messages. In amending section 227(e), Congress did not define SMS or MMS, nor are there definitions of SMS or MMS contained in the Commission rules. Should we include definitions of SMS and MMS in our Truth in Caller ID rules? In our recent
10. Are there other types of text messages besides SMS and MMS that we should explicitly include in the definition of text message? For instance, Rich Communication Services (RCS), an IP-based asynchronous messaging protocol, is the next-generation SMS. Should we explicitly include RCS in our definition of “text message”? If so, should we include a definition of RCS in our rules, and what should that definition be?
11. Like section 227(e) as amended, our proposed definition of text message is limited to messages that are “transmitted to or from a device that is identified as the receiving or transmitting device by means of a 10-digit telephone number or N11 service code.” The Commission has previously described N11 services as “abbreviated dialing arrangements that allow telephone users to connect with a particular node in the network by dialing only three digits.” We believe that our previous description of N11 service codes is consistent with Congress' use of the term in amending section 227(e). Do commenters agree? If
12. Section 227(e) as amended excludes from the definition of “text message” “real-time, two-way voice or video communications.” By proposing to explicitly exclude “real-time, two-way voice or video communications” in our proposed definition of “text message,” we track the statutory definition. Should we clarify in our rules what “real-time, two-way voice or video communications” means for the purpose of being excluded from the term “text message”? We invite commenters to offer specific clarifying language. We believe that “real-time, two-way voice” communications that are transmitted by means of a 10-digit telephone number or N11 service code are excluded from the definition of text message because they are included in the definition of “voice service.” We seek comment on that understanding. We also seek comment on whether there are real-time, two-way video communications that are transmitted by means of a 10-digit telephone number or N11 service code that are excluded from the definition of text message and not encompassed by the definition of voice service.
13. Section 227(e) as amended also excludes from the definition of “text message” “a message sent over an IP-enabled messaging service to another user of the same messaging service.” By tracking the statutory definition of “text message,” our proposed definition incorporates that exclusion. We believe we should interpret this exclusion to include non-MMS or SMS messages sent using IP-enabled messaging services such as iMessage, Google Hangouts, WhatsApp, and Skype. For instance, a message sent from one computer to another computer using WhatsApp, or the “chat” function on Google Hangouts would appear to be an IP-enabled messaging service between users of the same messaging service under the second exclusion in the statutory definition of “Text Message.” Likewise, text communications between or among two or more Skype users or iMessages between or among iPhone users would also not appear to be covered. Do commenters agree? If not, why not? What other IP-messaging services should we recognize as falling within the scope of this exclusion? Should we include specific examples in our rules? Will the scope of this exclusion, as we propose to interpret it, allow for adequate enforcement against misleading or inaccurate text messages or provide a safe harbor for bad actors to exploit?
14. We also seek comment on whether there are other messages consisting of forms of text, visual, audio, or other information transfer using telephone numbers or N11 codes that we should exclude from the definition of “text message” beyond those specifically excluded in section 227(e) as amended. We invite commenters to identify any such text message types, and to explain why we should exclude them. Commenters arguing for specific exclusions should explain why, in their view, adding exclusions would be consistent with congressional intent.
15. We do not believe that the new statutory definition of “text message” or any of the other recent amendments to section 227(e) regarding text messages affects the Commission's finding that text messages are “calls” for purposes of section 227(b) which, among other things, places limits on calls made using any automatic telephone dialing system or artificial or prerecorded voice. Congress placed the new definition of “text message” in section 227(e) rather than in section 227(a), which contains definitions generally applicable throughout section 227. We therefore see nothing in section 227(e) as amended to suggest that Congress intended to disturb the Commission's long-standing treatment of text messages under section 227(b), which has been in place since 2003. We seek comment on this view.
16.
17. In the
18.
19. Our existing rules cover calls made using “telecommunications service” or “interconnected VoIP service.” We propose to interpret the term “voice service” to include and be more expansive than “telecommunications service” and “interconnected VoIP service” as currently defined. Do commenters agree? What are examples of specific voice communications captured by the term “voice service” but not by the terms “telecommunications service” or “interconnected VoIP service”?
20. Separately, we seek comment on whether we should explicitly include the terms “telecommunications service” and “interconnected VoIP service” within the definition of “voice service.” Would that provide useful clarity to stakeholders? Are there other services we should specifically include within the definition of “voice service”?
21. We also seek comment on whether we should explicitly include within the definition of voice service, “real-time, two-way voice communications” that are transmitted by means of a 10-digit telephone number or N11 service code? Such communications are explicitly excluded from the definition of “text message” in section 227(e) as amended. We think the best way to understand that exclusion is to find that those types of voice communications are encompassed by the definition of “voice service.” Do commenters agree? Should we modify our proposed definition of
22. Relatedly, section 227(e) as amended specifies that communications falling within the “voice service” definition must be “interconnected” with the public switched telephone network (PSTN). Congress neither defined the term “interconnected” for purposes of section 227(e) of the Act nor referred to other statutory provisions or Commission rules where the word “interconnected” is used as part of the definition of specific categories of communications. For instance, the Act defines “interconnected VoIP service” and “interconnected service” in different sections of the statute to identify specific but different services that are covered by such definitions. Similarly, our rules contain definitions for each of these terms. Yet Congress uses only the word “interconnected” in defining the scope of voice services covered under amended section 227(e). Indeed, in amending section 227(e), Congress specifically
23. In light of this apparent intent by Congress to broaden the definition of voice services subject to the section 227(e) prohibition, should we interpret the term “interconnected” as used in the definition of “voice service” to include any service that enables voice communications either to the PSTN or from the PSTN, regardless of whether it enables both inbound and outbound communications within the same service. For example, should we include within the definition of “voice services” any “one-way” VoIP service that connects with the PSTN and uses telephone numbers that separately enable users to make outbound calls to landline or mobile telephones or to receive inbound calls from landline or mobile telephones? Such services are not “interconnected VoIP” services because they do not permit users to receive calls originating on the PSTN
24. The
25. We seek comment on whether we should interpret “interconnected” to include both direct and indirect interconnection to the PSTN to account for different methods of interconnection. Are there particular types of voice communications that are susceptive to caller ID spoofing that would not be captured by the definition of “voice services” if we fail to interpret “interconnected” to include voice services that are indirectly connected to the PSTN? What are those services? Are there reasons not to interpret “interconnected” to include both direct and indirect connections to the PSTN?
26. Are there other consequences that flow from our proposed interpretation of “interconnected” to the PSTN, including any potential consequences resulting from our use of the term “voice service provider” in the context of section 227(b), that we should consider? If we interpret “interconnected” as we propose to do, should we expressly include a definition of that interpretation within the definition of “voice service” in our rules to provide more specificity about that interpretation? If so, we invite suggestions on how to proceed.
27. Finally, the definition of “voice service” in section 227(e) as amended specifically “includes” transmissions to a “telephone facsimile machine” (fax machine) from a computer, fax machine, or other device. We propose to incorporate this additional specification into our rules. We seek comment on this proposal.
28.
29. More generally, with respect to all of our proposals to implement new or revised definitions of covered communications within subpart P of part 64 of our rules, we seek comment on whether there are any other uses of these or related terms within this same subpart, or in other parts of our rules, that overlap, are changed or otherwise affected by the definitions we propose and are not specifically addressed above. If so, we invite commenters to identify these other rules and explain how such rules are impacted.
30. In addition to the proposals we make above to implement the statutory amendments to section 227(e) adopted in the RAY BAUM'S Act, are there other revisions we should make to our Truth in Caller ID rules to effectuate Congress' intent? For example, are there any other necessary limitations, exceptions, extensions, or clarifications to the proposed rules or our existing rules that we have not addressed that are necessary to implement the amendments to section 227(e)? If so, we seek comment on any such further changes to our rules and why they are necessary. Finally, we do not expect our proposed rules or any alternative rules we may adopt in response to this
31. As required by the Regulatory Flexibility Act of 1980, as amended (RFA), the Commission has prepared this Initial Regulatory Flexibility Analysis (IRFA) of the possible significant economic impact on small entities by the policies and rules proposed in the
32. RAY BAUM'S Act mandates that the Commission issue rules updating the regulations implementing the Truth in Caller ID Act by September 2019. The Congressional mandate coincides with the need to protect consumers from misleading and inaccurate caller ID spoofing, which can contribute to serious fraud and abuse. In this
33. The proposed rule changes directly adopt the language contained in RAY BAUM'S Act: The scope of covered communications now includes those originating outside of the United States, so long as they are directed at recipients within the United States; and the types of services covered are changed from “telecommunications service” and “interconnected VoIP service” to the more precisely defined “voice service” and “text messaging service,” with “voice service” including any service interconnected with the PSTN and that furnishes voice communications to an end user using NANP resources. The proposed rules do not impose record keeping or reporting obligations on any entity.
34. The proposed action is authorized under the RAY BAUM'S Act, Public Law 115-141, Div. P, 132 Stat. 348, and in sections 1, 4(i), 201(b), 227(e), 251(e) and 303 of the Communications Act of 1934, as amended, 47 U.S.C. 151, 154(i), 201(b), 227(e), 251(e) and 303.
35. The RFA directs agencies to provide a description of, and where feasible, an estimate of the number of small entities that may be affected by the proposed rules and by the rule revisions on which the
36.
37. Next, the type of small entity described as a “small organization” is generally “any not-for-profit enterprise which is independently owned and operated and is not dominant in its field.” Nationwide, as of Aug 2016, there were approximately 356,494 small organizations based on registration and tax data filed by nonprofits with the Internal Revenue Service (IRS).
38. Finally, the small entity described as a “small governmental jurisdiction” is defined generally as “governments of cities, counties, towns, townships, villages, school districts, or special districts, with a population of less than fifty thousand.” U.S. Census Bureau data from the 2012 Census of Governments indicates that there were 90,056 local governmental jurisdictions consisting of general purpose governments and special purpose governments in the United States. Of this number there were 37,132 General purpose governments (county, municipal and town or township) with populations of less than 50,000 and 12,184 Special purpose governments (independent school districts and special districts) with populations of less than 50,000. The 2012 U.S. Census Bureau data for most types of governments in the local government category shows that the majority of these governments have populations of less than 50,000. Based on this data we estimate that at least 49,316 local government jurisdictions fall in the category of “small governmental jurisdictions.”
39.
40.
41.
42.
43. We have included small incumbent LECs in this present RFA analysis. As noted above, a “small business” under the RFA is one that,
44.
45.
46.
47.
48.
49.
50. The Commission's own data—available in its Universal Licensing System—indicate that, as of October 25, 2016, there are 280 Cellular licensees that will be affected by our actions today. The Commission does not know how many of these licensees are small, as the Commission does not collect that information for these types of entities. Similarly, according to internally developed Commission data, 413 carriers reported that they were engaged in the provision of wireless telephony, including cellular service, Personal Communications Service, and Specialized Mobile Radio Telephony services. Of this total, an estimated 261 have 1,500 or fewer employees, and 152 have more than 1,500 employees. Thus, using available data, we estimate that the majority of wireless firms can be considered small.
51.
52.
53.
54.
55.
56. This
57. The RFA requires an agency to describe any significant alternatives that it has considered in reaching its proposed approach, which may include the following four alternatives (among others): (1) The establishment of differing compliance or reporting requirements or timetables that take into account the resources available to small entities; (2) the clarification, consolidation, or simplification of compliance and reporting requirements under the rules for such small entities; (3) the use of performance rather than design standards; and (4) an exemption from coverage of the rule, or any part thereof, for such small entities.
58. RAY BAUM'S Act does not distinguish between small entities and other entities and individuals. In the
59. None.
60.
•
•
Filings can be sent by hand or messenger delivery, by commercial overnight courier, or by first-class or overnight U.S. Postal Service mail. All filings must be addressed to the Commission's Secretary, Office of the Secretary, Federal Communications Commission.
• All hand-delivered or messenger-delivered paper filings for the Commission's Secretary must be delivered to FCC Headquarters at 445 12th St. SW, Room TW-A325, Washington, DC 20554. The filing hours are 8:00 a.m. to 7:00 p.m. All hand deliveries must be held together with rubber bands or fasteners. Any envelopes and boxes must be disposed of before entering the building.
• Commercial overnight mail (other than U.S. Postal Service Express Mail and Priority Mail) must be sent to 9050 Junction Drive, Annapolis Junction, MD 20701.
• U.S. Postal Service first-class, Express, and Priority mail must be addressed to 445 12th Street SW, Washington, DC 20554.
•
61.
62.
63.
64.
65. Accordingly,
66.
Communications common carriers, Caller identification information, Telecommunications, Telephone.
For the reasons discussed in the preamble, the Federal Communications Commission proposes to amend 47 CFR part 64 as follows:
47 U.S.C. 154, 201, 202, 218, 222, 225, 226, 227, 228, 251(e), 254(k), 403(b)(2)(B), (c), 616, 620, 1401-1473; Sec. 5103, Pub. L. 115-141, 132 Stat. 348.
(c)
(d)
(m)
(1) Means a message consisting of text, images, sounds, or other information that is transmitted to or from a device that is identified as the receiving or transmitting device by means of a 10-digit telephone number or N11 service code;
(2) Includes a short message service (SMS) message, and a multimedia message service (MMS) message; and
(3) Does not include:
(i) A real-time, two-way voice or video communication; or
(ii) A message sent over an IP-enabled messaging service to another user of the same messaging service, except a message described in paragraph (2) of this definition.
(n)
(o)
(1) Means any service that is interconnected with the public switched telephone network and that furnishes voice communications to an end user using resources from the North American Numbering Plan or any successor to the North American Numbering Plan adopted by the Commission under section 251(e)(1); and
(2) Includes transmissions from a telephone facsimile machine, computer, or other device to a telephone facsimile machine.
(a) No person or entity in the United States, nor any person or entity outside the United States if the recipient is within the United States, shall, with the intent to defraud, cause harm, or wrongfully obtain anything of value, knowingly cause, directly, or indirectly, any caller identification service to transmit or display misleading or inaccurate caller identification information in connection with any voice service or text messaging service.
National Marine Fisheries Service (NMFS), National Oceanic and Atmospheric Administration (NOAA), Commerce.
Notice of intent to prepare an Environmental Impact Statement (EIS); announcement of public scoping period and request for comments.
NMFS and the Pacific Fishery Management Council (Council) announce their intent to prepare an EIS, in accordance with the National Environmental Policy Act (NEPA) of 1969, to analyze the potential short- and long-term impacts of the proposed action to authorize deep-set buoy gear under the Fishery Management Plan for U.S. West Coast Fisheries for Highly Migratory Species (HMS FMP) on the human (biological, physical, social, and economic) environment. This notice of
Written comments on the scope of the analysis will be accepted through April 3, 2019. Written, faxed, or emailed comments must be received by 5 p.m. Pacific Daylight Time (PDT) on April 3, 2019. Public comments will also be accepted during a webinar scheduled for 1 p.m. to 3 p.m. PDT, March 26, 2019. Please notify Lyle Enriquez (see
You may submit comments on the scope of this EIS by any of the following methods:
•
1. Go to
2. Click the “Comment Now!” icon, complete the required fields, and
3. Enter or attach your comments.
•
Copies of this document can be obtained from
Lyle Enriquez, NMFS, 562-980-4025,
After a series of initial research and exempted fishing permit trials of deep-set buoy gear, (including both standard and linked configurations) the Council decided to consider authorizing the gear to be fished in the exclusive economic zone (EEZ) off the U.S. west coast under the HMS FMP. The initial trials indicate that this innovative gear-type has infrequent protected species (including sea turtles, marine mammals, and seabirds) interactions and finfish bycatch, and it may contribute to an economically viable U.S. west coast swordfish fishery. Currently, only two other fishing gears are authorized for targeting swordfish in the EEZ off the U.S. west coast: Harpoon and drift gillnet. Participation in the drift gillnet fleet has declined considerably over the last two decades, with between 17 and 23 vessels delivering swordfish landings to U.S. west coast ports each year since 2014. Fewer than 21 harpoon vessels made landings each year since 2014. The harpoon fishery has historically been a low-volume fishery compared to the drift gillnet fishery.
The purpose and need as determined by the Council during its November 2018 meeting are as follows:
• The purpose of the proposed action is to authorize the use of deep-set buoy gear as an additional fishing gear in the U.S. west coast commercial swordfish fishery that minimizes bycatch and incidental mortality of finfish and protected species (including sea turtles, marine mammals, and seabirds) to the extent practicable while maximizing the potential for an economically viable fishery.
• The proposed action is needed to authorize deep-set buoy gear as a new gear type as a component of a U.S. west coast swordfish fishery that effectively addresses the 10 National Standards (NS) for Conservation and Management included in the Magnuson Stevens Act, Section 301, in particular NS One (optimum yield) and Nine (minimize bycatch).
Deep-set buoy gear is an umbrella term referring to two distinct gear configurations. These configurations include standard buoy gear and linked buoy gear. An individual piece of standard buoy gear consists of a vertical monofilament mainline suspended from a buoy-array with a terminal weight. Up to three gangions with hooks may be attached to the mainline at a minimum depth of 90 meters (295 feet). An individual piece of linked buoy gear consists of a monofilament mainline which extends vertically from a buoy-array (either directly or from a minimum 50 foot poly-line extender) to a weight; then horizontally to a second weight; then vertically to a minimum 50 foot poly-line extender attached to a second buoy-array. Up to three gangions with hooks may be connected to each horizontal section of the mainline, all of which must be fished below 90 meters. The pieces may be linked together by the mainline, which is serviceable between each piece of linked buoy gear and must be suspended between links below a depth of 50 feet. No more than 10 sections of linked buoy gear may be deployed at any one time, with no more than three hooks per section.
Both configurations include the following specifications and operational criteria:
• The surface buoy flotation and strike detection array must consist of a minimum of three buoys (a minimum 45 pound buoyancy non-compressible hard ball, a minimum 6 pound buoyancy buoy, and a strike detection buoy), with no more than six feet of line between adjacent buoys, all connected in-line by a minimum of
• Weights must be a minimum of 3.6 kilograms;
• Lines connecting surface buoys must be at least
• Minimum size 16/0 circle hooks with not more than 10° offset;
• A vessel may deploy no more than ten pieces of standard or linked buoy gear one time, with no more than three hooks per piece;
• All pieces of gear must remain within a five nautical mile diameter circle and the vessel may be no more than three nautical miles from the nearest piece of gear. These specifications allow for active tending;
• Gear must be deployed prior to local sunrise and onboard the vessel no later than three hours after local sunset;
• Gear types other than deep-set buoy gear may be used on the same trip when deep-set buoy gear is used as long as the deep-set buoy gear is actively tended. This limits the gears with which fishermen could concurrently fish with deep-set buoy gear and maintain maneuverability to allow for active tending or staying within the active tending boundary or both. Other gears may be set and retrieved on the way out to and returning from sea, and deep-set buoy gear fished and actively tended in between, potentially at a large distance from the other gear.
A detailed description of the alternatives adopted by the Council on November 7, 2018, can be found here:
Under Alternative 2, the Council adopted five sub-options pertaining to the number and timing of limited entry permits to be issued in the Southern California Bight. These options are as follows:
1. Not more than 25 permits per year, not to exceed 300 total;
2. Not more than 50 permits per year, not to exceed 300 total;
3. Not more than 100 permits per year, not to exceed 300 total;
4. Not more than 300 permits maximum; and
5. Up to 50 permits issued in the first permit year, and up to 25 permits issued annually in subsequent years until either (a) a maximum of 300 permits are issued, (b) NMFS determines less than 300 are necessary to ensure compliance with the Endangered Species Act and Marine Mammal Protection Act, or (c) the Council recommends to NMFS that less than 300 permits are necessary to meet stakeholder needs.
The Council selected Alternative 2, Option 5 as its preliminary preferred alternative (PPA) on November 7, 2018. On November 7, 2018, the Council also selected a range of options for limited entry qualifying criteria (
A principal objective of the scoping and public input process is to identify potentially significant impacts to the human environment that should be analyzed in depth in the EIS. Information and analysis prepared for this action also may be used for scoping future swordfish harvest and management measure actions to help decide whether to prepare an Environmental Assessment or EIS.
Public scoping occurs throughout the Council's decision-making process. All decisions during the Council process benefit from written and oral public comments delivered prior to or during Council meetings. These public comments are integral to scoping for developing this EIS. The Council began considering the proposed action at their March 2016 meeting, and they developed a range of alternatives during their June 2016, March 2017, and June 2018 meetings. During the November 2018 meeting, the Council adopted a final range of alternatives, including qualifying criteria for limited entry program options, and selected a preliminary preferred alternative. Council meetings in 2019 that offer additional opportunities for public involvement include: The March 5-12 meeting in Vancouver, Washington (Hilton Vancouver Washington, 301 W Sixth Street, Vancouver, WA 98660), and the June 18-25 meeting in San Diego, California (Doubletree by Hilton San Diego (7450 Hazard Center Drive, San Diego, CA 92108). For further information on these meetings, visit the Council's website,
Animal and Plant Health Inspection Service, USDA.
Notice of intent to prepare an environmental impact statement.
We are advising the public that the Animal and Plant Health Inspection Service plans to prepare an environmental impact statement analyzing alternatives for predator damage management in Idaho.
Mr. Kirk Gustad, Wildlife Services, APHIS, USDA, 9134 West Blackeagle Drive, Boise, ID 83709; (208) 373-1630.
The Animal and Plant Health Inspection Service (APHIS) intends to prepare an environmental impact statement (EIS) to address alternatives for APHIS Wildlife Services' involvement in managing damage and threats to livestock and other domestic animals, agricultural resources, property, natural resources, and human health and safety associated with predators in Idaho. The scope of the EIS is intended to include management of damage and conflicts associated with coyotes, gray wolves, black bears, grizzly bears, mountain lions, bobcats, red foxes, striped skunks, raccoons, badgers, feral and free-ranging dogs, common ravens, and black-billed magpies. Feral and free-ranging cats, feral swine, western spotted skunks, mink, long-tailed weasels, short-tailed weasels, American crows, bald eagles, and golden eagles are associated with conflicts on rare occasions and also will be addressed in the analysis.
We anticipate initiating public scoping for the EIS in May 2019. Once completed, the EIS will replace APHIS Wildlife Services' regional environmental assessments on predator damage management in Southern Idaho and in Northern and Central Idaho, and the environmental assessment on gray wolf damage management in Idaho.
Enforcement and Compliance, International Trade Administration, Department of Commerce.
The Department of Commerce (Commerce) preliminarily determines that steel racks and parts thereof (steel racks) from the People's Republic of China (China) are being, or are likely to be, sold in the United States at less than fair value (LTFV) for the period of investigation (POI) October 1, 2017, through March 31, 2018.
Applicable March 4, 2019.
Patrick O'Connor or Maliha Khan, AD/CVD Operations, Office IV, Enforcement and Compliance, International Trade Administration, U.S. Department of Commerce, 1401 Constitution Avenue NW, Washington, DC 20230; telephone: (202) 482-0989 or (202) 482-0895, respectively.
This preliminary determination is made in accordance with section 733(b) of the Tariff Act of 1930, as amended (the Act). Commerce published the notice of initiation of this investigation on July 17, 2018.
The Preliminary Decision Memorandum is a public document and is on file electronically via Enforcement and Compliance's Antidumping and Countervailing Duty Centralized Electronic Service System (ACCESS). ACCESS is available to registered users at
The products covered by this investigation are steel racks from China. For a complete description of the scope of this investigation,
In accordance with the preamble to Commerce's regulations,
Commerce is conducting this investigation in accordance with section 731 of the Act. Commerce has calculated export prices in accordance with section 772(a) of the Act. Because China is a non-market economy country within the meaning of section 771(18) of the Act, Commerce has calculated normal value (NV) in accordance with section 773(c) of the Act. Furthermore, pursuant to sections 776(a) and (b) of the Act, Commerce preliminarily has relied upon facts otherwise available, with adverse inferences, for the China-wide entity, which includes Jiangsu Kingmore Storage Equipment Manufacturing Co., Ltd., Nanjing Huade Storage Equipment Manufacturing Co., Ltd., Nanjing Inform Storage Equipment (Group) Co., Ltd., Tangshan Apollo Energy Equipment Company, Ltd., Xiamen PDF Co., Ltd. and Zhangzhou URB Fabricating Co., Ltd. For a full description of the methodology underlying Commerce's preliminary determination,
For a full description of the methodology underlying our conclusions,
In the
Commerce preliminarily determines that the following estimated weighted-average dumping margins exist:
In accordance with section 733(d)(2) of the Act, Commerce will direct U.S. Customs and Border Protection (CBP) to suspend liquidation of subject merchandise as described in the scope of the investigation section entered, or withdrawn from warehouse, for consumption on or after the date of publication of this notice in the
To determine the cash deposit rate, Commerce normally adjusts the estimated weighted-average dumping margin by the amount of domestic subsidy pass-through and export subsidies determined in a companion CVD proceeding when CVD provisional measures are in effect. However, Commerce has not made a preliminary affirmative determination for a domestic subsidy pass-through adjustment in this AD investigation, nor has it found export subsidies in the companion CVD investigation. Therefore, Commerce made no offsets to the estimated weighted-average dumping margin for purposes of calculating the appropriate cash deposit rate.
These suspension of liquidation instructions will remain in effect until further notice.
Commerce intends to disclose to interested parties the calculations performed in connection with this preliminary determination within five days of its public announcement or, if there is no public announcement, within five days of the date of publication of this notice in accordance with 19 CFR 351.224(b).
As provided in section 782(i)(1) of the Act, Commerce intends to verify information relied upon in making its final determination.
Case briefs or other written comments, on all issues other than scope issues, may be submitted to the Assistant Secretary for Enforcement and Compliance no later than seven days after the date on which the last final verification report is issued in this investigation, unless the Secretary alters the time limit. Rebuttal case briefs, limited to issues raised in case briefs, may be submitted no later than five days after the deadline date for case briefs.
Interested parties may address Commerce's preliminary scope determination in scope briefs which may be submitted to the Assistant Secretary for Enforcement and Compliance no later than 30 days after the publication of the preliminary AD determination in the
Pursuant to 19 CFR 351.310(c), interested parties who wish to request a hearing, limited to issues raised in the case and rebuttal briefs, must submit a written request to the Assistant Secretary for Enforcement and Compliance, U.S. Department of Commerce, within 30 days after the date of publication of this notice. Requests should contain the party's name, address, and telephone number, the number of participants, whether any participant is a foreign national, and a list of the issues to be discussed. If a request for a hearing is made, Commerce intends to hold the hearing at the U.S. Department of Commerce, 1401 Constitution Avenue NW, Washington, DC 20230, at a time and date to be determined. Parties should confirm by telephone the date, time, and location of the hearing two days before the scheduled date.
Section 735(a)(2) of the Act provides that a final determination may be postponed until not later than 135 days after the date of the publication of the preliminary determination if, in the event of an affirmative preliminary determination, a request for such postponement is made by exporters who account for a significant proportion of exports of the subject merchandise, or in the event of a negative preliminary
On December 10, 2018, pursuant to 19 CFR 351.210(b)(2)(ii) and e(2), Nanjing Dongsheng requested that Commerce postpone the final determination, and that provisional measures be extended to a period not to exceed six months.
In accordance with section 733(f) of the Act, Commerce will notify the International Trade Commission (ITC) of its preliminary determination of sales at LTFV. If the final determination is affirmative, the ITC will determine before the later of 120 days after the date of this preliminary determination or 45 days after the final determination whether imports of the subject merchandise are materially injuring, or threaten material injury to, the U.S. industry.
This determination is issued and published in accordance with sections 733(f) and 777(i)(1) of the Act and 19 CFR 351.205(c).
The merchandise covered by this investigation is steel racks and parts thereof, assembled, to any extent, or unassembled, including but not limited to, vertical components (
Subject steel racks and parts thereof are made of steel, including, but not limited to, cold and/or hot-formed steel, regardless of the type of steel used to produce the components and may, or may not, include locking tabs, slots, or bolted, clamped, or welded connections. Subject steel racks have the following physical characteristics:
(1) Each steel vertical and horizontal load bearing member (
(2) Each steel vertical and horizontal load bearing member (
(3) The width of each steel vertical load bearing member (
(4) The overall depth of each steel roll-formed horizontal load bearing member (
In the case of steel horizontal load bearing members other than roll-formed (
Steel rack components can be assembled into structures of various dimensions and configurations by welding, bolting, clipping, or with the use of devices such as clips, end plates, and beam connectors, including, but not limited to the following configurations: (1) Racks with upright frames perpendicular to the aisles that are independently adjustable, with positive-locking beams parallel to the aisle spanning the upright frames with braces; and (2) cantilever racks with vertical components parallel to the aisle and cantilever beams or arms connected to the vertical components perpendicular to the aisle. Steel racks may be referred to as pallet racks, storage racks, stacker racks, retail racks, pick modules, selective racks, or cantilever racks and may incorporate moving components and be referred to as pallet-flow racks, carton-flow racks, push-back racks, movable-shelf racks, drive-in racks, and drive-through racks. While steel racks may be made to ANSI MH16.l or ANSI MH16.3 standards, all steel racks and parts thereof meeting the description set out herein are covered by the scope of this investigation, whether or not produced according to a particular standard.
The scope includes all steel racks and parts thereof meeting the description above, regardless of
(1) other dimensions, weight, or load rating;
(2) vertical components or frame type (including structural, roll-form, or other);
(3) horizontal support or beam/brace type (including but not limited to structural, roll-form, slotted, unslotted, Z-beam, C-beam, L-beam, step beam, and cantilever beam);
(4) number of supports;
(5) number of levels;
(6) surface coating, if any (including but not limited to paint, epoxy, powder coating, zinc, or other metallic coatings);
(7) rack shape (including but not limited to rectangular, square, corner, and cantilever);
(8) the method by which the vertical and horizontal supports connect (including but not limited to locking tabs or slots, bolting, clamping, and welding); and
(9) whether or not the steel rack has moving components (including but not limited to rails, wheels, rollers, tracks, channels, carts, and conveyors).
Subject merchandise includes merchandise matching the above description that has been finished or packaged in a third country. Finishing includes, but is not limited to, coating, painting, or assembly, including attaching the merchandise to another product, or any other finishing or assembly operation that would not remove the merchandise from the scope of the investigation if performed in the country of manufacture of the steel racks and parts thereof. Packaging includes packaging the merchandise with or without another product or any other packaging operation that would not remove the merchandise from the scope of the investigation if performed in the country of manufacture of the steel racks and parts thereof.
Steel racks and parts thereof are included in the scope of this investigation whether or not imported attached to, or included with, other parts or accessories such as wire decking, nuts, and bolts. If steel racks and parts thereof are imported attached to, or included with, such non-subject merchandise, only the steel racks and parts thereof are included in the scope.
The scope of this investigation does not cover: (1) Decks,
Specifically excluded from the scope of this investigation are any products covered by Commerce's existing antidumping and countervailing duty orders on boltless steel
Also excluded from the scope of this investigation are bulk-packed parts or components of boltless steel shelving units that were specifically excluded from the scope of the Boltless Steel Shelving Orders because such bulk-packed parts or components do not contain the steel vertical supports (
Such excluded components of boltless steel shelving are defined as:
(1) Boltless horizontal supports (beams, braces) that have each of the following characteristics: (a) A length of 95 inches or less, (b) made from steel that has a thickness of 0.068 inches or less, and (c) a weight capacity that does not exceed 2500 lbs per pair of beams for beams that are 78” or shorter, a weight capacity that does not exceed 2200 lbs per pair of beams for beams that are over 78” long but not longer than 90”, and/or a weight capacity that does not exceed 1800 lbs per pair of beams for beams that are longer than 90”;
(2) shelf supports that mate with the aforementioned horizontal supports; and
(3) boltless vertical supports (upright welded frames and posts) that have each of the following characteristics: (a) A length of 95 inches or less, (b) with no face that exceeds 2.90 inches wide, and (c) made from steel that has a thickness of 0.065 inches or less.
Excluded from the scope of this investigation are: (1) Wall-mounted shelving and racks, defined as shelving and racks that suspend all of the load from the wall, and do not stand on, or transfer load to, the floor; (2) ceiling-mounted shelving and racks, defined as shelving and racks that suspend all of the load from the ceiling and do not stand on, or transfer load to, the floor; and (3) wall/ceiling mounted shelving and racks, defined as shelving and racks that suspend the load from the ceiling and the wall and do not stand on, or transfer load to, the floor. The addition of a wall or ceiling bracket or other device to attach otherwise subject merchandise to a wall or ceiling does not meet the terms of this exclusion.
Also excluded from the scope of this investigation is scaffolding that complies with ANSI/ASSE A10.8—2011—Scaffolding Safety Requirements, CAN/CSA S269.2-M87 (Reaffirmed 2003)—Access Scaffolding for Construction Purposes, and/or Occupational Safety and Health Administration regulations at 29 CFR part 1926 subpart L—Scaffolds.
Also excluded from the scope of this investigation are tubular racks such as garment racks and drying racks,
Also excluded from the scope of this investigation are portable tier racks. Portable tier racks must meet each of the following criteria to qualify for this exclusion:
(1) They are freestanding, portable assemblies with a fully welded base and four freely inserted and easily removable corner posts;
(2) They are assembled without the use of bolts, braces, anchors, brackets, clips, attachments, or connectors;
(3) One assembly may be stacked on top of another without applying any additional load to the product being stored on each assembly, but individual portable tier racks are not securely attached to one another to provide interaction or interdependence; and
(4) The assemblies have no mechanism (
Also excluded from the scope of this investigation are accessories that are independently bolted to the floor and not attached to the rack system itself,
Merchandise covered by this investigation is currently classified in the Harmonized Tariff Schedule of the United States (HTSUS) under the following subheadings: 7326.90.8688, 9403.20.0080, and 9403.90.8041. Subject merchandise may also enter under subheadings 7308.90.3000, 7308.90.6000, 7308.90.9590, and 9403.20.0090. The HTSUS subheadings are provided for convenience and U.S. Customs purposes only. The written description of the scope is dispositive.
Enforcement and Compliance, International Trade Administration, Department of Commerce.
Applicable February 25, 2019.
David Goldberger at (202) 482-4136 (Canada); Alice Maldonado at (202) 482-4682 (the People's Republic of China (China)); and Jeffrey Pedersen at (202) 482-2769 (Mexico); AD/CVD Operations, Enforcement and Compliance, International Trade Administration, U.S. Department of Commerce, 1401 Constitution Avenue NW, Washington, DC 20230.
On February 4, 2019, the U.S. Department of Commerce (Commerce) received antidumping duty (AD) Petitions concerning imports of certain fabricated structural steel (fabricated structural steel) from Canada, China, and Mexico, which were subsequently amended on February 21, 2019.
On February 7, 2019, Commerce requested supplemental information pertaining to certain aspects of the Petitions in separate supplemental
In accordance with section 732(b) of the Tariff Act of 1930, as amended (the Act), the petitioner alleges that imports of fabricated structural steel from Canada, China, and Mexico are being, or are likely to be, sold in the United States at less than fair value (LTFV) within the meaning of section 731 of the Act, and that such imports are materially injuring, or threatening material injury to, the domestic industry producing fabricated structural steel in the United States. Consistent with section 732(b)(1) of the Act, the Petitions are accompanied by information reasonably available to the petitioner supporting its allegations.
Section 771(9)(E) of the Act states that “a trade or business association” is an interested party if “a majority” of its “members manufacture, produce, or wholesale a domestic like product in the United States. Based on information contained in the petitioner's amended Petition submission of February 21, 2019,
Because the Petitions were filed on February 4, 2019, and amended on February 21, 2019, pursuant to 19 CFR 351.204(b)(1), the period of investigation (POI) for the Canada and Mexico investigations is January 1, 2018, through December 31, 2018. Because China is a non-market economy (NME) country, pursuant to 19 CFR 351.204(b)(1), the POI for the China investigation is July 1, 2018, through December 31, 2018.
The product covered by these investigations is fabricated structural steel from Canada, China, and Mexico. For a full description of the scope of these investigations,
During our review of the Petitions, Commerce contacted the petitioner regarding the proposed scope language to ensure that the scope language in the Petitions is an accurate reflection of the products for which the domestic industry is seeking relief.
As discussed in the
Commerce requests that any factual information parties consider relevant to the scope of the investigations be submitted during this period. However, if a party subsequently finds that additional factual information pertaining to the scope of the investigations may be relevant, the party may contact Commerce and request permission to submit the additional information. All such submissions must be filed on the records of the concurrent AD and CVD investigations.
All submissions to Commerce must be filed electronically using Enforcement and Compliance's Antidumping Duty and Countervailing Duty Centralized Electronic Service System (ACCESS).
Commerce is providing interested parties an opportunity to comment on the appropriate physical characteristics of fabricated structural steel to be reported in response to Commerce's AD questionnaires. This information will be used to identify the key physical characteristics of the subject merchandise in order to report the relevant factors of production (FOPs) accurately, as well as to develop appropriate product-comparison criteria.
Interested parties may provide any information or comments that they feel are relevant to the development of an accurate list of physical characteristics. Specifically, they may provide comments as to which characteristics are appropriate to use as: (1) General product characteristics, and (2) product comparison criteria. We note that it is not always appropriate to use all product characteristics as product comparison criteria. We base product comparison criteria on meaningful commercial differences among products. In other words, although there may be some physical product characteristics utilized by manufacturers to describe fabricated structural steel, it may be that only a select few product characteristics take into account commercially meaningful physical characteristics. In addition, interested parties may comment on the order in which the physical characteristics should be used in matching products. Generally, Commerce attempts to list the most important physical characteristics first and the least important characteristics last.
In order to consider the suggestions of interested parties in developing and issuing the AD questionnaires, all product characteristics comments must be filed by 5:00 p.m. ET on March 18, 2019, which is the next business day after 20 calendar days from the signature date of this notice.
Section 732(b)(1) of the Act requires that a petition be filed on behalf of the domestic industry. Section 732(c)(4)(A) of the Act provides that a petition meets this requirement if the domestic producers or workers who support the petition account for: (i) At least 25 percent of the total production of the domestic like product; and (ii) more than 50 percent of the production of the domestic like product produced by that portion of the industry expressing support for, or opposition to, the petition. Moreover, section 732(c)(4)(D) of the Act provides that, if the petition does not establish support of domestic producers or workers accounting for more than 50 percent of the total production of the domestic like product, Commerce shall: (i) Poll the industry or rely on other information in order to determine if there is support for the petition, as required by subparagraph (A); or (ii) determine industry support using a statistically valid sampling method to poll the “industry.”
Section 771(4)(A) of the Act defines the “industry” as the producers as a whole of a domestic like product. Thus, to determine whether a petition has the requisite industry support, the statute directs Commerce to look to producers and workers who produce the domestic like product. The International Trade Commission (ITC), which is responsible for determining whether “the domestic industry” has been injured, must also determine what constitutes a domestic like product in order to define the industry. While both Commerce and the ITC must apply the same statutory definition regarding the domestic like product,
Section 771(10) of the Act defines the domestic like product as “a product which is like, or in the absence of like, most similar in characteristics and uses with, the article subject to an investigation under this title.” Thus, the reference point from which the domestic like product analysis begins is “the article subject to an investigation” (
With regard to the domestic like product, the petitioner does not offer a definition of the domestic like product distinct from the scope of the Petitions.
In determining whether the petitioner has standing under section 732(c)(4)(A) of the Act, we considered the industry support data contained in the Petitions with reference to the domestic like product as defined in the “Scope of the Investigations,” in the Appendix to this notice. To establish industry support, the petitioner provided its own production of the domestic like product in 2017.
On February 12 and February 13, 2019, we received comments on industry support from Canada, the provincial government of Québec, and Mexico, respectively.
On February 19, 2019, we received comments on industry support from Corey, S.A. de C.V. (Corey), a Mexican producer and exporter of fabricated structural steel.
The petitioner responded to the comments from Corey on February 21, 2019.
Our review of the data provided in the Petitions, the General Issues Supplement, and other information readily available to Commerce indicates that the petitioner has established industry support for the Petitions.
The petitioner alleges that the U.S. industry producing the domestic like product is being materially injured, or is threatened with material injury, by reason of the imports of the subject merchandise sold at LTFV. In addition, the petitioner alleges that subject imports exceed the negligibility threshold provided for under section 771(24)(A) of the Act.
The petitioner contends that the industry's injured condition is illustrated by the significant volume and increasing market share of subject imports; reduced market share of the U.S. industry; underselling and price depression or suppression; declines in production, shipments, and capacity utilization; negative impact on employment variables; decline in the domestic industry's financial performance; and lost sales and revenues.
The following is a description of the allegation of sales at LTFV upon which Commerce based its decision to initiate AD investigations of imports of fabricated structural steel from Canada, China, and Mexico. The sources of data for the deductions and adjustments relating to U.S. price and normal value (NV) are discussed in greater detail in the AD Initiation Checklist for each country.
For China and Mexico, the petitioner based export price (EP) on pricing information for fabricated structural steel produced in, and exported from, those countries and sold or offered for sale in the United States.
For Canada, because the petitioner had reason to believe that the sale was made on a constructed export price (CEP) basis,
For Canada and Mexico, the petitioner was unable to obtain information relating to the prices charged for fabricated structural steel in Canada and Mexico, or any third country market.
With respect to China, Commerce considers China to be an NME country.
The Petitions claim Brazil is an appropriate surrogate country for China because it is a market economy country that is at a level of economic development comparable to that of China, and it is a significant producer of identical merchandise.
Interested parties will have the opportunity to submit comments regarding surrogate country selection and, pursuant to 19 CFR 351.301(c)(3)(i), will be provided an opportunity to submit publicly available information to value FOPs within 30 days before the scheduled date of the preliminary determination.
Because information regarding the volume of inputs consumed by the Chinese producer/exporter was not reasonably available, the Petitions used the product-specific consumption rates of a U.S. fabricated structural steel producer as a surrogate to estimate the Chinese manufacturer's FOPs.
As noted above, because home market and third country prices were not available for Mexico and Canada, the Petitions based NV on CV.
For Canada and Mexico, the Petitions calculated the COM based on the input factors of production and usage rates from a U.S. producer of fabricated structural steel. The input factors of production were valued using publicly available data on costs specific to Canada and Mexico during the proposed POI.
For Canada, the Petitions relied on the fiscal year (FY) 2017 audited financial statements of Empire Industries Limited (Empire), a Canadian producer of fabricated structural steel, to determine the per-unit factory overhead costs associated with the production of fabricated structural steel.
For Mexico, the Petitions calculated factory overhead, SG&A, interest and profit based on the 2017 audited financial statements of Carso, a Mexican producer of fabricated structural steel.
Based on the data provided by the Petitions, there is reason to believe that imports of fabricated structural steel from Canada, China, and Mexico are being, or are likely to be, sold in the United States at LTFV. Based on comparisons of EP, or CEP, to NV in accordance with sections 772 and 773 of the Act, the estimated dumping margins for fabricated structural steel for each of the countries covered by this initiation are as follows: (1) Canada—30.41 percent;
Based upon the examination of the Petitions and supplemental responses, we find that the Petitions meet the requirements of section 732 of the Act. Therefore, we are initiating AD investigations to determine whether imports of fabricated structural steel from Canada, China, and Mexico are being, or are likely to be, sold in the United States at LTFV. In accordance with section 733(b)(1)(A) of the Act and 19 CFR 351.205(b)(1), unless postponed, we will make our preliminary determinations no later than 140 days after the date of this initiation.
With respect to Canada and Mexico, the petitioner named 50 companies in Canada
With respect to China, the petitioners named 220 producers/exporters of fabricated structural steel in China. In AD investigations involving NME countries, Commerce selects respondents based on quantity and value (Q&V) questionnaires in cases where it cannot individually examine each company based upon its resources. After considering the large number of producers and exporters identified in the Petition, and considering the resources that must be used by Commerce to mail Q&V questionnaires to all of these companies, Commerce has determined that we do not have sufficient administrative resources to mail Q&V questionnaires to all 220 identified producers and exporters. Therefore, Commerce has determined to limit the number of Q&V questionnaires it will send out to exporters and producers based on CBP data for imports during the POI under the appropriate HTSUS numbers listed with the scope in the Appendix, below. Accordingly, Commerce will send Q&V questionnaires to the largest producers and exporters that are identified in the CBP data for which there is address information on the record.
On February 25, 2019, Commerce released CBP data on imports of fabricated structural steel from Canada, China, and Mexico under APO to all parties with access to information protected by APO and indicated that interested parties wishing to comment on the CBP data must do so within three business days of the publication date of the notice of initiation of these investigations.
In addition, Commerce will post the Q&V questionnaire along with filing instructions on the Enforcement and Compliance website at
Producers/exporters of fabricated structural steel from China that do not receive Q&V questionnaires by mail may still submit a response to the Q&V questionnaire and can obtain a copy of the Q&V questionnaire from Enforcement & Compliance's website. The Q&V response must be submitted by the relevant Chinese exporters/producers no later than 5:00 p.m. ET on March 15, 2019. All Q&V responses must be filed electronically via ACCESS.
In order to obtain separate-rate status in an NME investigation, exporters and producers must submit a separate-rate application.
Commerce will calculate combination rates for certain respondents that are eligible for a separate rate in an NME investigation. The Separate Rates and Combination Rates Bulletin states:
In accordance with section 732(b)(3)(A) of the Act and 19 CFR 351.202(f), copies of the public version of the Petitions have been provided to the governments of Canada, China, and Mexico
We will notify the ITC of our initiation, as required by section 732(d) of the Act.
The ITC will preliminarily determine, within 45 days after the date on which the Petitions were filed, whether there is a reasonable indication that imports of fabricated structural steel from Canada, China, and/or Mexico are materially injuring, or threatening material injury to, a U.S. industry.
Factual information is defined in 19 CFR 351.102(b)(21) as: (i) Evidence submitted in response to questionnaires; (ii) evidence submitted in support of allegations; (iii) publicly available information to value factors under 19 CFR 351.408(c) or to measure the adequacy of remuneration under 19 CFR 351.511(a)(2); (iv) evidence placed on the record by Commerce; and (v) evidence other than factual information described in (i)-(iv). Section 351.301(b) of Commerce's regulations requires any party, when submitting factual information, to specify under which subsection of 19 CFR 351.102(b)(21) the information is being submitted
Section 504 of the Trade Preferences Extension Act of 2015 amended the Act by adding the concept of particular market situation (PMS) for purposes of CV under section 773(e) of the Act.
Neither section 773(e) of the Act nor 19 CFR 351.301(c)(2)(v) set a deadline for the submission of PMS allegations and supporting factual information. However, in order to administer section 773(e) of the Act, Commerce must receive PMS allegations and supporting factual information with enough time to consider the submission. Thus, should an interested party wish to submit a PMS allegation and supporting new factual information pursuant to section 773(e) of the Act, it must do so no later than 20 days after submission of a respondent's initial section D questionnaire response.
Parties may request an extension of time limits before the expiration of a time limit established under 19 CFR 351.301, or as otherwise specified by the Secretary. In general, an extension request will be considered untimely if it is filed after the expiration of the time limit established under 19 CFR 351.301. For submissions that are due from multiple parties simultaneously, an extension request will be considered untimely if it is filed after 10:00 a.m. ET on the due date. Under certain circumstances, we may elect to specify a different time limit by which extension requests will be considered untimely for submissions which are due from multiple parties simultaneously. In such a case, we will inform parties in a letter or memorandum of the deadline (including a specified time) by which extension requests must be filed to be considered timely. An extension request must be made in a separate, stand-alone submission; under limited circumstances we will grant untimely-filed requests for the extension of time limits. Parties should review
Any party submitting factual information in an AD or CVD proceeding must certify to the accuracy and completeness of that information.
Interested parties must submit applications for disclosure under APO in accordance with 19 CFR 351.305. On January 22, 2008, Commerce published
This notice is issued and published pursuant to sections 732(c)(2) and 777(i) of the Act, and 19 CFR 351.203(c).
The merchandise covered by these investigations is carbon and alloy fabricated structural steel. Fabricated structural steel is made from steel in which: (1) Iron predominates, by weight, over each of the other contained elements; and (2) the carbon content is two percent or less by weight. Fabricated structural steel products are steel products that have been fabricated for erection or assembly into structures, including, but not limited to, buildings (commercial, office, institutional, and multi-family residential); industrial and utility projects; parking decks; arenas and convention centers; medical facilities; and ports, transportation and infrastructure facilities. Fabricated structural steel is manufactured from carbon and alloy (including stainless) steel products such as angles, columns, beams, girders, plates, flange shapes (including manufactured structural shapes utilizing welded plates as a substitute for rolled wide flange sections), channels, hollow structural section (HSS) shapes, base plates, and plate-work components. Fabrication includes, but is not limited to cutting, drilling, welding, joining, bolting, bending, punching, pressure fitting, molding, grooving, adhesion, beveling, and riveting and may include items such as fasteners, nuts, bolts, rivets, screws, hinges, or joints.
The inclusion, attachment, joining, or assembly of non-steel components with fabricated structural steel does not remove the fabricated structural steel from the scope.
Fabricated structural steel is covered by the scope of the investigations regardless of whether it is painted, varnished, or coated with plastics or other metallic or non-metallic substances and regardless of whether it is assembled or partially assembled, such as into modules, modularized construction units, or sub-assemblies of fabricated structural steel.
Subject merchandise includes fabricated structural steel that has been assembled or further processed in the subject country or a third country, including but not limited to painting, varnishing, trimming, cutting, drilling, welding, joining, bolting, punching, bending, beveling, riveting, galvanizing, coating, and/or slitting or any other processing that would not otherwise remove the merchandise from the scope of the investigations if performed in the country of manufacture of the fabricated structural steel.
Specifically excluded from the scope of these investigations are:
1. Fabricated steel concrete reinforcing bar (rebar) if: (i) It is a unitary piece of fabricated rebar, not joined, welded, or otherwise connected with any other steel product or part; or (ii) it is joined, welded, or otherwise connected only to other rebar.
2. Fabricated structural steel for bridges and bridge sections that meets American Association of State and Highway and Transportation Officials (AASHTO) bridge construction requirements or any state or local derivatives of the AASHTO bridge construction requirements.
3. Pre-engineered metal building systems, which are defined as complete metal buildings that integrate steel framing, roofing and walls to form one, pre-engineered building system, that meet Metal Building Manufacturers Association guide specifications. Pre-engineered metal building systems are typically limited in height to no more than 60 feet or two stories.
4. Steel roof and floor decking systems that meet Steel Deck Institute standards.
5. Open web steel bar joists and joist girders that meet Steel Joist Institute specifications.
The products subject to the investigations are currently classified in the Harmonized Tariff Schedule of the United States (HTSUS) under subheadings: 7308.90.3000, 7308.90.6000, and 7308.90.9590.
The products subject to the investigations may also enter under the following HTSUS subheadings: 7216.91.0010, 7216.91.0090, 7216.99.0010, 7216.99.0090, 7222.40.6000, 7228.70.6000, 7301.10.0000, 7301.20.1000, 7301.20.5000, 7308.40.0000, 7308.90.9530, and 9406.90.0030.
The HTSUS subheadings above are provided for convenience and customs purposes only. The written description of the scope of the investigations is dispositive.
Enforcement and Compliance, International Trade Administration, Department of Commerce.
The Department of Commerce (Commerce) is initiating a changed circumstances review and preliminarily determining that Sinopec Chongqing SVW Chemical Co., Ltd. (SVW) is the successor-in-interest to Sinopec Sichuan Vinylon Works (Sichuan SVW) for the purposes of the antidumping duty order on polyvinyl alcohol (PVA) from the People's Republic of China (China).
Applicable March 4, 2019.
Charles Doss, AD/CVD Operations, Office III, Enforcement and Compliance, International Trade Administration, U.S. Department of Commerce, 1401 Constitution Avenue NW, Washington, DC 20230; telephone: 202-482-4474.
On October 1, 2003, Commerce published in the
Commerce exercised its discretion to toll all deadlines affected by the partial federal government closure from December 22, 2018, through the resumption of operations on January 29, 2019.
The merchandise covered by the order is PVA. This product consists of all PVA hydrolyzed in excess of 80 percent, whether or not mixed or diluted with commercial levels of defoamer or boric acid, except as noted below.
The following products are specifically excluded from the scope of this order:
(1) PVA in fiber form.
(2) PVA with hydrolysis less than 83 mole percent and certified not for use in the production of textiles.
(3) PVA with hydrolysis greater than 85 percent and viscosity greater than or equal to 90 cps.
(4) PVA with a hydrolysis greater than 85 percent, viscosity greater than or equal to 80 cps but less than 90 cps, certified for use in an ink jet application.
(5) PVA for use in the manufacture of an excipient or as an excipient in the manufacture of film coating systems which are components of a drug or dietary supplement, and accompanied by an end-use certification.
(6) PVA covalently bonded with cationic monomer uniformly present on all polymer chains in a concentration equal to or greater than one mole percent.
(7) PVA covalently bonded with carboxylic acid uniformly present on all polymer chains in a concentration equal to or greater than two mole percent, certified for use in a paper application.
(8) PVA covalently bonded with thiol uniformly present on all polymer chains, certified for use in emulsion polymerization of non-vinyl acetic material.
(9) PVA covalently bonded with paraffin uniformly present on all polymer chains in a concentration equal to or greater than one mole percent.
(10) PVA covalently bonded with silan uniformly present on all polymer chains certified for use in paper coating applications.
(11) PVA covalently bonded with sulfonic acid uniformly present on all polymer chains in a concentration level equal to or greater than one mole percent.
(12) PVA covalently bonded with acetoacetylate uniformly present on all polymer chains in a concentration level equal to or greater than one mole percent.
(13) PVA covalently bonded with polyethylene oxide uniformly present on all polymer chains in a concentration level equal to or greater than one mole percent.
(14) PVA covalently bonded with quaternary amine uniformly present on all polymer chains in a concentration level equal to or greater than one mole percent.
(15) PVA covalently bonded with diacetoneacrylamide uniformly present on all polymer chains in a concentration level greater than three mole percent, certified for use in a paper application.
The merchandise subject to this order is currently classifiable under subheading 3905.30.00 of the
Pursuant to section 751(b)(1) of the Act, Commerce will conduct a changed circumstances review upon receipt of information concerning, or a request from, an interested party for a review of an antidumping duty order which shows changed circumstances sufficient to warrant a review of the order. In the past, Commerce has used changed circumstances reviews to address the applicability of cash deposit rates after there have been changes in the name or structure of a respondent, such as a merger or spinoff (`successor-in-interest' or `successorship' determinations).
Section 351.221(c)(3)(ii) of Commerce's regulations permits Commerce to combine the notice of initiation of a changed circumstances review and the notice of preliminary results if Commerce concludes that expedited action is warranted.
Accordingly, pursuant to section 751(b) of the Act, we have conducted a successor-in-interest analysis in response to SWV and Wego's request. In making a successor-in-interest determination, Commerce examines several factors, including, but not limited to, changes in the following: (1) Management; (2) production facilities; (3) supplier relationships; and (4) customer base.
In their request, SVW and Wego supplied evidence for Commerce to determine preliminarily that SVW is the successor-in-interest of Sichuan SVW. SVW and Wego provided documentation of approval of SVW's name change from regulators
Further, SVW and Wego provided an announcement of SVW's name change, articles of association, and business licenses that specify that its business premises are the same,
Based on the aforementioned evidence on the record, we preliminarily determine that SVW is the successor-in-interest to Sichuan SVW, as the change in the business' name was not accompanied by significant changes to its management and operations, production facilities, supplier relationships, or customer base. Thus, we preliminarily determine that SVW operates as essentially the same business entity as Sichuan SVW, that SVW is the successor-in-interest to Sichuan SVW, and that SVW should receive the same antidumping duty cash deposit rate with respect to subject merchandise as its predecessor.
Pursuant to 19 CFR 351.310(c), any interested party may request a hearing within 30 days of publication of this notice. In accordance with 19 CFR 351.309(c)(1)(ii), interested parties may submit case briefs not later than 30 days after the date of publication of this notice. Rebuttal briefs, limited to issues raised in the case briefs, may be filed no later than five days after the case briefs, in accordance with 19 CFR 351.309(d). Parties who submit case or rebuttal briefs are encouraged to submit with each argument: (1) A statement of the issue; (2) a brief summary of the argument; and (3) a table of authorities.
Consistent with 19 CFR 351.216(e), we will issue the final results of this changed circumstances review no later than 270 days after the date on which this review was initiated, or within 45 days if all parties agree to our preliminary finding. This notice is published in accordance with sections 751(b)(1) and 777(i) of the Act and 19 CFR 351.216(b), 351.221(b) and 351.221(c)(3).
Enforcement and Compliance, International Trade Administration, Department of Commerce.
Applicable February 25, 2019.
Whitley Herndon at (202) 482-6274 (Canada), Thomas Martin (202) 482-3936 or Trisha Tran at (202) 482-4852 (Mexico), or Darla Brown at (202) 482-1791 (People's Republic of China (China)), AD/CVD Operations, Enforcement and Compliance, International Trade Administration, U.S. Department of Commerce, 1401 Constitution Avenue NW, Washington, DC 20230.
On February 4, 2019, the U.S. Department of Commerce (Commerce) received countervailing duty (CVD) Petitions concerning imports of certain fabricated structural steel (fabricated structural steel) from Canada, Mexico, and China, which were subsequently amended on February 21, 2019.
During the period February 7 through February 14, 2019, Commerce requested supplemental information pertaining to certain aspects of the Petitions in separate supplemental questionnaires.
In accordance with section 702(b)(1) of the Tariff Act of 1930, as amended (the Act), the petitioner alleges that the Governments of Canada, Mexico, and China, as well as the Canadian provincial governments of Alberta, British Colombia (BC), Manitoba, New Brunswick, Ontario, Québec, Prince Edward Island (PEI) and Saskatchewan, are providing countervailable subsidies, within the meaning of sections 701 and 771(5) of the Act, to producers of fabricated structural steel in Canada, Mexico, and China and that imports of such products are materially injuring, or threatening material injury to, the domestic industry producing fabricated structural steel in the United States. Consistent with section 702(b)(1) of the Act and 19 CFR 351.202(b), for those alleged programs on which we are initiating CVD investigations, the Petitions are accompanied by information reasonably available to the petitioner supporting their allegations.
Section 771(9)(E) of the Act states that “a trade or business association” is an interested party if “a majority” of its “members manufacture, produce, or wholesale a domestic like product in the United States. Based on information contained in the petitioner's amended Petition submission of February 21, 2019,
Because the Petitions were filed on February 4, 2019, and amended on February 21, 2019, the period of investigation for each investigation is January 1, 2018, through December 31, 2018.
The product covered by these investigations is fabricated structural steel from Canada, Mexico, and China. For a full description of the scope of these investigations,
During our review of the Petitions, Commerce contacted the petitioner regarding the proposed scope language to ensure that the scope language in the Petitions is an accurate reflection of the products for which the domestic industry is seeking relief.
As discussed in the
Commerce requests that any factual information parties consider relevant to the scope of the investigations be submitted during this period. However, if a party subsequently finds that additional factual information pertaining to the scope of the investigations may be relevant, the party may contact Commerce and request permission to submit the additional information. All such submissions must be filed on the records of the concurrent AD and CVD investigations.
All submissions to Commerce must be filed electronically using Enforcement and Compliance's Antidumping Duty and Countervailing Duty Centralized Electronic Service System (ACCESS).
Pursuant to sections 702(b)(4)(A)(i) and (ii) of the Act, Commerce notified representatives of Canada, Mexico, and China of the receipt of the Petitions and provided them the opportunity for consultations with respect to the CVD Petitions.
Section 702(b)(1) of the Act requires that a petition be filed on behalf of the domestic industry. Section 702(c)(4)(A) of the Act provides that a petition meets this requirement if the domestic producers or workers who support the petition account for: (i) At least 25 percent of the total production of the domestic like product; and (ii) more than 50 percent of the production of the domestic like product produced by that portion of the industry expressing support for, or opposition to, the
Section 771(4)(A) of the Act defines the “industry” as the producers, as a whole, of a domestic like product. Thus, to determine whether a petition has the requisite industry support, the statute directs Commerce to look to producers and workers who produce the domestic like product. The International Trade Commission (ITC), which is responsible for determining whether “the domestic industry” has been injured, must also determine what constitutes a domestic like product in order to define the industry. While both Commerce and the ITC must apply the same statutory definition regarding the domestic like product,
Section 771(10) of the Act defines the domestic like product as “a product which is like, or in the absence of like, most similar in characteristics and uses with, the article subject to an investigation under this title.” Thus, the reference point from which the domestic like product analysis begins is “the article subject to an investigation” (
With regard to the domestic like product, the petitioner does not offer a definition of the domestic like product distinct from the scope of the Petitions.
In determining whether the petitioner has standing under section 702(c)(4)(A) of the Act, we considered the industry support data contained in the Petitions with reference to the domestic like product as defined in the “Scope of the Investigations,” in the Appendix to this notice. To establish industry support, the petitioner provided its own production of the domestic like product in 2017.
From February 12 through February 13, 2019, we received comments on industry support from Canada, Quebec, and Mexico, respectively.
On February 19, 2019, we received comments on industry support from Corey, S.A. de C.V. (Corey), a Mexican producer and exporter of fabricated structural steel.
The petitioner responded to the comments from Corey on February 21, 2019.
Our review of the data provided in the Petitions, the General Issues Supplement, and other information readily available to Commerce indicates that the petitioner has established industry support for the Petitions.
Commerce finds that the petitioner filed the Petitions on behalf of the domestic industry because it is an interested party as defined in section 771(9)(E) of the Act, and it has demonstrated sufficient industry support with respect to the CVD investigations that it is requesting that Commerce initiate.
Because Canada, China, and Mexico are “Subsidies Agreement Countries” within the meaning of section 701(b) of the Act, section 701(a)(2) of the Act applies to these investigations. Accordingly, the ITC must determine whether imports of the subject merchandise from Canada, China, and/or Mexico materially injure, or threaten material injury to, a U.S. industry.
The petitioners allege that imports of the subject merchandise are benefitting from countervailable subsidies and that such imports are causing, or threaten to cause, material injury to the U.S. industry producing the domestic like product. In addition, the petitioner alleges that subject imports exceed the negligibility threshold provided for under section 771(24)(A) of the Act.
The petitioner contends that the industry's injured condition is illustrated by the significant volume and increasing market share of subject imports; reduced market share of the U.S. industry; underselling and price depression or suppression; declines in production, shipments, and capacity utilization; negative impact on employment variables; decline in the domestic industry's financial performance; and lost sales and revenues.
Based on the examination of the Petitions, we find that the Petitions meet the requirements of section 702 of the Act. Therefore, we are initiating CVD investigations to determine whether imports of fabricated structural steel from Canada, Mexico, and China benefit from countervailable subsidies conferred by the governments of these countries. In accordance with section 703(b)(1) of the Act and 19 CFR 351.205(b)(1), unless postponed, we will make our preliminary determination no later than 65 days after the date of this initiation.
Based on our review of the Petition, we find that there is sufficient information to initiate a CVD investigation on 43 of the 44 alleged programs. For a full discussion of the basis for our decision to initiate on each program,
Based on our review of the Petition, we find that there is sufficient information to initiate a CVD investigation on 17 of the 19 alleged programs. For a full discussion of the basis for our decision to initiate on each program,
Based on our review of the Petition, we find that there is sufficient information to initiate a CVD investigation, in whole or part, on 25 of the 26 alleged programs. For a full discussion of the basis for our decision to initiate on each program,
In the Petitions, the petitioner named 50 companies in Canada,
On February 20, 2019, Commerce released CBP data under Administrative Protective Order (APO) to all parties with access to information protected by APO and indicated that interested parties wishing to comment regarding the CBP data and respondent selection must do so within three business days of the publication date of the notice of initiation of these CVD investigations.
Interested parties must submit applications for disclosure under APO in accordance with 19 CFR 351.305(b). Instructions for filing such applications may be found on the Commerce's website at
Comments must be filed electronically using ACCESS. An electronically filed document must be received successfully, in its entirety, by ACCESS no later than 5:00 p.m. ET on the date noted above. We intend to finalize our decisions regarding respondent selection within 20 days of publication of this notice.
In accordance with section 702(b)(4)(A)(i) of the Act and 19 CFR 351.202(f), copies of the public versions of the Petitions have been provided to Canada, China, and Mexico
We will notify the ITC of our initiation, as required by section 702(d) of the Act.
The ITC will preliminarily determine, within 45 days after the date on which the Petitions were filed, whether there is a reasonable indication that imports of fabricated structural steel from Canada, China, and/or Mexico are materially injuring, or threatening material injury to, a U.S. industry.
Factual information is defined in 19 CFR 351.102(b)(21) as: (i) Evidence submitted in response to questionnaires; (ii) evidence submitted in support of allegations; (iii) publicly available information to value factors under 19 CFR 351.408(c) or to measure the adequacy of remuneration under 19 CFR 351.511(a)(2); (iv) evidence placed on the record by Commerce; and (v) evidence other than factual information described in (i)-(iv). Section 351.301(b) of Commerce's regulations requires any party, when submitting factual information, to specify under which subsection of 19 CFR 351.102(b)(21) the information is being submitted
Parties may request an extension of time limits before the expiration of a time limit established under 19 CFR 351.301, or as otherwise specified by the Secretary. In general, an extension request will be considered untimely if it is filed after the expiration of the time limit established under 19 CFR 351.301. For submissions that are due from multiple parties simultaneously, an extension request will be considered untimely if it is filed after 10:00 a.m. ET on the due date. Under certain circumstances, we may elect to specify a different time limit by which extension requests will be considered untimely for submissions which are due from multiple parties simultaneously. In such a case, we will inform parties in the letter or memorandum of the deadline (including a specified time) by which extension requests must be filed to be considered timely. An extension request must be made in a separate, stand-alone submission; under limited circumstances we will grant untimely-filed requests for the extension of time limits. Parties should review
Any party submitting factual information in an AD or CVD proceeding must certify to the accuracy and completeness of that information.
Interested parties must submit applications for disclosure under APO in accordance with 19 CFR 351.305. On January 22, 2008, Commerce published
This notice is issued and published pursuant to sections 702 and 777(i) of the Act and 19 CFR 351.203(c).
The merchandise covered by these investigations is carbon and alloy fabricated structural steel. Fabricated structural steel is made from steel in which: (1) Iron predominates, by weight, over each of the other contained elements; and (2) the carbon content is two percent or less by weight. Fabricated structural steel products are steel products that have been fabricated for erection or assembly into structures, including, but not limited to, buildings (commercial, office, institutional, and multi-family residential); industrial and utility projects; parking decks; arenas and convention centers; medical facilities; and ports, transportation and infrastructure facilities. Fabricated structural steel is manufactured from carbon and alloy (including stainless) steel products such as angles, columns, beams, girders, plates, flange shapes (including manufactured structural shapes utilizing welded plates as a substitute for rolled wide flange sections), channels, hollow structural section (HSS) shapes, base plates, and plate-work components. Fabrication includes, but is not limited to cutting, drilling, welding, joining, bolting, bending, punching, pressure fitting, molding, grooving, adhesion, beveling, and riveting and may include items such as fasteners, nuts, bolts, rivets, screws, hinges, or joints.
The inclusion, attachment, joining, or assembly of non-steel components with
Fabricated structural steel is covered by the scope of the investigations regardless of whether it is painted, varnished, or coated with plastics or other metallic or non-metallic substances and regardless of whether it is assembled or partially assembled, such as into modules, modularized construction units, or sub-assemblies of fabricated structural steel.
Subject merchandise includes fabricated structural steel that has been assembled or further processed in the subject country or a third country, including but not limited to painting, varnishing, trimming, cutting, drilling, welding, joining, bolting, punching, bending, beveling, riveting, galvanizing, coating, and/or slitting or any other processing that would not otherwise remove the merchandise from the scope of the investigations if performed in the country of manufacture of the fabricated structural steel.
Specifically excluded from the scope of these investigations are:
1. Fabricated steel concrete reinforcing bar (rebar) if: (i) It is a unitary piece of fabricated rebar, not joined, welded, or otherwise connected with any other steel product or part; or (ii) it is joined, welded, or otherwise connected only to other rebar.
2. Fabricated structural steel for bridges and bridge sections that meets American Association of State and Highway and Transportation Officials (AASHTO) bridge construction requirements or any state or local derivatives of the AASHTO bridge construction requirements.
3. Pre-engineered metal building systems, which are defined as complete metal buildings that integrate steel framing, roofing and walls to form one, pre-engineered building system, that meet Metal Building Manufacturers Association guide specifications. Pre-engineered metal building systems are typically limited in height to no more than 60 feet or two stories.
4. Steel roof and floor decking systems that meet Steel Deck Institute standards.
5. Open web steel bar joists and joist girders that meet Steel Joist Institute specifications.
The products subject to the investigations are currently classified in the Harmonized Tariff Schedule of the United States (HTSUS) under subheadings: 7308.90.3000, 7308.90.6000, and 7308.90.9590.
The products subject to the investigations may also enter under the following HTSUS subheadings: 7216.91.0010, 7216.91.0090, 7216.99.0010, 7216.99.0090, 7222.40.6000, 7228.70.6000, 7301.10.0000, 7301.20.1000, 7301.20.5000, 7308.40.0000, 7308.90.9530, and 9406.90.0030.
The HTSUS subheadings above are provided for convenience and customs purposes only. The written description of the scope of the investigations is dispositive.
Enforcement and Compliance, International Trade Administration, Department of Commerce.
On February 12, 2019, the United States Court of International Trade (CIT or the Court) sustained the final results of redetermination pertaining to the less-than-fair-value (LTFV) investigation of certain carbon and alloy steel cut-to-length plate (CTL plate) from Austria for the period of investigation from April 1, 2015, through March 31, 2016. The Department of Commerce (Commerce) is notifying the public that the final judgment in this case is not in harmony with the
Applicable February 22, 2019.
Madeline Heeren, AD/CVD Operations, Office VI, Enforcement and Compliance, International Trade Administration, U.S. Department of Commerce, 1401 Constitution Avenue NW, Washington, DC 20230; telephone: (202) 482-9179.
On April 4, 2017, Commerce published its affirmative
In its decision in
Because there is now a final court decision, Commerce is amending the
Because voestalpine does not have a superseding cash deposit rate,
This notice is issued and published in accordance with sections 516A(c)(1) and (e), 735(c)(1)(B), and 777(i)(1) of the Act.
Enforcement and Compliance, International Trade Administration, Department of Commerce.
The Department of Commerce (Commerce) is rescinding the administrative review, in part, of the antidumping duty order on carbon and alloy seamless standard, line and pressure pipe (under 4.5 inches) (small diameter seamless pipe) from Romania for the period August 1, 2017 through July 31, 2018.
Applicable March 4, 2019.
Katherine Johnson or Samantha Kinney, AD/CVD Operations, Office VIII, Enforcement and Compliance, International Trade Administration, Department of Commerce, 1401 Constitution Avenue NW, Washington, DC 20230; telephone: (202) 482-4929 or 202-482-2285 respectively.
On October 4, 2018, based on a timely request for review of four companies by United States Steel Corporation (the petitioner),
On February 13, 2019, the petitioner withdrew its request for administrative review of SC TMK-Artrom S.A. (TMK-Artrom).
Pursuant to 19 CFR 351.213(d)(1), Commerce will rescind an administrative review, in whole or in part, if the party that requested the review withdraws its request within 90 days of the publication of the notice of initiation of the requested review. Commerce exercised its discretion to toll all deadlines affected by the partial Federal Government closure from December 22, 2018, through the resumption of operations on January 29, 2019.
Because the petitioner's request for administrative review of TMK-Artrom was withdrawn within 90 days of the date of publication of the
Commerce will instruct U.S. Customs and Border Protection (CBP) to assess antidumping duties on all appropriate entries at a rate equal to the cash deposit of estimated antidumping duties required at the time of entry, or withdrawal from warehouse, for consumption, during the period August 1, 2017, through July 31, 2018, in accordance with 19 CFR 351.212(c)(1)(i). Commerce intends to issue appropriate assessment instructions to CBP 15 days after the publication of this notice in the
This notice serves as a final reminder to importers of their responsibility under 19 CFR 351.402(f)(2) to file a certificate regarding the reimbursement of antidumping duties prior to liquidation of the relevant entries
This notice also serves as a reminder to parties subject to administrative protective order (APO) of their responsibility concerning the return or destruction of proprietary information disclosed under APO in accordance with 19 CFR 351.305(a)(3), which continues to govern business proprietary information in this segment of the proceeding. Timely written notification of the return or destruction of APO materials, or conversion to judicial protective order, is hereby requested. Failure to comply with the regulations and terms of an APO is a violation which is subject to sanction.
This notice is issued and published in accordance with sections 751(a)(1) and 777(i)(1) of the Tariff Act of 1930, as amended, and 19 CFR 351.213(d)(4).
National Institute of Standards and Technology, Commerce.
Notice of open meeting.
The National Institute of Standards and Technology (NIST) announces that the Manufacturing Extension Partnership (MEP) Advisory Board will hold an open meeting on March 29, 2019.
The meeting will be held Friday, March 29, 2019, from 8:00 a.m. to 4:00 p.m. Eastern Time.
The meeting will be held at the Reagan Building at 1300 Pennsylvania Ave. NW, Washington, DC 20004. Please note admittance instructions in the
Cheryl L. Gendron, Manufacturing Extension Partnership, National Institute of Standards and Technology, 100 Bureau Drive, Mail Stop 4800, Gaithersburg, Maryland 20899-4800, telephone number (301) 975-2785, email:
The MEP Advisory Board is authorized under Section 3003(d) of the America COMPETES Act (Pub. L. 110-69), as amended by the American Innovation and Competitiveness Act, Public Law 114-329 sec. 501 (2017), and codified at 15 U.S.C. 278k(m), in accordance with the provisions of the Federal Advisory Committee Act, as amended, 5 U.S.C. App. The Hollings MEP Program (Program) is a unique program, consisting of centers in all 50 states and Puerto Rico with partnerships at the state, federal, and local levels. By statute, the MEP Advisory Board provides the NIST Director with: (1) Advice on the activities, plans, and policies of the Program; (2) assessments of the soundness of the plans and strategies of the Program; and (3) assessments of current performance against the plans of the Program.
Background information on the MEP Advisory Board is available at
Pursuant to the Federal Advisory Committee Act, as amended, 5 U.S.C. App., notice is hereby given that the MEP Advisory Board will hold an open meeting on Friday, March 29, 2019, from 8:00 a.m. to 4:00 p.m. Eastern Time. The meeting agenda will include an update on Hollings MEP programmatic operations, as well as provide guidance and advice on current activities related to the 2017-2022 MEP National Network Strategic Plan. The MEP Advisory Board will provide input to NIST on supply chain development with an emphasis on defense suppliers, in order to strengthen the defense industrial base; make recommendations on the development of research and performance metrics to support and enrich MEP Center evaluation; and receive updates from external organizations that work closely with the Program regarding national and state economic challenges, opportunities, and data trends. The final agenda will be posted on the MEP Advisory Board website at
Individuals and representatives of organizations who would like to offer comments and suggestions related to the MEP Advisory Board's business are invited to request a place on the agenda. Approximately 15 minutes will be reserved for public comments at the end of the meeting. Speaking times will be assigned on a first-come, first-served basis. The amount of time per speaker will be determined by the number of requests received but is likely to be no more than three to five minutes each. Requests must be received in writing by March 22, 2019 to be considered. The exact time for public comments will be included in the final agenda that will be posted on the MEP Advisory Board website at
National Institute of Standards and Technology, Department of Commerce.
Notice of open meeting.
The National Institute of Standards and Technology (NIST) Smart Grid Advisory Committee (SGAC or Committee) will hold an open meeting on Tuesday, April 2, 2019 from 11:00 a.m. to 1:00 p.m. Eastern Time via teleconference and/or webinar.
The SGAC will meet on Tuesday, April 2, 2019 from 11:00 a.m. to 1:00 p.m. Eastern Time via teleconference and/or webinar.
The meeting will be held via teleconference and/or webinar. For
Cuong Nguyen, Smart Grid and Cyber-Physical Systems Program Office, National Institute of Standards and Technology, 100 Bureau Drive, Mail Stop 8200, Gaithersburg, MD 20899-8200; telephone 301-975-2254, fax 301-948-5668. Mr. Nguyen's email address is
The Committee was established in accordance with the Federal Advisory Committee Act, as amended, 5 U.S.C. App.
Pursuant to the Federal Advisory Committee Act, as amended, 5 U.S.C. App., notice is hereby given that that SGAC will meet via teleconference and/or webinar on Tuesday, April 2, 2019 from 11:00 a.m. to 1:00 p.m. Eastern Time. There will be no central meeting location. The meeting will be open to the public. The public is invited to participate in the meeting by calling in from remote locations. The Committee is composed of nine to fifteen members, appointed by the Director of NIST, who were selected on the basis of established records of distinguished service in their professional community and their knowledge of issues affecting Smart Grid deployment and operations. The Committee advises the Director of NIST in carrying out duties authorized by section 1305 of the Energy Independence and Security Act of 2007 (Pub. L. 110-140). The Committee provides input to NIST on Smart Grid standards, priorities, and gaps, on the overall direction, status, and health of the Smart Grid implementation by the Smart Grid industry, and on the direction of Smart Grid research and standards activities. Background information on the Committee is available at
The primary purposes of this meeting are to provide updates on the subcommittees' activities and stakeholder engagement for the NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 4.0. The agenda may change to accommodate Committee business. The final agenda will be posted on the Smart Grid website at
Individuals and representatives of organizations who would like to offer comments and suggestions related to the Committee's affairs are invited to request a place on the agenda by submitting their request to Cuong Nguyen at
All meeting participants are required to pre-register. Anyone wishing to participate must register by 5:00 p.m. ET on Tuesday, March 19, 2019, in order to be included. Please submit your name, email address, and phone number to Cuong Nguyen at
National Institute of Standards and Technology.
Notice.
The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, March 20, 2019 from 9:00 a.m. until 5:00 p.m., Eastern Time, and Thursday, March 21, 2019 from 9:00 a.m. until 4:30 p.m. Eastern Time. All sessions will be open to the public.
The meeting will be held on Wednesday, March 20, 2019, from 9:00 a.m. until 5:00 p.m., Eastern Time, and Thursday, March 21, 2019, from 9:00 a.m. until 4:30 p.m. Eastern Time.
The meeting will be held at Symantec, 700 13th St. NW, Washington, DC 20005. Please note admittance instructions under the
Jeff Brewer, Information Technology Laboratory, NIST, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930, Telephone: (301) 975-2489, Email address:
Pursuant to the Federal Advisory Committee Act, as amended, 5 U.S.C. App., notice is hereby given that the ISPAB will meet Wednesday, March 20, 2019, from 9:00 a.m. until 5:00 p.m., Eastern Time, and Thursday, March 21, 2019 from 9:00 a.m. until 4:30 p.m. Eastern Time. All sessions will be open to the public. The ISPAB is authorized by 15 U.S.C. 278g-4, as amended, and advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security, and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to Federal government information systems, including thorough review of proposed standards and guidelines developed by NIST. Details regarding the ISPAB's activities are available at
The agenda is expected to include the following items:
Note that agenda items may change without notice. The final agenda will be posted on the website indicated above. Seating will be available for the public and media. Pre-registration is not required to attend this meeting.
Speakers who wish to expand upon their oral statements, those who had wished to speak but could not be accommodated on the agenda, and those who were unable to attend in person are invited to submit written statements. In addition, written statements are invited and may be submitted to the ISPAB at any time. All written statements should be directed to the ISPAB Secretariat, Information Technology Laboratory, 100 Bureau Drive, Stop 8930, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930.
Pre-registration, which is not required, may expedite the entrance process. Please email Jeff Brewer at
Department of the Navy, DoD.
Notice.
The Department of Defense (DoD) is publishing this notice to announce that the following Federal Advisory Committee meeting of the President of the Naval Postgraduate School Subcommittee Board of Advisors will be held. This meeting will be open to the public.
The meeting will be held on Wednesday, April 24, 2019 from 8:00 a.m. to 4:30 p.m. and on Thursday, April 25, 2019 from 7:30 a.m. to 11:30 a.m. Pacific Time Zone.
The meeting will be held at the Naval Postgraduate School, Executive Briefing Center, Herrmann Hall, 1 University Circle, Monterey, CA.
Ms. Jaye Panza, Designated Federal Official, 1 University Circle, Code 00H, Monterey, CA 93943-5001, telephone number 831-656-2514.
This meeting is being held under the provisions of the Federal Advisory Committee Act (FACA) of 1972 (5 U.S.C., Appendix, as amended), the Government in the Sunshine Act of 1976 (5 U.S.C. 552b, as amended), and 41 CFR 102-3.140 and 102-3.150. The purpose of the Board is to advise and assist the President, NPS, in educational and support areas, providing independent advice and recommendations on items such as, but not limited to, organizational management, curricula, methods of instruction, facilities, and other matters of interest.
The agenda for Wednesday is as follows:
The agenda for Thursday is as follows:
Individuals without a DoD Government Common Access Card require an escort at the meeting location. The meeting is accessible to persons with disabilities. For access, information, reasonable accommodation requests, or to send written statements for consideration at the committee meeting contact Ms. Jaye Panza, Designated Federal Officer, Naval Postgraduate School, 1 University Circle, Monterey, CA 93943-5001 or by fax (831) 656-2337 by April 15, 2019.
Federal Student Aid (FSA), Department of Education (ED).
Notice.
In accordance with the Paperwork Reduction Act of 1995, ED is proposing an extension of an existing information collection.
Interested persons are invited to submit comments on or before April 3, 2019.
To access and review all the documents related to the information collection listed in this notice, please use
For specific questions related to collection activities, please contact Beth Grebeldinger, 202-377-4018.
The Department of Education (ED), in accordance with the Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3506(c)(2)(A)), provides the general public and Federal agencies with an opportunity to comment on proposed, revised, and continuing collections of information. This helps the Department assess the impact of its information collection requirements and minimize the public's reporting burden. It also helps the public understand the
Accreditation Group, Office of Postsecondary Education, U.S. Department of Education.
Call for written third-party comments.
This notice provides information to members of the public on submitting written comments for accrediting agencies currently undergoing review for purposes of recognition by the U.S. Secretary of Education.
Herman Bounds, Director, Accreditation Group, Office of Postsecondary Education, U.S. Department of Education, 400 Maryland Avenue SW, Room 270-01, Washington, DC 20202, telephone: (202) 453-7615, or email:
This solicitation of written third-party comments concerning the performance of accrediting agencies under review by the Secretary of Education is required by § 496(n)(1)(A) of the Higher Education Act (HEA) of 1965, as amended, and pertains to the Summer 2019 meeting of the National Advisory Committee on Institutional Quality and Integrity (NACIQI). The meeting date and location have not been determined, but will be announced in a later
1. National Association of Schools of Dance, Commission on Accreditation. Scope of recognition: The accreditation throughout the United States of freestanding institutions that offer dance and dance-related programs (both degree and non-degree-granting), including those offered via distance education.
2. National Association of Schools of Music, Commission on Accreditation. Scope of recognition: The accreditation throughout the United States of freestanding institutions that offer music and music related programs (both degree and non-degree-granting), including those offered via distance education.
3. National Association of Schools of Theatre, Commission on Accreditation. Scope of recognition: The accreditation throughout the United States of freestanding institutions that offer theatre and theatre-related programs (both degree and non-degree-granting), including those offered via distance education.
1. Southern Association of Colleges and Schools, Commission on Colleges. Compliance report includes the following: Finding identified in the September 20, 2017 letter from the senior Department official following the June 20, 2017 NACIQI meeting available at:
2. Middle States Commission on Secondary Schools. Compliance report includes the following: Finding identified in the September 20, 2017 letter from the senior Department official following the June 20, 2017 NACIQI meeting available at:
1. Association for Clinical Pastoral Education, Inc. Scope of Recognition: The accreditation of both clinical pastoral education (CPE) centers and supervisory CPE programs located within the United States and territories
1. National League for Nursing Commission for Nursing Education Accreditation. Requested Scope of Recognition: The pre-accreditation and accreditation of nursing education programs, in the United States and its territories, which offer a certificate, diploma or degree at the practical/vocational, diploma, associate, baccalaureate, masters, doctoral levels, including those offered via distance education.
Written comments about the recognition of one of the accrediting or State agencies listed above must be received by March 30, 2019, in the
Only written material submitted by the deadline to the email address listed in this notice, and in accordance with these instructions, become part of the official record concerning agencies scheduled for review and are considered by the Department and NACIQI in their deliberations.
20 U.S.C. 1011c.
Office of Fossil Energy, Department of Energy.
Notice of open meeting.
This notice announces a meeting of the Methane Hydrate Advisory Committee. The Federal Advisory Committee Act requires that notice of these meetings be announced in the
Hilton Americas-Houston, 1600 Lamar; Room 337, Houston, Texas 77010.
Gabby Intihar, U.S. Department of Energy, Office of Oil and Natural Gas, 1000 Independence Avenue SW, Washington, DC 20585.
Office of Environmental Management, Department of Energy.
Notice of open meeting.
This notice announces a meeting of the Environmental Management Site-Specific Advisory Board (EM SSAB) Chairs. The Federal Advisory Committee Act requires that public notice of this meeting be announced in the
City of Aiken Municipal Building, Conference Center, 215 The Alley SW, Aiken, South Carolina 29801.
David Borak, EM SSAB Designated Federal Officer, U.S. Department of Energy, 1000 Independence Avenue SW, Washington, DC 20585; Phone: (202) 586-9928.
Take notice that on February 25, 2019, Cooperative Energy filed a proposed revenue requirement filing for reactive supply service for its Batesville Combined Cycle and Grand Gulf Nuclear Generating Facilities, under Midcontinent Independent Transmission System Operator Inc. Tariff Schedule 2.
Any person desiring to intervene or to protest this filing must file in accordance with Rules 211 and 214 of the Commission's Rules of Practice and Procedure (18 CFR 385.211, 385.214). Protests will be considered by the Commission in determining the appropriate action to be taken, but will not serve to make protestants parties to the proceeding. Any person wishing to become a party must file a notice of intervention or motion to intervene, as appropriate. Such notices, motions, or protests must be filed on or before the comment date. On or before the comment date, it is not necessary to serve motions to intervene or protests on persons other than the Applicant.
The Commission encourages electronic submission of protests and interventions in lieu of paper using the eFiling link at
This filing is accessible on-line at
Take notice that the Commission received the following electric corporate filings:
Take notice that the Commission received the following exempt wholesale generator filings:
Take notice that the Commission received the following electric rate filings:
The filings are accessible in the Commission's eLibrary system by clicking on the links or querying the docket number.
Any person desiring to intervene or protest in any of the above proceedings must file in accordance with Rules 211 and 214 of the Commission's Regulations (18 CFR 385.211 and 385.214) on or before 5:00 p.m. Eastern time on the specified comment date. Protests may be considered, but intervention is necessary to become a party to the proceeding.
eFiling is encouraged. More detailed information relating to filing requirements, interventions, protests, service, and qualifying facilities filings can be found at:
Take notice that on February 22, 2019, Prairie Power, Inc. filed a proposed revenue requirement filing for reactive supply and voltage control service for its Alsey 6 Peaking Power Facility, under Midcontinent Independent Transmission System Operator Inc. Tariff Schedule 2.
Any person desiring to intervene or to protest this filing must file in accordance with Rules 211 and 214 of the Commission's Rules of Practice and Procedure (18 CFR 385.211, 385.214). Protests will be considered by the Commission in determining the appropriate action to be taken, but will not serve to make protestants parties to the proceeding. Any person wishing to become a party must file a notice of intervention or motion to intervene, as appropriate. Such notices, motions, or protests must be filed on or before the comment date. On or before the comment date, it is not necessary to serve motions to intervene or protests on persons other than the Applicant.
The Commission encourages electronic submission of protests and interventions in lieu of paper using the eFiling link at
This filing is accessible on-line at
Take notice that the Commission received the following electric rate filings:
The filings are accessible in the Commission's eLibrary system by clicking on the links or querying the docket number.
Any person desiring to intervene or protest in any of the above proceedings must file in accordance with Rules 211 and 214 of the Commission's Regulations (18 CFR 385.211 and 385.214) on or before 5:00 p.m. Eastern time on the specified comment date. Protests may be considered, but intervention is necessary to become a party to the proceeding.
eFiling is encouraged. More detailed information relating to filing requirements, interventions, protests, service, and qualifying facilities filings can be found at:
Take notice that the Federal Energy Regulatory Commission (Commission) will hold a Technical Conference on Thursday, June 27, 2019, from 9:00 a.m. to 5:00 p.m. This Commissioner-led conference will be held in the Commission Meeting Room at the Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426. The purpose of the conference is to discuss policy issues related to the reliability of the Bulk-Power System. The Commission will issue an agenda at a later date in a supplemental notice.
The conference will be open for the public to attend. There is no fee for attendance. However, members of the public are encouraged to preregister online at:
Those wishing to be considered for participation in panel discussions should submit nominations no later than close of business on March 15, 2019 online at:
Information on this event will be posted on the Calendar of Events on the Commission's website,
Commission conferences are accessible under section 508 of the Rehabilitation Act of 1973. For accessibility accommodations, please send an email to
For more information about this technical conference, please contact Lodie White (202) 502-8453,
Take notice that the Commission has received the following Natural Gas Pipeline Rate and Refund Report filings:
The filings are accessible in the Commission's eLibrary system by clicking on the links or querying the docket number.
Any person desiring to intervene or protest in any of the above proceedings must file in accordance with Rules 211 and 214 of the Commission's Regulations (18 CFR 385.211 and 385.214) on or before 5:00 p.m. Eastern time on the specified date(s). Protests may be considered, but intervention is necessary to become a party to the proceeding.
eFiling is encouraged. More detailed information relating to filing requirements, interventions, protests, service, and qualifying facilities filings can be found at:
Take notice that the following hydroelectric application has been filed with the Commission and is available for public inspection.
a.
b.
c.
d.
e.
f.
g.
h.
i.
j.
The Commission strongly encourages electronic filing. Please file motions to intervene, protests, comments, recommendations, preliminary terms and conditions, and preliminary fishway prescriptions using the Commission's eFiling system at
The Commission's Rules of Practice require all intervenors filing documents with the Commission to serve a copy of that document on each person on the official service list for the project. Further, if an intervenor files comments or documents with the Commission relating to the merits of an issue that may affect the responsibilities of a particular resource agency, they must also serve a copy of the document on that resource agency.
k. This application has been accepted for filing and is now ready for environmental analysis.
l.
The Wallace Dam Project is a pumped storage project, generating 390,083 megawatt-hours of electricity annually. Water for generation at Wallace Dam comes from inflow, plus storage in Lake Oconee. The project generates during peak power demand hours to meet the electrical system demand. Water that is not used for generation at the downstream Sinclair Project FERC No. 1951, remains in Lake Sinclair for a few hours before being pumped back into Lake Oconee. Pumpback operation occurs at night, when electrical system demand is low (off-peak hours). For normal day-to-day operation, Lake Oconee fluctuates between elevations 435.0 and 433.5 feet Plant Datum, resulting in an average daily fluctuation of 1.5 feet. The Wallace Dam Project discharges directly into Lake Sinclair, with no intervening riverine or bypassed reach flows. Generation typically is the highest during the summer months, where Wallace Dam generates for about 7 to 8 hours during the afternoon peak demand period. During the fall and winter months, generation typically lasts 5 to 6 hours.
During drought periods, the Wallace Dam Project supports the minimum flow requirements of the downstream Sinclair Project. When the Sinclair Project's calculated inflow drops below its minimum flow requirement of 250 cfs, water is released from Lake Oconee to maintain the elevation of Lake Sinclair at the minimum level necessary for safe pumpback operation at Wallace Dam, which is 338.2 feet Plant Datum.
m. A copy of the application is available for review at the Commission in the Public Reference Room, or may be viewed on the Commission's website at
You may register online at
n. Anyone may submit a protest or a motion to intervene in accordance with the requirements of Rules of Practice and Procedure, 18 CFR 385.210, 385.211, and 385.214. In determining the appropriate action to take, the Commission will consider all protests or other comments filed, but only those who file a motion to intervene in accordance with the Commission's Rules may become a party to the proceeding. Any comments, protests, or motions to intervene must be received on, or before, the specified deadline date for the particular application.
o.
p. Final amendments to the application must be filed with the Commission no later than 30 days from the issuance date of this notice.
q.
Take notice that the Commission received the following electric corporate filings:
Take notice that the Commission received the following electric rate filings:
The filings are accessible in the Commission's eLibrary system by clicking on the links or querying the docket number.
Any person desiring to intervene or protest in any of the above proceedings must file in accordance with Rules 211 and 214 of the Commission's Regulations (18 CFR 385.211 and 385.214) on or before 5:00 p.m. Eastern time on the specified comment date. Protests may be considered, but intervention is necessary to become a party to the proceeding.
eFiling is encouraged. More detailed information relating to filing requirements, interventions, protests, service, and qualifying facilities filings can be found at:
On February 11, 2019, the Commission issued a Notice of Availability of the Draft Environmental Impact Statement for the Don Pedro and La Grange Projects. The draft EIS documents the views of governmental agencies, non-governmental organizations, affected Indian tribes, the public, the license applicants, and Commission staff. All written comments must be filed by April 12, 2019, and should reference Project No. 2299-082 and Project No. 14581-002. More information on filing comments can be found in the letter at the front of the draft EIS or on the Commission's website at
In addition to or in lieu of sending written comments, you are invited to attend public meetings that will be held to receive comments on the draft EIS. The daytime meeting will focus on resource agency, Indian tribes, and non-governmental organization comments, while the evening meeting is primarily for receiving input from the public. All interested individuals and entities are invited to attend one or both of the public meetings. The time and location of the meetings are as follows:
At this meeting, resource agency personnel and other interested persons will have the opportunity to provide oral and written comments and recommendations regarding the draft EIS. The meeting will be recorded by a court reporter, and all statements (verbal and written) will become part of the Commission's public record for the project. This meeting is posted on the Commission's calendar located at
For further information, contact Jim Hastreiter at (503) 552-2760 or at
Take notice that on February 21, 2019, pursuant to Rule 206 of the Federal Energy Regulatory Commission's (Commission) Rules and Practice and Procedure, 18 CFR 385.206 (2018), Monitoring Analytics, LLC, acting in its capacity as the Independent Market Monitor for PJM (Complainant) filed a formal complaint against PJM Interconnection, L.L.C. (Respondent) requesting that the Commission direct Respondent to revise the expected number of Performance Assessment Intervals (PAI) used to set the default Market Seller Offer Cap in Reliability Pricing Model (RPM) auctions to a level consistent with a reasonable and supportable expectation of PAI, as more fully explained in the complaint.
The Complainant states that copies of the complaint were served on representatives of the Respondent.
Any person desiring to intervene or to protest this filing must file in accordance with Rules 211 and 214 of the Commission's Rules of Practice and Procedure (18 CFR 385.211, 385.214). Protests will be considered by the Commission in determining the appropriate action to be taken, but will not serve to make protestants parties to the proceeding. Any person wishing to become a party must file a notice of intervention or motion to intervene, as appropriate. The Respondent's answer and all interventions, or protests must be filed on or before the comment date. The Respondent's answer, motions to intervene, and protests must be served on the Complainants.
The Commission encourages electronic submission of protests and interventions in lieu of paper using the eFiling link at
This filing is accessible on-line at
On February 19, 2019, as supplemented on February 25, 2019, the City and County of Denver, Colorado, filed a notice of intent to construct a qualifying conduit hydropower facility, pursuant to section 30 of the Federal Power Act (FPA). The proposed Northwater Treatment Plant Hydropower Facility Project would have a total installed capacity of up to 950 kilowatts (kW), and would be located within the currently unconstructed Headworks Building of the Northwater Treatment Plant near Golden in Jefferson County, Colorado.
A qualifying conduit hydropower facility is one that is determined or deemed to meet all of the criteria shown in the table below.
Deadline for filing motions to intervene is 30 days from the issuance date of this notice.
Anyone may submit comments or a motion to intervene in accordance with the requirements of Rules of Practice and Procedure, 18 CFR 385.210 and 385.214. Any motions to intervene must be received on or before the specified deadline date for the particular proceeding.
The Commission strongly encourages electronic filing. Please file motions to intervene and comments using the Commission's eFiling system at
This is a supplemental notice in the above-referenced Citigroup Commodities Canada ULC's application for market-based rate authority, with an accompanying rate tariff, noting that such application includes a request for blanket authorization, under 18 CFR part 34, of future issuances of securities and assumptions of liability.
Any person desiring to intervene or to protest should file with the Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426, in accordance with Rules 211 and 214 of the Commission's Rules of Practice and Procedure (18 CFR 385.211 and 385.214). Anyone filing a motion to intervene or protest must serve a copy of that document on the Applicant.
Notice is hereby given that the deadline for filing protests with regard to the applicant's request for blanket authorization, under 18 CFR part 34, of future issuances of securities and assumptions of liability, is March 18, 2019.
The Commission encourages electronic submission of protests and interventions in lieu of paper, using the FERC Online links at
Persons unable to file electronically should submit an original and 5 copies of the intervention or protest to the Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426.
The filings in the above-referenced proceeding are accessible in the Commission's eLibrary system by clicking on the appropriate link in the above list. They are also available for electronic review in the Commission's Public Reference Room in Washington, DC. There is an eSubscription link on the website that enables subscribers to receive email notification when a document is added to a subscribed docket(s). For assistance with any FERC Online service, please email
Take notice that the Commission received the following electric corporate filings:
Take notice that the Commission received the following electric rate filings:
The filings are accessible in the Commission's eLibrary system by clicking on the links or querying the docket number.
Any person desiring to intervene or protest in any of the above proceedings must file in accordance with Rules 211 and 214 of the Commission's Regulations (18 CFR 385.211 and 385.214) on or before 5:00 p.m. Eastern time on the specified comment date. Protests may be considered, but intervention is necessary to become a party to the proceeding.
eFiling is encouraged. More detailed information relating to filing requirements, interventions, protests, service, and qualifying facilities filings can be found at:
Take notice that the following hydroelectric application has been filed
a.
b.
c.
d.
e.
f.
g.
h.
i.
j.
k. Pursuant to section 4.32(b)(7) of 18 CFR of the Commission's regulations, if any resource agency, Indian Tribe, or person believes that an additional scientific study should be conducted in order to form an adequate factual basis for a complete analysis of the application on its merit, the resource agency, Indian Tribe, or person must file a request for a study with the Commission not later than 60 days from the date of filing of the application, and serve a copy of the request on the applicant.
l. Deadline for filing additional study requests
The Commission strongly encourages electronic filing. Please file additional study requests
m. The application is not ready for environmental analysis at this time.
n.
o. A copy of the application is available for review at the Commission in the Public Reference Room or may be viewed on the Commission's website at
You may also register online at
p.
Final amendments to the application must be filed with the Commission no later than 30 days from the issuance date of the notice of ready for environmental analysis.
On February 12, 2019, Coleman Hydro LLC filed a notice of intent to construct a qualifying conduit hydropower facility, pursuant to section 30 of the Federal Power Act (FPA). The proposed LTC Hydro Project would have a total installed capacity of 750 kilowatts (kW), and would be located at the termination point of the existing 24-inch diameter LTC-Tyler pipeline near Leadore in Lemhi County, Idaho.
A qualifying conduit hydropower facility is one that is determined or deemed to meet all of the criteria shown in the table below.
Deadline for filing motions to intervene is 30 days from the issuance date of this notice.
Anyone may submit comments or a motion to intervene in accordance with the requirements of Rules of Practice and Procedure, 18 CFR 385.210 and 385.214. Any motions to intervene must be received on or before the specified deadline date for the particular proceeding.
The Commission strongly encourages electronic filing. Please file motions to intervene and comments using the Commission's eFiling system at
Take notice that the Commission has received the following Natural Gas Pipeline Rate and Refund Report filings:
The filings are accessible in the Commission's eLibrary system by clicking on the links or querying the docket number.
Any person desiring to intervene or protest in any of the above proceedings must file in accordance with Rules 211 and 214 of the Commission's
eFiling is encouraged. More detailed information relating to filing requirements, interventions, protests, service, and qualifying facilities filings can be found at:
Take notice that the Commission has received the following Natural Gas Pipeline Rate and Refund Report filings:
The filings are accessible in the Commission's eLibrary system by clicking on the links or querying the docket number.
Any person desiring to intervene or protest in any of the above proceedings must file in accordance with Rules 211 and 214 of the Commission's Regulations (18 CFR 385.211 and 385.214) on or before 5:00 p.m. Eastern time on the specified comment date. Protests may be considered, but intervention is necessary to become a party to the proceeding.
eFiling is encouraged. More detailed information relating to filing requirements, interventions, protests, service, and qualifying facilities filings can be found at:
Take notice that on February 13, 2019, Spire Storage West LLC (Spire Storage), 3773 Richmond Avenue, Suite 300, Houston, Texas 77046, filed an application under sections 157.205, 157.208 and 157.213 and Pursuant to 18 CFR 157.205, 157.208 and 157.213(b) and the blanket certificate issued to Spire Storage in Docket No. CP11-24-000, Spire Storage requests authorization Pursuant to 18 CFR 157.205, 157.208 and 157.213(b) and the blanket certificate granted in Docket No. CP11-24-000. to construct the Rock Pipeline, consisting of 10.1 miles of dual 20-inch pipeline, a new pipeline interconnection and appurtenant facilities at its natural gas storage facilities in Uinta County, Wyoming.
Spire Storage states that the Rock Pipeline will allow Spire Storage to make enhanced storage service options available to its customers. The proposed pipeline and measurement facilities will provide Spire Storage's two storage facilities access to a new high capacity bi-directional interconnect with Kern River Gas Transmission Company's mainline, will establish a robust link between the two storage facilities and will afford enhanced access to interconnections with other interstate natural gas pipelines.
The filing may also be viewed on the web at
Questions regarding this application should be directed to James F. Bowe, Jr., King & Spalding LLP, 1700 Pennsylvania Avenue NW, Suite 200, Washington, DC 20006, 202-626-9601 (phone) 202-626-3737 (fax),
Any person or the Commission's staff may, within 60 days after issuance of the instant notice by the Commission, file pursuant to Rule 214 of the Commission's Procedural Rules (18 CFR 385.214) a motion to intervene or notice of intervention and pursuant to Section 157.205 of the regulations under the NGA (18 CFR 157.205), a protest to the request. If no protest is filed within the
Pursuant to section 157.9 of the Commission's rules, 18 CFR 157.9, within 90 days of this Notice the Commission staff will either: complete its environmental assessment (EA) and place it into the Commission's public record (eLibrary) for this proceeding, or issue a Notice of Schedule for Environmental Review. If a Notice of Schedule for Environmental Review is issued, it will indicate, among other milestones, the anticipated date for the Commission staff's issuance of the final environmental impact statement (FEIS) or EA for this proposal. The filing of the EA in the Commission's public record for this proceeding or the issuance of a Notice of Schedule for Environmental Review will serve to notify federal and state agencies of the timing for the completion of all necessary reviews, and the subsequent need to complete all federal authorizations within 90 days of the date of issuance of the Commission staff's FEIS or EA.
Persons who wish to comment only on the environmental review of this project should submit an original and two copies of their comments to the Secretary of the Commission. Environmental commenters will be placed on the Commission's environmental mailing list, will receive copies of the environmental documents, and will be notified of meetings associated with the Commission's environmental review process. Environmental commenters will not be required to serve copies of filed documents on all other parties. However, the non-party commenter will not receive copies of all documents filed by other parties or issued by the Commission (except for the mailing of environmental documents issued by the Commission) and will not have the right to seek court review of the Commission's final order.
The Commission strongly encourages electronic filings of comments, protests and interventions in lieu of paper using the eFiling link at
Environmental Protection Agency (EPA).
Notice of availability.
This notice announces the broadly applicable alternative test method approval decisions that the Environmental Protection Agency (EPA) has made under and in support of New Source Performance Standards (NSPS) and the National Emission Standards for Hazardous Air Pollutants (NESHAP) between January 1, 2018, and December 31, 2018.
An electronic copy of each alternative test method approval document is available at
This notice will be of interest to entities regulated under 40 Code of Federal Regulations (CFR) parts 60, 61, and 63; state, local, and tribal agencies; and the EPA Regional offices responsible for implementation and enforcement of regulations under 40 CFR parts 60, 61, and 63.
You may access copies of the broadly applicable alternative test method approval documents at
This notice identifies broadly applicable alternative test method approval decisions made by the EPA in 2018 under the NSPS, 40 CFR part 60 and the NESHAP programs, and 40 CFR parts 61 and 63 (see Table 1). Source owners and operators may voluntarily use these broadly applicable alternative test methods in lieu of otherwise specified reference test methods. Use of these broadly applicable alternative test methods does not change the applicable emission standards.
The Administrator has the authority to approve the use of alternative test methods for compliance with requirements under 40 CFR parts 60, 61, and 63. This authority is found in sections 60.8(b)(3), 61.13(h)(1)(ii), and 63.7(e)(2)(ii). Additional and similar authority can be found in 40 CFR 65.158(a)(2). The criteria for approval and procedures for submission and review of broadly applicable alternative test methods are explained in a previous
As also explained in the January 30, 2007 notice, our approval decisions involve thorough technical reviews of numerous source-specific requests for alternatives and modifications to test methods and procedures. Based on these reviews, we have often found that these modifications or alternatives would be equally valid and appropriate to apply to other sources within a particular class, category, or subcategory. Consequently, we have concluded that where a method modification or an alternative method is clearly broadly applicable to a class, category, or subcategory of sources, it is both equitable and efficient to approve its use for all appropriate sources and situations at the same time.
Use of approved alternative test methods are not mandatory but rather permissive. Sources are not required to employ such a method but may choose to do so in appropriate circumstances. As per section 63.7(f)(5), however, a source owner or operator electing to use an alternative method for 40 CFR part
This notice specifies ten broadly applicable alternative test methods that the EPA approved between January 1, 2018, and December 1, 2018. The alternative method decision letter/memo number, the reference method affected, sources allowed to use this alternative, and the modification or alternative method allowed are summarized in Table 1 of this notice. A summary of approval documents was previously made available on our Technology Transfer Network between January 1, 2018, and December 31, 2018. For more detailed information, please refer to the complete copies of these approval documents available at
As also explained in our January 30, 2007 notice, we will revisit approvals of alternative test methods in response to written requests or objections indicating that a particular approved alternative test method either should not be broadly applicable or that its use should in some way be limited. Any objection to a broadly applicable alternative test method, as well as the resolution of that objection, will be announced at
Source owners or operators should review the specific broadly applicable alternative method approval letter at
Environmental Protection Agency (EPA).
Notice.
The Environmental Protection Agency (EPA) has submitted an information collection request (ICR), NSPS for Petroleum Dry Cleaners (EPA ICR Number 0997.12, OMB Control Number 2060-0079), to the Office of Management and Budget (OMB), for review and approval in accordance with the Paperwork Reduction Act. This is a proposed extension of the ICR, which is currently approved through March 31, 2019. Public comments were previously requested, via the
Additional comments may be submitted on or before April 3, 2019.
Submit your comments, referencing Docket ID Number EPA-HQ-OECA-2014-0031, to: (1) EPA online using
EPA's policy is that all comments received will be included in the public docket without change, including any personal information provided, unless the comment includes profanity, threats, information claimed to be Confidential Business Information (CBI), or other information whose disclosure is restricted by statute.
Patrick Yellin, Monitoring, Assistance, and Media Programs Division, Office of Compliance, Mail Code 2227A, Environmental Protection Agency, 1200 Pennsylvania Ave. NW, Washington, DC 20460; telephone number: (202) 564-2970; fax number: (202) 564-0050; email address:
Supporting documents, which explain in detail the information that the EPA will be collecting, are available in the public docket for this ICR. The docket can be viewed online at
In notice document 2019-01921, appearing on pages 3159 through 3160, in the issue of Monday, February 11, 2019, make the following correction:
On page 3159, in the third column, in the “
Export-Import Bank of the U.S.
Submission for OMB review and comments request.
The Export-Import Bank of the United States (EXIM), as a part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal Agencies to comment on the proposed information collection, as required by the Paperwork Reduction Act of 1995. The purpose of this collection is to gather information necessary to make a determination of eligibility of a transaction for EXIM assistance under its medium-term guarantee and insurance program.
Comments should be received on or before May 3, 2019 to be assured of consideration.
Comments may be submitted electronically on
Export-Import Bank of the United States.
Submission for OMB review and comments request.
The Export-Import Banks of the United States (EXIM), as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal Agencies to comment on the proposed information collection, as required by the Paperwork Reduction Act of 1995. This collection of information is necessary to determine eligibility of the applicant for EXIM assistance.
Comments must be received on or before April 3, 2019, to be assured of consideration.
Comments may be submitted electronically on
Export-Import Bank of the United States.
Submission for OMB review and comments request.
The Export-Import Bank of the United States (EXIM), as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal Agencies to comment on the proposed information collection, as required by the Paperwork Reduction Act of 1995. This collection of information is necessary to determine eligibility of the applicant for EXIM assistance. The Application for Short-Term Multi-Buyer Export Credit Insurance Policy will be used to determine the eligibility of the applicant and the transaction for Export-Import Bank assistance under its insurance program. Export-Import Bank customers will be able to submit this form on paper or electronically.
Comments must be received on or before May 3, 2019 to be assured of consideration.
Comments may be submitted electronically on
Federal Communications Commission.
Notice of public meeting.
In accordance with the Federal Advisory Committee Act, this notice advises interested persons that the Federal Communications Commission's (FCC) Technological Advisory Council will hold a meeting at the Federal Communications Commission.
Tuesday, March 26, 2019.
Federal Communications Commission, 445 12th Street SW, Washington, DC 20554.
Michael Ha, Deputy Chief, Policy and Rules Division 202-418-2099;
At the March 26th meeting, the FCC Technological Advisory Council will discuss final recommendations from the 2018 TAC Working Groups. The FCC will attempt to accommodate as many people as possible. However, admittance will be limited to seating availability. Meetings are also broadcast live with open captioning over the internet from the FCC Live web page at
Board of Governors of the Federal Reserve System.
The Board of Governors of the Federal Reserve System (Board) is adopting a proposal to extend for three years, with revision, the Consolidated Holding Company Report of Equity Investments in Nonfinancial Companies and the Annual Report of Merchant Banking Investments Held for an Extended Period (FR Y-12 and FR Y-12A; OMB No. 7100-0300). The revisions to the FR Y-12 are applicable as of the March 31, 2019, reporting date, and the revisions to the FR Y-12A are applicable as of the December 31, 2019, reporting date.
Federal Reserve Board Clearance Officer—Nuha Elmaghrabi—Office of the Chief Data Officer, Board of Governors of the Federal Reserve System, Washington, DC 20551, (202) 452-3829. Telecommunications Device for the Deaf (TDD) users may contact (202) 263-4869, Board of Governors of the Federal Reserve System, Washington, DC 20551.
OMB Desk Officer—Shagufta Ahmed—Office of Information and Regulatory Affairs, Office of Management and Budget, New Executive Office Building, Room 10235, 725 17th Street NW, Washington, DC 20503, or by fax to (202) 395-6974.
On June 15, 1984, the Office of Management and Budget (OMB) delegated to the Board authority under the Paperwork Reduction Act (PRA) to approve and assign OMB control numbers to collection of information requests and requirements conducted or sponsored by the Board. Board-approved collections of information are incorporated into the official OMB inventory of currently approved collections of information. Copies of the Paperwork Reduction Act Submission, supporting statements and approved collection of information instrument(s) are placed into OMB's public docket files. The Board may not conduct or sponsor, and the respondent is not required to respond to, an information collection that has been extended, revised, or implemented on or after October 1, 1995, unless it displays a currently valid OMB control number.
In addition, with respect to the FR Y-12A report, section 4(k)(7)(A) of the BHC Act, (12 U.S.C. 1843(k)(7)(A)), authorizes the Board and the Treasury Department to jointly develop implementing regulations governing merchant banking activities for purposes of section 4(k)(4)(H) of the BHC Act. Section 4(k)(4)(H) of the BHC Act, (12 U.S.C. 1843(k)(4)(H)), and subpart J of the Board's Regulation Y, (12 CFR 225.170
The Board does not consider information collected on the FR Y-12 report to be confidential, and the completed version of this report generally is made available to the public upon request. However, exemption 4 of the Freedom of Information Act (FOIA) provides an exemption from public disclosure for “trade secrets and commercial or financial information obtained from a person [that is] privileged or confidential.” (5 U.S.C. 552(b)(4)). Thus, if a respondent feels that disclosure of confidential commercial or financial information on the FR Y-12 report is reasonably likely to result in substantial harm to its competitive position under exemption 4 of the FOIA, the respondent may request confidential treatment for such information pursuant to the Board's Rules Regarding the Availability of Information, 12 CFR 261.15.
The Board generally considers the information collected on the FR Y-12A to be confidential under exemption 4 of the FOIA (5 U.S.C. 552(b)(4)). Information reported on the FR Y-12A is competitively sensitive and its release would likely result in substantial harm to the competitive position of an FHC or SLHC. In addition, if the FR Y-12A data is obtained as a part of an examination or supervision of a financial institution, this information may also be withheld pursuant to exemption 8 of the FOIA, which protects information contained in “examination, operating, or condition reports” obtained in the bank supervisory process (5 U.S.C. 552(b)(8)).
The revisions to the FR Y-12 and FR Y-12A will be implemented as proposed.
The notificants listed below have applied under the Change in Bank Control Act (“Act”) (12 U.S.C. 1817(j)) and § 225.41 of the Board's Regulation Y (12 CFR 225.41) to acquire shares of a bank or bank holding company. The factors that are considered in acting on the notices are set forth in paragraph 7 of the Act (12 U.S.C. 1817(j)(7)).
The notices are available for immediate inspection at the Federal Reserve Bank indicated. The notices also will be available for inspection at the offices of the Board of Governors. Interested persons may express their views in writing to the Reserve Bank indicated for that notice or to the offices of the Board of Governors. Comments must be received not later than March 19, 2019.
1.
1.
Federal Trade Commission.
Notice.
The Federal Trade Commission announces the revised thresholds for interlocking directorates required by the 1990 amendment of Section 8 of the Clayton Act. Section 8 prohibits, with certain exceptions, one person from serving as a director or officer of two competing corporations if two thresholds are met. Competitor corporations are covered by Section 8 if each one has capital, surplus, and undivided profits aggregating more than $10,000,000, with the exception that no corporation is covered if the competitive sales of either corporation are less than $1,000,000. Section 8(a)(5) requires the Federal Trade Commission to revise those thresholds annually, based on the change in gross national product. The new thresholds, which take effect immediately, are $36,564,000 for Section 8(a)(1), and $3,656,400 for Section 8(a)(2)(A).
March 4, 2019.
James F. Mongoven (202-326-2879), Bureau of Competition, Office of Policy and Coordination.
Federal Trade Commission.
Notice.
The Federal Trade Commission announces the revised thresholds for the Hart-Scott-Rodino Antitrust Improvements Act of 1976 required by the 2000 amendment of Section 7A of the Clayton Act.
April 3, 2019.
Nora Whitehead (202-326-3100), Federal Trade Commission, Bureau of Competition, Premerger Notification Office, 400 7th Street SW, Room 5301, Washington, DC 20024.
Section 7A of the Clayton Act, 15 U.S.C. 18a, as added by the Hart-Scott-Rodino Antitrust Improvements Act of 1976, Public Law 94-435, 90 Stat. 1390 (“the Act”), requires all persons contemplating certain mergers or acquisitions, which meet or exceed the jurisdictional thresholds in the Act, to file notification with the Commission and the Assistant Attorney General and to wait a designated period of time before consummating such transactions. Section 7A(a)(2) requires the Federal Trade Commission to revise those thresholds annually, based on the change in gross national product, in accordance with Section 8(a)(5). Note that while the filing fee thresholds are revised annually, the actual filing fees are not similarly indexed and, as a result, have not been adjusted for inflation in over a decade. The new thresholds, which take effect 30 days after publication in the
Any reference to these thresholds and related thresholds and limitation values in the HSR rules (16 CFR parts 801-803) and the Antitrust Improvements Act Notification and Report Form (“the HSR Form”) and its Instructions will also be adjusted, where indicated by the term “(as adjusted)”, as follows:
By direction of the Commission.
Agency for Healthcare Research and Quality, HHS.
Notice.
This notice announces the intention of the Agency for Healthcare Research and Quality (AHRQ) to request that the Office of Management and Budget (OMB) approve the proposed information collection project:
This proposed information collection was previously published in the
Comments on this notice must be received by April 3, 2019.
Written comments should be submitted to: AHRQ's OMB Desk Officer by fax at (202) 395-6974 (attention: AHRQ's desk officer) or by email at
Doris Lefkowitz, AHRQ Reports Clearance Officer, (301) 427-1477, or by email at
In accordance with the Paperwork Reduction Act, 44 U.S.C. 3501-3521, AHRQ invites the public to comment on this proposed information collection. The Healthcare Cost and Utilization Project (HCUP, pronounced “H-Cup”) is a vital resource helping the Agency achieve its research agenda, thereby furthering its goal of improving the delivery of health care in the United States. HCUP is a family of health care databases and related software tools and products developed through a Federal-State-Industry partnership and sponsored by AHRQ. HCUP includes the largest collection of longitudinal hospital care data in the United States, with all-payer, encounter-level information beginning in 1988. The HCUP databases are annual files that contain anonymous information from hospital discharge records for inpatient care and certain components of outpatient care, such as emergency care and ambulatory surgeries. The project currently releases seven types of databases created for research use on a broad range of health issues, including cost and quality of health services, medical practice patterns, access to health care programs, and outcomes of treatments at the national, State, and local market levels. HCUP also produces a large number of software tools to enhance the use of administrative health care data for research and public health use. Software tools use information available from a variety of sources to create new data elements, often through sophisticated algorithms, for use with the HCUP databases.
HCUP's objectives are to:
• Create and enhance a powerful source of national, state, and all-payer health care data.
• Produce a broad set of software tools and products to facilitate the use of HCUP and other administrative data.
• Enrich a collaborative partnership with statewide data organizations (that voluntarily participate in the project) aimed at increasing the quality and use of health care data.
• Conduct and translate research to inform decision making and improve health care delivery.
This project is being conducted by AHRQ through its primary contractor and subcontractor, IBM Watson Health and Social & Scientific Systems, Inc., pursuant to AHRQ's statutory authority to conduct and support research on health care and on systems for the delivery of such care, including activities with respect to the outcomes, cost, cost-effectiveness, and use of health care services and access to such services. 42 U.S.C. 299a(a)(3).
The HCUP releases seven types of databases for public research use:
(1) The National Inpatient Sample (NIS) is the largest all-payer inpatient care database in the United States, yielding national estimates of hospital inpatient stays. The NIS approximates 20 percent of the discharges from all U.S. community hospitals and contains data from approximately 7 million hospital stays each year. NIS data releases are available for purchase from the HCUP Central Distributor for data years beginning in 1988.
(2) The Kids' Inpatient Database (KID) is the only all-payer inpatient care database for children in the United States. The KID was specifically designed to permit researchers to study a broad range of conditions and procedures related to child health issues. The KID contains a sample of 2 to 3 million discharges for children age 20 and younger from more than 4,200 U.S. community hospitals. KID data releases are available every third year starting in 1997.
(3) The Nationwide Emergency Department Sample (NEDS) is the largest all-payer ED database in the United States. It is constructed to capture information both on ED visits that do not result in an admission and on ED visits that result in an admission to the same hospital. The NEDS contains more than 31 million unweighted records for ED visits at about 950 U.S. community hospitals and approximates a 20-percent stratified sample of U.S. hospital-based EDs. NEDS data releases are available beginning with data year 2006.
(4) The State Inpatient Databases (SID) contain the universe of inpatient discharge abstracts from data organizations in 48 States and the District of Columbia that currently participate in the SID. Together, the SID encompass approximately 97 percent of all U.S. community hospital discharges. Most States that participate in the SID make their data available for purchase through the HCUP Central Distributor. Files are available beginning with data year 1990.
(5) The State Ambulatory Surgery and Services Databases (SASD) contain encounter-level data from ambulatory surgery and other outpatient services from hospital-owned facilities. In addition, some States provide data for ambulatory surgery and outpatient services from nonhospital-owned facilities. Currently, 35 States participate in the SASD. Files are available beginning with data year 1997.
(6) The State Emergency Department Databases (SEDD) contain data from hospital-owned emergency departments (ED) for visits that do not result in a hospitalization. Currently, 38 States participate in the SEDD. Files are available beginning with data year 1999.
(7) The Nationwide Readmissions Database (NRD) is designed to support various types of analyses of national readmission rates. This database addresses a large gap in health care data—the lack of nationally representative information on hospital readmissions. The NRD is a calendar-year, discharge-level database constructed from the HCUP State Inpatient Databases (SID).
To support AHRQ's mission to improve health care through scientific research, HCUP databases and software tools are disseminated to users outside of the Agency through a mechanism known as the HCUP Central Distributor at
This information collection request is for the activities associated with the HCUP database application process, not the collection of health care data for HCUP databases.
The activities associated with this application include:
(1) HCUP Application. All persons requesting access to the HCUP databases must complete an application at
(2) HCUP DUA Training. All persons wanting access to the HCUP databases must complete an online training course. The purpose of the training is to emphasize the importance of data protection, reduce the risk of inadvertent violations, and describe the individual's responsibility when using HCUP data. The training course can be accessed and completed online at
(3) HCUP DUA. All persons wanting access to the HCUP databases must sign a data use agreement. An example DUA for the Nationwide databases is available at
HCUP databases are released to researchers outside of AHRQ after the completion of required training and submission of an application that includes a signed HCUP DUA. In addition, before restricted access public release state-level databases are released, AHRQ must review and approve the applicant's statement of intended use to ensure that the planned use is consistent with HCUP policies and with the HCUP DUA. Fees are set for databases released through the HCUP Central Distributor depending on the type of database. The fee for sale of state-level data is determined by each participating Statewide Data Organization and reimbursed to those organizations. Information collected in the HCUP Application process will be used for two purposes only:
1. Business Transaction: In order to deliver the HCUP databases and software, contact information is necessary for shipping some types of HCUP data on disk (or any other media used in the future).
2. Enforcement of the HCUP DUA: The HCUP DUA contains several restrictions on use of the data. Most of these restrictions have been put in place to safeguard the privacy of individuals and establishments represented in the data. For example, data users can only use the data for research, analysis, and aggregate statistical reporting and are prohibited from attempting to identify any persons in the data. Contact information on HCUP DUAs is retained in the event that a violation of the DUA takes place.
Exhibit 1 shows the estimated annualized burden associated with the applicants' time to order any of the HCUP databases. An estimated 1,500 persons will order HCUP data annually. Each of these persons will complete an application (10 minutes), the DUA training (15 minutes) and a DUA (5 minutes). The total burden is estimated to be 750 hours annually.
Exhibit 2 shows the estimated annualized cost burden associated with the applicants' time to order HCUP data. The total cost burden is estimated to be $29,662 annually.
In accordance with the Paperwork Reduction Act, comments on AHRQ's information collection are requested with regard to any of the following: (a) Whether the proposed collection of information is necessary for the proper performance of AHRQ health care research and health care information dissemination functions, including whether the information will have practical utility; (b) the accuracy of AHRQ's estimate of burden (including hours and costs) of the proposed collection(s) of information; (c) ways to enhance the quality, utility, and clarity of the information to be collected; and (d) ways to minimize the burden of the collection of information upon the respondents, including the use of automated collection techniques or other forms of information technology.
Comments submitted in response to this notice will be summarized and included in the Agency's subsequent request for OMB approval of the proposed information collection. All comments will become a matter of public record.
In accordance with the Paperwork Reduction Act of 1995, the Centers for Disease Control and Prevention (CDC) has submitted the information collection request titled Capacity Building Assistance Program: Assessment and Quality Control to the Office of Management and Budget (OMB) for review and approval. CDC previously published a “Proposed Data Collection Submitted for Public Comment and Recommendations” notice on September 6, 2018 to obtain comments from the public and affected agencies. CDC did not receive comments related to the previous notice. This notice serves to allow an additional 30 days for public and affected agency comments.
CDC will accept all comments for this proposed information collection project. The Office of Management and Budget is particularly interested in comments that:
(a) Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;
(b) Evaluate the accuracy of the agencies estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used;
(c) Enhance the quality, utility, and clarity of the information to be collected;
(d) Minimize the burden of the collection of information on those who are to respond, including, through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology,
(e) Assess information collection costs.
To request additional information on the proposed project or to obtain a copy of the information collection plan and instruments, call (404) 639-7570 or send an email to
The Centers for Disease Control and Prevention (CDC) is requesting the Office of Management and Budget (OMB) to grant a one year revision to
CDC is requesting to use two web-based assessments that will be administered to recipients of CBA services: (1) Training Follow-Up Instrument and (2) Technical Assistance Satisfaction Instrument. The first quantitative assessment will be disseminated 90 days after a training event to agency staff who participated in a training activity. It takes approximately 15 minutes to complete. The purpose of this web-based assessment is to determine the training participants' satisfaction with the trainers, training materials, and the course pace, benefits from the training, and CBA needs, how relevant the training was to their work, and whether they were able to utilize the information gained from the training. The second quantitative assessment will be disseminated 45 days after a technical assistance event to agency staff who participated in a technical assistance. This instrument takes approximately 15 minutes to complete. The purpose of the second assessment is to assess participants' satisfaction with the technical assistance they received, intended or actual use of enhanced capacity, barriers and facilitators to use, and benefits of the technical assistance. The 7,400 respondents represent an average of the number of health professionals who receive training and technical assistance from the CBA and PTC grantees during the years 2010 and 2011. The data collection is necessary (a) to assess CBA consumers' (community-based organizations, health departments, and healthcare organizations) satisfaction with and short-term outcomes from the overall CBA program as well as specific elements of the CBA program; (b) to improve CBA services and enhance the Capacity Building Branch's national capacity building strategy over time; (c)to assess the performance of the grantees in delivering training and technical assistance and to standardize the registration processes across the two CBA programs (
Centers for Disease Control and Prevention (CDC), Department of Health and Human Services (HHS).
Notice with comment period.
The Centers for Disease Control and Prevention (CDC), as part of its continuing efforts to reduce public burden and maximize the utility of government information, invites the general public and other Federal agencies to take this opportunity to comment on proposed and/or continuing information collections, as required by the Paperwork Reduction Act of 1995. This notice invites comment on the Birth Defects Study To Evaluate Pregnancy exposureS (BD-STEPS). The purpose of BD-STEPS is to identify modifiable maternal exposures in pregnancy that may increase the risk for having a pregnancy affected by certain major, structural birth defects. This revision proposes to add stillbirths without defects to the study population for two Centers and implement a supplemental telephone interview for these two Centers' stillbirths (with and without birth defects) and their controls.
Written comments must be received on or before May 3, 2019.
You may submit comments, identified by Docket No. CDC-2019-0005 by any of the following methods:
•
•
To request more information on the proposed project or to obtain a copy of the information collection plan and instruments, contact Jeffrey M. Zirger, Information Collection Review Office, Centers for Disease Control and Prevention, 1600 Clifton Road NE, MS-D74, Atlanta, Georgia 30329; phone: 404-639-7570; Email:
Under the Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501-3520), Federal agencies must obtain approval from the Office of Management and Budget (OMB) for each collection of information they conduct or sponsor. In addition, the PRA also requires Federal agencies to provide a 60-day notice in the
The OMB is particularly interested in comments that will help:
1. Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;
2. Evaluate the accuracy of the agency's estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used;
3. Enhance the quality, utility, and clarity of the information to be collected; and
4. Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology,
5. Assess information collection costs.
Birth Defects Study To Evaluate Pregnancy exposures (BD-STEPS) (formerly titled The National Birth Defects Prevention Study (NBDPS)), (OMB Control No. 0920-0010, Expiration 02/29/2020)—Revision—National Center on Birth Defects and Developmental Disabilities (NCBDDD), Centers for Disease Control and Prevention (CDC).
CDC has been monitoring the occurrence of serious birth defects and genetic diseases in Atlanta since 1967 through the Metropolitan Atlanta Congenital Defects Program (MACDP). The MACDP is a population-based surveillance system for birth defects currently covering three counties in Metropolitan Atlanta. Since 1997, CDC has funded case-control studies of major birth defects that utilize existing birth defect surveillance registries (including MACDP) to identify cases and study birth defects causes in participating states/municipalities across the United States.
The current study, BD-STEPS, is a case-control study that is similar to the previous CDC-funded birth defects case-control study, NBDPS, which stopped interviewing participants in 2013. As with NBDPS, BD-STEPS control infants are randomly selected from birth certificates or birth hospital records; mothers of case and control infants are interviewed using a computer-assisted telephone interview.
The results from NBDPS have improved understanding of the causes of birth defects. Over 200 articles have been written in professional journals using the data from NBDPS, and BD-STEPS data will soon be added to NBDPS data for analysis. The current BD-STEPS revision is an addition to the study population for two BD-STEPS Centers. Specifically, in these two Centers mothers of stillbirths without major birth defects will be added to the study population for BD-STEPS and mothers of all stillbirths (with and without birth defects) and all controls in these two Centers will be asked to participate in a supplemental telephone interview.
The BD-STEPS interview takes approximately 55 minutes to complete and is 10 minutes longer than the previously OMB-approved interview (the burden estimate includes both the introductory telephone script/consent and questionnaire). For the five Centers not participating in the stillbirth component of the study, a maximum of 370 interviews are planned per year per center, 270 cases and 100 controls; for the two Centers participating in additional stillbirth interviews, 590 interviews are planned per Center, 270 cases with birth defects, 100 controls, and 220 stillbirths without birth defects. With seven Centers and a maximum of 3,040 interviews, the maximum interview burden for all centers combined would be 2,787 hours per
Five of the seven BD-STEPS Centers request consent for retrieval of leftover newborn bloodspots. If a maximum of 2,600 interviews would be expected for seven Centers, a maximum of 1,850 would be expected for five Centers (excluding stillbirths, for which newborn bloodspots are not available). A maximum of 15 minutes would be expected for the participant to read the bloodspot retrieval consent request and to read and sign the consent form. The anticipated maximum burden for bloodspot consent would be 463 hours annually.
With a maximum of 2,600 interviews planned annually, and approximately one third of the respondents eligible for the online questionnaire (selected based on reporting occupations queried in the questionnaire), a maximum of 830 women would receive the online questionnaire. Completion of the online questionnaire is estimated to take 20 minutes including reading introductory communication. The anticipated maximum burden for the online questionnaire is 277 hours annually.
We will request the release of reportable infectious diseases information from all women who complete the CATI. Of the 2,600 interviews planned annually, a maximum of 2,600 women would receive the infectious disease information request. Based on experience with consent forms, we expect the review, signing and mailing of the release of reportable infectious diseases information to take a maximum of 15 minutes for participants. The anticipated maximum burden for the reportable infectious diseases information is 650 hours annually.
In the two Centers participating in the supplemental interview, mothers of infants with or without birth defects that are stillborn and controls will be asked to participate in a supplemental telephone interview. The 25 minute supplemental interview will include the time for informed consent (Attachment Z). Based on a maximum of 640 women to be interviewed with the supplemental questionnaire, the maximum burden time would be 267 hours annually.
The total estimates of annual burden hours for all activities for all individuals for all Centers is 4,443 hours. The estimates of annualized burden hours represent the total population however due to lower participation rates (no more than 60%, the actual burden will be lower as well. There are no costs to the respondents other than their time.
In accordance with the Paperwork Reduction Act of 1995, the Centers for Disease Control and Prevention (CDC) has submitted the information collection request titled
CDC will accept all comments for this proposed information collection project. The Office of Management and Budget is particularly interested in comments that:
(a) Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;
(b) Evaluate the accuracy of the agencies estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used;
(c) Enhance the quality, utility, and clarity of the information to be collected;
(d) Minimize the burden of the collection of information on those who are to respond, including, through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology,
(e) Assess information collection costs.
To request additional information on the proposed project or to obtain a copy of the information collection plan and instruments, call (404) 639-7570 or send an email to
Application for Training (OMB No. 0920-0017, expiration 06/30/2019)—Revision—Center for Surveillance, Epidemiology and Laboratory Services (CSELS), Centers for Disease Control and Prevention (CDC).
CSELS requests a three year approval for a revision to the Training and Continuing Education Online (TCEO) system, which will comprise four data collection and management tools. Requested revisions are (1) to add questions to the existing TCEO New Participant Registration and (2) to introduce a Post-Course Evaluation and a Follow-Up Evaluation. No changes are requested for the existing TCEO Proposal Tool.
TCEO provides access to CDC educational activities that offer continuing education to public health and healthcare professionals (learners) to maintain their professional licensures and certifications. Licensures and certifications are mandatory for certain health professionals to provide services that prevent and mitigate illness and save lives. Employees of hospitals, universities, medical centers, state and local health departments, and federal agencies participate in CDC's accredited educational activities to learn about current public health and healthcare practices. CDC is accredited by seven accreditation organizations to provide continuing education for public health and healthcare professionals.
CDC and CDC-funded educational activities include classroom study, conferences, and electronic learning (e-learning). The TCEO Proposal expedites submission, review, and accreditation processes for these CDC and CDC-funded educational activities. The information collected from educational developers provides CDC with the information necessary to meet accreditation requirements. CDC reviews proposals to ensure compliance with requirements and awards continuing education when activities meet accreditation standards. The educational activities that can offer continuing education are then added to TCEO for learners to access.
Accreditation organizations require a method of tracking learners who complete an educational activity and some require collection of profession-specific data, among other requirements. CDC requires health professionals who seek continuing education to establish an account by completing the TCEO New Participant Registration. CDC relies on this electronic form to collect information needed to coordinate learner registrations for educational activities.
The proposed inclusion of two new evaluation tools is required by accreditation organizations to ensure compliance with accreditation standards. Public health professionals will be required to take the TCEO Post-course Evaluation after they have participated in an educational activity and before they can earn continuing education. Health professionals who have received continuing education for the activity will be encouraged to complete the TCEO Follow-up Evaluation when a link is sent to them from TCEO by email. Reports on responses to both tools will be submitted to accreditation organizations when they conduct audits or when CDC requests renewal of accreditation. Both new tools provide information to help CDC improve the quality of its educational activities.
Proposed changes will ensure that CDC is in compliance with accreditation requirements, and improve the quality of educational activities, while continuing to offer accredited educational activities at no cost to learners. Because of the increasing demand for accredited educational activities that offer free CE for licensures and certifications, TCEO experiences a continued increase in educational activities completed each year by registered learners. Every year, the number of times learners complete steps to earn continuing education increases by approximately 15%. The two new evaluation tools will be shared with all learners who complete educational activities in TCEO, causing the annual burden estimate to increase significantly. The annual burden table has been updated to reflect the new TCEO Post-course Evaluation (66,667 burden hours) and the new TCEO Follow-up Evaluation (2,000 burden hours), for a total of 85,934 burden hours. There are no costs to respondents.
In accordance with the Paperwork Reduction Act of 1995, the Centers for Disease Control and Prevention (CDC) has submitted the information collection request titled
CDC will accept all comments for this proposed information collection project. The Office of Management and Budget is particularly interested in comments that:
(a) Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;
(b) Evaluate the accuracy of the agencies estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used;
(c) Enhance the quality, utility, and clarity of the information to be collected;
(d) Minimize the burden of the collection of information on those who are to respond, including, through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology,
(e) Assess information collection costs.
To request additional information on the proposed project or to obtain a copy of the information collection plan and instruments, call (404) 639-7570 or send an email to
Emergency Cruise Ship Outbreak Investigations (CSOIs)—Existing Collection in Use without an OMB Control Number—National Center for Environmental Health (NCEH), Centers for Disease Control and Prevention (CDC).
Established in 1975 as a cooperative activity with the cruise ship industry, the Centers for Disease Control and Prevention (CDC) Vessel Sanitation Program (VSP) develops and implements comprehensive sanitation programs to minimize the risk of gastrointestinal diseases, by coordinating and conducting operational inspections, ongoing surveillance of gastrointestinal illness, and outbreak investigations on vessels.
Under the authority of the Public Health Service Act (42 U.S.C. Sections 264 and 269), the VSP is requesting a three-year approval for a new generic clearance information collection request (ICR). This ICR will provide the quick turn-around necessary to conduct emergency cruise ship outbreak investigations (CSOIs) in response to acute gastroenteritis (AGE) outbreaks. CSOIs are used to determine the causative agents and their sources, modes of transmission, or risk factors. The VSP's jurisdiction includes passenger vessels carrying 13 or more people sailing from foreign ports and within 15 days of arriving at a U.S. port.
VSP uses its syndromic surveillance system called the Maritime Illness and Death Reporting System (MIDRS) (approved under “Foreign Quarantine Regulations” [OMB Control No. 0920-0134, expiration date 05/31/2019]) to collect aggregate data about the number of people onboard ships in VSP's jurisdiction who are experiencing AGE symptoms. When the levels of illness meet VSP's alert threshold (
Causative agent, sources of exposure, modes of transmission, and risk factors can be ascertained by gathering the following types of information from both the affected and (seemingly) unaffected populations:
• Demographic information,
• Pre-embarkation travel information,
• Symptoms, including type, onset, duration,
• Contact with people who were sick or their body fluids,
• Participation in ship and shore activities,
• Locations of eating and drinking, and
• Foods and beverages consumed both on the ship and on shore.
Rapid and flexible data collection is imperative given the mobile environment, the remaining duration of the voyage left for investigation, and the loss to follow-up if delays allow passengers to disembark and leave the ship, including those returning to locations outside of the U.S.
This new generic clearance will cover investigations that meet all of the following criteria:
• The investigation is urgent in nature (
• The investigation is characterized by undetermined agents, undetermined sources, undetermined modes of transmission, or undetermined risk factors.
• One or more CDC staff (including trainees and fellows) will be deployed to the field.
• Most CSOIs involve two to five days of data collection; data collection is completed in 30 days or less.
This new generic clearance excludes each of the following:
• Investigations related to non-urgent outbreaks or events.
• Investigations conducted for the primary purpose of program evaluation, surveillance, needs assessment, or research (
• Investigations with data collection expected for greater than 30 days.
The VSP estimates 10 CSOIs annually in response to cruise ship AGE
Centers for Disease Control and Prevention (CDC), Department of Health and Human Services (HHS).
Notice with comment period.
The Centers for Disease Control and Prevention (CDC), as part of its continuing effort to reduce public burden and maximize the utility of government information, invites the general public and other Federal agencies the opportunity to comment on a proposed and/or continuing information collection, as required by the Paperwork Reduction Act of 1995. This notice invites comment on a proposed information collection project titled US Zika Pregnancy registry, is to seek Paperwork Reduction Act (PRA) clearance to monitor the frequency and types of adverse birth outcomes for women with laboratory evidence of Zika virus infection during pregnancy and their infants and to strengthen the public health response to the Zika virus disease outbreak.
CDC must receive written comments on or before May 3, 2019.
You may submit comments, identified by Docket No. CDC-2019-0009 by any of the following methods:
•
•
To request more information on the proposed project or to obtain a copy of the information collection plan and instruments, contact Jeffrey M. Zirger, Information Collection Review Office, Centers for Disease Control and Prevention, 1600 Clifton Road NE, MS-D74, Atlanta, Georgia 30329; phone: 404-639-7570; Email:
Under the Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501-3520), Federal agencies must obtain approval from the Office of Management and Budget (OMB) for each collection of information they conduct or sponsor. In addition, the PRA also requires Federal agencies to provide a 60-day notice in the
The OMB is particularly interested in comments that will help:
1. Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;
2. Evaluate the accuracy of the agency's estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used;
3. Enhance the quality, utility, and clarity of the information to be collected; and
4. Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology,
5. Assess information collection costs.
US Zika Pregnancy Registry (OMB Control No. 0920-1143, Expiration 11/30/2019)—Extension—National Center on Birth Defects and Developmental Disabilities (NCBDDD), Centers for Disease Control and Prevention (CDC).
In May 2015, the World Health Organization reported the first local transmission of Zika virus in the Western Hemisphere, with autochthonous cases identified in Brazil. As of March 16, 2016, local transmission has been identified in at least 32 countries or territories in the Americas. Further spread to other countries in the region is likely. Local vector-borne transmission of Zika virus has not been documented in the 50 U.S. states or the District of Columbia, but has occurred in US territories, including in Puerto Rico, the US Virgin Islands, and American Samoa. However, Zika virus infections have been reported in travelers returning to the United States from areas with active Zika virus transmission. Zika virus infection also has occurred through sexual transmission, which may pose an additional risk to non-travelling pregnant women whose partners may have traveled to areas at high risk for Zika virus acquisition. With the ongoing outbreak in the Americas, the number of Zika virus disease cases among travelers returning to the United States likely will
In some Brazilian states where Zika virus transmission has occurred, there has been an increase in cases of infants born with microcephaly. Zika virus infections have been confirmed in several infants with microcephaly and in fetal losses in women infected during pregnancy. In addition to microcephaly, a range of other problems have been detected among fetuses and infants infected with Zika virus before birth, such as absent or poorly developed brain structures, defects of the eye, hearing deficits, and impaired growth. The Ministry of Health in Brazil, with support from the Pan American Health Organization (PAHO), the U.S. Centers for Disease Control and Prevention (CDC), and other partners, is investigating the association between Zika virus infection and microcephaly, as well as other adverse pregnancy and infant outcomes.
Zika virus disease and Zika virus congenital infection are nationally notifiable conditions for which the Council of State and Territorial Epidemiologists (CSTE) has established interim case definitions. All 50 states, the District of Columbia, and Puerto Rico, the U.S. Virgin Islands, American Samoa, Guam, and the Northern Mariana Islands currently participate in reporting of arboviral diseases through ArboNET. However, ArboNET does not capture all the information needed to provide timely situational awareness in the context of the ongoing public health response. In particular, ArboNET collects limited data on pregnancy, pregnancy and birth outcomes, and congenital infections, all of which are necessary for informing ongoing response efforts.
As part of the public health response to the Zika virus disease outbreak, CDC will conduct supplemental surveillance of antenatal diagnostic testing and clinical outcomes among pregnant women with laboratory evidence of Zika virus or unspecified flavivirus infection and their infants through the U.S. Zika Pregnancy Registry. It is anticipated that the Registry will provide critical information to direct CDC clinical recommendations and public health guidance and messages.
The data to be collected for the Registry includes information about Zika infection-related tests and procedures conducted as part of the mother's and child's routine clinical care, and in line with existing CDC, American College of Obstetricians and Gynecologists and Society of Maternal Fetal Medicine, and American Academy of Pediatrics recommendations for evaluation, diagnosis, and follow-up of women infected with Zika virus during pregnancy and their children. No additional tests or procedures will be performed specifically for Registry purposes.
This request is submitted to extend the collection period of collection OMB number 0920-1143 for an additional three years. The total estimated annual burden hours are 23,833. There are no costs to the respondents other than their time.
Administration for Community Living (ACL), HHS.
Notice.
The Administration for Community Living is announcing that the proposed collection of information listed above has been submitted to the Office of Management and Budget (OMB) for review and clearance as required under Paperwork Reduction Act of 1995. This 30-Day notice collects comments on the information collection requirements related to the Revision of a Currently Approved Collection (ICR Rev) and solicits comments on the information collection requirements related to the annual Program Performance Report (PPR) for the American Indian, Alaskan Natives and Native Hawaiian Programs under Title VI of the Older Americans Act.
Submit written comments on the collection of information by April 3, 2019.
Submit written comments on the collection of information by:
Kristen Hudgins, Social Science Analyst, Administration for Community Living, Washington, DC 20201, 202-795-7732 or
In compliance with 44 U.S.C. 3507, ACL has submitted the following proposed collection of information to OMB for review and clearance. The data collection materials for the annual performance data for the Administration for Community Living's American Indian, Alaskan Natives and Native Hawaiian Programs (OAA Title VI) is a revision of a currently approved annual program performance data collection (OMB# 0985-0059). These data collection materials have been updated to better align with comparable data collected for ACL's other nutritional, supportive, and caregiving grants. Proposed changes include adding data components and updating others for more accurate reporting of persons served and activities provided through the Title VI-funded programs. The revised data collection will provide data necessary to determine the effectiveness of the program. Some examples of these changes are updating definitions in Title VI to be more in line with Title III, asking for unduplicated numbers of people served for different services and the number of hours spent providing said services. Additionally, the caregiver portion of the PPR has been updated to collect more information around types of caregivers served and unduplicated numbers of caregivers. Another element added has to do with information on expenditures. This data collection will also support ACL in tracking performance outcomes and efficiency measures with respect to the annual and long-term performance targets established in compliance with the Government Performance Results Modernization Act (GPRAMA).
A notice was published in the
The proposed form(s) may be found on the ACL website at
Title VI funding is broken into three categories. Parts A and B are for nutritional and supportive programming, and ask for the same information. Part A is for American Indian and Alaska Native grantees, and Part B is for Native Hawaiian grantees. Part C is for caregiver programming. All Part C grantees must have Part A/B funding; but not all Part A/B grantees will have Part C programs. Therefore, there are 270 unique respondents, but only 237 will have to complete all portions of the PPR. ACL believes that the increase in burden hours is justified by the improved quality of the data and will ultimately improve the services provided to Native Elders.
Food and Drug Administration, HHS.
Notice.
The Food and Drug Administration (FDA) is announcing that a proposed collection of information has been submitted to the Office of Management and Budget (OMB) for review and clearance under the Paperwork Reduction Act of 1995.
Fax written comments on the collection of information by April 3, 2019.
To ensure that comments on the information collection are received, OMB recommends that written comments be faxed to the Office of Information and Regulatory Affairs, OMB, Attn: FDA Desk Officer, Fax: 202-395-7285, or emailed to
JonnaLynn Capezzuto, Office of Operations, Food and Drug Administration, Three White Flint North, 10A-12M, 11601 Landsdown St., North Bethesda, MD 20852, 301-796-3794,
In compliance with 44 U.S.C. 3507, FDA has submitted the following proposed collection of information to OMB for review and clearance.
Section 412(h)(1) of the Federal Food, Drug, and Cosmetic Act (FD&C Act) (21 U.S.C. 350a(h)(1)) exempts an infant formula that is represented and labeled for use by an infant with an inborn error of metabolism, low birth weight, or who otherwise has an unusual medical or dietary problem from the requirements of section 412(a)-(c) of the FD&C Act. These formulas are customarily referred to as “exempt infant formulas.” Under part 106 (21 CFR part 106), we established requirements for quality factors for infant formulas and CGMPs, including quality control procedures. This collection of information will help prevent the manufacture of adulterated infant formula, ensure the safety of infant formula, and ensure that the nutrients in infant formula are present in a form that is bioavailable.
In the
Our estimate of the burden of the recordkeeping recommendations includes the one-time burden of developing production and in-process control systems and the annual burdens of developing and maintaining aggregate production and control records, records pertaining to the distribution of infant formula, and records pertaining to regularly scheduled audits. Included in the burden estimate is the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing each collection of information.
The guidance recommended, to the extent practicable, that respondents include records required by part 106, subparts A, B, C, D, and F for non-exempt infant formulas. Because the records and reporting requirements related to part 106, subparts E and G are not generally applicable to exempt infant formula manufacturers, FDA is not recommending in the guidance that exempt infant formula manufacturers follow these requirements. As such, the records and reporting requirements in part 106, subparts E and G are not part of this information collection.
In the
We estimate the burden of the information collection as follows:
Based on a review of the information collection, we made a correction since the last OMB approval. While the one-time estimated recordkeeping burden remains as 19,320 hours, we increased the annual estimated recurring recordkeeping burden to 85,889.64 hours due to a calculation error (a 79,561.58 hour increase) for a total recordkeeping burden of 105,209.64 hours.
Food and Drug Administration, HHS.
Notice.
The Food and Drug Administration (FDA or Agency) is evaluating substances that have been nominated for inclusion on a list of bulk drug substances (active pharmaceutical ingredients) for which there is a clinical need (the 503B Bulks List). Drug products that outsourcing facilities compound using bulk drug substances on the 503B Bulks List can qualify for certain exemptions from the Federal Food, Drug, and Cosmetic Act (FD&C Act) provided certain conditions are met. This notice identifies two bulk drug substances that FDA has considered and is not including on the list at this time: Nicardipine hydrochloride and vasopressin. Additional bulk drug substances nominated by the public for inclusion on this list are currently under consideration and will be the subject of future notices.
The announcement of the notice is published in the
Submit electronic comments on bulk drug substances nominated for the 503B Bulks List to Docket No. FDA-2015-N-3469. Submit written comments on bulk drug substances nominated for the 503B Bulks List to the Dockets Management Staff (HFA-305), Food and Drug Administration, 5630 Fishers Lane, Rm. 1061, Rockville, MD 20852. All comments should be identified with the docket number found in brackets in the heading of this document.
Elizabeth Hankla, Center for Drug Evaluation and Research, Food and Drug Administration, 10903 New Hampshire Ave., Bldg. 51, Rm. 5216,
Compounded drug products can serve an important role for patients for whom an FDA-approved drug product is not appropriate, such as patients who have an allergy and need a medication to be made without a certain dye or hospital inpatients who need infusions of a drug combined with a particular diluent not specified in the approved product labeling. However, they also pose a higher risk to patients than FDA-approved drugs. In 2012, contaminated injectable drug products that a State-licensed compounding pharmacy shipped to patients and healthcare practitioners across the country caused a fungal meningitis outbreak that resulted in more than 60 deaths and 750 cases of infection.
In response to this outbreak, Congress enacted the Drug Quality and Security Act (Pub. L. 113-54), which, among other things, added new section 503B to the FD&C Act (21 U.S.C. 353b) and created a new category of compounders known as outsourcing facilities.
Drug products compounded under the conditions in section 503B are not exempt from current good manufacturing practice (CGMP) requirements in section 501(a)(2)(B) of the FD&C Act (21 U.S.C. 351(a)(2)(B)).
Because compounded drug products are not FDA-approved, they have not undergone FDA premarket review for safety, effectiveness, and quality. Although outsourcing facilities must comply with CGMP requirements and are inspected by FDA according to a risk-based schedule, their drug products have not been determined to be safe or effective for the conditions of use reflected in drug product labeling and have not been subjected to a premarket inspection or associated with a finding of manufacturing quality, all of which are part of the drug approval process. Because compounded drug products are subject to a lower regulatory standard than FDA-approved drug products, they should only be used by patients who could not use an FDA-approved drug product.
When a compounded drug is appropriate for a patient, outsourcing facilities may be able to prepare that drug using an FDA-approved drug product as the starting material. On other occasions it may be necessary to compound the drug from a bulk drug substance.
In sum, section 503B's limitation on the 503B Bulks List to bulk drug substances for which there is a clinical need serves important public health functions. First, it helps to limit patient exposure to compounded drug products, which have not been demonstrated to be safe and effective, to those situations in which the compounded drug product is necessary for patient treatment. Second, it preserves the incentives for applicants to invest in the research and testing required to obtain FDA approval and to continue to manufacture FDA-approved drug products, thereby helping to maintain a supply of high-quality, safe, and effective drugs.
Section 503B of the FD&C Act describes the conditions that must be satisfied for drug products compounded by an outsourcing facility to be exempt from the approval, labeling, and drug supply chain security requirements cited above.
Section 503B directs FDA to establish the 503B Bulks List by (1) publishing a notice in the
For purposes of section 503B,
In the
As FDA evaluates bulk drug substances, it intends to publish notices for public comment in the
FDA intends to maintain a current list of all bulk drug substances it has evaluated on its website, with separate lists for bulk drug substances it has placed on the 503B Bulks List and those it has decided not to place on the 503B Bulks List. FDA will only place a bulk drug substance on the 503B Bulks List where it has determined there is a clinical need for outsourcing facilities to compound drug products using the bulk drug substance. If a clinical need to compound drug products using the bulk drug substance has not been demonstrated, based on the information submitted by the nominator and any other information considered by the Agency, FDA will not place a bulk drug substance on the 503B Bulks List.
FDA intends to evaluate the bulk drug substances nominated for the 503B Bulks List on a rolling basis. FDA will evaluate and publish in the
As noted above, section 503B(a)(2)(A)(i) provides that the 503B Bulks List is to include “bulk drug substances for which there is a clinical need.” The Agency is evaluating bulk drug substances that were nominated for inclusion on the 503B Bulks List, proceeding case by case, under the standard provided by the statute.
The bulk drug substances that we are addressing in this notice are components of FDA-approved drug products, and we evaluated them by asking the following questions:
(1) Is there a basis to conclude, for each FDA-approved product that includes the nominated bulk drug substance, that (a) an attribute of the FDA-approved drug product makes it medically unsuitable to treat certain patients for a condition that FDA has identified for evaluation, and (b) the drug product proposed to be compounded is intended to address that attribute?
(2) Is there a basis to conclude that the drug product proposed to be compounded must be produced from a bulk drug substance rather than from an FDA-approved drug product?
The reason for question (1) is that unless an attribute of the FDA-approved drug is medically unsuitable for certain patients, and the drug product to be compounded is intended to address that attribute, we do not expect that there will be a clinical need for a patient to use a compounded drug product. Rather, such compounding would unnecessarily expose patients to the risks associated with drug products that have not been shown to meet the standards applicable to FDA-approved drug products for safety, effectiveness, quality, and labeling and would undermine the drug approval process. The reason for question (2) is that to place a bulk drug substance on the 503B Bulks List, FDA must determine that there is a clinical need for outsourcing facilities to compound a drug product
If the answer to both of these questions is “yes,” there may be clinical need for outsourcing facilities to compound using the bulk drug substance, and we would analyze the question further.
In August 2018, the Agency issued a
Nicardipine hydrochloride has been nominated for inclusion on the 503B Bulks List.
Because nicardipine hydrochloride is a component of FDA-approved drug products, we considered whether (1) there is a basis to conclude that an attribute of each FDA-approved drug product makes each one medically unsuitable to treat certain patients for a condition that FDA has identified for evaluation, and the nicardipine hydrochloride drug product proposed to be compounded is intended to address that attribute in each FDA-approved drug product; and (2) whether the drug product proposed to be compounded must be compounded using a bulk drug substance.
The nomination proposed to include on the list nicardipine hydrochloride injection compounded to concentrations of 0.1 mg/mL through 2.5 mg/mL. The nomination does not identify attributes of the approved nicardipine hydrochloride products that make them medically unsuitable to treat certain patients and that the proposed compounded drug products are intended to address. Specifically, the nomination did not explain why ready-to-use nicardipine hydrochloride injection at 0.1 mg/mL and 0.2 mg/mL, and the 2.5 mg/mL single dose vial (for dilution) are medically unsuitable for certain patients.
A commenter on FDA's proposal not to include nicardipine hydrochloride on the 503B Bulks List indicated that an attribute of approved nicardipine hydrochloride injections, the presence of the excipient benzoic acid, makes those approved drug products medically unsuitable for patients who have an allergy to benzoic acid and that drug products would be compounded from the bulk drug substance nicardipine hydrochloride without benzoic acid. However, the commenter did not acknowledge the availability of FDA-approved benzoic acid-free nicardipine hydrochloride ready-to-use solutions for intravenous administration or explain why these approved drug products would be medically unsuitable for patients who have an allergy to benzoic acid.
Accordingly, with respect to the nicardipine hydrochloride drug products proposed to be compounded, FDA finds no basis to conclude that an attribute of each of the approved drug products makes each one medically unsuitable to treat certain patients for a condition that FDA has identified for evaluation.
The nomination provided no basis to conclude that drug products containing nicardipine hydrochloride must be compounded using a bulk drug substance rather than using an FDA-approved drug product. The nomination
Vasopressin was nominated for inclusion on the 503B Bulks List to compound drug products that treat septic shock, post-cardiotomy shock, diabetes insipidus, and hypotension.
VASOSTRICT is available in a multidose vial that contains the preservative agent chlorobutanol and in a single dose vial that does not contain chlorobutanol. The VASOSTRICT labeling includes a contraindication regarding chlorobutanol that applies to the chlorobutanol-containing product.
The nominations propose vasopressin for the 503B Bulks List so that it can be used to compound drug product at various concentrations, some lower than undiluted VASOSTRICT and others higher. However, the nominations and the comments do not identify an attribute of VASOSTRICT that makes it medically unsuitable for patients and that the compounded products are intended to address.
The nomination that refers to products with a higher concentration than VASOSTRICT does not identify any data or information as to the need for a higher concentration than the approved product, nor does the nomination identify specific higher concentrations it proposes to compound. In addition, the nomination does not identify patients for whom a concentration at or below 20 U/mL is medically unsuitable and who would therefore require a higher concentration, and FDA is not aware of patients who would need concentrations above 20 U/mL.
Both nominations also propose to compound vasopressin at specific concentrations lower than undiluted VASOSTRICT. However, the proposed concentrations are within the range described in the labeling for the FDA-approved drug product, and the proposed route of administration (intravenous) is the same as that of VASOSTRICT. The nominations do not identify an attribute of the approved drug product that would make it medically unsuitable for patients or show that the compounded drug product would address that attribute.
Commenters on FDA's proposal not to include vasopressin on the 503B Bulks List assert that an attribute of VASOSTRICT that makes it medically unsuitable to treat patients is that it contains a preservative, chlorobutanol. Chlorobutanol-containing VASOSTRICT is contraindicated in patients who have an allergy or hypersensitivity to this excipient. However, the commenters fail to acknowledge that the preservative-free formulation of VASOSTRICT is also marketed and fail to explain why that formulation would be medically unsuitable for patients who have an allergy to chlorobutanol.
Accordingly, with respect to the vasopressin drug products proposed to be compounded, FDA finds no basis to conclude that an attribute of VASOSTRICT makes it medically unsuitable to treat certain patients.
As noted previously, the nominations propose to compound drug products containing vasopressin at concentrations that are lower than undiluted VASOSTRICT, but that are within the range of VASOSTRICT's final, post-dilution concentrations. The nominations do not take the position or provide support for the position that a bulk drug substance rather than the FDA-approved drug product must be used to prepare these lower concentrations. For example, the nominations do not explain, or even suggest, that the desired concentration of vasopressin cannot be prepared by diluting the approved drug product.
The nominations for nicardipine hydrochloride and vasopressin and some comments state that there could be a benefit in the availability of drug products containing each of these bulk drug substances that do not require dilution prior to administration. We note first, with respect to nicardipine hydrochloride, that two ready-to-use nicardipine drug products are FDA-approved, and the comments do not identify patients for whom these products are medically unsuitable. More broadly, as explained above, when a bulk drug substance is a component of an approved drug, FDA asks whether there is a basis to conclude that an attribute of each approved drug product makes each one medically unsuitable to treat certain patients for their condition, an interpretation that protects patients and the integrity of the drug approval process. The nominations and comments do not show that the approved drug product, when not manufactured in the ready-to-use form, is medically unsuitable for certain patients. Nor do the nominations and comments establish that drug products in the relevant concentrations, including ready-to-use products, cannot be prepared from the approved nicardipine and vasopressin drug products.
The nominations for nicardipine hydrochloride and vasopressin and some comments also include statements that these substances should be added to the 503B Bulks List because compounding from the bulk drug substance could help outsourcing facilities to address drug shortages and disruptions in supply of approved drugs intended for injection. As noted above, section 503B contains a separate provision for compounding from bulk drug substances to address a drug shortage, and we do not interpret the other price- and supply-related issues advanced by the nomination to be within the meaning of “clinical need” for compounding with a bulk drug substance.
For the reasons stated above, we find no clinical need for an outsourcing facility to compound using the bulk drug substances nicardipine hydrochloride and vasopressin and, therefore, we are not including nicardipine hydrochloride and vasopressin on the 503B Bulks List.
Food and Drug Administration, HHS.
Notice.
The Food and Drug Administration (FDA or Agency) is announcing that a proposed collection of information has been submitted to the Office of Management and Budget (OMB) for review and clearance under the Paperwork Reduction Act of 1995.
Fax written comments on the collection of information by April 3, 2019.
To ensure that comments on the information collection are received, OMB recommends that written comments be faxed to the Office of Information and Regulatory Affairs, OMB, Attn: FDA Desk Officer, Fax: 202-395-7285, or emailed to
Amber Sanford, Office of Operations, Food and Drug Administration, Three White Flint North, 10A-12M, 11601 Landsdown St., North Bethesda, MD 20852, 301-796-8867,
In compliance with 44 U.S.C. 3507, FDA has submitted the following proposed collection of information to OMB for review and clearance.
Respondents to this collection are sponsors of marketing applications that contain clinical data from studies covered by the regulations. These sponsors represent pharmaceutical, biologic, and medical device firms. Respondents are also clinical investigators who provide financial information to the sponsors of marketing applications.
Table 1 of this document shows information that is the basis of the estimated number of respondents in tables 2 through 4.
In the
FDA estimates the burden of this collection of information as follows:
Under § 54.4(a) (21 CFR 54.4(a)), applicants submitting an application that relies on clinical studies must submit a complete list of clinical investigators who participated in a covered clinical study, and must either certify to the absence of certain financial arrangements with clinical investigators (Form FDA 3454) or, under § 54.4(a)(3), disclose to FDA the nature of those arrangements and the steps taken by the applicant or sponsor to minimize the potential for bias (Form FDA 3455).
FDA estimates that almost all applicants submit a certification statement under § 54.4(a)(1) and (a)(2). Preparation of the statement using Form FDA 3454 should require no more than 1 hour per study. The number of respondents is based on the estimated number of affected applications.
When certification is not possible and disclosure is made using Form FDA 3455, the applicant must describe, under § 54.4(a)(3), the financial arrangements or interests and the steps that were taken to minimize the potential for bias in the affected study. As the applicant would be fully aware of those arrangements and the steps taken to address them, describing them will be straightforward. The Agency estimates that it will take about 5 hours to prepare this narrative. Based on our experience with this collection, FDA estimates that approximately 10 percent of the respondents with affected applications will submit disclosure statements.
Under § 54.6, the sponsors of covered studies must maintain complete records of compensation agreements with any compensation paid to nonemployee clinical investigators, including information showing any financial interests held by the clinical investigator, for 2 years after the date of approval of the applications. Sponsors of covered studies maintain many records regarding clinical investigators, including protocol agreements and investigator resumes or curriculum vitae. FDA estimates that an average of 15 minutes will be required for each recordkeeper to add this record to the clinical investigator's file.
Under § 54.4(b), clinical investigators supply to the sponsor of a covered study financial information sufficient to allow the sponsor to submit complete and accurate certification or disclosure statements. Clinical investigators are accustomed to supplying such information when applying for research grants. Also, most people know the financial holdings of their immediate family and records of such interests are generally accessible because they are needed for preparing tax records. For these reasons, FDA estimates that the time required for this task may range from 5 to 15 minutes; we used the mean, 10 minutes, for the average burden per disclosure. The number of respondents is the sum of the number of affected applications multiplied by the mean of the estimated number of investigators for each application type (rounded) (see table 1 of this document).
Our estimated burden for the information collection reflects an overall increase of 222 hours and a corresponding increase of 893 responses/records. We attribute this adjustment to an increase in the number of affected applications and the number of investigators. No program changes were made.
Food and Drug Administration, HHS.
Notice of availability.
The Food and Drug Administration (FDA or the Agency) is announcing the availability of a final guidance for industry entitled “Evaluation of Bulk Drug Substances Nominated for Use in Compounding Under Section 503B of the Federal Food, Drug, and Cosmetic Act.” This guidance describes policies that FDA intends to use in evaluating bulk drug substances nominated for use in compounding under section 503B of the Federal Food, Drug, and Cosmetic Act (FD&C Act) for inclusion on the list of bulk drug substances that can be used in compounding under section 503B.
The announcement of the guidance is published in the
You may submit either electronic or written comments on Agency guidances at any time as follows:
Submit electronic comments in the following way:
•
• If you want to submit a comment with confidential information that you do not wish to be made available to the public, submit the comment as a written/paper submission and in the manner detailed (see “Written/Paper Submissions” and “Instructions”).
Submit written/paper submissions as follows:
•
• For written/paper comments submitted to the Dockets Management Staff, FDA will post your comment, as well as any attachments, except for information submitted, marked and identified, as confidential, if submitted as detailed in “Instructions.”
• Confidential Submissions—To submit a comment with confidential information that you do not wish to be made publicly available, submit your comments only as a written/paper submission. You should submit two copies total. One copy will include the information you claim to be confidential with a heading or cover note that states “THIS DOCUMENT CONTAINS CONFIDENTIAL INFORMATION.” The Agency will review this copy, including the claimed confidential information, in its consideration of comments. The second copy, which will have the claimed confidential information redacted/blacked out, will be available for public viewing and posted on
You may submit comments on any guidance at any time (see 21 CFR 10.115(g)(5)).
Submit written requests for single copies of the guidance to the Division of Drug Information, Center for Drug Evaluation and Research, Food and Drug Administration, 10001 New Hampshire Ave., Hillandale Building, 4th Floor, Silver Spring, MD 20993-0002. Send one self-addressed adhesive label to assist that office in processing your requests. See the
Sara Rothman, Center for Drug Evaluation and Research, Food and Drug Administration, 10903 New Hampshire Ave., Bldg. 51, Rm. 5197, Silver Spring, MD 20993, 301-796-3110.
FDA is announcing the availability of a guidance for industry entitled “Evaluation of Bulk Drug Substances Nominated for Use in Compounding Under Section 503B of the Federal Food, Drug, and Cosmetic Act.” Section 503B (21 U.S.C. 353b), added to the FD&C Act by the Drug Quality and Security Act in 2013, describes the conditions that must be satisfied for human drug products compounded by an outsourcing facility to be exempt from the following three sections of the FD&C Act: section 505 (21 U.S.C. 355) (concerning the approval of drugs under new drug applications or abbreviated new drug applications); section 502(f)(1) (21 U.S.C. 352(f)(1)) (concerning the labeling of drugs with adequate directions for use); and section 582 (21 U.S.C. 360eee-1) (concerning drug supply chain security requirements). One of the conditions that must be met for a drug product compounded by an outsourcing facility to qualify for these exemptions is that the outsourcing facility does not compound drug products using a bulk drug substance unless either: (1) It appears on a list established by the Secretary of Health and Human Services identifying bulk drug substances for which there is a clinical need (see section 503B(a)(2)(A)(i) of the FD&C Act) (503B Bulks List) or (2) the drug compounded from such bulk drug substances appears on the drug shortage list in effect under section 506E of the FD&C Act (21 U.S.C. 356e) at the time of compounding, distribution, and dispensing (see section 503B(a)(2)(A)(ii) of the FD&C Act).
This guidance addresses FDA policies for developing the 503B Bulks List, including the Agency's interpretation of the phrase “bulk drug substances for which there is a clinical need,” as it is used in section 503B of the FD&C Act. The guidance also addresses the factors and processes by which the Agency intends to evaluate and list bulk drug substances.
In the
This guidance is being issued consistent with FDA's good guidance practices regulation (21 CFR 10.115). This guidance represents the current thinking of FDA on “Evaluation of Bulk Drug Substances Nominated for Use in Compounding Under Section 503B of the Federal Food, Drug, and Cosmetic Act.” It does not establish any rights for any person and is not binding on FDA or the public. You can use an alternative approach if it satisfies the requirements of the applicable statutes and regulations. This guidance is not subject to Executive Order 12866.
Persons with access to the internet may obtain the guidance at either
Office of Disease Prevention and Health Promotion, Office of the Assistant Secretary for Health, Office of the Secretary, Department of Health and Human Services.
Notice.
The Department of Health and Human Services (HHS) solicits written comments from the public on specific topics and questions that will inform the development of the National Youth Sports Strategy.
Written comments will be accepted through 11:59 p.m. E.T. on April 1, 2019.
Written public comments will be accepted via email. Instructions for submitting comments are available on the internet at
Katrina L. Piercy, Ph.D., R.D., Office of Disease Prevention and Health Promotion (ODPHP), Office of the Assistant Secretary for Health (OASH), HHS; 1101 Wootton Parkway, Suite LL-100; Rockville, MD 20852; Telephone: (240) 453-8280. Email:
Executive Order 13824 directs the development of a National Strategy on Youth Sports and outlines the key pillars that the strategy will address. The Office of Disease Prevention and Health Promotion and the President's Council on Sports, Fitness & Nutrition are leading the development of this strategy.
1. Increase awareness of the benefits of participation in sports and regular physical activity, as well as the importance of good nutrition;
2. Promote private and public sector strategies to increase participation in sports, encourage regular physical activity, and improve nutrition;
3. Develop metrics that gauge youth sports participation and physical activity to inform efforts that will
4. Establish a national and local strategy to recruit volunteers who will encourage and support youth participation in sports and regular physical activity, through coaching, mentoring, teaching, or administering athletic and nutritional programs.
Office of the National Coordinator for Health Information Technology (ONC), HHS.
2019 public meeting dates of the Health Information Technology Advisory Committee.
The Health Information Technology Advisory Committee (HITAC) was established in accordance with section 4003(e) of the 21st Century Cures Act and the Federal Advisory Committee Act. The HITAC, among other things, identifies priorities for standards adoption and makes recommendations to the National Coordinator for Health Information Technology (National Coordinator). The HITAC will hold public meetings throughout 2019. See list of public meetings below.
Lauren Richie, Designated Federal Officer, at
Section 4003(e) of the 21st Century Cures Act (Pub. L. 114-255) establishes the Health Information Technology Advisory Committee (referred to as the “HITAC”). The HITAC will be governed by the provisions of the Federal Advisory Committee Act (FACA) (Pub. L. 92-463), as amended, (5 U.S.C. App.), which sets forth standards for the formation and use of federal advisory committees.
The HITAC is comprised of at least 25 members, of which:
• No fewer than 2 members are advocates for patients or consumers of health information technology;
• 3 members are appointed by the HHS Secretary
• 2 members are appointed by the majority leader of the Senate;
• 2 members are appointed by the minority leader of the Senate;
• 2 members are appointed by the Speaker of the House of Representatives;
• 2 members are appointed by the minority leader of the House of Representatives; and
• Other members are appointed by the Comptroller General of the United States.
Members will serve for one-, two-, or three-year terms. All members may be reappointed for subsequent three-year terms. Each member is limited to two three-year terms, not to exceed six years of service. After establishment, members shall be appointed for a three-year term. Members serve without pay, but will be provided per-diem and travel costs for committee services.
The HITAC recommendations to the National Coordinator are publicly available at
The schedule of meetings to be held in 2019 is as follows:
All meetings are open to the public. Additional meetings may be scheduled as needed. For web conference instructions and the most up-to-date information, please visit the HITAC calendar on the ONC website,
Persons attending ONC's HITAC meetings are advised that the agency is not responsible for providing wireless access or access to electrical outlets.
ONC welcomes the attendance of the public at its HITAC meetings. Seating is limited at the location, and ONC will make every effort to accommodate persons with physical disabilities or special needs. If you require special accommodations due to a disability, please contact Lauren Richie at least seven (7) days in advance of the meeting.
Notice of these meetings are given under the Federal Advisory Committee Act (Pub. L. No. 92-463 , 5 U.S.C., App. 2).
Office of the Assistant Secretary for Preparedness and Response (ASPR), Department of Health and Human Services (HHS).
Notice.
The Office of the Assistant Secretary for Preparedness and Response (ASPR), in the Department of Health and Human Services (HHS) intends to provide a Single Source Three Year Cooperative Agreement to the Pan American Health Organization (PAHO). The Cooperative Agreement will continue to improve operational capabilities to provide timely, coordinated, and quality medical response to disasters in the Americas region by supporting the WHO Emergency Medical Teams (EMT) Initiative. The collaboration between ASPR and PAHO will focus on supporting PAHO's strategy to develop and train national emergency medical teams with a set of global standards in each country in the region to ensure they can respond to emergencies within their own borders. PAHOs regional strategy for the EMT Initiative concentrates on building emergency medical teams domestically, for each country in the region, to ensure they can respond to emergencies within their own borders first, thereby reducing dependence on U.S. medical assets/capabilities. The total proposed cost of the Single Source Cooperative Agreement is not to exceed $1 million over the three-year life of the Cooperative Agreement.
Maria Marinissen—
Michael Guterbock—
The Office of the Assistant Secretary for Preparedness and Response (ASPR), International Policy Branch is the program office for this Cooperative Agreement.
The three-year scope of work of the renewed cooperative agreement will build upon the successes of past activities, including the following overarching objectives:
• Development of SOPs and plans for emergency and disaster response of pre-hospital emergency services and EMTs, and the development of tools/guidelines for the optimization of the delivery of clinical care during emergencies.
• Provision of technical support to develop national mechanisms for the registration and mapping of local emergency medical teams for domestic response; mentoring for the creation and operation of EMTs; technical support to national EMTs to ensure self-sufficiency and provision of timely and quality clinical care.
• Development and strengthening of nationally-led health emergency coordination mechanisms (Health EOCs) and technical support to countries to establish or strengthen their health EOCs.
• Integration of national coordination mechanisms (CICOM) including guidelines and operational support for the creation, management and implementation of national CICOM.
• Strengthening of regional health emergency surge capacity including capacity building of national experts in critical areas of emergency coordination, health services, surveillance, logistics, damage and needs assessment, risk communication, etc.
Please submit an inquiry via the ASPR Program Contact: Michael Guterbock, MPH,
Section 301 of the Public Health Service (PHS) Act.
Office of the Assistant Secretary for Preparedness and Response (ASPR), Department of Health and Human Services (HHS).
Notice.
The Office of the Assistant Secretary for Preparedness and Response (ASPR), in the Department of Health and Human Services intends to provide a Single Source Five Year Cooperative Agreement to
Maria Marinissen—
Robin Moudy—
The Office of the Assistant Secretary for Preparedness and Response (ASPR), International Policy Branch is the program office for this Cooperative Agreement:
The focus will be on countries in West and Central Africa, Madagascar, and Southeast Asia (Cambodia) where IPIN is the primary laboratory partner of the host government, although supported partnerships may extend beyond those countries and regions. Prior to each annual award, affiliated laboratories will submit their proposed scope of work, which may be adjusted over the course of the year based on changing needs and priorities or other exigent circumstances, such as a critical outbreak response.
The five-year scope of work of the renewed cooperative agreement will build upon the successes of past activities, including the following overarching objectives:
• Facilitate public health emergency planning, rapid epidemiologic responses, public health event assessment pursuit to the IHR, international data or event reporting as determined by the host government, and assist with emergency management where needed;
• Ensure One Health coordination with the WHO, the World Organization for Animal Health (OIE), national human, animal, and environmental health agencies, and others as needed to address zoonotic disease threats.
• System in place for medical countermeasures distribution during a public health emergency and integrating vaccine coverage as part of national program;
• Interoperable, interconnected, electronic real-time reporting system with emergency operation centers, and risk communication processes in place;
• Improve the quality and scale of public health surveillance, national epidemiologic data, and infectious diseases diagnostics;
• Develop, produce, acquire, and/or deploy novel infectious disease surveillance assays and clinical diagnostic tests during an outbreak;
• Strengthen laboratory biosafety and biosecurity systems, including the ability to scale-up in response to an epidemic caused by a highly dangerous pathogen;
• Real-time reporting system, and risk communication processes in place.
Please submit an inquiry via the ASPR Program Contact: Dr. Robin Moudy,
Sections 301 and 307 of the Public Health Service Act (42 U.S.C. 241, 242l).
Pursuant to section 10(d) of the Federal Advisory Committee Act, as amended, notice is hereby given of the following meetings.
The meetings will be closed to the public in accordance with the provisions set forth in sections 552b(c)(4) and 552b(c)(6), Title 5 U.S.C., as amended. The grant applications and the discussions could disclose confidential trade secrets or commercial property such as patentable material, and personal information concerning individuals associated with the grant applications, the disclosure of which would constitute a clearly unwarranted invasion of personal privacy.
Pursuant to section 10(d) of the Federal Advisory Committee Act, as amended, notice is hereby given of the following meeting.
The meeting will be closed to the public in accordance with the provisions set forth in sections 552b(c)(4) and 552b(c)(6), Title 5 U.S.C., as amended. The grant applications and the discussions could disclose confidential trade secrets or commercial property such as patentable material, and personal information concerning individuals associated with the grant applications, the disclosure of which would constitute a clearly unwarranted invasion of personal privacy.
Pursuant to section 10(d) of the Federal Advisory Committee Act, as amended, notice is hereby given of the following meetings.
The meetings will be closed to the public in accordance with the provisions set forth in sections 552b(c)(4) and 552b(c)(6), Title 5 U.S.C., as amended. The grant applications and the discussions could disclose confidential trade secrets or commercial property such as patentable material, and personal information concerning individuals associated with the grant applications, the disclosure of which would constitute a clearly unwarranted invasion of personal privacy.
Pursuant to section 10(d) of the Federal Advisory Committee Act, as amended, notice is hereby given of the following meetings.
The meetings will be closed to the public in accordance with the provisions set forth in sections 552b(c)(4) and 552b(c)(6), Title 5 U.S.C., as amended. The grant applications and the discussions could disclose confidential trade secrets or commercial property such as patentable material, and personal information concerning individuals associated with the grant applications, the disclosure of which would constitute a clearly unwarranted invasion of personal privacy.
Pursuant to Public Law 92-463, notice is hereby given that the Substance Abuse and Mental Health Services Administration's (SAMHSA) Center for Substance Abuse Treatment (CSAT) National Advisory Council (NAC) will meet on March 28, 2019, 1:00 p.m.-4:30 p.m. (EDT).
The meeting is open and will include consideration of minutes from the SAMHSA CSAT NAC meeting of August 1, 2018; the Director's Report; updates from the Division Directors, discussions on recovery housing, and discussions expanding access to Medication-Assisted Treatment.
The meeting will be held via WebEx and telephone only. Interested persons may present data, information, or views, orally or in writing, on issues pending before the Council. Written submissions should be forwarded to the contact person on or before March 20, 2019. Oral presentations from the public will be scheduled at the conclusion of the meeting. Individuals interested in making oral presentations must notify the contact person on or before March 20, 2019. Five minutes will be allotted for each presentation.
This is an open public meeting that will be conducted via WebEx and telephone. Registration is required to participate during this meeting. To attend virtually, or to obtain the call-in number and access code, submit written or brief oral comments, or request special accommodations for persons with disabilities, please register on-line at
U.S. Customs and Border Protection, Department of Homeland Security.
Notice of accreditation and approval of SGS North America, Inc., as a commercial gauger and laboratory.
Notice is hereby given, pursuant to CBP regulations, that SGS North America, Inc. (East Alton, IL), has been approved to gauge and accredited to test petroleum and petroleum products for customs purposes for the next three years as of September 5, 2018.
SGS North America, Inc., was accredited and approved as a commercial gauger and laboratory as of September 5, 2018. The next triennial inspection date will be scheduled for September 2021.
Mr. Stephen Cassata, Laboratories and Scientific Services, U.S. Customs and Border Protection, 1300 Pennsylvania Avenue NW, Suite 1500N, Washington, DC 20229, tel. 202-344-1060.
Notice is hereby given pursuant to 19 CFR 151.12 and 19 CFR 151.13, that SGS North America, Inc., 300 George St., East Alton, IL 62024, has been approved to gauge and accredited to test petroleum and petroleum products for customs purposes, in accordance with the provisions of 19 CFR 151.12 and 19 CFR 151.13. SGS North America, Inc., is approved for the following gauging procedures for petroleum and certain petroleum products set forth by the American Petroleum Institute (API):
SGS North America, Inc., is accredited for the following laboratory analysis procedures and methods for petroleum and certain petroleum products set forth by the U.S. Customs and Border Protection Laboratory Methods (CBPL) and American Society for Testing and Materials (ASTM):
Anyone wishing to employ this entity to conduct laboratory analyses and gauger services should request and receive written assurances from the entity that it is accredited or approved by the U.S. Customs and Border Protection to conduct the specific test or gauger service requested. Alternatively, inquiries regarding the specific test or gauger service this entity is accredited or approved to perform may be directed to the U.S. Customs and Border Protection by calling (202) 344-1060. The inquiry may also be sent to
Federal Emergency Management Agency, DHS.
Committee management; Notice of open Federal Advisory Committee meeting.
The Board of Visitors for the National Fire Academy (Board) will meet via teleconference on Tuesday, March 19, 2019. The meeting will be open to the public.
The meeting will take place on Tuesday, March 19, 2019, 1:30 to 3:30 p.m. Eastern Daylight Time. Please note that the meeting may close early if the Board has completed its business.
Members of the public who wish to participate in the teleconference should contact Deborah Gartrell-Kemp as listed in the
To facilitate public participation, we are inviting public comment on the issues to be considered by the Board as listed in the
•
•
•
Notice of this meeting is given under the Federal Advisory Committee Act, 5 U.S.C. Appendix.
The purpose of the Board is to review annually the programs of the National Fire Academy (Academy) and advise the Administrator of the Federal Emergency Management Agency (FEMA), through the United States Fire Administrator, on the operation of the Academy and any improvements therein that the Board deems appropriate. In carrying out its responsibilities, the Board examines Academy programs to determine whether these programs further the basic missions that are approved by the Administrator of FEMA, examines the physical plant of the Academy to determine the adequacy of the Academy's facilities, and examines the funding levels for Academy programs. The Board submits a written annual report through the United States Fire Administrator to the Administrator of FEMA. The report provides detailed comments and recommendations regarding the operation of the Academy.
On Tuesday, March 19, 2019, there will be four sessions, with deliberations and voting at the end of each session as necessary: The board will discuss the following:
1. USFA Data, Research, Prevention and Response.
2. Deferred maintenance and capital improvements on the National Emergency Training Center campus and Fiscal Year 2019 Budget Request/Budget Planning.
3. The Board will deliberate and vote on recommendations on Academy program activities, including:
• An update on the Executive Fire Officer Program which is being revised to include reactions and calls from students about the changes.
• The Executive Fire Officer Program Symposium that will be held April 26-28, 2019.
• The Fire and Emergency Services Higher Education Recognition Program—Up-date.
• Curriculum Development and Revision Updates for NFA Courses.
• State Training Delivery Update; Enfranchisement and State Partners.
• Distance Learning Program Update (Mediated and Self-Study).
• NFA Technology Workgroup Initiative.
• Admissions Update for the Semester.
• Staffing Update.
• There will also be an update on the Board of Visitors Subcommittee Groups for the Professional Development Initiative Update and the National Fire Incident Report System.
There will be a 10-minute comment period after each agenda item and each speaker will be given no more than 2 minutes to speak. Please note that the public comment period may end before the time indicated, following the last call for comments. Contact Deborah Gartrell-Kemp to register as a speaker. Meeting materials will be posted at
Fish and Wildlife Service, Interior.
Notice of receipt of permit applications; request for comments.
We, the U.S. Fish and Wildlife Service, have received applications for permits to conduct activities intended to enhance the propagation or survival of endangered or threatened species under the Endangered Species Act. We invite the public and local, State, Tribal, and Federal agencies to comment on these applications. Before issuing any of the requested permits, we will take into consideration any information that we receive during the public comment period.
We must receive your written comments on or before April 3, 2019.
Use one of the following methods to request documents or submit comments. Requests and comments should specify the applicant name(s) and application number(s) (
•
•
Abby Gelb, 413-253-8212 (phone), or
We, the U.S. Fish and Wildlife Service, invite the public to comment on applications for permits under section 10(a)(1)(A) of the Endangered Species Act of 1973, as amended (ESA; 16 U.S.C. 1531
With some exceptions, the ESA prohibits activities that constitute take of listed species unless a Federal permit is issued that allows such activity. The ESA's definition of “take” includes such activities as pursuing, harassing, trapping, capturing, or collecting in addition to hunting, shooting, harming, wounding, or killing.
A recovery permit issued by us under section 10(a)(1)(A) of the ESA authorizes the permittee to conduct activities with endangered or threatened species for scientific purposes that promote recovery or for enhancement of propagation or survival of the species. Our regulations implementing section 10(a)(1)(A) for these permits are found at 50 CFR 17.22 for endangered wildlife species, 50 CFR 17.32 for threatened wildlife species, 50 CFR 17.62 for endangered plant species, and 50 CFR 17.72 for threatened plant species.
We invite local, State, and Federal agencies; Tribes; and the public to comment on the following applications.
Written comments we receive become part of the administrative record associated with this action. Before including your address, phone number, email address, or other personal identifying information in your comment, you should be aware that your entire comment—including your personal identifying information—may be made publicly available at any time. While you can request in your comment that we withhold your personal identifying information from public review, we cannot guarantee that we will be able to do so. Moreover, all submissions from organizations or businesses, and from individuals identifying themselves as representatives or officials of organizations or businesses, will be made available for public disclosure in their entirety.
If we decide to issue permits to any of the applicants listed in this notice, we will publish a notice in the
Section 10(c) of the Endangered Species Act of 1973, as amended (16 U.S.C. 1531
Employment and Training Administration (ETA), Labor.
Notice.
The Department of Labor's (Department's or DOL's) Office of Foreign Labor Certification (OFLC) is making this announcement to inform employers and other interested stakeholders of how H-2B
To be ensured for consideration, comments must be submitted in writing on or before April 3, 2019. OFLC will review all of the comments received and will make any changes it determines are appropriate prior to July 3, 2019. The new procedural changes are applicable on July 3, 2019.
You may submit comments by one of the following methods:
Thomas M. Dowd, Deputy Assistant Secretary, Employment and Training Administration, Department of Labor,
The Immigration and Nationality Act (INA), 8 U.S.C. 1101,
In order to advise DHS on the availability of U.S. workers and the potential for adverse effect on the wages and working conditions of similarly-employed U.S. workers, OFLC provides consultation to DHS through issuance of TLCs, in accordance with 8 U.S.C. 1103(a) and 1184(c).
The INA sets the annual number of aliens who may be issued H-2B visas or otherwise provided H-2B nonimmigrant status to perform temporary nonagricultural work at 66,000, to be distributed semi-annually, not to exceed 33,000 in the first half of the Federal Government's fiscal year beginning on October 1 of each year and the remainder during the second half of the Federal Government's fiscal year beginning on April 1 of the subsequent calendar year.
Generally, workers in the United States in H-2B status who extend their stay, change employers, or change the terms and conditions of employment will not be subject to the cap. Similarly, an H-2B worker who has previously been counted against the cap in the same fiscal year that the proposed employment begins, will not be subject to the cap if the employer names the worker on the petition and indicates that he/she has already been counted. A spouse and any children of H-2B workers classified as H-4 nonimmigrants are also not counted against this cap. Finally, H-2B petitions for two other categories of workers are exempt from the H-2B cap: Fish roe processors, fish roe technicians, and supervisors of fish roe processing, as well as workers performing labor or services in the Commonwealth of the Northern Mariana Islands or Guam from November 28, 2009, until December 31, 2019.
The standards and procedures governing the submission and processing of H-2B labor certification applications are set forth in § 655.15 and §§ 655.30-655.35. These regulations generally require, among other things, that a registered employer with a non-emergency situation seeking an H-2B TLC file a completed H-2B application with the National Processing Center (NPC) designated by the OFLC Administrator.
The Department's regulations require the employer, at the time of filing, to include a signed and dated appendix attesting to compliance with all regulatory assurances and obligations; a valid PWD; a copy of the job order submitted concurrently to the State Workforce Agency serving the area of intended employment; a copy of all contracts and agreements with foreign labor recruiters executed in connection with the job opportunities; and all other applicable documentation supporting the H-2B application.
The Department's regulations provide that H-2B applications and job orders filed with the NPC are reviewed by the Certifying Officer (CO) for compliance with all applicable program requirements.
Based on the NPC analyst's review, the CO authorizes issuance of either a Notice of Acceptance (NOA) under § 655.33 or a Notice of Deficiency (NOD) under § 655.31. Where there are deficiencies in the H-2B application or job order, the NOD provides the employer with 10 business days to correct the deficiencies or file an appeal with the Department's Office of Administrative Law Judges. Where necessary, the CO may authorize the issuance of a second NOD of the employer's H-2B application or job order in order to obtain regulatory compliance. NPC analysts process employer responses to NODs as
Recruitment reports are reviewed and processed by NPC analysts based on the day they are received, irrespective of the date and time the employer's H-2B application was originally received. Upon review of the recruitment report, the CO may authorize the issuance of a full or partial TLC or deny the employer's H-2B application. OFLC grants a TLC only after the employer's H-2B application has met all the requirements for approving labor certification under § 655.50 and its subpart. In accordance with regulatory requirements, the NPC sends all certified H-2B applications to the employer, or the employer's authorized attorney or agent, by means normally assuring next-day delivery. To ensure a fair consideration of all employer applications, the NPC does not provide “expedited processing” services on employer requests for a TLC.
Although not required by the INA or regulation, OFLC strives to issue final determinations no later than 30 calendar days before the employer's start date for the work—a standard that is similar in nature to the H-2A program. Once OFLC grants a TLC, the employer is eligible to file a petition (Form I-129,
Because of the intense competition for H-2B visas in recent years, the semi-annual visa allotment, and the regulatory requirement that employers apply with OFLC for temporary labor certification 75 to 90 calendar days before the date of need, employers who wish to obtain visas under the semi-annual allotment for periods of need beginning April 1 must promptly apply for a TLC and file a petition with USCIS before the 66,000 annual visa cap is reached. As a result, OFLC typically experiences significant “spikes” in H-2B applications for temporary or seasonal jobs that are expected to start during the United States' spring and summer months.
Prior to 2018, OFLC processed applications irrespective of the time of day the application was filed and processed applications based on the day they were filed. On January 1, 2018, OFLC received approximately 4,498 applications covering 81,008 worker positions for April 1 start dates of work, exceeding the semi-annual visa allotment by nearly 250 percent. This was the first time in recent years that applications received within the first day of the filing period exceeded the semi-annual visa allocation. In order to promote fairness in response to the unprecedented volume of applications, OFLC determined it was necessary to adjust its application processing procedures to better reflect the sequential order in which applications were filed. Thus, on January 17, 2018, OFLC announced that it would begin to release certified applications on February 20, 2018, in sequential order based on the day and time the applications were filed (January 17 procedures).
As participation in the H-2B program has grown significantly over the years, OFLC anticipated that it would continue to receive a significant surge of applications within a short timeframe during its next application cycle. In order to provide an equitable solution to this problem, on June 1, 2018, OFLC announced that it would sequentially assign H-2B applications to analysts based on the calendar date and time on which the applications were received, based on Eastern Time, and measured to the millisecond (
OFLC implemented the June 1 procedures after considering all available data as well as OFLC's experience in processing H-2B applications to date. However, as a result of stakeholder comments and the most recent filing period, OFLC has determined it is necessary to reassess those procedures. The June 1 procedures were in effect in January 2019, when OFLC received approximately 5,276 applications covering more than 96,400 worker positions for start dates of work on April 1, exceeding the semi-annual visa allotment by nearly 300 percent. Within the first five minutes of opening the semi-annual H-2B certification process on January 1, 2019, the Department's network infrastructure supporting OFLC's electronic filing system experienced more than 22,900 server login attempts, in contrast with only 721 attempts in approximately the same time period for the 2018 filing season. This unprecedented volume of simultaneous system users—30 times the number of users in the previous year—ultimately caused the electronic filing system to become unresponsive and prevented almost all employers from filing H-2B applications. Although the Department was able to restore OFLC's electronic filing system by January 7, 2019, some employers continued to report technical difficulties with accessing the electronic filing system.
OFLC previously concluded that the assignment of applications to NPC analysts based on date and time of receipt was the most equitable method of addressing the significant volume of H-2B applications received. However, it did not anticipate the burdens this approach would create on its electronic filing system, network infrastructure, and staff resources on January 1, 2019. Given the growing demand for H-2B visas, and related demand for TLCs, OFLC expects that the demands on OFLC's information technology infrastructure will continue to increase. In addition, OFLC has determined that the current approach does not account for technological issues that an individual user may experience on his/her end that could impact his/her ability to participate in the program. In addition, because the first filing date for each semi-annual cap period occurs on or near a Federal holiday when many businesses may be closed, OFLC is amending its procedures to provide increased flexibility to allow those employers an opportunity to participate in the program. For these reasons, OFLC has concluded that changes to the procedures under which H-2B applications are assigned to NPC analysts are necessary to promote a more orderly and fair process for all employers seeking access to the H-2B visa program. OFLC believes that the process described below balances employers' interest in utilizing the H-2B program with OFLC's interest in
For employers seeking a TLC to employ H-2B workers beginning on or after October 1, 2019, OFLC plans to randomly establish the order in which all H-2B applications will be assigned to NPC analysts for review and processing in accordance with § 655.30. Based on its experience and feedback from stakeholders, the Department has determined that this process will be most effective in promoting a fair and orderly assignment of applications for OFLC review.
This assignment process will be dependent on when employers submit their applications and the start dates they request. OFLC will first process applications from employers seeking TLCs to employ H-2B workers beginning on the
Once those applications have all received a NOA or NOD, OFLC will then begin to process applications from all other employers, including: (1) Employers seeking TLCs to employ H-2B workers
OFLC will randomly order for processing all of the completed H-2B applications requesting the earliest permissible start date of work and filed during the initial three calendar days of the time period for filing for the relevant semi-annual visa allotment. The rationale for using a three-day filing window is explained below. As an example, for employers seeking a TLC to employ H-2B nonimmigrant workers on April 1, 2020—which is the earliest start date of work permitted under the second semi-annual allotment of H-2B visas for Fiscal Year (FY) 2020—OFLC will randomly order for processing all of the completed H-2B applications that are received on January 2 through January 4 (the first three calendar days to file H-2B applications under § 655.15(b) in the second half of FY 2020 because 2020 is a leap year containing an additional day in February).
More specifically, on the next business day following this three-day filing window, using a standard computer-generated process for randomizing values in a data set, OFLC will generate and assign a unique random number to each completed H-2B application filed within the three-day filing window with the earliest start date of work. The applications will be sorted in ascending order based on the unique random number assigned to each application. Based on that randomly-generated order, OFLC will select the number of H-2B applications that, combined, contain a sufficient number of worker positions to reach the semiannual visa allotment under the INA (
OFLC will then assign to additional Assignment Groups, in ascending sequential order, all remaining H-2B applications that were filed during the initial three-day filing window that requested the earliest start date of work permitted. Each H-2B Assignment Group after Group A (
OFLC will assign to NPC analysts all of the H-2B applications placed in Group A for issuance of NODs or NOAs. Once all applications in Group A are issued a NOD or NOA, OFLC will assign to NPC analysts all H-2B applications placed in Group B for issuance of NODs or NOAs. This process will be repeated until each group of H-2B applications is assigned to NPC analysts for processing and NODs or NOAs are issued.
That the number of applications in the initial Assignment Group (
If the H-2B applications received during the initial three-day period collectively request certification for fewer worker positions than the statutory numerical limitation, all H-2B applications filed within that time period and requesting workers for the earliest possible start date of work will randomly be given a unique number and placed into the same group for assignment to and processing by NPC analysts.
OFLC has chosen to utilize a three-day filing window at the outset of each application cycle for several reasons. First, the three-day filing window will alleviate the strain placed on OFLC's electronic filing system and network infrastructure that results from a surge of applications submitted at the same time. Second, the window will provide employers that file on the earliest possible date, which in most instances falls on a Federal holiday or the day before a Federal holiday, with a reasonable period of time to submit their H-2B applications or resolve any technological issues they might face during filing. Third, under the previous procedures, mailed applications were put at a distinct disadvantage. A three-day filing window allows applications filed by mail to be included in the random selection process, thus placing them on equal footing with employers who file electronically. Fourth, and as explained below, because applicants will be able to see which processing group they have been placed in, and the general number of applications in that processing group, these procedural changes may reduce some associated costs for employers who spend time and resources related to preparing applications, responding to NODs, and conducting advertising and recruitment for qualified U.S. workers without knowing whether their H-2B petitions will be accepted by USCIS due to the statutory semi-annual visa allotments.
As noted above, for all other employers seeking a TLC to employ H-2B workers—including employers who are seeking a TLC to employ H-2B workers beginning on a date that is later than the earliest start date of work permitted under the semi-annual
Once the random assignment process is completed, NPC analysts will review each H-2B application in accordance with § 655.30 and current standard operating procedures. Following issuance of NOAs and/or NODs in accordance with procedures outlined above, H-2B applications will be processed as each successive stage in the process is completed. Employers receiving NOAs may proceed to meet the additional regulatory requirements, including recruitment of U.S. workers and submission of recruitment reports. Employers receiving NODs must correct any deficiencies and receive NOAs before proceeding to meet the additional regulatory requirements.
Recruitment reports will be reviewed and processed based on the day they are received, and the CO will authorize the release of certified H-2B applications in accordance with standard operating procedures and where all the requirements for granting a TLC under the subpart are met as of that day. The CO will continue to process and authorize the issuance of final determinations on all H-2B applications that are received, irrespective of whether the employer is seeking to employ H-2B nonimmigrant workers in cap-exempt positions. Additionally, the CO will process and authorize the issuance of rejections, request for withdrawals, and denials of labor certification applications in accordance with standard operating procedures.
OFLC intends to issue several public announcements as applications are received and processed under the procedures described above. Once the random assignment process is completed, as described above, OFLC will provide written notification to employers and, if applicable, employers' authorized representatives of their H-2B Assignment Group. Within five business days after the random assignment process is completed, OFLC will place on its website a listing of the H-2B applications assigned to each H-2B Assignment Group. Second, OFLC will provide the public with updates on its website related to the number and percentage of H-2B applications issued a first action within each H-2B Assignment Group. Finally, OFLC will provide regular updates on its website related to the number of H-2B applications certified with the same date of filing, including the number of worker positions, so the public is aware of the general timeframes in which the semi-annual visa allotment may be reached.
Because of the public's wide use of OFLC's website, the posting of information on the OFLC website provides a timelier and more efficient method of disseminating such information to the public than publication of the information in the
These new procedures will take effect on July 3, 2019. OFLC seeks comments on the above procedures. Comments may be sent to
National Archives and Records Administration (NARA).
Notice.
We are changing the process for public review of and comment on records schedules (Federal agency requests for records disposition authority) to rely on the Federal eRulemaking Portal, at
This change will take place on March 4, 2019.
National Archives and Records Administration, Records Management Operations (ACR), Room 2200, 8601 Adelphi Road, College Park, MD 20740-6001.
Margaret Hawkins, Director, Records Management Operations, by mail at the address above, by phone at 301.837.1799, or by email at
NARA publishes notices in the
Each year, Federal agencies create billions of records. To control this accumulation, agencies prepare schedules proposing periods for retaining and disposing of records. These schedules, when approved by NARA, provide for transfer into the National Archives of permanent, historically valuable records and authorize disposal of all other records after the agency no longer needs them to conduct its business.
Agencies may not destroy Federal records without the approval of the
Currently, we publish notice in the
Under the new process, we will post batches of records schedules to
Comments you submit on
We will consider all comments received by the posted deadline and consult as needed with the Federal agency seeking the disposition authority. After considering comments, we will post on
Copies of schedules and consolidated responses will remain on the
We will post schedules on our website in the Records Control Schedule (RCS) Repository, at
This new process eliminates the need to request copies of the schedules and appraisal memoranda, as has been the process since 1985. You will also no longer need to email or send comments on proposed records schedules, but will instead be able to provide comments directly on
We are making this change as a result of clear, widespread interest from the public in a web-based platform for a more modern, transparent, and efficient review and comment process. We are interested in receiving feedback on this new process and will continuously strive to improve the experience for public review of proposed records schedules. You may send feedback to us any time at
In accordance with the Federal Advisory Committee Act (Pub. L. 92-463, as amended), the National Science Foundation (NSF) announces the following meeting:
Attendance information for the meeting will be forthcoming on the website:
National Science Foundation.
Notice.
The National Science Foundation (NSF) is announcing plans to renew this collection. In accordance with the requirements of the Paperwork Reduction Act of 1995, we are providing opportunity for public comment on this action. After obtaining and considering public comment, NSF will prepare the submission requesting Office of Management and Budget (OMB) clearance of this collection for no longer than 3 years.
Written comments on this notice must be received by May 3, 2019 to be assured consideration. Comments received after that date will be considered to the extent practicable. Send comments to address below.
Suzanne H. Plimpton, Reports Clearance Officer, National Science Foundation, 2415 Eisenhower Avenue, Suite W18200, Alexandria, Virginia 22314; telephone (703) 292-7556; or send email to
The State Coordinator (SC) manages the PAEMST program within his or her state or jurisdiction. SCs recruit eligible nominees, select and assign mentors to nominees, coordinate the selection committee, and plan local recognition events within their State. They also carry out the responsibilities as noted in the “Operational Handbook for State-Level Science and Mathematics Coordinators.”
The purpose of this survey is to seek feedback from the 120 SCs regarding PAEMST management within their state or jurisdiction. The NSF, PAEMST support team will ask directed questions using the survey to gather information that may specifically address the methods and recruitment efforts that SCs use to support the attracting of prospective award nominees. Additional survey areas may also include:
The survey will evaluate the impact SCs have on attracting prospective award nominees to PAEMST. This will be conducted as a web-based survey.
National Science Foundation.
Notice.
The National Science Foundation (NSF) is announcing plans to renew this collection. In accordance with the requirements of the Paperwork Reduction Act of 1995, we are providing opportunity for public comment on this action. After obtaining and considering public comment, NSF will prepare the submission requesting Office of Management and Budget (OMB) clearance of this collection for no longer than 3 years.
Written comments on this notice must be received by May 3, 2019 to be assured consideration. Comments received after that date will be considered to the extent practicable. Send comments to address below.
Suzanne H. Plimpton, Reports Clearance Officer, National Science Foundation, 2415 Eisenhower Avenue, Suite W18200, Alexandria, Virginia 22314; telephone (703) 292-7556; or send email to
The Materials Research Science and Engineering Centers (MRSECs) Program supports innovation in interdisciplinary research, education, and knowledge transfer. MRSECs build intellectual and physical infrastructure within and between disciplines, weaving together knowledge creation, knowledge integration, and knowledge transfer. MRSECs conduct world-class research through partnerships of academic institutions, national laboratories, industrial organizations, and/or other public/private entities. New knowledge thus created is meaningfully linked to society.
MRSECs enable and foster excellent education, integrate research and education, and create bonds between learning and inquiry so that discovery and creativity more fully support the learning process. MRSECs capitalize on diversity through participation in center activities and demonstrate leadership in the involvement of groups underrepresented in science and engineering.
MRSECs are required to submit annual reports on progress and plans, which are used as a basis for performance review and determining the level of continued funding. To support this review and the management of a Center, MRSECs will be required to develop a set of
Each Center's annual report will address the following categories of activities: (1) Research, (2) education, (3) knowledge transfer, (4) partnerships, (5) shared experimental facilities, (6) diversity, (7) management, and (8) budget issues.
For each of the categories the report will describe overall objectives for the year, problems the Center has encountered in making progress towards goals, anticipated problems in the following year, and specific outputs and outcomes.
MRSECs are required to file a final report through the RPPR and external technical assistance contractor. Final reports contain similar information and metrics as annual reports, effectively they constitute the last annual report; the Program Officer maintains a cumulative database with all relevant achievements and metrics.
Occupational Safety and Health Review Commission.
Notice of a modified system of records.
In accordance with the Privacy Act of 1974, the Occupational Safety and Health Review Commission (OSHRC) is revising the notice for Privacy Act system-of-records OSHRC-4.
Comments must be received by OSHRC on or before April 3, 2019. The revised system of records will become effective on that date, without any further notice in the
You may submit comments by any of the following methods:
•
•
•
•
Ron Bailey, Attorney-Advisor, Office of the General Counsel, via telephone at (202) 606-5410, or via email at
The Privacy Act of 1974, 5 U.S.C. 552a(e)(4), requires federal agencies such as OSHRC to publish in the
The revised routine use section of OSHRC-4 is provided below.
Payroll and Related Records, OSHRC-4.
None.
(1) Paper and electronic files are maintained by the Office of the Executive Director, OSHRC, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457; (2) pursuant to an interagency agreement, payroll records are stored electronically by the U.S. Department of Agriculture, National Finance Center (NFC), P.O. Box 60000, New Orleans, LA 70160-0001.
Human Resources Specialist, OSHRC, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457; (202) 606-5100.
In addition to disclosures generally permitted under 5 U.S.C. 552a(b), all or a portion of the records or information
(1) To the Department of Justice (DOJ), or to a court or adjudicative body before which OSHRC is authorized to appear, when any of the following entities or individuals—(a) OSHRC, or any of its components; (b) any employee of OSHRC in his or her official capacity; (c) any employee of OSHRC in his or her individual capacity where DOJ (or OSHRC where it is authorized to do so) has agreed to represent the employee; or (d) the United States, where OSHRC determines that litigation is likely to affect OSHRC or any of its components—is a party to litigation or has an interest in such litigation, and OSHRC determines that the use of such records by DOJ, or by a court or other tribunal, or another party before such tribunal, is relevant and necessary to the litigation.
(2) To an appropriate agency, whether federal, state, local, or foreign, charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, when a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes civil, criminal or regulatory violations, and such disclosure is proper and consistent with the official duties of the person making the disclosure.
(3) To a federal, state, or local agency maintaining civil, criminal or other relevant enforcement information, such as current licenses, if necessary to obtain information relevant to an OSHRC decision concerning the hiring, appointment, or retention of an employee; the issuance, renewal, suspension, or revocation of a security clearance; the execution of a security or suitability investigation; the letting of a contract; or the issuance of a license, grant or other benefit.
(4) To a federal, state, or local agency, in response to that agency's request for a record, and only to the extent that the information is relevant and necessary to the requesting agency's decision in the matter, if the record is sought in connection with the hiring, appointment, or retention of an employee; the issuance, renewal, suspension, or revocation of a security clearance; the execution of a security or suitability investigation; the letting of a contract; or the issuance of a license, grant or other benefit by the requesting agency.
(5) To an authorized appeal grievance examiner, formal complaints manager, equal employment opportunity investigator, arbitrator, or other duly authorized official engaged in investigation or settlement of a grievance, complaint, or appeal filed by an employee, only to the extent that the information is relevant and necessary to the case or matter.
(6) To OPM in accordance with the agency's responsibilities for evaluation and oversight of federal personnel management.
(7) To officers and employees of a federal agency for the purpose of conducting an audit, but only to the extent that the record is relevant and necessary to this purpose.
(8) To OMB in connection with the review of private relief legislation at any stage of the legislative coordination and clearance process, as set forth in Circular No. A-19.
(9) To a Member of Congress or to a person on his or her staff acting on the Member's behalf when a written request is made on behalf and at the behest of the individual who is the subject of the record.
(10) To the National Archives and Records Administration (NARA) for records management inspections and such other purposes conducted under the authority of 44 U.S.C. 2904 and 2906.
(11) To appropriate agencies, entities, and persons when: (a) OSHRC suspects or has confirmed that there has been a breach of the system of records; (b) OSHRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, OSHRC, the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with OSHRC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
(12) To NARA, Office of Government Information Services (OGIS), to the extent necessary to fulfill its responsibilities in 5 U.S.C. 552(h), to review administrative agency policies, procedures and compliance with FOIA, and to facilitate OGIS' offering of mediation services to resolve disputes between persons making FOIA requests and administrative agencies.
(13) To another federal agency or federal entity, when OSHRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
(14) To the Internal Revenue Service (IRS) for investigation, and to private attorneys, pursuant to a power of attorney.
(15) To the IRS, a copy of an employee's Department of the Treasury Form W-2, Wage and Tax Statement.
(16) To state, city, or other local jurisdictions which are authorized to tax the employee's compensation, a copy of an employee's Form W-2. The record will be provided in accordance with a withholding agreement between the state, city, or other local jurisdiction and the Department of the Treasury pursuant to 5 U.S.C. 5516, 5517, and 5520, or in response to a written request from an appropriate official of the taxing jurisdiction. The request must include a copy of the applicable statute or ordinance authorizing the taxation of compensation and should indicate whether the authority of the jurisdiction to tax the employee is based on place of residence, place of employment, or both.
(17) To a city, copies of executed city tax withholding certifications, pursuant to a withholding agreement between the city and the Department of the Treasury (5 U.S.C. 5520), and in response to written requests from an appropriate city official to OSHRC's Office of the Executive Director.
(18) To NFC to effect issuance of paychecks via electronic fund transfers (EFT) to employees, and distribution of allotments and deductions to financial and other institutions, and for other authorized purposes.
(19) To the Federal Retirement Thrift Investment Board to update Section 401K type records and benefits; to the Social Security Administration to establish social security records and
(20) To other federal agencies to effect salary or administrative offsets, or for other purposes connected with the collection of debts owed to the United States, pursuant to sections 5 and 10 of the Debt Collection Act of 1982, as amended by the Debt Collection Improvement Act of 1996.
(21) To other federal, state, local or foreign agencies conducting computer matching programs to help eliminate fraud and abuse and to detect unauthorized overpayments made to individuals. When disclosures are made as part of computer matching programs, OSHRC will comply with the Computer Matching and Privacy Protection Act of 1988, and the Computer Matching and Privacy Protections Amendments of 1990.
(22) To the Office of Child Support Enforcement, Administration for Children and Families, Department of Health and Human Services, the names, social security numbers, home addresses, dates of birth, dates of hire, quarterly earnings, employer identifying information, and state of hire of employees for the purpose of locating individuals to establish paternity, identifying sources of income, and for other child support enforcement actions as required by the Personal Responsibility and Work Opportunity Reconciliation Act of 1996, 42 U.S.C. 653(n).
(23) To “consumer reporting agencies” as defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)) in accordance with 31 U.S.C. 3711(f).
April 14, 2006, 71 FR 19556; August 4, 2008, 73 FR 45256; October 5, 2015, 80 FR 60182; September 28, 2017, 82 FR 45324; November 13, 2018, 83 FR 56380.
Occupational Safety and Health Review Commission.
Notice of a modified system of records.
In accordance with the Privacy Act of 1974, the Occupational Safety and Health Review Commission (OSHRC) is revising the notice for Privacy Act system-of-records OSHRC-9 and renumbering it as OSHRC-2.
Comments must be received by OSHRC on or before April 3, 2019. The revised system of records will become effective on that date, without any further notice in the
You may submit comments by any of the following methods:
•
•
•
•
Ron Bailey, Attorney-Advisor, Office of the General Counsel, via telephone at (202) 606-5410, or via email at
The Privacy Act of 1974, 5 U.S.C. 552a(e)(4), requires federal agencies such as OSHRC to publish in the
The notice for OSHRC-2, provided below in its entirety, is as follows.
Visitors' Log Records, OSHRC-2.
None.
Office of the Executive Director, OSHRC, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457.
Administrative Support Assistant, Office of the Executive Director, OSHRC, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457; (202) 606-5100.
Federal Property and Administrative Services Act of 1949, 40 U.S.C. 121(c).
This system of records assists OSHRC in identifying each person who visits OSHRC's National office, and in restricting access based on his or her purpose for visiting that office.
This system of records covers all individuals entering OSHRC National office who lack the proper credentials to enter without notifying OSHRC personnel.
This system of records includes the name of the visitor, the date of the visit, the company represented by the visitor, the arrival and departure times, the purpose of the visit, and the identity of the OSHRC escort.
Information in this system of records comes from the individual to whom the record pertains.
In addition to disclosures generally permitted under 5 U.S.C. 552a(b), all or a portion of the records or information contained in this system of records may be disclosed as a routine use pursuant to 5 U.S.C. 552a(b)(3) under the
(1) To the Department of Justice (DOJ), or to a court or adjudicative body before which OSHRC is authorized to appear, when any of the following entities or individuals—(a) OSHRC, or any of its components; (b) any employee of OSHRC in his or her official capacity; (c) any employee of OSHRC in his or her individual capacity where DOJ (or OSHRC where it is authorized to do so) has agreed to represent the employee; or (d) the United States, where OSHRC determines that litigation is likely to affect OSHRC or any of its components—is a party to litigation or has an interest in such litigation, and OSHRC determines that the use of such records by DOJ, or by a court or other tribunal, or another party before such tribunal, is relevant and necessary to the litigation.
(2) To an appropriate agency, whether federal, state, local, or foreign, charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, when a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes civil, criminal or regulatory violations, and such disclosure is proper and consistent with the official duties of the person making the disclosure.
(3) To a federal, state, or local agency maintaining civil, criminal or other relevant enforcement information, such as current licenses, if necessary to obtain information relevant to an OSHRC decision concerning the hiring, appointment, or retention of an employee; the issuance, renewal, suspension, or revocation of a security clearance; the execution of a security or suitability investigation; the letting of a contract; or the issuance of a license, grant or other benefit.
(4) To a federal, state, or local agency, in response to that agency's request for a record, and only to the extent that the information is relevant and necessary to the requesting agency's decision in the matter, if the record is sought in connection with the hiring, appointment, or retention of an employee; the issuance, renewal, suspension, or revocation of a security clearance; the execution of a security or suitability investigation; the letting of a contract; or the issuance of a license, grant or other benefit by the requesting agency.
(5) To an authorized appeal grievance examiner, formal complaints manager, equal employment opportunity investigator, arbitrator, or other duly authorized official engaged in investigation or settlement of a grievance, complaint, or appeal filed by an employee, only to the extent that the information is relevant and necessary to the case or matter.
(6) To OPM in accordance with the agency's responsibilities for evaluation and oversight of federal personnel management.
(7) To officers and employees of a federal agency for the purpose of conducting an audit, but only to the extent that the record is relevant and necessary to this purpose.
(8) To OMB in connection with the review of private relief legislation at any stage of the legislative coordination and clearance process, as set forth in Circular No. A-19.
(9) To a Member of Congress or to a person on his or her staff acting on the Member's behalf when a written request is made on behalf and at the behest of the individual who is the subject of the record.
(10) To the National Archives and Records Administration (NARA) for records management inspections and such other purposes conducted under the authority of 44 U.S.C. 2904 and 2906.
(11) To appropriate agencies, entities, and persons when: (a) OSHRC suspects or has confirmed that there has been a breach of the system of records; (b) OSHRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, OSHRC, the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with OSHRC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
(12) To NARA, Office of Government Information Services (OGIS), to the extent necessary to fulfill its responsibilities in 5 U.S.C. 552(h), to review administrative agency policies, procedures and compliance with FOIA, and to facilitate OGIS' offering of mediation services to resolve disputes between persons making FOIA requests and administrative agencies.
(13) To another federal agency or federal entity, when OSHRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
Records are stored on paper in binders.
Records can be retrieved manually by name or date.
Records are retained and disposed of in accordance with NARA's General Records Schedule 5.6, Item 111.
Records are maintained in a binder placed on the front desk. During duty hours, the binder is under surveillance of personnel occupying the front desk. After duty hours, the front desk can be accessed only by those who possess an office key or access card.
Individuals who wish to gain access to their records should notify: Privacy Officer, OSHRC, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457. For an explanation on how such requests should be drafted, refer to 29 CFR 2400.6 (procedures for requesting records).
Individuals who wish to contest their records should notify: Privacy Officer, OSHRC, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457. For an explanation on the specific procedures for contesting the contents of a record, refer to 29 CFR 2400.8 (Procedures for requesting amendment), and 29 CFR 2400.9 (Procedures for appealing).
Individuals interested in inquiring about their records should notify: Privacy Officer, OSHRC, 1120 20th Street NW, Ninth Floor, Washington, DC 20036-3457. For an explanation on how such requests should be drafted, refer to 29 CFR 2400.5 (notification), and 29 CFR 2400.6 (procedures for requesting records).
None.
April 14, 2006, 71 FR 19556; August 4, 2008, 73 FR 45256; October 5, 2015, 80 FR 60182; and September 28, 2017, 82 FR 45324.
Nasdaq BX, Inc. (“BX”) and Nasdaq PHLX LLC (“Phlx”) (each the “Exchange” and collectively, the “Exchanges”) have filed with the Securities and Exchange Commission (“Commission”) an application for an exemption from the rule filing requirements of Section 19(b) of the Securities Exchange Act of 1934 (“Exchange Act”)
The Exchanges each filed a proposed rule change
The Exchanges request, pursuant to Rule 0-12 under the Exchange Act,
The Exchanges represent that FINRA Rules 4590, 7440, and 7450 are regulatory in nature and that they do not intend to incorporate by reference any trading rules.
The Exchanges believe this exemption is appropriate because it will result in the Exchanges' rules pertaining to OATS compliance remaining consistent at all times, thus ensuring consistent regulation of joint members of the Exchanges, as well as the Nasdaq Market.
The Commission has issued exemptions similar to the Exchanges' request.
• An SRO wishing to incorporate rules of another SRO by reference has submitted a written request for an order exempting it from the requirement in Section 19(b) of the Exchange Act to file proposed rule changes relating to the rules incorporated by reference, has identified the applicable originating SRO(s), together with the rules it wants to incorporate by reference, and otherwise has complied with the procedural requirements set forth in the Commission's release governing procedures for requesting exemptive orders pursuant to Rule 0-12 under the Exchange Act;
• The incorporating SRO has requested incorporation of categories of rules (rather than individual rules within a category) that are not trading rules (
• The incorporating SRO has reasonable procedures in place to provide written notice to its members each time a change is proposed to the incorporated rules of another SRO.
The Commission believes that the Exchanges have satisfied each of these
Accordingly,
For the Commission, by the Division of Trading and Markets, pursuant to delegated authority.
Small Business Administration.
60-Day notice and request for comments.
The Small Business Administration (SBA) intends to request approval from the Office of Management and Budget (OMB) for the collection of information described below. The Paperwork Reduction Act (PRA) requires federal agencies to publish a notice in the
Submit comments on or before May 3, 2019.
Send all comments to Daniel Upham, Chief, Microenterprise Development Division, Office of Capital Access, Small Business Administration, 409 Third Street SW, Washington, DC 20416.
Daniel Upham, Chief, Microenterprise Development Division, Office of Capital Access,
Section 853(c) of the National Defense Authorization Act for Fiscal Year 2019 (NDAA 2019), Public Law 115-232 (8/13/2018) requires the SBA to study the level of participation by intermediaries that are eligible to participate in the Agency's Microloan Program. To that end SBA plans to conduct a survey of this group of intermediaries to determine the reasons why some of them do not participate in the program. The survey will explore ways to encourage increased participation in the microloan program, and also decrease the costs associated with participation. Generally, the survey will look at the operations of the intermediaries, including structure, size, area of operations, and the nature of the services that they provide.
Intermediaries that are eligible for the program but do not currently participate will be asked to identify some of the factors that contribute to their non-participation in the program. The survey will also explore what factors could make the program more appealing to intermediaries and lead them to participate. The complete list of questions is available upon request from SBA.
Finally, as required by the NDAA 2019, the results of the study will be reported to the Committee on Small Business and Entrepreneurship of the Senate, and the Committee on Small Business of the House of Representatives.
SBA is requesting comments on (a) Whether the collection of information is necessary for the agency to properly perform its functions; (b) whether the burden estimates are accurate; (c) whether there are ways to minimize the burden, including through the use of automated techniques or other forms of information technology; and (d) whether there are ways to enhance the quality, utility, and clarity of the requested information.
Notice is hereby given that the Department of State has rescinded the statutory debarment of Rocky Mountain Instrument Company included in
Rescission as of March 4, 2019.
Jae Shin, Director, Office of Defense Trade Controls Compliance, Bureau of Political-Military Affairs, Department of State (202) 632-2107.
Section 38(g)(4) of the Arms Export Control Act (AECA), 22 U.S.C. 2778(g)(4), prohibits the issuance of licenses or other approvals for the export of defense articles or defense services where the applicant, or any party to the export, has been convicted of violating the AECA and certain other U.S. criminal statues enumerated in § 38(g)(1) of the AECA. In addition, § 127.7(b) of the International Traffic in Arms Regulations (ITAR) provides for the statutory debarment of any person who has been convicted of violating or conspiring to violate the AECA. As stated in this provision, it is the policy of the Department of State not to consider applications for licenses or requests for approvals involving any person who has been statutorily debarred. Persons subject to statutory
In June 2010, Rocky Mountain Instrument Company (“RMI”) pleaded guilty to violating the AECA. On September 8, 2010, the Department notified the public of a statutory debarment imposed on RMI pursuant to ITAR § 127.7(c) related to RMI's criminal conviction via notice in the
In accordance with ITAR § 127.7(b) of the ITAR, reinstatement may only be approved after submission of a request by the debarred party. In response to such a request from RMI for reinstatement, the Department has conducted a thorough review of the circumstances surrounding the conviction, and has determined that RMI has taken appropriate steps to address the causes of the violations to warrant rescission of the notice of statutory debarment of RMI. Therefore, pursuant to ITAR § 127.7(b) the Department determines it is no longer in the national security and foreign policy interests of the United States to maintain the policy as applied to RMI, and the Department hereby rescinds the notice of RMI's statutory debarment.
The Department notes that the
This notice rescinds the statutory debarment of RMI but does not provide notice of reinstatement of export privileges for RMI pursuant to the statutory requirements of § 38(g)(4) of the AECA and ITAR § 127.11. As required by the statute, the Department may not issue a license directly to RMI except as may be determined on a case-by-case basis after interagency consultations, a thorough review of the circumstances surrounding the conviction, and a finding that appropriate steps have been taken to mitigate any law enforcement concerns. Any determination by the Department regarding the reinstatement of export privileges for RMI will be made in accordance with these statutory and regulatory requirements and will be the subject of a separate notice. All otherwise eligible persons may engage in exports of RMI manufactured defense articles, incorporate RMI manufactured items into defense articles for export, or otherwise engage in transactions subject to the ITAR without providing prior written notification of RMI's involvement as otherwise required by ITAR § 127.1(d) and the transaction exception requirements of the
Federal Aviation Administration (FAA), DOT.
Notice and request for comments.
In accordance with the Paperwork Reduction Act of 1995, FAA invites public comments about our intention to request the Office of Management and Budget (OMB) approval to renew an information collection. The collection involves gathering information from airport sponsors about any establishment, construction, alteration, or change to the status or use of an airport. The FAA uses this information to conduct airport airspace analyses to understand the impact of proposed actions on existing and planned operating procedures, determine potential hazardous effects, and identify any mitigating measures needed to enhance safe air navigation. Additionally, the information updates the aeronautical charts and maps airports having emergency landing or landmark values.
Written comments should be submitted by May 3, 2019.
Please send written comments:
Raymond Zee by email at:
Maritime Administration, Department of Transportation.
Notice of application.
The Maritime Administration (MARAD) and the U.S. Coast Guard (USCG) announce they have received an application for the licensing of a deepwater port and that the application contains information sufficient to commence processing. This notice summarizes the applicant's plans and the procedures that will be followed in considering the application.
The Deepwater Port Act of 1974, as amended, requires at least one public hearing on this application to be held in the designated Adjacent Coastal State(s) not later than 240 days after publication of this notice, and a decision on the application not later than 90 days after the final public hearing(s).
The public docket for the SPOT deepwater port license application is maintained by the U.S. Department of Transportation, Docket Management Facility, West Building, Ground Floor, Room W12-140, 1200 New Jersey Avenue SE, Washington, DC 20590.
The license application is available for viewing at the
We encourage you to submit comments electronically through the Federal eRulemaking Portal at
Mr. Efrain Lopez, U.S. Coast Guard, telephone: 202-372-1437, email:
On January 31, 2019, MARAD and USCG received an application from SPOT Terminal Services LLC (SPOT) for Federal authorizations required for a license to own, construct, and operate a deepwater port for the export of oil as authorized by the Deepwater Port Act of 1974, as amended, 33 U.S.C. 1501
The Act defines a deepwater port as any fixed or floating manmade structure other than a vessel, or any group of such structures, that are located beyond State seaward boundaries and used or intended for use as a port or terminal for the transportation, storage, and further handling of oil or natural gas for transportation to, or from, any State. A deepwater port includes all components and equipment, including pipelines, pumping or compressor stations, service platforms, buoys, mooring lines, and similar facilities that are proposed as part of a deepwater port to the extent they are located seaward of the high-water mark.
The Secretary of Transportation delegated to the Maritime Administrator authorities related to licensing deepwater ports (49 CFR 1.93(h)). Statutory and regulatory requirements for processing applications and licensing appear in 33 U.S.C. 1501
In accordance with 33 U.S.C. 1504(f) for all applications, MARAD and the USCG, working in cooperation with other involved Federal agencies and departments, shall comply with the requirements of the National Environmental Policy Act (NEPA) of 1969 (42 U.S.C. 4321
All connected actions, permits, approvals and authorizations will be considered during the processing of SPOT's deepwater port license application.
MARAD, in issuing this Notice of Application pursuant to 33 U.S.C. 1504(c), must designate as an “Adjacent Coastal State” any coastal state which (A) would be directly connected by pipeline to a deepwater port as proposed in an application, or (B) would be located within 15 nautical miles of any such proposed deepwater port (see 33 U.S.C. 1508(a)(1)). Pursuant to the criteria provided in the Act, Texas is the designated Adjacent Coastal State for this application. Other states may request from the Maritime Administrator designation as an Adjacent Coastal State in accordance with 33 U.S.C. 1508(a)(2).
The Act directs that at least one public hearing take place in each Adjacent Coastal State, in this case, Texas. Additional public meetings may be conducted to solicit comments for the environmental analysis to include public scoping meetings, or meetings to discuss the Draft and Final environmental impact documents prepared in accordance with NEPA.
MARAD, in coordination with the USCG, will publish additional
The Deepwater Port Act imposes a strict timeline for processing an application. When MARAD and USCG determine that an application is complete (
Within 45 days after the final hearing, the Governor of the Adjacent Costal State, in this case the Governor of Texas, may notify MARAD of his approval, approval with conditions, or disapproval of the application. If such approval, approval with conditions, or disapproval is not provided to the Maritime Administrator by that time, approval shall be conclusively presumed. MARAD may not issue a license without the explicit or presumptive approval of the Governor of the Adjacent Coastal State. During this 45-day period, the Governor may also notify MARAD of inconsistencies between the application and State programs relating to environmental protection, land and water use, and coastal zone management. In this case, MARAD may condition the license to make it consistent with such state programs (33 U.S.C. 1508(b)(1)). MARAD will not consider written approvals or disapprovals of the application from the Governor of the Adjacent Coastal State until after the final public hearing is complete and the 45-day period commences.
The Maritime Administrator must render a decision on the application within 90 days after the final hearing.
In accordance with section 33 U.S.C. 1504(d), MARAD is required to designate an application area for a deepwater port application intended to transport oil. Section 1504(d)(2) provides MARAD the discretion to establish a reasonable application area constituting the geographic area in which only one deepwater port may be constructed and operated. MARAD has consulted with USCG in developing SPOT's application area and designates an application area encompassing the deepwater port that is a circle having a radius of no less than three-and-three-tenths (3.30) nautical miles centered at SPOT's proposed platform, latitude N 28°27′59.22″ and longitude W 95°07′ 24.49″, and 0.25 nautical miles on either side of SPOT's proposed pipeline route between the terminal and the shore. Any person interested in applying for the ownership, construction, and operation of a deepwater port within this designated application area must file with MARAD (see
Should a favorable record of decision be rendered and license be issued, MARAD may include specific conditions related to design, construction, operations, environmental permitting, monitoring and mitigations, and financial responsibilities. If a license is issued, USCG in coordination with other agencies as appropriate, would review and approve the deepwater port's engineering, design, and construction; operations/security procedures; waterways management and regulated navigation areas; maritime safety and security requirements; risk assessment; and compliance with domestic and international laws and regulations for vessels that may call on the port. The deepwater port would be designed, constructed and operated in accordance with applicable codes and standards.
In addition, installation of pipelines and other structures may require permits under Section 404 of the Clean Water Act and Section 10 of the Rivers and Harbors Act, which are administered by the USACE.
Permits from the EPA may also be required pursuant to the provisions of the Clean Air Act, as amended, and the Clean Water Act, as amended.
SPOT is proposing to construct, own, and operate a deepwater port terminal in the Gulf of Mexico to export domestically produced crude oil. Use of the deepwater port would include the loading of various grades of crude oil at flow rates of up to 85,000 barrels per hour (bph). The SPOT deepwater port would allow for up to two (2) Very Large Crude Carriers (VLCCs) or other crude oil carriers to moor at single point mooring (SPM) buoys and connect with the deepwater port via floating connecting crude oil hoses and a floating vapor recovery hose. The maximum frequency of loading VLCCs or other crude oil carriers would be 2 million barrels per day, 365 days per year.
The overall project would consist of offshore and marine components as well as onshore components as described below.
The SPOT deepwater port offshore and marine components would consist of the following:
• One (1) fixed offshore platform with eight (8) piles in Galveston Area Outer Continental Shelf lease block 463, approximately 27.2 to 30.8 nautical miles off the coast of Brazoria County, Texas in a water depth of approximately 115 feet. The fixed offshore platform
• Two (2) single point mooring buoys (SPMs), each having: Two (2) 24-inch inside diameter crude oil underbuoy hoses interconnecting with the crude oil pipeline end manifold (PLEM); two (2) 24-inch inside diameter floating crude oil hoses connecting the moored VLCC or other crude oil carrier for loading to the SPM buoy; one (1) 24-inch inside diameter vapor recovery underbuoy hose interconnecting with the vapor recovery PLEM; and one (1) 24-inch inside diameter floating vapor recovery hose to connect to the moored VLCC or other crude oil carrier for loading. The floating hoses would be approximately 800 feet in length and rated for 300 psig (21-bar). Each floating hose would contain an additional 200 feet of 16-inch “tail hose” that is designed to be lifted and robust enough for hanging over the edge railing of the VLCC or other crude oil carrier. The underbuoy hoses would be approximately 160 feet in length and rated for 300 psig (21-bar).
• Four (4) PLEMs would provide the interconnection between the pipelines and the SPM buoys. Each SPM buoy would have two (2) PLEMs—one (1) PLEM for crude oil and one (1) PLEM for vapor recovery. Each crude oil loading PLEM would be supplied with crude oil by two (2) 30-inch outside diameter pipelines, each approximately 0.66 nautical miles in length. Each vapor recovery PLEM would route recovered vapor from the VLCC or other crude oil carrier through the PLEM to the three (3) vapor combustion units located on the platform topside via two (2) 16-inch outside diameter vapor recovery pipelines, each approximately 0.66 nautical miles in length.
• Two (2) co-located 36-inch outside diameter, 40.8-nautical mile long crude oil pipelines would be constructed from the shoreline crossing in Brazoria County, Texas, to the SPOT deepwater port for crude oil delivery. These pipelines, in conjunction with 12.2 statute miles of new-build onshore pipelines (described below), would connect the onshore crude oil storage facility and pumping station (Oyster Creek Terminal) to the offshore SPOT deepwater port. The crude oil would be metered at the offshore platform. Pipelines would be bi-directional for the purposes of maintenance, pigging, changing crude oil grades, or evacuating the pipeline with water.
The SPOT deepwater port onshore storage and supply components would consist of the following:
• New equipment and piping at the existing Enterprise Crude Houston (ECHO) Terminal to provide interconnectivity with the crude oil supply network for the SPOT Project. This would include the installation of four (4) booster pumps, one (1) measurement skid, and four (4) crude oil pumps.
• An interconnection between the existing Rancho II pipeline and the proposed ECHO to Oyster Creek pipeline consisting of a physical connection as well as ultrasonic measurement capability for pipeline volumetric balancing purposes.
• The proposed Oyster Creek Terminal located in Brazoria County, Texas, on approximately 140 acres of land consisting of seven (7) aboveground storage tanks, each with a total storage capacity of 685,000 barrels (600,000 barrels working storage capacity), for a total onshore storage capacity of approximately 4.8 million barrels (4.2 million barrels working storage) of crude oil. The Oyster Creek Terminal also would include: Six (6) electric-driven mainline crude oil pumps; four (4) electric-driven booster crude oil pumps (two (2) per pipeline), working in parallel to move crude oil from the storage tanks through the measurement skids; two (2) crude oil pipeline pig launchers/receivers; one (1) crude oil pipeline pig receiver; two (2) measurement skids for measuring incoming crude oil—one (1) skid located at the incoming pipeline from the existing Enterprise Crude Houston (ECHO) Terminal, and one (1) skid installed and reserved for a future pipeline connection; two (2) measurement skids for measuring departing crude oil; three (3) vapor combustion units—two (2) permanent and one (1) portable; and ancillary facilities to include electrical substation, office, and warehouse buildings.
• Three onshore crude oil pipelines would be constructed onshore to support the SPOT deepwater port. These would include: One (1) 50.1 statute mile long 36-inch crude oil pipeline from the existing ECHO Terminal to the Oyster Creek Terminal. This pipeline would be located in Harris County and Brazoria County, Texas; two (2) 12.2 statute mile long, co-located 36-inch crude oil export pipelines from the Oyster Creek Terminal to the shore crossing where these would join the above described subsea pipelines supplying the SPOT deepwater port. These pipelines would be located in Brazoria County, Texas.
DOT posts comments, without edit, to
By Order of the Maritime Administrator.
Office of the Comptroller of the Currency (OCC), Treasury.
Notice and request for comment.
The Office of the Comptroller of the Currency (OCC), as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other federal agencies to take this opportunity to comment on an information collection renewal as required by the Paperwork Reduction Act of 1995.
An agency may not conduct or sponsor, and a respondent is not required to respond to, an information collection unless it displays a currently valid OMB control number. The OCC is soliciting comment concerning the renewal of its information collection titled “Interagency Appraisal Complaint Form.”
Comments must be received by May 3, 2019.
Commenters are encouraged to submit comments by email, if possible. You may submit comments by any of the following methods:
•
•
•
•
Additionally, please send a copy of your comments by mail to: OCC Desk Officer, 1557-0314, U.S. Office of Management and Budget, 725 17th Street NW, #10235, Washington, DC 20503 or by email to
You may review comments and other related materials that pertain to this information collection
•
• For assistance in navigating
•
Shaquita Merritt, OCC Clearance Officer, (202) 649-5490, Chief Counsel's Office, Office of the Comptroller of the Currency, 400 7th Street SW, Washington, DC 20219.
Under the PRA (44 U.S.C. 3501-3520), federal agencies must obtain approval from the Office of Management and Budget (OMB) for each collection of information that they conduct or sponsor. “Collection of information” is defined in 44 U.S.C. 3502(3) and 5 CFR 1320.3(c) to include agency requests or requirements that members of the public submit reports, keep records, or provide information to a third party. The OCC requests that OMB extend its approval of this collection.
Representatives from the OCC, the Board, the FDIC, the NCUA (Agencies), and the CFPB met and established a process to facilitate the referral of complaints received through the ASC Hotline to the appropriate federal financial institution regulatory agency or agencies. The Agencies developed the Interagency Appraisal Complaint Form to collect information necessary to take further action on the complaint. The CFPB incorporated the process into one of their existing systems.
The Interagency Appraisal Complaint Form was developed for use by those who wish to file a formal, written complaint that an entity subject to the jurisdiction of one or more of the Agencies has failed to comply with the appraisal independence standards or USPAP. The Interagency Appraisal Complaint Form is designed to collect information necessary for the Agencies to take further action on a complaint from an appraiser, other individual, financial institution, or other entities. The Agencies use the information to take further action on the complaint to the extent the complaint relates to an issue within their jurisdiction.
On October 26, 2018, the OCC issued a notice for 60 days of comment concerning this collection, 83 FR 54174. No comments were received. Comments continue to be invited on:
(a) Whether the collection of information is necessary for the proper performance of the functions of the OCC, including whether the information has practical utility;
(b) The accuracy of the OCC's estimates of the burden of the collection of information;
(c) Ways to enhance the quality, utility, and clarity of the information to be collected;
(d) Ways to minimize the burden of the collection on respondents, including through the use of automated collection techniques or other forms of information technology; and
(e) Estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information.
Internal Revenue Service (IRS), Treasury.
Notice and request for comments.
The Internal Revenue Service (IRS), as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal agencies to take this opportunity to comment on information collections, as required by the Paperwork Reduction Act of 1995. The IRS is soliciting comments concerning Final Rules Under the Paul Wellstone and Pete Domenici Mental Health Parity and Addiction Equity Act of 2008; Technical Amendment to External Review for Multi-State Plan Program.
Written comments should be received on or before May 3, 2019 to be assured of consideration.
Direct all written comments to Laurie Brimmer, Internal Revenue Service, Room 6526, 1111 Constitution Avenue NW, Washington, DC 20224.
Requests for additional information or copies of the regulation should be directed to Martha R. Brinson, at (202) 317-5753, or at Internal Revenue Service, Room 6526, 1111 Constitution Avenue NW, Washington, DC 20224, or through the internet at
The following paragraph applies to all of the collections of information covered by this notice:
An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless the collection of information displays a valid OMB control number. Books or records relating to a collection of information must be retained as long as their contents may become material in the administration of any internal revenue law. Generally, tax returns and tax return information are confidential, as required by 26 U.S.C. 6103.
Internal Revenue Service (IRS), Treasury.
Notice and request for comments.
The Internal Revenue Service, as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal agencies to take this opportunity to comment on continuing information collections, as required by the Paperwork Reduction Act of 1995. The IRS is soliciting comments concerning certain cash or deferred arrangements and employee and matching contributions under employee plans, and retirement plans; cash or deferred arrangements.
Written comments should be received on or before May 3, 2019 to be assured of consideration.
Direct all written comments to Laurie Brimmer, Internal Revenue Service, Room 6529, 1111 Constitution Avenue NW, Washington, DC 20224.
Requests for additional information or copies of the form should be directed to Kerry Dennis, at (202) 317-5751 or Internal Revenue Service, Room 6529, 1111 Constitution Avenue NW, Washington, DC 20224, or through the internet, at
The following paragraph applies to all of the collections of information covered by this notice.
An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless the collection of information displays a valid OMB control number. Books or records relating to a collection of information must be retained as long as their contents may become material in the administration of any internal revenue law. Generally, tax returns and tax return information are confidential, as required by 26 U.S.C. 6103.
Internal Revenue Service (IRS), Treasury.
Notice of meeting.
An open meeting of the Taxpayer Advocacy Panel's Tax Forms and Publications Project Committee will be conducted. The Taxpayer Advocacy Panel is soliciting public comments, ideas, and suggestions on improving customer service at the Internal Revenue Service.
The meeting will be held Monday, March 18, 2019 and Tuesday, March 19, 2019.
Robert Rosalia at 1-888-912-1227 or (718) 834-2203.
Notice is hereby given pursuant to Section 10(a)(2) of the Federal Advisory Committee Act, 5 U.S.C. App. (1988) that a meeting of the Taxpayer Advocacy Panel's Tax Forms and Publications Project Committee will be held Monday, March 18, 2019, from 1:00 p.m. to 5:00 p.m. Eastern Time and Tuesday, March 19, 2019, from 8:00 a.m. until 5:00 p.m. Eastern Time. The public is invited to make oral comments or submit written statements for consideration. Due to limited time and structure of meeting, notification of intent to participate must be made with Robert Rosalia. For more information please contact Robert Rosalia at 1-888-912-1227 or (718) 834-2203, or write TAP Office, 2 Metrotech Center, 100 Myrtle Avenue, Brooklyn, NY 11201 or contact us at the website:
Internal Revenue Service (IRS), Treasury.
Notice and request for comments.
The Internal Revenue Service, as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal agencies to take this opportunity to comment on continuing information collections, as required by the Paperwork Reduction Act of 1995. The IRS is soliciting comments concerning empowerment zone employment credit.
Written comments should be received on or before May 3, 2019 to be assured of consideration.
Direct all written comments to Laurie Brimmer, Internal Revenue Service, Room 6529, 1111 Constitution Avenue NW, Washington, DC 20224.
Requests for additional information or copies of the form should be directed to Kerry Dennis, at (202) 317-5751 or Internal Revenue Service, Room 6529, 1111 Constitution Avenue NW, Washington, DC 20224, or through the internet, at
The following paragraph applies to all of the collections of information covered by this notice.
An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless the collection of information displays a valid OMB control number. Books or records relating to a collection of information must be retained as long as their contents may become material in the administration of any internal revenue law. Generally, tax returns and tax return information are confidential, as required by 26 U.S.C. 6103.
Internal Revenue Service (IRS), Treasury.
Notice and request for comments.
The Internal Revenue Service, as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal agencies to take this opportunity to comment on continuing information collections, as required by the Paperwork Reduction Act of 1995. The IRS is soliciting comments concerning revocation of election filed under property transferred in connection with performance of services to include gross income in year of transfer.
Written comments should be received on or before May 3, 2019 to be assured of consideration.
Direct all written comments to Laurie Brimmer, Internal Revenue Service, Room 6529, 1111 Constitution Avenue NW, Washington, DC 20224.
Requests for additional information or copies of the form should be directed to Kerry Dennis, at (202) 317-5751 or Internal Revenue Service, Room 6529, 1111 Constitution Avenue NW, Washington, DC 20224, or through the internet, at
The following paragraph applies to all of the collections of information covered by this notice.
An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless the collection of information displays a valid OMB control number. Books or records relating to a collection of information must be retained as long as their contents may become material in the administration of any internal revenue law. Generally, tax returns and tax return information are confidential, as required by 26 U.S.C. 6103.
Internal Revenue Service (IRS), Treasury.
Notice of meeting.
An open meeting of the Taxpayer Advocacy Panel's Taxpayer Communications Project Committee will be conducted. The Taxpayer Advocacy Panel is soliciting public comments, ideas, and suggestions on improving customer service at the Internal Revenue Service.
The meeting will be held Thursday, March 21, 2019 and Friday, March 22, 2019.
Otis Simpson at 1-888-912-1227 or 202-317-3332.
Notice is hereby given pursuant to Section 10(a)(2) of the Federal Advisory Committee Act, 5 U.S.C. App. (1988) that a meeting of the Taxpayer Advocacy Panel Taxpayer Communications Notices and Correspondence Project Committee will be held Thursday, March 21, 2019, from 8:00 a.m. to 5:00 p.m. Eastern Time and Friday, March 22, 2019, from 8:00 a.m. until 12:00 p.m. Eastern Time. The public is invited to make oral comments or submit written statements for consideration. Due to limited time and structure of meeting, notification of intent to participate must be made with Otis Simpson. For more information please contact Otis Simpson at 1-888-912-1227 or 202-317-3332, or write TAP Office, 1111 Constitution Ave. NW, Room 1509, Washington, DC 20224 or contact us at the website:
Internal Revenue Service (IRS), Treasury.
Notice of meeting.
An open meeting of the Taxpayer Advocacy Panel's Taxpayer Assistance Center Project Committee will be conducted. The Taxpayer Advocacy Panel is soliciting public comments, ideas, and suggestions on improving customer service at the Internal Revenue Service.
The meeting will be held Thursday, March 21, 2019 and Friday, March 22, 2019.
Matthew O'Sullivan at 1-888-912-1227 or (510) 907-5274.
Notice is hereby given pursuant to Section 10(a)(2) of the Federal Advisory Committee Act, 5 U.S.C. App. (1988) that an open meeting of the Taxpayer Advocacy Panel's Taxpayer Assistance Center Project Committee will be held Thursday, March 21, 2019, from 8:00 a.m. to 5:00 p.m. Eastern Time and Friday, March 22, 2019, from 8:00 a.m. until 12:00 p.m. Eastern Time. The public is invited to make oral comments or submit written statements for consideration. Due to limited time and structure of meeting, notification of intent to participate must be made with Matthew O'Sullivan. For more information please contact Matthew O'Sullivan at 1-888-912-1227 or (510) 907-5274, or write TAP Office, 1301 Clay Street, Oakland, CA 94612-5217 or contact us at the website:
Internal Revenue Service (IRS), Treasury.
Notice of meeting.
An open meeting of the Taxpayer Advocacy Panel's Toll-Free Phone Line Project Committee will be conducted. The Taxpayer Advocacy Panel is soliciting public comments, ideas, and suggestions on improving customer service at the Internal Revenue Service.
The meeting will be held Thursday, March 21, 2019 and Friday, March 22, 2019.
Rosalind Matherne at 1-888-912-1227 or 202-317-4115.
Notice is hereby given pursuant to Section 10(a)(2) of the Federal Advisory Committee Act, 5 U.S.C. App. (1988) that an open meeting of the Taxpayer Advocacy Panel Toll-Free Phone Line Project Committee will be held Thursday, March 21, 2019, from 8:00 a.m. to 5:00 p.m. Eastern Time and Friday, March 22, 2019, from 8:00 a.m. until 12:00 p.m. Eastern Time. The public is invited to make oral comments or submit written statements for consideration. Due to limited time and structure of meeting, notification of intent to participate must be made with Rosalind Matherne. For more information please contact Rosalind Matherne at 1-888-912-1227 or 202-317-4115, or write TAP Office, 1111 Constitution Ave. NW, Room 1509, Washington, DC 20224 or contact us at the website:
The Department of Veterans Affairs (VA) gives notice under the Federal Advisory Committee Act that a meeting of the Advisory Committee on Homeless Veterans will be held April 3-4, 2019. The meeting sessions will take place at the Department of Veterans Affairs Central Office at 810 Vermont Avenue NW, Sonny Montgomery Conference Room 230, Washington, DC 20420.
The purpose of the Committee is to provide the Secretary of Veterans Affairs with an on-going assessment of the effectiveness of the policies, organizational structures, and services of VA in assisting Veterans at-risk and experiencing homelessness. The Committee shall assemble and review information related to the needs of homeless Veterans and provide advice on the most appropriate means of providing assistance to that subset of the Veteran population. The Committee will make recommendations to the Secretary regarding such activities.
On Wednesday, April 3, 2019, the Committee will convene an open session rom 8:00 a.m. to 5:00 p.m. (Eastern Standard Time). On Thursday, April 4, 2019, the Committee will convene an open session from 8:00 a.m. to 3:00 p.m. (Eastern Standard Time). The agenda for both meetings will include briefings from officials at VA and other federal agencies regarding services for homeless Veterans. The Committee will also discuss topics for its annual report and recommendations to the Secretary of Veterans Affairs.
No time will be allocated at this meeting for receiving oral presentations from the public. Interested parties should provide written comments on issues affecting homeless Veterans for review by the Committee to Mr. Anthony Love, Designated Federal Officer, Veterans Health Administration Homeless Programs Office (10NC1), Department of Veterans Affairs, 811 Vermont Avenue NW (10NC1), Washington, DC 20420, or via email at
Members of the public who wish to attend should contact
Veterans Benefits Administration, Department of Veterans Affairs.
Notice.
In compliance with the Paperwork Reduction Act (PRA) of 1995, this notice announces that the Veterans Benefits Administration, Department of Veterans Affairs, will submit the collection of information abstracted below to the Office of Management and Budget (OMB) for review and comment. The PRA submission describes the nature of the information collection and its expected cost and burden and it includes the actual data collection instrument.
Comments must be submitted on or before April 3, 2019.
Submit written comments on the collection of information through
Danny S. Green at (202) 421-1354. Please refer to “OMB Control No. 2900-0128” in any correspondence.
An agency may not conduct or sponsor, and a person is not required to respond to a collection of information unless it displays a currently valid OMB control number. The
By direction of the Secretary.
The Department of Veterans Affairs (VA) gives notice under the Federal Advisory Committee Act that the Veterans' Family, Caregiver, and Survivor Advisory Committee will meet on March 26-27, 2019. The meeting will be held at the Department of Veterans Affairs, 810 Vermont Avenue NW, Room 230, Washington, DC 20420. Both sessions will begin at 9:00 a.m. (EST) each day. The session on March 26 will adjourn at approximately 5:00 p.m. The session on the March 27 will adjourn at approximately 3:00 p.m. The meetings are open to the public.
The purpose of the Committee is to advise the Secretary of Veterans Affairs on matters related to: Veterans' families, caregivers, and survivors across all generations, relationships, and Veterans status; the use of VA care and benefits services by Veterans' families, caregivers, and survivors, and possible expansion of such care and benefits services; Veterans' family, caregiver, and survivor experiences; VA policies, regulations, and administrative requirements related to the transition of Servicemembers from the Department of Defense (DoD) to enrollment in VA that impact Veterans' families, caregivers, and survivors; and factors that influence access to, quality of, and accountability for services and benefits for Veterans' families, caregivers, and survivors.
On March 26 and 27, the agenda will include information on the pilot research from the Center for Excellence, updates from the Veterans Experience Office (VEO) White House Hotline (regarding comments from Veterans' families, caregivers, and survivors), an update on the Mission Act Implementation and Expansion of the Stipend Program to Pre-9/11/Inclusive Care; update on Tragedy Assistance Program (TAPS) and their collaboration with VA's Research Advisory Committee on Gulf War Veterans' Illnesses; and updates from the Office of Suicide Prevention and Office of Survivors. There will be opening remarks from VA senior leaders including the Chief Veterans Experience Officer and the Committee Chair and a presentation on the Recommendations this Committee submitted in November 2018. Committee members will also discuss the committee work plan and future activities. Public comments will be received at 4:00 p.m. to 5:00 p.m. on March 26, 2019.
Individuals wishing to speak should contact Dr. Betty Moseley Brown at
Because the meeting is being held in a government building, a photo I.D. must be presented at the Guard's Desk as a part of the clearance process. To prevent delays, you should allow an additional 30 minutes before the meeting begins to clear security. If you are interested in attending, please submit your name to Betty Moseley Brown by March 22, 2019 to help expedite the security clearance process. Any member of the public seeking additional information should contact Betty Moseley Brown at (202) 465-6199 or at
Office of the National Coordinator for Health Information Technology (ONC), Department of Health and Human Services (HHS).
Proposed rule.
This proposed rule would implement certain provisions of the 21st Century Cures Act, including conditions and maintenance of certification requirements for health information technology (health IT) developers under the ONC Health IT Certification Program (Program), the voluntary certification of health IT for use by pediatric health care providers, and reasonable and necessary activities that do not constitute information blocking. The implementation of these provisions would advance interoperability and support the access, exchange, and use of electronic health information. The proposed rule would also modify the 2015 Edition health IT certification criteria and Program in additional ways to advance interoperability, enhance health IT certification, and reduce burden and costs.
To be assured consideration, written or electronic comments must be received at one of the addresses provided below, no later than 5 p.m. on May 3, 2019.
You may submit comments, identified by RIN 0955-AA01, by any of the following methods (please do not submit duplicate comments). Because of staff and resource limitations, we cannot accept comments by facsimile (FAX) transmission.
•
•
•
Michael Lipinski, Office of Policy, Office of the National Coordinator for Health Information Technology, 202-690-7151.
ONC is responsible for the implementation of key provisions in Title IV of the 21st Century Cures Act (Cures Act) that are designed to advance interoperability; support the access, exchange, and use of electronic health information; and address occurrences of information blocking. This proposed rule would implement certain provisions of the Cures Act, including Conditions and Maintenance of Certification requirements for health information technology (health IT) developers, the voluntary certification of health IT for use by pediatric health providers, and reasonable and necessary activities that do not constitute information blocking. In addition, the proposed rule would implement parts of section 4006(a) of the Cures Act to support patient access to their electronic health information (EHI), such as making a patient's EHI more electronically accessible through the adoption of standards and certification criteria and the implementation of information blocking policies that support patient electronic access to their health information at no cost. Additionally, the proposed rule would modify the 2015 Edition health IT certification criteria and ONC Health IT Certification Program (Program) in other ways to advance interoperability, enhance health IT certification, and reduce burden and costs.
In addition to fulfilling the Cures Act's requirements, the proposed rule would contribute to fulfilling Executive Order (E.O.) 13813. The President issued E.O. 13813 on October 12, 2017, to promote health care choice and competition across the United States. Section 1(c) of the E.O., in relevant part, states that government rules affecting the United States health care system should re-inject competition into the health care markets by lowering barriers to entry and preventing abuses of market power. Section 1(c) also states that government rules should improve access to and the quality of information that Americans need to make informed health care decisions. For example, as mentioned above, the proposed rule focuses on establishing Application Programming Interfaces (APIs) for several interoperability purposes, including patient access to their health information without special effort. The API approach also supports health care providers having the sole authority and autonomy to unilaterally permit connections to their health IT through certified API technology the health care providers have acquired. In addition, the proposed rule provides ONC's interpretation of the information blocking definition as established in the Cures Act and the application of the information blocking provision by identifying reasonable and necessary activities that would not constitute information blocking. Many of these activities focus on improving patient and health care provider access to electronic health information and promoting competition.
Since the inception of the Program, we have aimed to implement and administer the Program in the least burdensome manner that supports our policy goals. Throughout the years, we have worked to improve the Program with a focus on ways to reduce burden, offer flexibility to both developers and providers, and support innovation. This approach has been consistent with the principles of Executive Order 13563 on Improving Regulation and Regulatory Review (February 2, 2011), which instructs agencies to “determine whether any [agency] regulations should be modified, streamlined, expanded, or repealed so as to make the agency's regulatory program more effective or less burdensome in achieving the regulatory objectives.” To that end, we have historically, where feasible and appropriate, taken measures to reduce burden within the Program and make the Program more effective, flexible, and streamlined.
ONC has reviewed and evaluated existing regulations to identify ways to administratively reduce burden and implement deregulatory actions through guidance. In this proposed rule, we also propose potential new deregulatory actions that will reduce burden for health IT developers, providers, and other stakeholders. We propose six deregulatory actions in section III.B: (1) Removal of a threshold requirement related to randomized surveillance which allows ONC-Authorized Certification Bodies (ONC-ACBs) more flexibility to identify the right approach for surveillance actions, (2) removal of the 2014 Edition from the Code of Federal Regulations (CFR), (3) removal of the ONC-Approved Accreditor (ONC-AA) from the Program, (4) removal of certain 2015 Edition certification criteria, (5) removal of certain Program requirements, and (6) recognition of relevant Food and Drug Administration certification processes with a request for comment on the potential development of new processes for the Program.
This rule proposes to update the 2015 Edition by not only proposing criteria for removal, but by proposing to revise and add new certification criteria that would establish the capabilities and related standards and implementation specifications for the certification of health IT.
As part of ONC's continued efforts to assure the availability of a minimum baseline of data classes that could be commonly available for interoperable exchange, we adopted the 2015 Edition “Common Clinical Data Set” (CCDS) definition and used the CCDS shorthand in several certification criteria. However, the CCDS definition also began to be colloquially used for many different purposes. As the CCDS definition's relevance grew outside of its regulatory context, it became a symbolic and practical limit to the industry's collective interests to go beyond the CCDS data for access, exchange, and use. In addition, as we move further towards value-based care, the need for the inclusion of additional data classes that go beyond clinical data is necessary. In order to advance interoperability, we propose to remove the CCDS definition and its references
We propose to update the electronic prescribing (e-Rx) SCRIPT standard in 45 CFR 170.205(b) to NCPDP SCRIPT 2017071, which would result in a new e-Rx standard eventually becoming the baseline for certification. We also propose to adopt a new certification criterion in § 170.315(b)(11) for e-Rx to reflect these updated proposals. ONC and CMS have historically maintained complementary policies of maintaining aligned e-Rx and medical history (MH) standards to ensure that the current standard for certification to the electronic prescribing criterion permits use of the current Part D e-Rx and MH standards. This proposal is made to ensure such alignment as CMS recently finalized its Part D standards to NCPDP SCRIPT 2017071 for e-RX and MH, effective January 1, 2020 (83 FR 16440). In addition to continuing to reference the current transactions included in § 170.315(b)(3), in keeping with CMS' final rule, we also propose to require all of the NCPDP SCRIPT 2017071 standard transactions CMS adopted at 42 CFR 423.160(b)(2)(iv).
We propose to remove the HL7 Quality Reporting Document Architecture (QRDA) standard requirements from the 2015 Edition “CQMs—report” criterion in § 170.315(c)(3) and, in their place, require Health IT Modules to support the CMS QRDA Implementation Guide (IGs).
We propose a new 2015 Edition certification criterion for “electronic health information (EHI) export” in § 170.315(b)(10), which would replace the 2015 Edition “data export” certification criterion (§ 170.315(b)(6)) and become part of the 2015 Edition Base EHR definition. The proposed criterion supports situations in which we believe that all EHI produced and electronically managed by a developer's health IT should be made readily available for export as a standard capability of certified health IT. Specifically, this criterion would: (1) Enable the export of EHI for a single patient upon a valid request from that patient or a user on the patient's behalf, and (2) support the export of EHI when a health care provider chooses to transition or migrate information to another health IT system. This criterion would also require that the export include the data format, made publicly available, to facilitate the receiving health IT system's interpretation and use of the EHI to the extent reasonably practicable using the developer's existing technology.
This criterion provides developers with the ability to create innovative export capabilities according to their systems and data practices. We do not propose that the export must be executed according to any particular standard, but propose to require that the export must be accompanied by the data format, including its structure and syntax, to facilitate interpretation of the EHI therein. Overall, this new criterion is intended to provide patients and health IT users, including providers, a means to efficiently export the entire electronic health record for a single patient or all patients in a computable, electronic format.
We propose to adopt a new API criterion in § 170.315(g)(10), which would replace the “application access—data category request” certification criterion (§ 170.315(g)(8)) and become part of the 2015 Edition Base EHR definition. This new “standardized API for patient and population services” certification criterion would require the use of Health Level 7 (HL7®) Fast Healthcare Interoperability Resources (FHIR®) standards
We propose to adopt two new privacy and security transparency attestation certification criteria, which would identify whether certified health IT supports encrypting authentication credentials and/or multi-factor authentication. In order to be issued a certification, we propose to require that a Health IT Module developer attest to whether the Health IT Module encrypts authentication credentials and whether the Health IT Module supports multi-factor authentication. These criteria are not expected to place additional burden on health IT developers since they do not require net new development or implementation to take place in order to be met. However, certification to these proposed criteria would provide increased transparency and potentially motivate health IT developers to encrypt authentication credentials and support multi- factor authentication, which could help prevent exposure to unauthorized persons/entities.
In the 2015 Edition, we adopted two “data segmentation for privacy” (DS4P) certification criteria, one for creating a summary record according to the DS4P standard and one for receiving a summary record according to the DS4P standard. Certification to the 2015 Edition DS4P criteria focus on data segmentation only at the document level. As noted in the 2015 Edition final rule (80 FR 62646)—and to our knowledge still an accurate assessment—certification to these criteria is currently not required to meet the Certified EHR Technology definition
We propose to make corrections to the 2015 Edition privacy and security certification framework (80 FR 62705) and relevant regulatory provisions. These corrections have already been incorporated in the relevant Certification Companion Guides (CCGs).
We propose new and revised principles of proper conduct (PoPC) for ONC-Authorized Certification Bodies (ONC-ACBs). We propose to clarify that the records retention provision includes the “life of the edition” as well as after the retirement of an edition related to the certification of Complete EHRs and Health IT Modules. We also propose to revise the PoPC in § 170.523(h) to clarify the basis for certification, including to permit a certification decision to be based on an evaluation conducted by the ONC-ACB for Health IT Modules' compliance with certification criteria by use of conformity methods approved by the National Coordinator for Health Information Technology (National Coordinator). We also propose to update § 170.523(h) to require ONC-ACBs to accept test results from any ONC-ATL that is in good standing under the Program and is compliant with its ISO 17025 accreditation requirements. We believe these proposed new and revised PoPCs would provide necessary clarifications for ONC-ACBs and would promote stability among the ONC-ACBs. We also propose to update § 170.523(k) to broaden the requirements beyond just the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs (now renamed the Promoting Interoperability Programs) and provide other necessary clarifications.
We propose to revise a PoPC for ONC-ATLs. We propose to clarify that the records retention provision includes the “life of the edition” as well as after the retirement of an edition related to the certification of Complete EHRs and Health IT Modules.
Section 4001(b) of the Cures Act includes two provisions related to supporting health IT across the care continuum. The first instructs the National Coordinator to encourage, keep or recognize through existing authorities, the voluntary certification of health IT for use in medical specialties and sites of service where more technological advancement or integration is needed. The second outlines a provision related to the voluntary certification of health IT for use by pediatric health providers to support the health care of children. These provisions align closely with ONC's core purpose to promote interoperability to support care coordination, patient engagement, and health care quality improvement initiatives. Advancing health IT that promotes and supports patient care when and where it is needed continues to be a primary goal of the Program. This means health IT should support patient populations, specialized care, transitions of care, and practice settings across the care continuum.
ONC has explored how we might work with the health IT industry and with specialty organizations to collaboratively develop and promote health IT that supports medical specialties and sites of service. Over time, ONC has taken steps to make the Program modular, more open and accessible to different types of health IT, and able to advance functionality that is generally applicable to a variety of care and practice settings. Specific to the provisions in the Cures Act to support providers of health care for children, we considered a wide range of factors. These include: The evolution of health IT across the care continuum, the costs and benefits associated with health IT, the potential regulatory burden and compliance timelines, and the need to help advance health IT that benefits multiple medical specialties and sites of service involved in the care of children. In consideration of these factors, and to advance implementation of Sections 4001(b) of the Cures Act specific to pediatric care, we held a listening session where stakeholders could share their clinical knowledge and technical expertise in pediatric care and pediatric sites of service. Through the information learned at this listening session and our analysis of the health IT landscape for pediatric settings, we have identified existing 2015 Edition criteria, as well as new and revised 2015 Edition criteria proposed in this rule, that we believe could benefit providers of pediatric care and pediatric settings. In this proposed rule, we seek comment on our analysis and the correlated certification criteria that we believe would support the health care of children.
We also recognize the significance of the opioid epidemic confronting our nation and the importance of helping to support the health IT needs of health care providers committed to preventing inappropriate access to prescription opioids and to providing safe, appropriate treatment. We believe health IT offers promising strategies to help assist medical specialties and sites of services impacted by the opioid epidemic. Therefore, we request public comment on how our existing Program requirements and the proposals in this rulemaking may support use cases related to Opioid Use Disorder (OUD) prevention and treatment and if there are additional areas that ONC should consider for effective implementation of health IT to help address OUD prevention and treatment.
We propose to establish certain Conditions and Maintenance of Certification requirements for health IT developers based on the conditions and maintenance of certification requirements outlined in section 4002 of the Cures Act. We propose an approach whereby the Conditions and Maintenance of Certification express both initial requirements for health IT developers and their certified Health IT Module(s) as well as ongoing requirements that must be met by both health IT developers and their certified Health IT Module(s) under the Program. In this regard, we propose to implement the Cures Act Conditions of Certification with further specificity as it applies to the Program and propose to implement any accompanying Maintenance of Certification requirements as standalone requirements to ensure that not only are the Conditions of Certification met, but that they are continually being met through the Maintenance of Certification requirements. For ease of reference and to distinguish from other conditions, we propose to capitalize “Conditions of Certification” and “Maintenance of Certification” when referring to Conditions and Maintenance
The Cures Act requires that a health IT developer, as a Condition and Maintenance of Certification under the Program, not take any action that constitutes information blocking as defined in section 3022(a) of the Public Health Service Act (PHSA). We propose to establish this information blocking Condition of Certification in § 170.401. The Condition of Certification would prohibit any health IT developer under the Program from taking any action that constitutes information blocking as defined by section 3022(a) of the PHSA and proposed in § 171.103.
Section 3001(c)(5)(D)(ii) of the Cures Act requires that a health IT developer, as a Condition of Certification under the Program, provide assurances to the Secretary that, unless for legitimate purposes specified by the Secretary, the developer will not take any action that constitutes information blocking as defined in section 3022(a) of the PHSA, or any other action that may inhibit the appropriate exchange, access, and use of EHI. We propose to implement this provision through several Conditions of Certification and accompanying Maintenance requirements, which are set forth in proposed § 170.402. We also propose to establish more specific Conditions and Maintenance of Certification requirements to provide assurances that a health IT developer does not take any other action that may inhibit the appropriate exchange, access, and use of EHI. These proposed requirements serve to provide further clarity under the Program as to how health IT developers can provide such broad assurances with more specific actions.
As a Condition and Maintenance of Certification under the Program, the Cures Act requires that health IT developers do not prohibit or restrict communications about certain aspects of the performance of health IT and the developers' related business practices. We propose that developers will be permitted to impose certain kinds of limited prohibitions and restrictions that we believe strike a reasonable balance between the need to promote open communication about health IT and related developer business practices and the need to protect the legitimate interests of health IT developers and other entities. However, certain narrowly-defined types of communications—such as communications required by law, made to a government agency, or made to a defined category of safety organization—would receive “unqualified protection,” meaning that developers would be absolutely prohibited from imposing any prohibitions or restrictions on such protected communications.
We propose that to maintain compliance with this Condition of Certification, a health IT developer must not impose or enforce any contractual requirement or legal right that contravenes this Condition of Certification. Furthermore, we propose that if a health IT developer has contracts/agreements in existence that contravene this condition, the developer must notify all affected customers or other persons or entities that the prohibition or restriction will not be enforced by the health IT developer. Going forward, health IT developers would be required to amend their contracts/agreements to remove or make void the provisions that contravene this Condition of Certification within a reasonable period of time, but not later than two years from the effective date of a subsequent final rule for this proposed rule.
The Cures Act's API Condition of Certification includes several key phrases (including, for example, “without special effort”) and requirements for health IT developers that indicate the Cures Act's focus on the technical requirements as well as the actions and practices of health IT developers in implementing the certified API. In section VII.B.4 of the preamble, we outline our proposals to implement the Cures Act's API Condition of Certification. These proposals include new standards, new implementation specifications, a new certification criterion, as well as detailed Conditions and Maintenance of Certification requirements.
The Cures Act adds a new Condition and Maintenance of Certification requirement that health IT developers successfully test the real world use of the technology for interoperability in the type of setting in which such technology would be marketed. In this proposed rule, we outline what successful “real world testing” means for the purpose of this Condition of Certification, as well as proposed Maintenance requirements—including standards updates for widespread and continued interoperability.
We propose to limit the applicability of this Condition of Certification to health IT developers with Health IT Modules certified to one or more 2015 Edition certification criteria focused on interoperability and data exchange specified in section VII.B.5. We propose Maintenance of Certification requirements that would require health IT developers to submit publicly available annual real world testing plans as well as annual real world testing results for certified health IT products focused on interoperability. We also propose a Maintenance of Certification flexibility we have named the Standards Version Advancement Process, under which health IT developers with health IT certified to the criteria specified for interoperability and data exchange would have the option to update their health IT to a more advanced version(s) of the standard(s) or implementation specification(s) included in the criteria once such versions are approved by the National Coordinator through the Standards Version Advancement Process for use in health IT certified under the Program. Similarly, we propose that health IT developers presenting new health IT for certification to one of the criteria specified in Section VII.B.5 would have the option to certify to a National Coordinator-approved more advanced version of the adopted standards or implementation specifications included in the criteria. We propose that health IT developers voluntarily opting to avail themselves of the Standards Version Advancement Process must address their planned and actual timelines for implementation and rollout of standards updates in their annual real world testing plans and real world testing results submissions. We also propose that health IT developers of products with existing certifications who plan to avail themselves of the Standards Version Advancement Process flexibility notify both their ONC-ACB and their affected customers of their intention and plans to update their certified health IT and its anticipated impact on their existing certified health IT and customers, specifically including but not limited to whether, and if so for how long, the health IT developer intends to continue to support the certificate for the health IT certified to the prior version of the standard.
We propose a new PoPC for ONC-ACBs that would require ONC-ACBs to review and confirm that applicable health IT developers submit real world testing plans and real world results in accordance with our proposals. Once
The Cures Act requires that a health IT developer, as a Condition and Maintenance of Certification under the Program, provide to the Secretary an attestation to all the Conditions of Certification specified in the Cures Act, except for the “EHR reporting criteria submission” Condition of Certification. We propose to implement the Cures Act “attestations” Condition of Certification in § 170.406. Health IT developers would attest twice a year to compliance with the Conditions and Maintenance of Certification requirements (except for the EHR reporting criteria requirement, which would be metrics reporting requirements separately implemented through a future rulemaking). The 6-month attestation period we propose in § 170.406(b)(2) would properly balance the need to support appropriate enforcement with the attestation burden placed on health IT developers. In this regard, the proposed rule includes provisions to make the process as simple and efficient for health IT developers as possible (
We propose that attestations would be submitted to ONC-ACBs on behalf of ONC and the Secretary. We propose a new PoPC in § 170.523(q) that an ONC-ACB must review and submit the health IT developers' attestations to ONC. ONC would then make the attestations publicly available through the CHPL.
The Cures Act specifies that health IT developers be required, as a Condition and Maintenance of Certification under the Program, to submit reporting criteria on certified health IT in accordance with the EHR reporting program established under section 3009A of the PHSA, as added by the Cures Act. We have not yet established an EHR reporting program. Once ONC establishes such program, we will undertake rulemaking to propose and implement the associated Condition and Maintenance of Certification requirement(s) for health IT developers.
Section 4002 of the Cures Act adds Program requirements aimed at addressing health IT developer actions and business practices through the Conditions and Maintenance of Certification requirements, which expands the current focus of the Program requirements beyond the certified health IT itself. Equally important, section 4002 also provides that the Secretary of HHS may encourage compliance with the Conditions and Maintenance of Certification requirements and take action to discourage noncompliance. We, therefore, propose a general enforcement approach to encourage consistent compliance with the requirements. The proposed rule outlines a corrective action process for ONC to review potential or known instances where a Condition or Maintenance of Certification requirement has not been or is not being met by a health IT developer under the Program. We propose, with minor modifications, to utilize the processes previously established for ONC direct review of certified health IT and codified in §§ 170.580 and 170.581 for the enforcement of the Conditions and Maintenance of Certification requirements. Where noncompliance is identified, our first priority would be to work with the health IT developer to remedy the matter through a corrective action process. However, we propose that, under certain circumstances, ONC may ban a health IT developer from the Program or terminate the certification of one or more of its Health IT Modules.
Section 4004 of the Cures Act added section 3022 of the PHSA (42 U.S.C. 300jj-52, “the information blocking provision”), which defines conduct by health care providers, and health IT developers of certified health IT, exchanges, and networks that constitutes information blocking. Section 3022(a)(1) of the PHSA defines information blocking in broad terms, while section 3022(a)(3) authorizes and charges the Secretary to identify reasonable and necessary activities that do not constitute information blocking (section 3022(a)(3) of the PHSA).
We identify several reasonable and necessary activities as exceptions to the information blocking definition, each of which we propose would not constitute information blocking for purposes of section 3022(a)(1) of the PHSA. The exceptions would extend to certain activities that interfere with the access, exchange, or use of EHI but that may be reasonable and necessary if certain conditions are met.
In developing the proposed exceptions, we were guided by three overarching policy considerations. First, the exceptions would be limited to certain activities that clearly advance the aims of the information blocking provision; promoting public confidence in health IT infrastructure by supporting the privacy and security of EHI, and protecting patient safety; and promoting competition and innovation in health IT and its use to provide health care services to consumers. Second, each exception is intended to address a significant risk that regulated individuals and entities (
The seven proposed exceptions are set forth in section VIII.D below. The first three exceptions, set forth in VIII.D.1-D.3 address activities that are reasonable and necessary to promote public confidence in the use of health IT and the exchange of EHI. These exceptions are intended to protect patient safety; promote the privacy of EHI; and promote the security of EHI. The next three exceptions, set forth in VIII.D.4-D.6, address activities that are reasonable and necessary to promote competition and consumer welfare. These exceptions would allow for the recovery of costs reasonably incurred; excuse an actor from responding to requests that are infeasible; and permit the licensing of interoperability elements on reasonable and non- discriminatory terms. The last exception, set forth in VIII.D.7, addresses activities that are reasonable and necessary to promote the performance of health IT. This proposed exception recognizes that actors may make health IT temporarily unavailable for maintenance or improvements that
To qualify for any of these exceptions, we propose that an individual or entity would, for each relevant practice and at all relevant times, have to satisfy all of the applicable conditions of the exception. Additionally, we propose (in section VIII.C of this preamble) to define or interpret terms that are present in section 3022 of the PHSA (such as the types of individuals and entities covered by the information blocking provision). We also propose certain new terms and definitions that are necessary to implement the information blocking provisions. We propose to codify the proposed exceptions and other information blocking proposals in a new part of title 45 of the Code of Federal Regulations, part 171.
Executive Orders 12866 on Regulatory Planning and Review (September 30, 1993) and 13563 on Improving Regulation and Regulatory Review (February 2, 2011) direct agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). A regulatory impact analysis (RIA) must be prepared for major rules with economically significant effects ($100 million or more in any one year). OMB has determined that this proposed rule is an economically significant rule as the potential costs associated with this proposed rule could be greater than $100 million per year. Accordingly, we have prepared an RIA that to the best of our ability presents the costs and benefits of this proposed rule.
We have estimated the potential monetary costs and benefits of this proposed rule for health IT developers, health care providers, patients, ONC-ACBs, ONC-ATLs, and the federal government (
We note that we have rounded all estimates to the nearest dollar and all estimates are expressed in 2016 dollars as it is the most recent data available to address all cost and benefit estimates consistently. We also note that we did not have adequate data to quantify some of the costs and benefits within this RIA. In those situations, we have described the qualitative costs and benefits of our proposals; however, such qualitative costs and benefits have not been accounted for in the monetary cost and benefit totals below.
We estimate that the total annual cost for this proposed rule for the first year after it is finalized (including one-time costs), based on the cost estimates outlined above and throughout this RIA, would, on average, range from $365 million to $919 million with an average annual cost of $642 million. We estimate that the total perpetual cost for this proposed rule (starting in year two), based on the cost estimates outlined above, would, on average, range from $228 million to $452 million with an average annual cost of $340 million.
We estimate the total annual benefit for this proposed rule would range from $3.08 billion to $9.15 billion with an average annual benefit of $6.1 billion.
We estimate the total annual net benefit for this proposed rule for the first year after it is finalized (including one-time costs), based on the cost and benefit estimates outlined above, would range from $2.7 billion to $8.2 billion with an average net benefit of $5.5 billion. We estimate the total perpetual annual net benefit for this proposed rule (starting in year two), based on the cost-benefit estimates outlined above, would range from $2.9 billion to $8.7 billion with an average net benefit of $5.8 billion.
The Health Information Technology for Economic and Clinical Health (HITECH) Act, Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (the Recovery Act) (Pub. L. 111-5), was enacted on February 17, 2009. The HITECH Act amended the Public Health Service Act (PHSA) and created “Title XXX—Health Information Technology and Quality” (Title XXX) to improve health care quality, safety, and efficiency through the promotion of health IT and electronic health information (EHI) exchange.
The Cures Act was enacted on December 13, 2016, to accelerate the discovery, development, and delivery of 21st century cures, and for other purposes. The Cures Act, through Title IV—Delivery, amended the HITECH Act (Title XIII of Division A of Pub. L. 111-5) by modifying or adding certain provisions to the PHSA relating to health IT.
The HITECH Act established two new federal advisory committees, the HIT Policy Committee (HITPC) and the HIT Standards Committee (HITSC). Each was responsible for advising the National Coordinator for Health Information Technology (National Coordinator) on different aspects of standards, implementation specifications, and certification criteria.
Section 3002 of the Cures Act amended the PHSA by replacing the HITPC and HITSC with one committee, the Health Information Technology Advisory Committee (HIT Advisory Committee or HITAC). Section 3002(a) establishes that the HITAC shall advise and recommend to the National Coordinator on different aspects of standards, implementation specifications, and certification criteria, relating to the implementation of a health IT infrastructure, nationally and locally, that advances the electronic access, exchange, and use of health information. Further described in section 3002(b)(1)(A) of the PHSA, this includes providing to the National Coordinator recommendations on a policy framework to advance interoperable health IT infrastructure, updating recommendations to the policy framework, and making new recommendations, as appropriate. Section 3002(b)(2)(A) identifies that in general, the HITAC shall recommend to the National Coordinator for purposes of adoption under section 3004, standards, implementation specifications, and certification criteria and an order of priority for the development, harmonization, and recognition of such standards, specifications, and certification criteria. Like the process previously required of the former HITPC and HITSC, the HITAC will develop a schedule for the assessment of policy recommendations for the Secretary to publish in the
Section 3004 of the PHSA identifies a process for the adoption of health IT standards, implementation specifications, and certification criteria and authorizes the Secretary to adopt such standards, implementation specifications, and certification criteria. As specified in section 3004(a)(1), the Secretary is required, in consultation with representatives of other relevant federal agencies, to jointly review standards, implementation specifications, and certification criteria endorsed by the National Coordinator under section 3001(c) and subsequently
Section 3004(b)(3) of the PHSA titled, Subsequent Standards Activity, provides that the Secretary shall adopt additional standards, implementation specifications, and certification criteria as necessary and consistent with the schedule published by the HITAC. We consider this provision in the broader context of the HITECH Act and Cures Act to grant the Secretary the authority and discretion to adopt standards, implementation specifications, and certification criteria that have been recommended by the HITAC and endorsed by the National Coordinator, as well as other appropriate and necessary health IT standards, implementation specifications, and certification criteria.
Under the HITECH Act, section 3001(c)(5) of the PHSA provides the National Coordinator with the authority to establish a certification program or programs for the voluntary certification of health IT. Specifically, section 3001(c)(5)(A) specifies that the National Coordinator, in consultation with the Director of the National Institute of Standards and Technology (NIST), shall keep or recognize a program or programs for the voluntary certification of health IT that is in compliance with applicable certification criteria adopted under this subtitle (
Section 3001(c)(5) of the PHSA was amended by the Cures Act, which instructs the National Coordinator to encourage, keep, or recognize, through existing authorities, the voluntary certification of health IT under the Program for use in medical specialties and sites of service for which no such technology is available or where more technological advancement or integration is needed. Section 3001(c)(5)(C)(iii) identifies that the Secretary, in consultation with relevant stakeholders, shall make recommendations for the voluntary certification of health IT for use by pediatric health providers to support the care of children, as well as adopt certification criteria under section 3004 to support the voluntary certification of health IT for use by pediatric health providers. The Cures Act further amended section 3001(c)(5) of the PHSA by adding section 3001(c)(5)(D), which provides the Secretary with the authority, through notice and comment rulemaking, to require conditions and maintenance of certification requirements for the Program.
The Secretary issued an interim final rule with request for comments (75 FR 2014, Jan. 13, 2010), which adopted an initial set of standards, implementation specifications, and certification criteria. On March 10, 2010, ONC published a proposed rule (75 FR 11328) that proposed both a temporary and permanent certification program for the purposes of testing and certifying health IT. A final rule establishing the temporary certification program was published on June 24, 2010 (75 FR 36158) and a final rule establishing the permanent certification program was published on January 7, 2011 (76 FR 1262). ONC issued multiple rulemakings since these initial rulemaking to update standards, implementation specifications, and certification criteria and the certification program, a history of which can be found in the final rule titled, “2015 Edition Health Information (Health IT) Certification Criteria, 2015 Edition Base Electronic Health Record (EHR) Definition, and ONC Health IT Certification Program Modifications” (Oct. 16, 2015, 80 FR 62602) (“2015 Edition final rule”). A correction notice was published for the 2015 Edition final rule on December 11, 2015 (80 FR 76868) to correct preamble and regulatory text errors and clarify requirements of the Common Clinical Data Set (CCDS), the 2015 Edition privacy and security certification framework, and the mandatory disclosures for health IT developers.
The 2015 Edition final rule established a new edition of certification criteria (“2015 Edition health IT certification criteria” or “2015 Edition”) and a new 2015 Edition Base EHR definition. The 2015 Edition established the capabilities and specified the related standards and implementation specifications that CEHRT would need to include to, at a minimum, support the achievement of “meaningful use” by eligible clinicians, eligible hospitals, and critical access hospitals under the Medicare and Medicaid EHR Incentive Programs (EHR Incentive Programs) (now referred to as the Promoting Interoperability Programs)
After issuing a proposed rule on March 2, 2016 (81 FR 11056), ONC published a final rule titled, “ONC Health IT Certification Program: Enhanced Oversight and Accountability” (81 FR 72404) (“EOA final rule”) on October 19, 2016. The final rule finalized modifications and new requirements under the Program, including provisions related to ONC's role in the Program. The final rule created a regulatory framework for ONC's direct review of health IT certified under the Program, including, when necessary, requiring the correction of non-conformities found in health IT certified under the Program and suspending and terminating certifications issued to Complete EHRs and Health IT Modules. The final rule also sets forth processes for ONC to authorize and oversee accredited testing laboratories under the Program. In addition, it includes provisions for expanded public availability of certified health IT surveillance results.
Since the inception of the ONC Health IT Certification Program (Program), we have aimed to implement and administer the Program in the least burdensome manner that supports our policy goals. Throughout the years, we
For example, in the 2014 Edition final rule (77 FR 54164), we revised the certified electronic health record technology (CEHRT) definition to provide flexibility and create regulatory efficiencies by narrowing required functionality to a core set of capabilities (
ONC introduced further means to reduce regulatory burden, increase regulatory flexibility, and promote innovation in the 2014 Edition Release 2 final rule (79 FR 54430). The 2014 Edition Release 2 final rule established a set of optional 2014 Edition certification criteria that provided flexibility and alternative certification pathways for health IT developers and providers based on their specific circumstances. The 2014 Edition Release 2 final rule also simplified the Program by discontinuing the use of the “Complete EHR” certification concept beginning with the 2015 Edition (79 FR 54443).
In the 2015 Edition final rule, we did not “carry forward” certain 2014 Edition certification criteria into the 2015 Edition, such as the “image results,” “patient list creation,” and “electronic medication administration record” criteria. We determined that these criteria did not advance functionality or support interoperability (80 FR 62682-84). We also did not require all health IT to be certified to the “meaningful use measurement” certification criteria for “automated numerator recording” and “automated measure calculation” (80 FR 62605), which had been previously required for the 2014 Edition. Based on stakeholder feedback and Program administration observations, we also permitted testing efficiencies for the 2015 Edition “automated numerator recording” and “automated measure calculation” criteria by removing the live demonstration requirement of recording data and generating reports. Health IT developers may now self-test their Health IT Modules(s) and submit the resulting reports to the ONC- Authorized Testing Laboratory (ONC-ATL) to verify compliance with the criterion.
On January 30, 2017, the President issued Executive Order 13771 on Reducing Regulation and Controlling Regulatory Costs, which requires agencies to identify deregulatory actions. This order was followed by Executive Order 13777, titled “Enforcing the Regulatory Reform Agenda” (February 24, 2017). Executive Order 13777 provides further direction on implementing regulatory reform by identifying a process by which agencies must review and evaluate existing regulations and make recommendations for repeal or simplification.
In order to implement these regulatory reform initiatives and policies, over the past year ONC reviewed and evaluated existing regulations. During our review, we sought to identify ways to further reduce administrative burden, to implement deregulatory actions through guidance, and to propose potential new deregulatory actions in this proposed rule that will reduce burden for health IT developer, providers, and other stakeholders.
On August 21, 2017, ONC issued
On September 21, 2017, ONC reduced the overall burden for testing health IT to the 2015 Edition.
We propose six deregulatory actions below. We welcome comments on these potential deregulatory actions and any other potential deregulatory actions we should consider. We also refer readers to section XIV (Regulatory Impact Analysis) of this proposed rule for a discussion of the estimated cost savings from these proposed deregulatory actions.
ONC-ACBs are required to conduct surveillance of certified health IT under the Program to ensure that health IT continues to conform and function as required by the full scope of the certification requirements. Surveillance is categorized as either reactive surveillance (for example, complaint-based surveillance) or randomized surveillance, which, by regulation, requires ONC-ACBs to proactively surveil 2% of the certificates they issue annually. On September 21, 2017, we exercised enforcement discretion with respect to the implementation of randomized surveillance by ONC-ACBs.
We propose to revise § 170.556(c) by changing the requirement that ONC-ACBs
Stakeholders have expressed concern that the benefits of in-the-field, randomized surveillance may not outweigh the time commitment required by providers, particularly if no non-conformities are found. In general, providers have expressed that reactive surveillance (
We propose to remove the 2014 Edition from the Code of Federal Regulations (CFR). The 2014 Edition was the result of rulemaking completed in 2012 and includes standards and functionality that are now significantly outmoded. Removal of the 2014 Edition would make the 2015 Edition the baseline for health IT certification. The 2015 Edition, including the additional certification criteria, standards, and requirements proposed in this proposed rule, better enables interoperability and the access, exchange, and use of electronic health information. Adoption and implementation of the 2015 Edition, including the proposals in this proposed rule, would also lead to the benefits outlined in the 2015 Edition final rule (80 FR 62602-62603, 62605-62606, 62740) and in this proposed rule (
Removal of the 2014 Edition would eliminate inconsistencies and costs caused by health IT certification and implementation of two different editions with different functionalities and versions of standards. Patient care could improve through the reduced risk of error that comes with the health care system's consistent implementation and use of health IT certified to the 2015 Edition. Innovation could also improve with health IT developers (including third-party software developers) developing to only one set of newer standards and implementation specifications, which would be more predictable and less costly.
Removal of the 2014 Edition would also reduce regulatory burden by no longer requiring the maintenance and support of the 2014 Edition. Maintaining compliance with only the 2015 Edition would reduce the cost and burden for health IT developers, ONC-ACBs, and ONC-ATLs because they would no longer have to support two increasingly distinct sets of requirements as is the case now with certification to both the 2014 and 2015 Editions. More specifically, health IT developers would not have to support two maintenance infrastructures and updating for their customers; nor would ONC-ATLs and ONC-ACBs have to support testing, certification, and surveillance for two separate editions of certified health IT.
As referenced by the HHS Office of Inspector General (OIG) and Centers for Medicare & Medicaid Services (CMS) in their rulemakings regarding donations of EHR items and services, we committed to retiring certification criteria editions that are no longer applicable.
To implement the removal of the 2014 Edition from the CFR, we propose to remove the 2014 Edition certification
We propose to remove the standards and implementation specifications found in §§ 170.200, 170.202, 170.204, 170.205, 170.207, 170.210, and 170.299 that are only referenced in the 2014 Edition certification criteria. Adopted standards that are also referenced in the 2015 Edition would remain. We propose to remove requirements in § 170.550(f) and any other requirements in subpart E, §§ 170.500 through 170.599, which are specific to the 2014 Edition and do not apply to the 2015 Edition.
In order to avoid regulatory conflicts, we are taking into consideration the final rule released by CMS on November 2, 2017, which makes payment and policy changes to the second year of the Quality Payment Program (QPP). The CMS's final rule, titled “Medicare Program; CY 2018 Updates to the Quality Payment Program: Extreme and Uncontrollable Circumstance Policy for the Transition Year” (82 FR 53568), permits eligible clinicians to use health IT certified to either the 2014 or 2015 Edition certification criteria, or a combination of the two for the CY 2018 performance period. The QPP final rule also states that the 2015 Edition will be the sole edition permitted to meet the CEHRT definition starting with the CY 2019 program year.
Therefore, we propose that the effective date of removal of the 2014 Edition certification criteria and related standards, terms, and requirements from the CFR would be the effective date of a subsequent final rule for this proposed rule, which we expect will be issued in the latter half of 2019. We note that we will continue to support Medicare and Medicaid program attestations by maintaining an archive on the CHPL allowing the public to access historic information on a product certified to the 2014 Edition.
We propose to remove the ONC-Approved Accreditor (ONC-AA) from the Program. The ONC-AA's role is to accredit certification bodies for the Program and to oversee the ONC-ACBs. However, years of experience and changes with the Program have led ONC to conclude that, in many respects, the role of the ONC-AA to oversee ONC-ACBs is now duplicative of ONC's oversight. More specifically, ONC's experience with administering the Principles of Proper Conduct for ONC-ACBs as well as issuing necessary regulatory changes (
To implement this proposed deregulatory action, we propose to remove the definition for “ONC-Approved Accreditor or ONC-AA” found in § 170.502. We also propose to remove processes related to ONC-AAs found in §§ 170.501(c), 170.503, and 170.504 regarding requests for ONC-AA status, ONC-AA ongoing responsibilities, and reconsideration for requests for ONC-AA status. Regarding correspondence and communication with ONC, we propose to remove specific references to the “ONC-AA” and “accreditation organizations requesting ONC-AA status” by revising § 170.505. We also propose to remove the final rule titled “Permanent Certification Program for Health Information Technology; Revisions to ONC-Approved Accreditor Processes” (76 FR 72636) which established a process for addressing instances where the ONC-AA engages in improper conduct or does not perform its responsibilities under the Program. Because this prior final rule relates solely to the role and removal of the ONC-AA, we propose its removal and § 170.575, which codified the final rule in the CFR.
These proposed deregulatory actions would also provide an additional benefit for ONC-ACBs. ONC-ACBs would be able to obtain and maintain accreditation to ISO/IEC 17065, with an appropriate scope, from any accreditation body that is a signatory to the Multilateral Recognition Arrangement (MLA) with the International Accreditation Forum (IAF). Accordingly, we propose to revise the application process for ONC-ACB status in § 170.520(a)(3) to require documentation that confirms that the applicant has been accredited to ISO/IEC 17065, with an appropriate scope, by any accreditation body that is a signatory to the Multilateral Recognition Arrangement (MLA) with the International Accreditation Forum (IAF), in place of the ONC-AA accreditation documentation requirements. Similarly, instead of requiring the ONC-AA to evaluate the conformance of ONC-ACBs to ISO/IEC 17065, we propose to revise § 170.523(a) to simply require ONC-ACBs to maintain accreditation in good standing to ISO/IEC 17065 for the Program. This means that ONC-ACBs would need to continue to comply with ISO/IEC 17065 and requirements specific to the ONC Health IT Certification Program scheme.
We have reviewed and analyzed the 2015 Edition to determine whether there are certification criteria we could remove. We have identified both criteria and standards for removal as proposed below. We believe the removal of these criteria and standards will reduce burden and costs for health IT developers and health care providers by eliminating the need to: Design and meet specific certification functionalities; prepare, test, and certify health IT in certain instances; adhere to associated reporting and disclosure requirements; maintain and update certifications for certified functionalities; and participate in surveillance of certified health IT. To these points, if our proposals are finalized in a subsequent final rule, we would expect any already issued 2015 Edition certificates to be updated to reflect the removal of applicable 2015 Edition certification criteria. We welcome comment on the proposed removal of the identified criteria and standards below and any other 2015 Edition criteria and standards we should consider for removal.
We propose the removal of certain certification criteria from the 2015 Edition that are included in the 2015 Edition Base EHR definition. The removal of these criteria would support burden and cost reductions for health IT developers and health care providers as noted above.
We propose to remove the 2015 Edition “problem list” certification criterion (§ 170.315(a)(6)). The functionality in this criterion was first adopted as a 2011 Edition certification criterion to support the associated meaningful use Stage 1 objective and measure for recording problem list information. In this regard, SNOMED CT® was adopted specifically to support the measure. This 2015 Edition “problem list” criterion remains relatively functionally the same as the 2011 Edition and has exactly the same functionally as the 2014 Edition “problem list” criterion.
We propose to remove this criterion for multiple reasons. First, this criterion no longer supports the “recording” objective and measure of the CMS Promoting Interoperability Programs as such objective and measure no longer exist. Second, the functionality is sufficiently widespread among health care providers since it has been part of certification and the Certified EHR Technology definition since the 2011 Edition and has not substantively changed with the 2015 Edition. Third, we do not believe this functionality would be removed from health IT systems because of our proposal to remove it from the 2015 Edition Base EHR definition. This functionality is essential to clinical care and would be in EHR systems absent certification, particularly considering the limited certification requirements. Fourth, this functionality does not directly support interoperability as the capabilities are focused on internally recording EHI. In this regard, representing problems with SNOMED CT® is part of the USCDI and, thus, better supports interoperability through its availability for access and exchange. Accordingly, we propose to remove the “problem list” criterion from the 2015 Edition, including the 2015 Edition Base EHR definition. We note that once removed from the 2015 Edition, the criterion would also no longer be included in the 2015 Edition “safety-enhanced design” criterion.
We propose to remove the 2015 Edition “medication list” certification criterion (§ 170.315(a)(7)). The functionality in this criterion was first adopted as a 2011 Edition certification criterion to support the associated meaningful use Stage 1 objective and measure for recording medication list information. The criterion does not require use of a vocabulary standard to record medications. This 2015 Edition “medication list” criterion remains functionally the same as the 2011 Edition and 2014 Edition “medication list” criteria.
We propose to remove this criterion for multiple reasons. First, this criterion no longer supports a “recording” objective and measure of the CMS Promoting Interoperability Programs as such objective and measure no longer exist. Second, the functionality is sufficiently widespread among health care providers since it has been part of certification and the Certified EHR Technology definition since the 2011 Edition and has not substantively changed with the 2015 Edition. Third, we do not believe this functionality would be removed from EHR systems because of our proposal to remove it from the 2015 Edition Base EHR definition. This functionality is essential to clinical care and would be in EHR systems absent certification, particularly considering the limited certification requirements. Fourth, this functionality does not directly support interoperability as the capabilities are focused on internally recording EHI. In this regard, this criterion does not even require representation of medications in standardized nomenclature. Fifth, medications are included in the USCDI and must be represented in RxNorm as part of the USCDI. This approach better supports interoperability through medication information being availability for access and exchange in a structured format. Accordingly, we propose to remove the “medications list” criterion from the 2015 Edition, including the 2015 Edition Base EHR definition. We note that once removed from the 2015 Edition, the criterion would also no longer be included in the 2015 Edition “safety-enhanced design” criterion.
We propose to remove the 2015 Edition “medication allergy list” certification criterion (§ 170.315(a)(8)). The functionality in this criterion was first adopted as a 2011 Edition certification criterion to support the associated meaningful use Stage 1 objective and measure for recording this information. The criterion does not require use of a vocabulary standard to record medication allergies. This 2015 Edition “medication allergy list” criterion remains functionally the same as the 2011 Edition and 2014 Edition “medication allergy list” criteria.
We propose to remove this criterion for multiple reasons. First, this criterion no longer supports a “recording” objective and measure of the CMS Promoting Interoperability Programs as such objective and measure no longer exist. Second, the functionality is sufficiently widespread among health care providers since it has been part of certification and the Certified EHR Technology definition since the 2011 Edition and has not substantively changed with the 2015 Edition. Third, we do not believe this functionality would be removed from EHR systems because of our proposal to remove it from the 2015 Edition Base EHR definition. This functionality is essential to clinical care and would be in EHR systems absent certification, particularly considering the limited certification requirements. Fourth, this functionality does not directly support interoperability as the capabilities are focused on internally recording EHI. In this regard, this criterion does not even require representation of medication allergies in standardized nomenclature. Fifth, medication allergies are included in the USCDI and must be represented in RxNorm as part of the USCDI. This approach better supports interoperability through medication allergy information being availability for access and exchange in a structured format. Accordingly, we propose to remove the “medication allergy list” criterion from the 2015 Edition, including the 2015 Edition Base EHR definition. We note that once removed from the 2015 Edition, the criterion would also no longer be included in the 2015 Edition “safety- enhanced design” criterion.
We propose to remove the 2015 Edition “smoking status” criterion (§ 170.315(a)(11)), which would include removing it from the 2015 Edition Base EHR definition. We previously adopted a 2015 Edition “smoking status” certification criterion that does not reference a standard. However, the CCDS definition requires smoking status to be coded in accordance with SNOMED CT®. While we continue to believe that the capture of a patient's smoking status has significant value in assisting providers with addressing the number one cause of preventable death
As mentioned above, we believe having smoking status available for USCDI purposes is fundamentally important for supporting interoperability. We propose, however, to remove the requirement to code smoking status according to the adopted eight smoking status SNOMED CT® codes as referenced in the value set in § 170.207(h). These eight codes reflect an attempt to capture smoking status in a consistent manner. Stakeholder feedback has, however, indicated that these eight codes do not appropriately and accurately capture all applicable patients' smoking statuses. Accordingly, we propose to no longer require use of only the specific eight SNOMED CT® codes for representing smoking status (and remove the standard from § 170.207). Rather, to continue to promote interoperability while also granting providers with flexibility to better support clinical care, we propose that health IT would simply be required to be capable of representing smoking status in SNOMED CT® when such information is exchanged as part of the USCDI.
We propose to remove the 2015 Edition “drug formulary and preferred drug list checks” criterion in § 170.315(a)(10). We adopted a 2015 Edition “drug-formulary and preferred drug list checks” criterion that separates drug formulary and preferred drug list functionality, but does
We propose to remove the 2015 Edition “patient-specific education resources” certification criterion (§ 170.315(a)(13)). ONC continues to support patient and provider interaction, and the identification and dissemination of patient-specific educational materials to promote positive health outcomes. However, we no longer believe that certification focused on a health IT's ability to identifying the existence of patient-specific education materials encourages the advancement of this functionality or interoperability. First, this criterion would no longer be associated with an objective or measure under the Promoting Interoperability Programs based on proposals and determinations in recent CMS rulemakings (83 FR 35928; 83 FR 41664). Second, based on the number of health IT products that have been certified for this functionality as part of 2014 Edition certification and already for 2015 Edition certification, we believe that health IT's ability to identify appropriate patient education materials is widespread now among health IT developers and their customers (
We assessed the number of products certified to the 2015 Edition “Common Clinical Data Set summary record—create” (§ 170.315(b)(4)) and “Common Clinical Data Set summary record—receive” (§ 170.315(b)(5)) criteria that have not also been certified to the 2015 Edition “transitions of care” criterion (§ 170.315(b)(1)). We did this because the 2015 Edition “CCDS summary record” criteria include the same functionality as the 2015 Edition “transitions of care” criterion, except for Direct-related transport functionality. Based on our findings of only two unique products certified to these criteria at the time of the drafting of this proposed rule, there appears to be little market demand for certification to them. This outcome is likely attributable to the fact mentioned above regarding their relationship to the 2015 Edition “transition of care” criterion, that they are not included in the 2015 Edition Base EHR definition, and that no HHS program specifically requires the use of health IT certified to the criteria. Therefore, we propose to remove these certification criteria from the 2015 Edition.
We propose to remove the 2015 Edition “secure messaging” criterion (§ 170.315(e)(2)). ONC strongly supports patient and provider communication, as well as protecting the privacy and security of patient information. However, we no longer believe that separate certification focused on a health IT's ability to send and receive secure messages between health care providers and patients is necessary. First, this criterion would no longer be associated with an objective or measure under the Promoting Interoperability Programs based on proposals and determinations in recent CMS rulemakings (83 FR 41664; 83 FR 35929). Second, there are multiple other 2015 Edition certification criteria that support patient engagement, such as the 2015 Edition “view, download, and transmit to 3rd party,” “API,” and “patient health information capture” certification criteria. Third, we have seen developers integrate this functionality as part of other patient engagement features, such as patient portals. With these considerations in mind and the lack of a negative impact on health IT interoperability, we believe that the removal of this criterion will help reduce burden and costs, while also spurring further innovations in patient engagement.
We propose to remove certain mandatory disclosure requirements and a related attestation requirement under the Program. We believe removal of these requirements will reduce costs and burden for Program stakeholders, particularly health IT developers and ONC-ACBs. We welcome comment on the proposed removal of these requirements and any other certification or Program requirements we should consider for removal.
We propose to remove § 170.523(k)(1)(iii)(B), which requires ONC-ACBs to ensure that certified
These disclosure requirements regarding certified health IT limitations are superseded by the Cures Act information blocking provision and Conditions of Certification, which we are implementing with this proposed rule. In particular, section 3001(c)(5)(D)(ii) of the Cures Act requires that a health IT developer, as a Condition of Certification under the Program, provide assurances to the Secretary that, unless for legitimate purposes specified by the Secretary, the developer will not take any action that constitutes information blocking as defined in section 3022(a) of the PHSA, or any other action that may inhibit the appropriate exchange, access, and use of electronic health information. These assurances specifically focus on preventing information blocking and promoting appropriate exchange, access, and use of electronic health information. We further propose adding as a complementary Condition of Certification that developers would be prohibited from taking any action that could interfere with a user's ability to access or use certified capabilities for any purpose within the scope of the technology's certification. Such actions may inhibit the appropriate access, exchange, or use of electronic health information and are therefore contrary to this proposed Condition of Certification and the statutory provision that it implements. Based on these Conditions of Certification, we believe that disclosures of limitations by health IT developers would be unlikely and unnecessary given their prohibition.
We propose to remove the Principle of Proper Conduct (PoPC) in § 170.523(k)(2), which requires a health IT developer to submit an attestation that it will disclose all of the information in its mandatory disclosures per § 170.523(k)(1) to specified parties (
Section 618 of the Food and Drug Administration Safety and Innovation Act (FDASIA), Public Law 112-144, required that the Food and Drug Administration (FDA), in consultation with ONC and the Federal Communications Commission (FCC) (collectively referred to as “the Agencies”
ONC believes that health IT developers that hold precertification under the FDA Digital Health Software Precertification Program (FDA Software Precertification Program) when they present health IT for certification under the Program could qualify for, and benefit from, further efficiencies under the Program. Title IV of the Cures Act provides ONC with authority under the Program to oversee health IT developers through Conditions and Maintenance of Certification requirements (
Our proposed “recognition” would align with both Executive Orders 13563 and 13771 regarding deregulatory, less burdensome, and more effective initiatives. It would also serve as a regulatory relief for those health IT developers qualifying as small businesses under the Regulatory Flexibility Act (
Recognition of the FDA Software Pre-Certification Program for purposes of our Program, as noted above, may eventually be determined to be infeasible or insufficient to meet our goals of reducing burden and promoting innovation. With this in mind, we request comment on whether ONC should establish new regulatory processes tailored towards recognizing the unique characteristics of health IT (
This rule proposes to update the 2015 Edition by revising and adding certification criteria that would establish the capabilities and related standards and implementation specifications for the certification of health IT. The updates to the 2015 Edition would enhance interoperability and improve the accessibility of patient records consistent with section 4006(a) of the Cures Act.
The National Technology Transfer and Advancement Act (NTTAA) of 1995 (15 U.S.C. 3701
• The standard we propose to adopt in § 170.213. We propose to remove the Common Clinical Data Set (CCDS) definition and effectively replace it with a government
• The standard we propose to adopt in § 170.215(a)(2). We propose the government unique API Resource Collection in Health (ARCH) Version 1 implementation specification;
• The standards we propose to adopt in § 170.215(a)(3) through (5) for application programming interfaces (APIs). These market driven consortia standards have been developed through a streamlined process that does not meet the full definition of voluntary consensus standards development but still includes representation from those interested in the use cases supported by the standards (
• The standards we propose to adopt in § 170.205(h)(3) and (k)(3). We propose to replace the current HL7 QRDA standards with government unique standards that more effectively support the associated certification criterion's use case, which is reporting eCQM data to CMS.
In accordance with Office of the Federal Register regulations related to “incorporation by reference,” 1 CFR part 51, which we follow when we adopt proposed standards and/or implementation specifications in any subsequent final rule, the entire standard or implementation specification document is deemed published in the
The Office of the Federal Register has established requirements for materials (
In order to capture and share patient data efficiently, health care providers need health IT that store data in structured formats. Structured data allows health care providers to easily retrieve and transfer patient information, and use health IT in ways that can aid patient care. We propose to adopt revised and new 2015 Edition certification criteria, including new standards, to support these objectives. Some of these criteria and standards are included in the Certified EHR Technology (CEHRT) definition used for participation in HHS Programs, such as the Promoting Interoperability Programs (formerly the EHR Incentive Programs), some are required to be met for participation in the ONC Health IT Certification Program, and some, though beneficial, are unassociated with the CEHRT definition and not required for participating in any HHS program, including the ONC Health IT Certification Program.
The initial focus of the Program was to support the Medicare and Medicaid EHR Incentive Programs (76 FR 1294) now referred to as the Promoting Interoperability Programs (and referenced as such hereafter). As such, the 2014 Edition certification criteria mirrored those functions specified by Promoting Interoperability Programs' objectives and measures. In order to improve efficiency and streamline the common data within our Program's certification criteria, we created a single definition for all the required data which could be referenced for all applicable certification criteria. We created the term “Common MU Data Set” to encompass the common set of MU data types/elements (and associated vocabulary standards) for which certification would be required across several certification criteria (77 FR 54170).
The 2015 Edition final rule modified the Program to make it open and accessible to more types of health IT, and health IT that supports various care and practice settings beyond those included in the Promoting Interoperability Programs (80 FR 62604). In comparison to the previous editions, the 2015 Edition focused on identifying health IT components necessary to establish an interoperable nationwide health information infrastructure, fostering innovation and open new market opportunities, and allowing for more health care provider and patient choices in electronic health information access and exchange. In order to align with this approach, we revised the concept of the “Common MU Data Set” definition and changed the name to the “Common Clinical Data Set” (CCDS) definition. The CCDS definition was further revised in the 2015 Edition rulemaking to account for new and updated vocabulary and content standards in order to improve and advance interoperability and health information exchange (80 FR 62604). It further expanded accessibility and availability of data exchanged by updating the definition of Base Electronic Health Record (EHR) (2015 Edition Base EHR definition) to include enhanced data export, transitions of care, and application programming interface (API) capabilities, all of which required that at a minimum the CCDS be available (80 FR 62602-62604).
The regulatory approach to use and reference a “definition” to identify electronic health information, including with associated vocabulary codes, for access, exchange and use has had its drawbacks. While the CCDS definition served its designed purpose, to cut down on repetitive text in each of the certification criteria in which it is referenced, it also began to be colloquially used for many different purposes. As the CCDS definition's relevance grew outside of its regulatory context it became a symbolic and practical limit to the industry's collective interests to go beyond the CCDS data for access, exchange, and use. As we move towards value-based care and the inclusion of data classes that go beyond clinical data, and as part of ONC's continued efforts to evaluate the availability of a minimum baseline of data classes that must be commonly available for interoperable exchange, we acknowledge the need to change and improve our regulatory approach to the CCDS. Therefore, in order to advance interoperability by ensuring compliance with new data and vocabulary codes
We propose to adopt the USCDI as a standard as such term is defined in § 170.102. In § 170.102, a “standard” is defined as a “technical, functional, or performance-based rule, condition, requirement, or specification that stipulates instructions, fields, codes, data, materials, characteristics, or actions.” The USCDI standard would comprise data classes, which may be further delineated into groupings of specific data element(s). For example, “patient demographics” is a data class and within that data class there is “patient name,” which is a data element. As noted in section IV.B.1.b, for the overall structure and organization of the USCDI, please consult
ONC intends to establish and follow a predictable, transparent, and collaborative process to expand the USCDI, including providing stakeholders with the opportunity to comment on the USCDI's expansion. Once the Secretary adopts the first version of the USCDI through rulemaking, which we propose in this rulemaking, health IT developers would be allowed to take advantage of the “Standards Version Advancement Process” flexibility. The Standards Version Advancement Process, proposed in Section VII.B.5 (below), would permit health IT developers to voluntarily implement and use a new version of an adopted standard (
We propose to adopt the USCDI Version 1 (USCDI v1) in § 170.213.
• “Transitions of care” (§ 170.315(b)(1));
• “view, download, and transmit to 3rd party” (§ 170.315(e)(1));
• “consolidated CDA creation performance” (§ 170.315(g)(6));
• “transmission to public health agencies—electronic case reporting” (§ 170.315(f)(5)); and
• “application access—all data request” (§ 170.315(g)(9)).
We note that we did not include the “data export” criterion (§ 170.315(b)(6)) as we are proposing to remove it and adopt instead the “EHI export” criterion (§ 170.315(b)(10)). For similar reasons, we did not include the “application access—data category request” criterion (§ 170.315(g)(8)) because we are proposing to replace it with the API certification criterion (§ 170.315(g)(10)), which derives its data requirements from the USCDI.
We propose, as a Maintenance of Certification requirement for the real world testing Condition of Certification, that health IT developers with health IT certified to the five above-identified certification criteria prior to the effective date of a subsequent final rule would have to update such certified health IT to the proposed revisions. We further propose, as a Maintenance of Certification requirement for the real world testing Condition of Certification, that health IT developers must provide the updated certified health IT to all their customers with health IT previously certified to the identified criteria no later than 24 months after the effective date of a final rule for this proposed rule. For the purposes of meeting this compliance timeline, we expect health IT developers to update their certified health IT without new mandatory testing and notify their ONC-ACB on the date at which they have reached compliance. Developers would also need to factor these updates into their next real world testing plan as discussed in section VII.B.5 of this proposed rule. Further, we refer health IT developer to the next section, which describes how the USCDI differs from the current CCDS.
The USCDI Version 1 (USCDI v1) and its constituent data elements account for the public comments we received on the Draft USCDI and Proposed Expansion Process
We propose that the USCDI Version 1 (USCDI v1) include the newest versions of the “minimum standard” code sets included in the CCDS available at publication of a subsequent final rule. We request comment on this proposal and on whether this could result in any interoperability concerns. To note, criteria such as the 2015 Edition “family health history” criterion (§ 170.315(a)(12)), the 2015 Edition “transmission to immunization registries” criterion (§ 170.315(f)(1)), and the 2015 Edition “transmission to public health agencies—syndromic surveillance” criterion (§ 170.315(f)(2)) reference “minimum standard” code sets; however, we are considering changing the certification baseline versions of the code set for these criteria from the versions adopted in the 2015 Edition final rule to ensure complete interoperability alignment. We welcome comment on whether we should adopt such an approach.
We also note, for purposes of clarity, that consistent with § 170.555, unless the Secretary prohibits the use of a newer version of an identified minimum standard code set for certification, health IT could continue to be certified or upgraded to a newer version of an identified minimum standard code set than that included in USCDI v1 or the most recent USCDI version that the National Coordinator has approved for use in the Program via the Standards Version Advancement Process.
The USCDI v1 includes new data elements for “address” and “phone number.” The inclusion of “address” (to represent the postal location for the
The USCDI v1 includes the pediatric vital sign data elements, which are specified as optional health information in the 2015 Edition CCDS definition. Pediatric vital signs include: Head occipital-frontal circumference for children less than 3 years of age, BMI percentile per age and sex for youth 2-20 years of age, weight for age per length and sex for children less than 3 years of age, and the reference range/scale or growth curve, as appropriate. As explained in section VI.A.2 of this proposed rule, the inclusion of pediatric vital sign data elements in the draft USCDI v1 would align with the provisions of the Cures Act related to health IT to support the health care of children. Stakeholders emphasized the value of pediatric vital sign data elements to better support the safety and quality of care delivered to children. We also note that, as discussed in the 2015 Edition proposed rule, the Centers for Disease Control and Prevention (CDC) recommends the use of these pediatric vital signs for settings of care in which pediatric and adolescent patients are seen (80 FR 16818-16819) as part of best practices. The availability of a reference range/scale or growth curve would help with proper interpretation of the measurements for the BMI percentile per age and sex and weight for age per length and sex. Further, the inclusion of this health information in the USCDI v1 is the appropriate next step after first specifying them as optional in the CCDS definition as part of the 2015 Edition rulemaking and as a means of supporting patient access to their EHI in a longitudinal format through certified health IT (
The USCDI v1 includes a new data class, titled “clinical notes.” “Clinical notes” is included in the USCDI v1 based on significant feedback from the industry since the 2015 Edition final rule. We also received feedback during the Trusted Exchange Framework and Common Agreement (TEFCA) stakeholder sessions and public comment period. It has been identified by stakeholders as highly desirable data for interoperable exchange. The free text portion of the clinical notes was most often relayed by clinicians as the data they sought, but were often missing during electronic health information exchange. Clinical notes can be composed of text generated from structured (pick-list and/or check the box) fields as well as unstructured (free text) data. A clinical note may include the assessment, diagnosis, plan of care and evaluation of plan, patient teaching, and other relevant data points.
We recognize that a number of different clinical notes could be useful for stakeholders. It is our understanding that work is being done in the community to focus on a subset of clinical notes. We considered three options for identifying the different “note types” to adopt in USCDI v1. The first option we considered would allow for the community to offer any and all recommended notes. The second option we considered would set a minimum standard of eight note types. This option was derived from the eight note types identified by the Argonaut Project participants.
The USCDI v1 also includes a new data class, titled “provenance.” “Provenance” has been identified by stakeholders
The inclusion of “provenance” as a data class in the USCDI v1 would also complement the Cures Act requirement to support the exchange of data through the use of APIs. This approach differs from the exchange of data via the C-CDA. While C-CDAs are often critiqued due to their relative “length,” the C-CDA represents the output of a clinical encounter and includes relevant context. The same will not always be true in an API context. APIs facilitate the granular exchange of data and, as noted in the 2015 Edition final rule, offer the potential to aggregate data from multiple sources in a web or mobile application (80 FR 62675). The inclusion of provenance would help retain the relevant context so the recipient can better understand the origin of the data. As noted in section VII.B.4, we are also proposing to include provenance in our proposed “API Resource Collection in Health” (ARCH) Version 1 implementation specification in § 170.215(a)(2), which would list a set of base Fast Healthcare Interoperability Resources (FHIR®) resources that Health IT Modules certified to the proposed API criterion (§ 170.315(g)(10)) would need to support.
We propose to further delineate the provenance data class into three data elements: “the author,” which represents the person(s) who is responsible for the information; “the author's time stamp,” which indicates the time the information was recorded; and “the author's organization,” which would be the organization the author is associated with at the time they interacted with the data. We have identified these three data elements as fundamental for data recipients to have
We are aware of a recently published implementation guide (IG) within HL7 that provides further guidance on the unique device identifier (UDI) requirements. The IG, Health Level 7 (HL7®) CDA R2 Implementation Guide: C-CDA Supplemental Templates for Unique Device Identification (UDI) for Implantable Medical Devices, Release 1-US Realm,
The USCDI v1 “Medication” data class includes two constituent data elements within it: Medications and Medication Allergies. With respect to the latter, Medication Allergies, we request comment on an alternative approach. This alternative would result in removing the Medication Allergies data element from the Medication data class and creating a new data class titled, “Substance Reactions,” which would be meant to be inclusive of “Medication Allergies.” The new “Substance Reactions” data class would include the following data elements: “Substance” and “Reaction,” and include SNOMED CT as an additional applicable standard for non-medication substances.
In order to align with our approach to be responsive to the evolution of standards and to facilitate updates to newer versions of standards, the USCDI v1 (§ 170.213) is “content exchange” standard agnostic. It establishes “data policy” and does not directly associate with the content exchange standards and implementation specifications which, given a particular context, may be necessary to exchange the entire USCDI, a USCDI class, or elements within it. To our knowledge, all data classes in the USCDI v1 can be supported by commonly used “content exchange” standards, including HL7 C-CDA Release 2.1 and FHIR®.
In conjunction with our proposal to adopt the USCDI v1, we propose to adopt the HL7 CDA® R2 IG: C-CDA Templates for Clinical Notes R1 Companion Guide, Release 1 in § 170.205(a)(4)(i) (“C-CDA Companion Guide”). The C-CDA Companion Guide provides supplemental guidance and additional technical clarification for specifying data in the C-CDA Release 2.1.
• “Transitions of care” (§ 170.315(b)(1));
• “clinical information reconciliation and incorporation” (§ 170.315(b)(2));
• “care plan” (§ 170.315(b)(9));
• “view, download, and transmit to 3rd party” (§ 170.315(e)(1));
• “consolidated CDA creation performance” (§ 170.315(g)(6)); and
• “application access—all data request” (§ 170.315(g)(9)).
We propose, as a Maintenance of Certification requirement for the real world testing Condition of Certification, that health IT developers with health IT certified to the six above-identified certification criteria prior to the effective date of a subsequent final rule would have to update such certified health IT to the proposed revisions. We further propose, as a Maintenance of Certification requirement for the real world testing Condition of Certification, that health IT developers must provide the updated certified health IT to all their customers with health IT previously certified to the identified criteria no later than 24 months after the effective date of a final rule for this proposed rule. For the purposes of meeting this compliance timeline, we expect health IT developers to update their certified health IT without new mandatory testing and notify their
We propose to update the electronic prescribing (e-Rx) SCRIPT standard used for “electronic prescribing” in the 2015 Edition to NCPDP SCRIPT 2017071, which would result in a new e-Rx standard becoming the baseline for certification. We propose to adopt this standard in § 170.205(b)(1). ONC and CMS have historically maintained complementary policies of aligning health IT certification criteria and associated standard for e-prescribing with the CMS Medicare Part D e-Rx and MH standards (75 FR 44589; 77 FR 54198). To this end, CMS has retired the current standard (NCPDP SCRIPT version 10.6) for e-RX and MH and adopted NCPDP SCRIPT 2017071 as the standard for Part D e-Rx and MH effective January 1, 2020, conditional on ONC updating the Program to the NCPDP SCRIPT 2017071 standard for its e-Rx certification criterion (
As summarized in the IPPS Fiscal Year 2019 final rule (83 FR 41144), CMS received comments supportive of using the NCPDP SCRIPT 2017071 medication history transactions for PDMP queries and responses, as well as comments asking CMS to seek harmonizing of the 2015 Edition e-prescribing certification criterion to the NCPDP SCRIPT 2017071 standard specified in the part D program portions of the recent “Medicare Program; Contract Year 2019 Policy and Technical Changes to the Medicare Advantage, Medicare Cost Plan, Medicare Fee-for-Service, the Medicare Prescription Drug Benefit Programs, and the PACE Program” final rule (83 FR 16440).
In addition to proposing to adopt the NCPDP SCRIPT 2017071 standard for the transactions that are listed in the current “electronic prescribing” criterion (§ 170.315(b)(3)), we propose to adopt and require conformance to all of the NCPDP SCRIPT 2017071 standard transactions CMS adopted at 42 CFR 423.160(b)(2)(iv) for NCPDP SCRIPT 2017071. Therefore, we propose to adopt a new 2015 Edition “electronic prescribing” criterion (§ 170.315(b)(11)) that includes the following transactions:
A NewRx transaction is a new prescription from a prescriber to a pharmacy so that it can be dispensed to a patient. A NewRxRequest is a request from a pharmacy to a prescriber for a new prescription for a patient. A NewRxResponseDenied is a denied response to a previously sent NewRxRequest (if approved, a NewRx would be sent). A NewRxResponseDenied response may occur when the NewRxRequest cannot be processed or if information is unavailable.
An RxChangeRequest transaction originates from a pharmacy to request: A change in the original prescription (new or fillable), validation of prescriber credentials, a prescriber to review the drug requested, or a prior authorization from the payer for the prescription. An RxChangeResponse transaction originates from a prescriber to respond: To a prescription change request from a pharmacy, to a request for a prior authorization from a pharmacy, or to a prescriber credential validation request from a pharmacy.
A CancelRx transaction is a request from a prescriber to a pharmacy to not fill a previously sent prescription. A CancelRx must contain pertinent information for the pharmacy to be able to find the prescription in their system (patient, medication (name, strength, dosage, form), prescriber, prescription number if available). A CancelRxResponse is a response from a pharmacy to a prescriber to acknowledge a CancelRx, and is used to denote if the cancellation is Approved or Denied.
An RxRenewalRequest transaction originates from a pharmacy to request additional refills beyond those originally prescribed. RxRenewalResponse originates from a prescriber to respond to the request.
An RxFill transaction is sent from a pharmacy to a prescriber or a long term or post-acute care (LTPAC) facility indicating the FillStatus (dispensed, partially dispensed, not dispensed or returned to stock, transferred to another pharmacy) of the new, refill, or resupply prescriptions for a patient. RxFillIndicator informs the pharmacy of the prescriber's intent for fill status notifications for a specific patient/medication. An RxFillIndicatorChange is sent by a prescriber to a pharmacy to indicate that the prescriber is changing the types of RxFill transactions that were previously requested, where the prescriber may modify the fill status of transactions previously selected or cancel future RxFill transactions.
An RxHistoryRequest transaction is a request from a prescriber for a list of medications that have been prescribed, dispensed, claimed, or indicated by a patient. This request could be sent to a state Prescription Drug Monitoring Program (PDMP). An RxHistoryResponse is a response to an RxHistoryRequest containing a patient's medication history. It includes the medications that were dispensed or obtained within a certain timeframe, and optionally includes the prescriber that prescribed it. RxHistoryRequest and RxHistoryResponse transactions may be sent directly or through an intermediary.
This transaction is used by the prescriber or pharmacy asking the mailbox if there are any transactions. It is at the heart of the mechanism used by a pharmacy or prescriber system to receive transactions from each other or from a payer or the REMS Administrator via a Switch, acting as a Mailbox.
This transaction is used to relay acceptance of a transaction back to the sender. A Status in response to any applicable transaction other than GetMessage indicates acceptance and responsibility for a request. A Status in response to GetMessage indicates that no mail is waiting for pickup. A Status cannot be mailboxed and may not contain an error.
This transaction indicates an error has occurred, indicating the request was
This transaction is a response to a pharmacy or prescriber indicating that a transaction requesting a return receipt has been received. Verifications results when a “return receipt requested” flag is set in the original request. Upon receiving a transaction with ReturnReceipt set, it is the responsibility of the receiver to either generate a Verify in response to the request (recommended) or generate a Status in response to this request, followed subsequently by a free standing Verify. This transaction notifies the originator that the transaction was received at the software system. It is not a notification of action taking place, since time may elapse before the ultimate answer to the transaction may take place.
This transaction is a request from a Long Term or Post-Acute Care (LTPAC) organization to a pharmacy to send an additional supply of medication for an existing order. An example use case is when a medication supply for a resident is running low (2-3 doses) and a new supply is needed from the pharmacy, the LTPAC organization need a way to notify the pharmacy that an additional supply for the medication is needed.
This transaction communicates drug administration events from a prescriber/care facility to the pharmacy or other entity. It is a notification from a prescriber/care facility to a pharmacy or other entity that a drug administration event has occurred—for example, a medication was suspended or administration was resumed.
The RxTransferRequest transaction is used when the pharmacy is asking for a transfer of one or more prescriptions for a specific patient to the requesting pharmacy. The RxTransferResponse transaction is the response to the RxTransferRequest which includes the prescription(s) being transferred or a rejection of the transfer request. It is sent from the transferring pharmacy to the requesting pharmacy. The RxTransferConfirm transaction is used by the pharmacy receiving (originally requesting) the transfer to confirm that the transfer prescription has been received and the transfer is complete.
This transaction is a notification from a facility, on behalf of a prescriber, to a pharmacy recertifying the continued administration of a medication order. An example use is when an existing medication order has been recertified by the prescriber for continued use. Long term or post-acute care use only.
With CMS' recent adoption of these transactions in their recently issued final rule associated with e-prescribing for Medicare Part D (42 CFR 423.160(b)(2)(iv)(W)-(Z)), we believe that it would be equally beneficial to include these four REMS transactions as part of this proposed certification criterion: REMSInitiationRequest, REMSInitiationResponse, REMSRequest, and REMSResponse.
The Food and Drug Administration Amendments Act (FDAAA) of 2007 (Pub. L. 110-85) enables the Food and Drug Administration (FDA) to require a REMS from a pharmaceutical manufacturer if the FDA determines that a REMS is necessary to ensure the benefits of a drug outweigh the risks associated with the drug. The currently approved REMS programs vary in levels of complexity. Typically a Med Guide and Communication Plan is required, but some also require Elements to Assure Safe Use (ETASU). The large majority of existing REMS programs are for drugs dispensed through specialty pharmacies, clinics, and hospitals, but as REMS become more common they may ultimately have a greater impact on retail-based products.
The impact of REMS is twofold. First, REMS with ETASU may require the pharmacist to verify prescriber, patient, and/or pharmacy enrollment in a registry and, in some cases, verify or check certain information, such as lab results. Second, all REMS, including those without ETASU, must fulfill FDA-approved reporting requirements. Each REMS program must also include a program assessment schedule that examines the program's effectiveness on intervals approved by the FDA as part of the overall REMS program. The results of these assessments are submitted to the FDA as part of the ongoing evaluation of REMS program effectiveness. Accordingly, we propose to include the REMS transactions as part of this proposed certification criterion. We would also note for commenters' benefit that the SCRIPT 2017071 testing tool under development is being designed to support testing these REMS transactions.
We believe that removing the 2015 Edition certification criterion (codified in § 170.315(b)(3)) that references NCPDP SCRIPT version 10.6 and replacing it with an updated e-prescribing criterion (proposed to be codified in § 170.315(b)(11)) would harmonize with relevant CMS program timelines, including Part D e-prescribing requirements and the option for eligible clinicians, hospitals, and CAHs to report on the Query of Prescription Drug Monitoring Program (PDMP) quality measure for Promoting Interoperability Programs. However, should our proposal to adopt the new e-prescribing criterion (§ 170.315(b)(11)) be finalized prior to January 1, 2020, we also propose to permit continued certification to the current 2015 Edition “electronic prescribing” criterion (§ 170.315(b)(3)) for the period of time in which it would continue to be used as a program standard in the CMS Medicare Part D Program or the CMS Promoting Interoperability Programs. Once it is no longer used in those Programs, we would no longer permit certification to that criterion and would remove it from the Code of Federal Regulations. We will consider setting an effective date for such actions in a subsequent final rule based on stakeholder feedback and CMS policies at the time. To this point, we note that the continued acceptability of a Health IT Module certified to the criterion codified in § 170.315(b)(3) for purposes of meeting the CEHRT definition and participating in the CMS Promoting Interoperability Programs would be a matter of CMS policy.
In the 2015 Edition final rule, ONC adopted four clinical quality measure (CQM) certification criteria, § 170.315(c)(1) CQMs—record and
The “CQMs—report” certification criterion (§ 170.315(c)(3)) includes an optional certification provision for demonstrating that the health IT can create QRDA reports in the form and manner required for submission to CMS programs, which is in accordance with CMS' QRDA Implementation Guide (IGs).
Since the 2015 Edition final rule was published (October 16, 2015), we have gained additional certification experience and received feedback from the industry that health IT certified to the “CQMs-report” criterion (§ 170.315(c)(3)) are only/primarily being used to submit eCQMs to CMS for participation in CMS programs. Therefore, as a means of reducing burden, we propose to remove the HL7 QRDA standard requirements from the 2015 Edition CQMs—report criterion in § 170.315(c)(3), but
To support the proposal, we propose to incorporate by reference the latest annual CMS QRDA IGs, specifically the 2019 CMS QRDA I Implementation Guide for Hospital Quality Reporting
If we finalize this proposal in a subsequent final rule, we propose to adopt the latest CMS QRDA IGs at the time of final rule publication, as CMS updates their QRDA IGs annually to support the latest eCQM specifications and only accepts eCQM reporting to the latest version.
We note that this approach would also facilitate a means for ONC to permit developers to update its certified health IT to newer versions of the CMS QRDA IGs through the real world testing Maintenance of Certification provision for standards and implementation specification updates in support of ongoing interoperability (
We propose to adopt a new 2015 Edition certification criterion for EHI export in § 170.315(b)(10). This criterion is intended to provide patients and health IT users with a means to efficiently export the entire electronic health record for a single patient or all patients in a computable, electronic format, and facilitate the receiving health IT system's interpretation and use of the EHI, to the extent reasonably practicable using the developer's existing technology.
This outcome would promote access, exchange, and use of EHI and facilitate health care providers' ability to switch health IT systems or to migrate EHI for use in other technologies. Additionally, as discussed in section VII.B.2 of this preamble, certification to this criterion would provide some degree of assurance that a health IT developer supports, and does not inhibit, the access, exchange, and use of EHI for the specific use cases that the criterion addresses.
This proposed criterion supports two specific use cases for which we believe that all EHI produced and electronically managed in a developer's technology should be made readily available for export as a standard capability of certified health IT.
First, we propose that health IT certified to this criterion would have to enable the export of EHI for a single patient upon a valid request from that patient or a user on the patient's behalf. This patient-focused export capability, which is discussed in more detail below, complements other provisions of this proposed rule that support patients' access to their EHI including information that may eventually be
Second, this criterion would support the export of EHI when a health care provider chooses to transition or migrate information to another health IT system. As discussed in section VIII.C.5.c.iii of this preamble, health IT developers are in a unique position to block the export and portability of data for use in competing systems or applications, or to charge rents for access to the basic technical information needed to facilitate the conversion or migration of data for these purposes. By providing at least a baseline capability for exporting EHI in a commercially reasonable format, we believe that this criterion would help to address some of these business practices and enable smoother transitions between health IT systems.
This criterion is intended to further the two use cases outlined above while providing an incremental approach given the known and anticipated health IT landscape when ONC expects certified health IT with this functionality will be widely available in the ecosystem. At the time of this rulemaking, we believe a focused certification criterion that is standards-agnostic will provide a useful first step to enabling patients to request and receive their EHI and for providers to more readily switch or migrate information between health IT systems. Understanding that open, standards-based APIs are an emerging technology and that some health IT developers today have implemented proprietary APIs, this proposed criterion for EHI export provides an initial method for exporting patient health information in these circumstances. Over time, ONC may consider expanding the proposed criterion or replacing it to achieve the goals in § 170.402. It is also possible that in the future, this criterion will no longer be needed once standards-based APIs are widely available in the health IT ecosystem with the ability to facilitate exchange of a wider set of standardized data elements per the predictable, transparent, and collaborative process to expand the USCDI (
As noted above, the export functionality required by this certification criterion would support both a patient's access to their EHI and a provider's ability to switch to another health IT system. In the patient access context, we propose that a user must be able to timely execute the single patient EHI export at any time the user chooses and without subsequent developer assistance to operate. The health IT developer should enable the user to make data requests and receive the export efficiently, without unreasonable burden. For example, the health IT developer should not: Require the user to make a request multiple times for different types of EHI; provide unreasonable delays for the export; or prohibit reasonable user access to the system during the export process.
“Timely” does not mean real-time; however, we stress that any delays in providing the export must be no longer than reasonably necessary to avoid interference with other clinical functions of the health IT system. This is similar to the approach we have taken for export of clinical quality measure data. The export capability does not require that data be received instantaneously. Rather, as we have stated before (80 FR 62650) a non-conformity would exist if surveillance revealed that processing or other delays were likely to substantially interfere with the ability of a provider or health system to view and verify their CQM results for quality improvement on a near real-time basis. Similarly, a non-conformity would exist if delays were causing or contributing to users being presented with data files that no longer contained current, accurate, or valid data. To avoid these implementation issues and ensure that capabilities support all required outcomes, health IT developers should seek to minimize processing times and other delays to the greatest extent possible.
As previously defined under the Program, “user” is a health care professional or his or her office staff; or a software program or service that would interact directly with the certified health IT (80 FR 62611, 77 FR 54168). We typically would expect the “user” in this case to be a provider or his or her office staff who will be performing the request on behalf of the patient given that a request of this nature would likely occur in the context of an individual exercising their right of access under the HIPAA Privacy Rule (45 CFR 164.524). In this regard, the proposed 2015 Edition “EHI export” criterion could facilitate and support the provision of a patient's record in an electronic format. In service to innovative and patient-centric approaches, a health IT developer could develop a method that allows the patient using a technology application (
Similar to the 2015 Edition “data export” certification criterion (§ 170.315(b)(6)), which we propose for removal below, we acknowledge potential privacy and security concerns may arise when EHI is exported and, therefore, propose that for provider-mediated requests, a developer may design the health IT to limit the type of users that would be able to access and initiate EHI export functions. However, as we previously specified in the 2015 Edition final rule, the ability to “limit” the single patient EHI export functionality is intended to be used by and at the discretion of the provider organization implementing the technology, not a way for health IT developers to implicitly prevent the overarching user-driven aspect of this capability (80 FR 62646).
In addition to and separate from the patient access use case described above, health IT certified to this criterion would facilitate the migration of EHI to another health IT system. We propose that a health IT developer of health IT certified to this criterion must, at a customer's request, provide a complete export of all EHI that is produced or managed by means of the developer's certified health IT. Health IT developers would have flexibility as to how this outcome is achieved, so long as a customer is able to receive the export in a timely and efficient manner, and in a format that is commercially reasonable. For example, in contrast with the patient export capability, which must be available to a user without subsequent
We note that while this criterion focuses on the technical outcomes supported by this capability, developers of health IT certified to this criterion would be required to provide the assurances proposed in § 170.402, which include providing reasonable cooperation and assistance to other persons (including customers, users, and third-party developers) to enable the use of interoperable products and services. Thus, while developers would have flexibility as to how they implement the export functionality for transitions between systems, they would ultimately be responsible for ensuring that the capability is deployed in a way that enables a customer and their third-party contractors to successfully migrate data. Such cooperation and assistance could include, for example, assisting a customer's third-party developer to automate the export of EHI to other systems. We refer readers to section VII.B.2 of the proposed rule for further discussion of a health IT developer's assurances as proposed in § 170.402.
For both use cases supported by this criterion, EHI export encompasses all the EHI that the health IT system produces and electronically manages for a patient or group of patients. This applies to the health IT's entire database, including but not limited to clinical, administrative, and claims/billing data. It would also include any data that may be stored in separate data warehouses that the system has access to, can produce, and electronically manages. For example, health IT developers may store EHI in these warehouses to prevent performance impacts from data queries that may slow down the “main” health IT system's (
The use of the term “electronic health information” (EHI) is deliberate and in alignment with the Cures Act and the proposed definition of this term in § 170.102. Its use supports consistency and the breadth of types of data envisioned by this criterion. Clinical data would encompass imaging information—both images and narrative text about the image—as this is part of the patient's total record; however, we understand that EHRs may not be the standard storage location for images and solicit comment on the feasibility, practicality, and necessity of exporting images and/or imaging information. We request comment on what image elements, at a minimum, should be shared such as image quality, type, and narrative text. It is understandable that developers will not be able to export every existing data element, nor that all possible data elements are necessary for transfer. For finalization in a subsequent final rule, we solicit comment on whether we should require, to support transparency, health IT developers to attest or publish as part of the export format documentation the types of EHI they cannot support for export.
We also propose the following metadata categories that would be excluded from this criterion, and have listed examples for clarity below. We seek comment on these exclusion categories, and request feedback on what metadata elements should remain included for export, or be added to the list of data that would be allowed to be excluded in a subsequent final rule:
• Metadata present in internal databases used for physically storing the data. Examples include: Internal database table names, field names, schema, constraints, Triggers, Field size (number of bytes), Field type (String, integer, double, long), and Primary keys or object identifiers used internally for querying.
• Metadata that may not be necessary to interpret EHI export, including information that is typically required for processing of transactions such as encryption keys, internal user roles, ancillary information such as information stored in different formats, local codes for internal use; audit logs, record reviews, or history of change.
• Metadata that refers to data that is not present in the EHI export, such as links to files and other external attachments that are not part of the export, and information used in conjunction with data from other applications that is not part of the health IT.
We also seek comment, for consideration in finalizing this criterion in a subsequent final rule, on types of EHI that may present challenges for meeting the intent of this proposed criterion.
The proposed certification criterion does not prescribe a content standard for the EHI export. However, it requires health IT developers to provide the format, such as a data dictionary or export support file, for the exported information to assist the receiving system in processing the EHI without loss of information or its meaning to the extent reasonably practicable using the developer's existing technology. Providing EHI export information is consistent with emerging industry practices and capabilities to offer requestors the ability to access, download, and move their information without unreasonable burden. Companies such as Facebook,
We believe that by making the export format publicly available at the time of certification (and keeping the information current) will stimulate a vibrant, competitive market in which third- party software developers can specialize in processing the data exported from certified health IT products in support of patients and providers. Moreover, we believe this proposal will transform today's current guess-work, one-off processes into something more predictable and transparent such that greater industry efficiencies can be realized. We note and clarify that the export format need not be the same format used internally by the health IT system, and the health IT developer would not need to make public their proprietary data model. The proposed certification criterion also
We believe that open, standards-based APIs should provide persistent access to patients' EHI over time to achieve the envisioned goals in § 170.404. In the meantime, this proposed criterion in § 170.315(b)(10) will provide an initial step toward achieving those goals. We clarify that “persistent” or “continuous” access to EHI is not required to satisfy this criterion's requirements and that the minimum requirement is for a discrete data export capability. Similarly, while the criterion requires the timely export of all EHI, such export need not occur instantaneously (or in “real-time”). However, health IT developers are encouraged to consider persistent access and real-time approaches as part of the step-wise progression we see towards open, standards-based APIs for a growing number of data elements per the USCDI in the proposed “standardized API for patient and population services” criterion (§ 170.315(g)(10).” Further, we caution that where it is reasonable for a developer to provide persistent or real-time access to electronic health information, the refusal to do so may be inconsistent with the Conditions of Certification in § 170.401 (information blocking) and § 170.402 (assurances related to this capability), as well as the information blocking provision, as to which readers should refer to sections VII and VIII of this proposed rule. Similarly, while this certification criterion would provide a baseline capability for exporting data for the specific use cases described above, health IT developers may need to provide other data export and conversion services or support additional export use cases beyond those encompassed by this criterion to facilitate the appropriate access, exchange, and use of electronic health information and to avoid engaging in information blocking.
ONC seeks input on EHI export and timeframes. In particular, beyond exporting
For discussion of the required timeframe for developers of certified health IT
We propose to remove the “data export” criterion (§ 170.315(b)(6)) from the 2015 Edition, including the 2015 Edition Base EHR definition expressed in § 170.102. Correspondingly, we propose to include the proposed “EHI export” criterion (§ 170.315(b)(10)) in the 2015 Edition Base EHR definition, which would affect health care providers' compliance responsibilities when it comes to possessing CEHRT for associated CMS programs. A specific C-CDA data export criterion no longer supports advancements in interoperability in the evolving health IT industry. The proposed “EHI export” certification criterion is standards-agnostic and supports a more open approach to interoperability. More specifically, the proposed “EHI export” criterion differs significantly from the “data export” certification criterion as the latter is limited to clinical data as specified in the C-CDA. Also, the proposed “EHI export” criterion is not limited to just the scope of the certified capabilities in the certified Health IT Module as it applies to all produced and electronically managed EHI. Further, by including this functionality in the 2015 Base EHR definition, we can be assured that health care providers participating in the CMS programs (
We propose to modify the Base EHR definition to include the proposed “EHI export” criterion 24 months from the effective date of the final rule for this proposed rule (which practically speaking would be 25 months because of the 30-day delayed effective date). We believe this is sufficient time for health IT developers to develop, test, certify, and rollout this functionality to health care providers based on the flexible approach offered for meeting this criterion. We also believe this timeframe provides sufficient time for health care providers to adopt and implement the functionality included in the “EHI export” criterion. To note, we refer readers to the “Assurances” Condition and Maintenance of Certification requirements in section VII.B.2, which propose complementary requirements on health IT developers to rollout health IT certified “EHI export” within 24 months of the effective date of a final rule for this proposed rule. We welcome comments on our proposed compliance timeline.
We note that we do not propose a transition period for the “data export” criterion. We propose to remove the criterion from the 2015 Edition upon the effective date of a final rule for this proposed rule. Unlike the “application access—data category request” criterion (which we propose to replace with the new API criterion in this proposed rule), the “data export” criterion does not support an objective or measure under the CMS Promoting Interoperability Programs. Therefore, we do not believe that health IT developers and health care providers need to support the functionality in the “data export” criterion while they transition to the development, adoption, and implementation of the EHI export criterion. This approach should reduce burden and costs for both health IT developers and health care providers. We welcome comments on this approach, including whether this will leave health care providers without an export capability for an inordinate period of time such that we should require health IT developers to support the “data export” functionality for health care providers until the health IT developer attests to providing the new EHI export functionality to all of its customers.
Readers are also referred to the Regulatory Impact Analysis in section XIV of this proposed rule for a discussion of the estimated costs and benefits of this proposed criterion, as well as the impact of the proposed removal of the 2015 Edition “data export” criterion.
To implement the Cures Act, we propose to adopt a new API criterion in § 170.315(g)(10), which would replace the “application access—data category request” certification criterion (§ 170.315(g)(8)) and become part of the 2015 Edition Base EHR definition. This new certification criterion would require the use of FHIR standards, several implementation specifications, and focus on supporting two types of API-enabled services: (1) Services for
In 2015, the HIT Standards Committee (HITSC) recommended the adoption of two new certification criteria for the Program. The National Coordinator endorsed the HITSC recommendations for consideration by the Secretary, and the Secretary determined that it was appropriate to propose adoption of the two new certification criteria through rulemaking (81 FR 10635). To implement the Secretary's determination, we propose to add two new 2015 Edition privacy and security “transparency attestation” certification criteria for: (1) Encrypt authentication credentials; and (2) multi-factor authentication.
In the 2015 Edition final rule, we adopted a new, simpler, and straightforward approach to privacy and security (P&S) certification requirements for Health IT Modules certified to the 2015 Edition, which we refer to as the 2015 Edition privacy and security certification framework (80 FR 62705). In this proposed rule, we propose modifications to the 2015 Edition privacy and security certification framework in § 170.550(h) and propose to add new criteria to which a health IT developer would need to certify pertaining to whether or not its product encrypts authentication credentials (specifically § 170.315(d)(12)) and supports multi-factor authentication (specifically § 170.315(d)(13)). To be clear, we are not proposing to require that health IT
We propose to adopt an “encrypt authentication credentials” certification criterion in § 170.315(d)(12) and include it in the P&S certification framework (§ 170.550(h)). We propose to make the encrypt authentication credentials certification criterion applicable to any Health IT Module currently certified to the 2015 Edition and any Health IT Module presented for certification due to the fact that all health IT must meet the “authentication, access control, and authorization” certification criterion adopted in § 170.315(d)(1) as part of current Program requirements. While the 2015 Edition “authentication, access control, and authorization” certification criterion criteria requires that patient information saved on end user devices is encrypted, those same protections are not explicitly required through certification for the authentication credentials used to access that same information. As such, we believe that this proposal would address that gap and encourage health IT developers to take steps to ensure that authentication credentials are protected consistent with industry best practices.
To provide clarity as to what a “yes” attestation for “encrypt authentication credentials” would mean, we provide the following explanation. Encrypting authentication credentials could include password encryption or cryptographic hashing, which is storing only encrypted or cryptographically hashed passwords. If a developer attests that its Health IT Module encrypts authentication credentials, we propose that the attestation would mean that the Health IT Module is capable of cryptographically protecting stored authentication credentials in accordance with standards adopted in § 170.210(a)(2), Annex A: Federal Information Processing Standards (FIPS) Publication 140-2, Approved Security Functions for FIPS PUB 140-2, Security Requirements for Cryptographic Modules. We posit that FIPS Publication 140-2 is the seminal, comprehensive, and most appropriate standard. Moreover, in the specified FIPS 140-2 standard, there is an allowance for various approved encryption methods, and health IT developers would have the flexibility to implement any of the approved encryption methods in order to attest yes to this criterion. Health IT developers should keep apprised of these standards as they evolve and are updated to address vulnerabilities identified in the current standard.
We do not believe it is necessary for a Health IT Module to be required to be tested to this criterion, so long as by attesting yes to this criterion, the health IT developer is attesting that if authentication credentials are stored, then the authentication credentials are protected consistent with the requirements above. To be clear, a “no” attestation is a sufficient response to address this certification criterion; however, health IT developers should be aware that this “no” will be made publicly available on the CHPL. Note that if a developer attested to encrypting authentication credentials, a certified Health IT Module would be subject to ONC-ACB surveillance for any potential non-conformity with the requirements of this criterion. Specifically, if the ONC-ACB becomes aware of situations where the developer's health IT is not meeting the developer's affirmative attestation per the criterion's requirements, the ONC-ACB may use its corrective action process to bring the product back into conformance.
We propose that, for health IT certified prior to a subsequent final rule's effective date, the health IT would need to be certified to the “encrypt authentication credentials” certification criterion within six months after the final rule's effective date. For health IT certified for the first time after the final rule's effective date, we propose that the health IT must meet this criterion at the time of certification. This should allow sufficient time for health IT developers to assess their Health IT Modules' capabilities and attest “yes” or “no” to the certification criterion.
For an assessment of this proposal's costs and benefits, please refer to the Regulatory Impact Analysis in section XIV of this preamble. We welcome comments on this assessment and this proposal in general. We also note that some health IT presented for certification is not designed to store authentication credentials. Therefore, we specifically request comment on whether we should include an explicit provision in this criterion to accommodate such health IT. This could be similar to the approach we have taken with the 2015 Edition “end-user device encryption” criterion (§ 170.315(d)(7)(ii)), where we permit the criterion to be met if the health IT developer indicates their technology is designed to prevent electronic health information from being locally stored on end-user devices.
We propose to adopt a “multi-factor authentication” (MFA) criterion in § 170.315(d)(13) and include it in the P&S certification framework (§ 170.550(h)). We propose to make the “multi-factor authentication” certification criterion applicable to any Health IT Module currently certified to the 2015 Edition and any Health IT Module presented for certification. Health IT developers have already been implementing MFA to meet the Electronic Prescribing of Controlled Substances (EPCS) requirements set by Drug Enforcement Administration (DEA), and if adopted, this certification criterion would be general in that its
This proposal supports the Department of Homeland Security (DHS) led initiative “STOP, THINK, CONNECT” which strongly recommends and runs campaigns to promote stronger authentication, typically related to MFA, going beyond a username and password to log in. MFA is also recommended by numerous organizations and groups. In the “Report on Improving Cybersecurity in the Health Care Industry,”
However, despite the benefits of adopting MFA, we are also aware of some of the challenges. Specifically, in health care, many providers are resistant to adopt MFA because of the inconvenience and loss of time of going through another step to access the patient's EHI. Also, MFA has not been deployed very long in the health care setting, so it is not clear how much it actually addresses the risk. In most MFA implementations, passwords are still present. In addition to having to manage passwords, users also have to manage an additional layer of security. Another usability challenge is that systems often require different types of MFA, which adds to the complexity and also may require providers to keep track of tokens. MFA is often recommended as a solution to password problems, but it is still vulnerable to theft. These alternative forms of authentication have their own set of vulnerability issues. The cost of implementing MFA and ensuring it will be implemented in a way that does not inhibit clinical workflow is also an issue to be considered.
To provide clarity as to what a “yes” attestation for “multi-factor authentication” attestation would mean, we provide the following explanation. MFA requires users to authenticate using multiple means to confirm they are who they claim to be in order to prove one's identity, under the assumption that it is unlikely that an unauthorized individual or entity will be able to succeed when more than one token is required. MFA includes using two or more of these: (i) Something people know, such as a password or a personal identification number (PIN); (ii) something people have, such as a phone, badge, card, RSA token or access key; and (iii) something people are, such as fingerprints, retina scan, heartbeat, and other biometric information. Thus, in order to be issued a certification, we propose to require that a Health IT Module developer attest to whether or not its certified health IT supports MFA consistent with industry recognized standards (
We propose that, for health IT certified prior to a subsequent final rule's effective date, the health IT would need to be certified to the “multi-factor authentication” certification criterion within six months after the final rule's effective date. For health IT certified for the first time after the final rule's effective date, we propose that the health IT must meet this criterion at the time of certification. This should allow sufficient time for health IT developers to assess their Health IT Modules' capabilities and attest “yes” or “no” to the certification criterion.
We generally seek comment on whether there is value in adopting the proposed “multi- factor authentication” criterion. We also solicit comment on the method of attestation and, if the health IT developer does attest to supporting MFA, whether we should require the health IT developer to explain how they support MFA. For example, should the health IT developer be required to identify the MFA technique(s) used/supported by submitting specific information on how it is implemented, including identifying the purpose(s)/use(s) to which MFA is applied within their Health IT Module (such as where in the clinical workflow it is required), and, as applicable, whether the MFA solution complies with industry standard? This information could enable the health IT developer to highlight their health IT's capabilities to support MFA.
We adopted two 2015 Edition “data segmentation for privacy” (DS4P) certification criteria in the 2015 Edition final rule. One criterion (“DS4P-send” (§ 170.315(b)(7)) includes capabilities for creating a summary care record formatted to the C-CDA 2.1 standard and document-level tagging as restricted (and subject to restrictions on re-disclosure) according to the DS4P standard. The other criterion (“DS4P-receive” (§ 170.315(b)(8)) includes capabilities for receiving a summary care record formatted to the C-CDA 2.1 standard and document-level tagged as restricted (and subject to restrictions on re-disclosure) according to the DS4P standard. As noted in the 2015 Edition final rule (80 FR 62646)), certification to these criteria is not required to meet the CEHRT definition for CMS EHR Incentive Programs, now referred to as the Promoting Interoperability Programs. The current 2015 Edition DS4P certification criteria specify the technical capabilities that the health IT must have to apply and recognize security labels in a summary document (C-CDA) such that the recipient of a summary document would be able to recognize the existence of sensitive elements within the summary document (80 FR 62646). Security labeling provides a way for computer systems to properly handle data passed among systems, to preserve the condition of security, and to enable access control decisions on the information, so that the information is only accessed by the appropriate entities. The HL7 Healthcare Classification System (HCS) standard provides a common syntax and semantics for interoperable security labels in health care. The DS4P standard makes use of the HCS specification and describes a method for applying security labels to HL7 CDA documents to ensure that privacy policies established at a record's source can be understood and enforced by the recipient of the record.
In the 2015 Edition final rule, we noted that the DS4P standard is not restricted to data subject to the federal regulations governing the Confidentiality of Substance Use Disorder Patient Records (42 CFR part 2) (80 FR 62647). It may be implemented to support other data exchange use cases in which compliance with state or federal legal frameworks require sensitive health information to be tagged
Adoption of the current 2015 Edition DS4P criteria was also consistent with earlier HIT Policy Committee (HITPC) recommendations on the use of DS4P technology to enable the electronic implementation and management of disclosure policies that originate from the patient, the law, or an organization, in an interoperable manner, so that electronic sensitive health information may be appropriately shared.
Since the 2015 Edition final rule, the health care industry has engaged in additional field testing and implementation of the DS4P standard. As of the beginning of the third quarter of the 2018 CY, only about 20 products (products with multiple certified versions were counted once) were certified to the current 2015 Edition DS4P certification criteria. In addition, stakeholders shared with ONC—through public forums, listening sessions, and correspondence—that focusing certification on segmentation to only the document level does not permit providers the flexibility to address more granular segmentation needs. Stakeholders noted that certain provider types, such as providers of pediatric care and behavioral health care, are currently using a range of burdensome manual workflows in order to meet complex use cases for DS4P which are also impacted by state and local laws. Additionally, stakeholders have expressed interest in ONC exploring health IT standards that work with DS4P to support the management of consent for sharing documents that include security labels such as through the use of an API.
Therefore, in consideration of stakeholder feedback and our stated policy approach to adopt DS4P certification criteria on a glide path, we propose to remove the current 2015 Edition DS4P-send (§ 170.315(b)(7)) and DS4P-receive (§ 170.315(b)(8)) certification criteria. The proposed effective date of removal of these criteria would be the effective date of a subsequent final rule for this proposed rule. We propose to replace these two criteria with three new 2015 Edition DS4P certification criteria (two for C-CDA and one for a FHIR-based API) that would support a more granular approach to privacy tagging data and consent management for health information exchange supported by either the C-CDA- or FHIR-based exchange standards. Our primary purpose for proposing to remove and replace them, in lieu of proposing to revise them, is to provide clarity to stakeholders as to the additional functionality enabled by health IT certified to the new criteria. We note resources released by ONC and OCR, such as the HHS Security Risk Assessment Tool
In place of the removed 2015 Edition DS4P criteria, we propose to adopt new DS4P-send (§ 170.315(b)(12)) and DS4P-receive (§ 170.315(b)(13)) criteria that would remain based on the C-CDA and the HL7 DS4P standard. These criteria would include capabilities for applying the DS4P standard at the document, section, and entry level. We believe this offers more valuable functionality to providers and patients, especially given the complexities of the landscape of privacy laws for multiple care and specialty settings. We believe health IT certified to these criteria could support multiple practice settings and use cases. For example, in section VI.A.2 of this preamble, we explain how the proposed capabilities included in these criteria could support the pediatric health care setting. We believe this proposal could also reduce burden for providers by leveraging health IT's ability to recognize and manage sensitive data and patient consent directives, rather than relying on case-by-case manual redaction and subsequent workarounds to transmit redacted documents. We emphasize that health care providers already have processes and workflows to address their existing compliance obligations which could be made more efficient and cost effective through the use of health IT. We recognize that more granular privacy markings at the point of data capture would further support existing and future priorities of states for multiple care and specialty settings, including behavioral health and pediatric health care settings.
We welcome public comment on our proposals to replace the current 2015 Edition DS4P criteria and adopt new 2015 Edition DS4P-send (§ 170.315(b)(12)) and DS4P-receive (§ 170.315(b)(13)) criteria to support improved options for data segmentation for health care providers engaged in complex use cases such as those identified in pediatric care (
In collaboration with ONC, the Substance Abuse and Mental Health Services Administration (SAMHSA) developed the Consent2Share application to address the specific privacy protections of patients with substance use disorders who are covered by the federal confidentiality regulation, 42 CFR part 2. Consent2Share is an open source application for data segmentation and consent management. It is designed to integrate with existing FHIR systems. SAMHSA created a FHIR implementation guide (the Consent2Share Consent Profile Design, hereafter referred to as “Consent Implementation Guide”) that describes how the Consent2Share (C2S) application and associated access control solution uses the FHIR Consent resource to represent and persist patient consent for treatment, research, or disclosure.
As discussed in section VII.B.4 of this proposed rule, we are proposing policies related to the implementation of a standardized API to support the exchange of health information between providers and patients and among members of a care team. We anticipate that the proposed 2015 Edition “standardized API for patient and population services” certification criterion (§ 170.315(g)(10)) will result in a proliferation of APIs that will enable a more flexible and less burdensome approach to exchanging EHI. We believe the health care industry can leverage this API infrastructure to share segmented data in a secure and scalable manner. Therefore, we propose to adopt a 2015 Edition certification criterion “consent management for APIs” in § 170.315(g)(11) to support data segmentation and consent management through an API in accordance with the Consent Implementation Guide. Certification to this criterion would be at a health IT developer's discretion and would indicate that a system is capable of responding to requests through an API for patient consent directives that include standards-based security labeling.
We acknowledge that our proposed implementation specification, the Consent Implementation Guide, is based on a different version of the FHIR standard (FHIR Standard for Trial Use 3, also known as FHIR Release 3) than the proposed “standardized API for patient and population services” criteria (§ 170.315(g)(10)) which is proposed to reference just FHIR Release 2. Furthermore, we acknowledge that this discrepancy may result in additional implementation efforts for developers. In ideal circumstances, we would have proposed a data segmentation and consent management standard for APIs that was based on FHIR Release 2 and aligned with the “standardized API for patient and population services” criteria proposed in this proposed rule. However, although SAMHSA also created a consent implementation guide based on FHIR Release 2,
SAMHSA created the “Consent Implementation Guide” to support developers in implementing the FHIR Consent resource to represent patient consent for treatment, research, and disclosure. The Consent Implementation Guide provides instructions for using the FHIR “Consent” resource to capture a record of a health care consumer's privacy preferences. Implementing an instance of the FHIR Consent resource based on this guide allows for a patient consent to permit or deny identified recipient(s) or recipient role(s) to perform one or more actions, regarding the patient's health information for specific purposes and periods of time. For example the Consent Implementation Guide supports consent management for specific use cases to permit or deny disclosure based on a specific law, regulation, or policy under which the patient consented. The implementation guide uses security labels as a mechanism for specifying a patient's preferences (
Our proposal to adopt the version aligned with FHIR Release 3 and the FHIR Release 3 standard for this criterion reflects stakeholder interests and efforts to support particular use cases. C2S enables data segmentation and consent management for disclosure of several discrete categories of sensitive health data related to conditions and treatments including: Alcohol, tobacco and substance use disorders (including opioid use disorder), behavioral health, HIV/AIDS, and sexuality and reproductive health. These capabilities support multiple use cases in both primary and specialty care, and specifically address priority needs identified by stakeholders to support pediatric care. We emphasize that health care providers already have processes and workflows to address their existing compliance obligations which could be made more efficient and cost effective through the use of health IT. Finally, given that the FHIR standard is modular in nature, and especially since the “Consent” resource did not exist in FHIR Release 2, we anticipate that health IT developers that elect to certify to this criterion would be able to support the Consent Implementation Guide along with the API requirements specified in “standardized API for
We welcome comments on this proposal. We specifically seek comment on how the availability of this proposed certification criterion might increase the ability to support multiple care coordination and privacy priorities, including those associated with pediatric care; and whether we should consider other similar API based options and resources as standards for certification criteria. We also seek comment on whether the misalignment between the versions of the FHIR standard used by our proposed “consent management for APIs” and “standardized API for patient and population services” criteria would create excessive burden for developers and implementers. Specifically, we seek comment on if certification to the “consent management for APIs” should only be available in conjunction with the “standardized API for patient and population services” criteria at such a time as the criteria are aligned to one version of the FHIR standard or if the option to certify to the “consent management for APIs” should be allowed for those developers interested in doing so even without current standards alignment. We note that SAMHSA is currently pursuing additional work to expand use cases related to data segmentation for privacy and FHIR compatibility.
In the FY 2019 IPPS/LTCH PPS proposed rule (83 FR 20516), CMS proposed scoring and measurement policies to move beyond the three stages of meaningful use to a new phase of EHR measurement with an increased focus on interoperability and improving patient access to health information. To reflect this focus, CMS changed the name of the Medicare and Medicaid EHR Incentive Programs, to the Medicare and Medicaid Promoting Interoperability (PI) Programs. To align with the renaming of the EHR Incentive Programs, we propose to remove references to the EHR Incentive Programs and replace them with “Promoting Interoperability Programs” in the 2015 Edition “automated numerator recording” criterion in § 170.315(g)(1) and the “automated measure calculation” criterion in § 170.315(g)(2).
Currently, § 170.315(d)(2), “auditable events and tamper resistance,” includes a cross- reference to § 170.315(d)(7). However, the cross reference to § 170.315(d)(7), “end-user device encryption,” does not always apply. We propose to revise § 170.550(h)(3) to apply the § 170.315(d)(7) cross reference as appropriate and exempt § 170.315(d)(7) when the certificate scope does not require § 170.315(d)(7) certification (
We propose to revise § 170.550(h) to remove the “amendments” criterion's application to certain non-applicable clinical criteria including: “Drug-drug, drug-allergy interaction checks for computerized provider order entry (CPOE)” § 170.315(a)(4); “clinical decision support” § 170.315(a)(9); “drug-formulary and preferred drug list checks” § 170.315(a)(10); and “patient-specific education” § 170.315(a)(13). Health IT Modules presented for certification to these criteria would not have to demonstrate the capabilities required by the 2015 Edition “amendments” certification criterion (§ 170.315(d)(4)), unless the health IT is presented for certification to another criterion that requires certification to the 2015 Edition “amendments” criterion under the P&S certification framework. This has already been incorporated into sub- regulatory guidance, and we propose to codify this clarification in regulation.
We propose to remove § 170.315(e)(1)(ii)(B) which includes a cross-reference to § 170.315(d)(2). This cross-reference indicates that health IT may demonstrate compliance with activity history log requirements if it is also certified to the 2015 Edition “auditable events and tamper-resistance” certification criterion (§ 170.315(d)(2)). However, we no longer require testing of activity history log when certifying for § 170.315(d)(2). Therefore, this cross-reference is no longer applicable to meet certification requirements for the 2015 Edition “view, download, and transmit to 3rd party” certification criterion (§ 170.315(e)(1)) activity history log requirements.
Consistent with the 2015 Edition privacy and security certification framework, each certification criterion has a set of appropriate P&S “safeguards” that must be in place. In the 2015 Edition, we required that an ONC-ACB must ensure that a Health IT Module presented for certification to any of the certification criteria that fall into each regulatory text “first level paragraph” category of § 170.315 (
We propose to revise the records retention requirement in § 170.523(g) to include the “life of the edition” as well as 3 years after the retirement of an edition related to the certification of Complete EHRs and Health IT Module(s). In the 2015 Edition final rule (80 FR 62602), we adopted a records retention provision that required ONC-ACBs to retain all records related to the certification of Complete EHRs and Health IT Module(s) for the “life of the edition” plus an additional 3 years, and the records would be available to HHS upon request during this period of time. In the 2015 Edition final rule, the “life of the edition” was defined as beginning with the codification of an edition of certification criteria in regulation and ending when the edition is removed from regulation. We now propose to clarify that HHS has the ability to access certification records for the “life of the edition,” which begins with the codification of an edition of certification criteria in the Code of Federal Regulations through a minimum of 3 years from the effective date that removes the applicable edition from the Code of Federal Regulations, not solely during the 3-year period after removal from the CFR.
The Principle of Proper Conduct (PoPC) in § 170.523(h) specifies that ONC-ACBs may only certify health IT that has been tested by ONC-ATLs using tools and test procedures approved by the National Coordinator. We propose to revise this PoPC in three ways. First, we propose to revise this PoPC to additionally permit ONC-ACBs to certify Health IT Modules that they have evaluated for conformance with certification criteria without first passing through an ONC-ATL. However, we propose that such methods to determine conformity must first be approved by the National Coordinator. This proposal provides valuable Program flexibility and market efficiencies for streamlining Health IT Module certification, acknowledging the broad spectrum of evidence of conformance, from laboratory testing with an ONC-ATL to developer self-declaration. This Program flexibility will also allow us to leverage the success we have seen in implementation of our alternative test method process where any entity can submit a test procedure and/or test tool for approval for use under the Program. For example, the National Coordinator may, under this provision, approve a conformance method for certification criteria where evidence of a valid declaration of conformity (
Second, we propose to revise the PoPC to clarify that certifications can only be issued to Health IT Modules and not Complete EHRs. We are proposing to remove the 2014 Edition from the CFR (
Third, we propose to remove the provision that permits the certification of health IT previously certified to an edition if the certification criterion or criteria to which the Health IT Module(s) was previously certified have not been revised and no new certification criteria are applicable because the circumstances that this provision seeks to address are no longer feasible with certification to the 2015 Edition. Any Health IT Module previously certified to the 2014 Edition and presented for certification to the 2015 Edition would have at least one new or revised 2015 Edition certification criteria that would be applicable. For example, the 2015 Edition “accessibility-centered design” criterion (§ 170.315(g)(5)) is applicable to any Health IT Module presented for certification to the 2015 Edition.
We propose to revise the PoPC for ONC-ACBs in order to address business relationships between ONC-ACBs and ONC-ATLs. To encourage market competition, we propose to require ONC-ACBs to accept test results from any ONC-ATL that is in good standing under the Program and is compliant with its ISO 17025 accreditation requirements. However, if an ONC-ACB has concerns about accepting test results from a certain ONC-ATL, the ONC-ACB would have an opportunity to explain the potential issues to ONC and NVLAP, and on a case-by-case basis, ONC could consider the facts and make the final determination.
ONC-ATLs must be accredited by the NVLAP and seek authorization from ONC to participate in the ONC Health IT Certification Program. ONC-ATLs test products against the ONC-approved test method for the standards and certification criteria identified by the Secretary using ONC-approved test methods. ONC-ACBs make certification determinations and conduct surveillance for health IT originally tested by an ONC-ATL. Based on the process that all ONC-ATLs must undergo, we believe that they are capable of providing accurate test results that should be accepted by any ONC-ACB.
The intent of this proposal is to ensure that ONC-ATLs are not discriminated against and do not suffer injury from ONC-ACBs not accepting their test results if, in fact, they are in good standing. This proposal may also prevent harm to health IT developers, who present their health IT to be tested by ONC-ATLs and ultimately seek certification by ONC-ACBs under the Program. These situations may arise if a health IT developer's ONC-ACB leaves the Program or goes out of business. This proposal may also prevent situations of preferential business arrangements such as when one organization is both an ONC-ATL and ONC-ACB and will not enter into a contract with another organization who is also an ONC-ATL.
We propose to revise the PoPC in § 170.523(k). We propose to remove § 170.523(k) (1)(ii)(B) because certifications can only be issued to Health IT Modules and not Complete EHRs. We are proposing to remove the 2014 Edition from the CFR (
We also propose to remove the provision in § 170.523(k)(3) that requires a certification issued to a pre-coordinated, integrated bundle of Health IT Modules to be treated the same as a certification issued to a Complete EHR for the purposes of § 170.523(k)(1), except that the certification must also indicate each Health IT Module that is included in the bundle. We propose to remove this provision because pre-coordinated, integrated bundles are no longer applicable for certification under Program.
We propose to revise § 170.523(k)(4) to clarify that a certification issued to a Health IT Module based solely on the applicable certification criteria adopted by the ONC Health IT Certification Program must be separate and distinct from any other certification(s) based on other criteria or requirements. The intent of this provision, as indicated in the Establishment of the Permanent Certification Program for Health Information Technology final rule (76 FR 1272), is to ensure that any other certifications an ONC-ACB may issue, is separately indicated from the applicable certification criteria adopted by the ONC Health IT Certification Program.
We also propose changes related to transparency attestations and limitations in section III.B.5. of this preamble. Additionally, we propose other new PoPCs for ONC-ACBs in sections VII.B.5 and VII.D of this preamble.
We propose to revise the records retention requirement in § 170.524(f) to include the “life of the edition” as well as 3 years after the retirement of an edition related to the certification of Health IT Module(s). The circumstances are the same as in section V.B.1 of this preamble mentioned above, therefore, we propose the same revisions for ONC-ATLs as we did for ONC-ACBs.
ONC believes health IT should help promote and support patient care when and where it is needed. This means health IT should help support patient populations, specialized care, transitions of care, and practice settings across the care continuum. In the Permanent Certification Program final rule, we clarified that section 3001(c)(5) of the PHSA provides the National Coordinator with the authority to establish a voluntary certification program or programs for other types of health IT beyond those which supported the EHR Incentive Programs (now called the Promoting Interoperability Programs). However, we decided that the initial focus of the Program should be on supporting the EHR Incentive Programs, which focuses on EHR technology for the ambulatory and inpatient settings (76 FR 1294). As the Program evolved and the adoption and use of certified health IT increased significantly, we modified the Program in the 2015 Edition final rule to make it more open and accessible to more types of health IT, including health IT that supports various care and practice settings beyond those included in the EHR Incentive Programs (80 FR 62604). Our goal was then and is now to support the advancement of interoperable health IT and to promote health IT functionality in care and practice settings across the care continuum (
ONC's efforts in the 2015 Edition to make the Program more open and accessible to other care settings also aligned with fall 2013 recommendations from the HIT Policy Committee (HITPC). The HITPC examined the extension of the Program to include functionalities that would benefit settings not covered by the EHR Incentive Programs. The HITPC recommended that considerations regarding functionality should focus on whether the functionality would:
Taking into consideration the HITPC recommendations, ONC's 2015 Edition focused on the adoption of certification criteria that are standards-based, applicable to a wide variety of care and practice settings, and that advance the structured recording, access, exchange, and use of health information. ONC has also encouraged users—including specialty groups—to continue to work with developers to innovate, develop, and deploy health IT in specific clinical settings in ways that promote safety, effectiveness, and efficient health care delivery while also reducing burden.
In the 2015 Edition final rule we stated that we did not intend to develop and issue separate regulatory certification “paths” or “tracks” for particular care or practice settings (
Since the publication of the 2015 Edition final rule, ONC has explored how we might work with the industry and with specialty organizations to collaboratively advance health IT that supports medical specialties and sites of service. As a result, we have gained insight from stakeholders regarding the burdens associated with establishing a specific set of required certification criteria for all users—which may include capabilities not applicable to certain settings of care or specialties. Stakeholders have also noted that the adoption of a set of required criteria without also enabling and incentivizing innovation beyond those criteria may have the unintended consequence of stifling progress for that setting. Stakeholders noted that the timeline for testing and certifying to required criteria and the subsequent deployment of certification criteria in practice settings is not always aligned with standards updates, the emergence of new standards, or technological innovation. Finally, stakeholders have urged ONC to leverage multiple means to advance interoperability standards that are widely applicable, to enable and promote innovation that is supported by these standards, and—in collaboration with stakeholders to monitor and support developments in emerging standards and technologies for specialty use cases.
Section 4001(b)(i) of the Cures Act instructs the National Coordinator to encourage, keep, or recognize, through existing authorities, the voluntary certification of health IT under the Program for use in medical specialties and sites of service for which no such technology is available or where more technological advancement or integration is needed. This provision of the Cures Act closely aligns with ONC's ongoing collaborative efforts with both federal partners and stakeholders within the health care and health IT community to encourage and support the advancement of health IT for a wide
• First, ONC analyzes existing certification criteria to identify how such criteria may be applicable for medical specialties and sites of service.
• Second, ONC focuses on the real-time evaluation of existing and emerging standards to determine applicability to medical specialties and sites of service as well as to the broader care continuum, including the evaluation of such standards for inclusion in the ONC Interoperability Standards Advisory (ISA).
• Third, ONC may work in collaboration with stakeholders to support the development of informational resources for medical specialties and sites of service for which ONC identifies a need to advance the effective implementation of certified health IT.
We believe this approach provides an economical, flexible, and responsive option for both health care providers and the health IT industry, which is also in alignment with the provisions of the Cures Act related to burden reduction and promoting interoperability. We are committed to continuing to work with stakeholders in this manner to encourage and advance the adoption of health IT to support medical specialties and sites of service, and to help ensure that providers have the tools they need to support patients at the point of care and that essential patient health information is available across a care settings.
This section outlines our approach to implement Section 4001(b) of the Cures Act, which requires that the Secretary make recommendations for the voluntary certification of health IT for use by pediatric health providers and to adopt certification criteria to support the voluntary certification of health IT for use by pediatric health providers to support the health care of children. To be clear, and consistent with past practice, we do not recommend or propose a “pediatric-specific track or program” under the ONC Health IT Certification Program. This proposed rule outlines the certification criteria adopted in the 2015 Edition which we believe support the certification of health IT for pediatric care. Finally, it identifies the new and revised criteria proposed in this rule which we believe further support the voluntary certification of health IT for pediatric care. We have included in the appendix of this proposed rule a set of technical worksheets that can help inform your comments on the recommendations, the new and revised criteria in the Program that would also support pediatric care settings, and the overall approach we have herein described. These worksheets outline the following information:
• The alignment of each recommendation to the Children's Model EHR Format
• The alignment of each recommendation to the 2015 Edition certification criteria and new or revised criteria described in this proposed rule (see also section VI.A.2.a and b).
• Potential supplemental items from the Children's Model EHR Format identified by ONC which relate to the primary recommendation and the related certification criteria.
We invite readers to use these worksheets to inform public comment on the recommendations and criteria described in Section VI.A.2 specifically as they relate to pediatric health care use cases. The comments received on these technical worksheets through this proposed rule will be used to inform the final recommendations for voluntary certification of health IT criteria for use in pediatric care. Furthermore, these comments, and the detailed insights received through stakeholder outreach, may inform the future development of a non-binding informational guide or resource to provide useful information for health IT developers and pediatric care providers seeking to successfully implement these health IT solutions in a clinical setting.
Section 4001(b)(iii) of the Cures Act—“Health information technology for pediatrics” requires that:
• First, that the Secretary, in consultation with relevant stakeholders, shall make recommendations for the voluntary certification of health IT for use by pediatric health providers to support the health care of children, and
• Second, that the Secretary shall adopt certification criteria to support the voluntary certification of health IT for use by pediatric health providers to support the health care of children.
In this proposed rule, we describe our approach to stakeholder engagement, the analysis used to develop the recommendations, and the specific certification criteria we believe can support each recommendation.
Over the past ten years, a number of initiatives have focused on the availability and use of effective health IT tools and resources for pediatric care. These have included a number of public-private partnerships including efforts between HHS, state agencies, and health systems for innovative projects that range from care coordination enterprise solutions to immunization information systems and to point of care solutions for specialty needs. In order to learn from and build upon these efforts, ONC has engaged with stakeholders in both the public and private sector including other federal, state and local government partners, health care providers engaged in the care of children, standards development organizations, charitable foundations engaged in children's health care research, and health IT developers supporting pediatric care settings.
For example, significant work has been done by the Agency for Healthcare Research and Quality (AHRQ), CMS, the Health Resources and Services Administration (HRSA), and organizations around the Children's Model EHR Format (Children's Format), which is critical to any discussion of the pediatric health IT landscape.
In the summer of 2017, the American Academy of Pediatrics (AAP) reviewed the 2015 Format using a robust analytical process and engagement with their members. The result was a prioritized list of eight clinical priorities to support pediatric health care (“Priority List”). In October 2017, ONC held a technical discussion with stakeholders titled “Health IT for Pediatrics” with the specific purpose of obtaining input from an array of stakeholders in an effort to draw correlations between the pediatric providers' clinical priorities identified in the Priority List with the detailed technical requirements outlined in the Children's Format and the capabilities and standards that could be included in certified health IT. Through this collaborative approach, the meeting participants identified a set of priority needs for health IT to support pediatric care based upon those identified by the Priority List and the primary correlation to the Children's Format.
To support the first part of Section 4001(b) of the Cures Act, ONC considered the historical efforts on the Children's Model EHR Format, the input from stakeholders, and our own technical analysis and review of health IT capabilities and standards to develop a set of recommendations for voluntary certification for health IT for pediatric care. These include eight recommendations related to the Priority List:
•
•
•
•
•
•
•
•
We also developed two additional recommendations beyond the Priority List which relate to other items within the Children's Format that are considered important to pediatric stakeholders. These additional recommendations, which we believe may be supported by certified health IT, are as follows:
•
•
In order to implement the second part of Section 4001(b) of the Cures Act for the adoption of certification criteria to support the voluntary certification of health IT for use by pediatric health care providers, we have identified both the 2015 Edition certification criteria and the new or revised criteria in this proposed rule that we believe support these 10 recommendations for health IT for pediatric care and sites of service. We direct readers to the appendix of this proposed rule for a set of technical worksheets which include a cross-walk of the various criteria specifically associated with each recommendation. These worksheets outline the following information:
• The alignment of each recommendation to the primary Children's Format
• The alignment of each recommendation to the 2015 Edition certification criteria and new or revised criteria described in this proposed rule.
• Supplemental items from the Children's Format for each recommendation and the related certification criteria.
We invite readers to use these worksheets to inform public comment on the recommendations, the inclusion of specific items from the Children's Format, and the identified certification criteria as they relate specifically to use cases for pediatric care and sites of service. We also seek comment on the following:
1. Relevant gaps, barriers, safety concerns, and resources (including available best practices, activities, and tools) that may impact or support feasibility of the recommendation in practice.
2. Effective use of health IT itself in support of each recommendation as involves provider training, establishing workflow, and other related safety and usability considerations.
3. If any of the 10 recommendations should not be included in ONC's final recommendations for voluntary certification of health IT for pediatric care.
4. Any certification criteria from the Program that is identified for the 10 recommendations that should not be included to support the specific recommendation.
As stated in the worksheets located in the appendix, commenters are encouraged to reference the specific “recommendation number” (1-10) with the corresponding technical worksheet question number in their response. For example, “Recommendation 1—Question 3”.
In order to implement the second part of Section 4001(b) of the Cures Act to adopt certification criteria to support the voluntary certification of health IT for use by pediatric health providers to support the health care of children, we identified the following 2015 Edition certification criteria that support the recommendations. Within the technical worksheets in the appendix of this proposed rule, these criteria are noted under each recommendation to which they are correlated. The 2015 Edition criteria are as follows:
• “API functionality” criteria (§ 170.315(g)(7)-(g)(9)) which addresses many of the challenges currently faced by patients and by caregivers such as parents or guardians accessing child's health information, including the “multiple portal” problem, by potentially allowing individuals to aggregate health information from multiple sources in a web or mobile application of their choice.
• “Care plan” criterion (§ 170.315(b)(9)) which supports
• “Clinical decision support” (CDS) criterion (§ 170.315(a)(9)) which supports pediatric care by enabling interventions based on the capture of biometric data.
• “Common Clinical Data Set” (adopted in (§ 170.315(b)(4) and § 170.315(b)(5)) which includes
• “Data segmentation for privacy” send criterion and receive criterion (adopted in § 170.315(b)(7) and § 170.315(b)(8)) which provides the ability to: Create a summary record that is tagged at the document level as restricted and subject to re-disclosure; receive a summary record that is document-level tagged as restricted; separate the document-level tagged document from other documents received; and, view the restricted document without having to incorporate any of the data from the document.
• “Demographics” criterion (§ 170.315(a)(5)) which supports pediatric care through the capture of values and value sets relevant for the pediatric health care setting as well as allowing for improved patient matching which is a key challenge for pediatric care.
• “Electronic Prescribing” criterion (adopted in § 170.315(b)(3)) which includes an
• “Family health history” criterion (§ 170.315(a)(12)) which supports pediatric care because it leverages concepts or expressions for familial conditions, which are especially clinically relevant when caring for children.
• “Patient health information capture” criterion (§ 170.315(e)(3)) which supports providers' ability to accept health information from a patient or authorized representative. This criterion could support pediatric care through documentation of decision-making authority of a patient representative.
• “Social, psychological, and behavioral data” criterion § 170.315(a)(15) which supports integration of behavioral health data into a child's record across the care continuum by enabling a user to record, change, and access a patient's social, psychological, and behavioral data based using SNOMED CT® and LOINC® codes.
• “Transitions of care” criterion (§ 170.315(b)(1)) which supports structured transition of care summaries and referral summaries that help ensure the coordination and continuity of health care as children transfer between different clinicians at different health care organizations or different levels of care within the same health care organization;
• “Transmission to immunization registries” criterion (§ 170.315(f)(1)) which supports the safe and effective provision of child health care through immunizations and registry linkages. This criterion also provides the ability to request, access, and display the evaluated immunization history and forecast from an immunization registry for a patient. Immunization forecasting recommendations allow for providers to access the most complete and up-to-date information on a patient's immunization history to inform discussions about what vaccines a patient may need based on nationally recommended immunization recommendations (80 FR 62662-62664).
• “View, download, and transmit to 3rd party” (VDT) criterion (§ 170.315(e)(1)) which supports transferrable access authority for the pediatric health care setting and provides the ability for patients (and their authorized representatives)
We note that some of these criteria may be updated based on proposals contained in this proposed rule; however, we believe that prior to any such updates, technology that is currently available and certified to these 2015 Edition criteria can make a significant impact in supporting providers engaged in the health care of children. We invite readers to use the technical worksheets in the appendix to this proposed rule to inform their public comment on the recommendations, the inclusion of specific items from the Children's Format, and the identified 2015 Edition certification criteria as they relate specifically to use cases for pediatric care and sites of service.
In order to implement the second part of Section 4001(b)(iii) of the Cures Act to adopt certification criteria to support the voluntary certification of health information technology for use by pediatric health providers to support the health care of children, we identified new or revised certification criteria in this proposed rule that support the recommendations. These new or revised criteria and standards in this proposed rule that would support pediatric settings include:
• New API criterion (§ 170.315(g)(10)) which would serve to implement the Cures Act requirement to permit health information to be accessed, exchanged, and used from APIs without special effort (see section IV.B.5 of this proposed rule).
• New “DS4P” criteria (two for C-CDA ((§ 170.315(b)(12)) and (§ 170.315(b)(13)) and one for FHIR (§ 170.315(g)(11))) that would support a more granular approach to privacy tagging data for health information exchange supported by either the C-CDA- or FHIR-based exchange standards (see section VI.A for a discussion of this criteria in relation to pediatric settings and section VI.B for discussion of these criteria in relation to Opioid Use Disorder).
• New electronic prescribing certification criterion (§ 170.315(b)(11)), which would supports improved patient safety and prescription accuracy, workflow efficiencies, and increased configurability of systems including functionality that could support pediatric medication management.
• USCDI (§ 170.213) which enables the inclusion of pediatric vital sign data elements, including the reference range/scale or growth curve for BMI percentile per age and sex, weight for age per length and sex, and head occipital-frontal circumference (and the criteria that include the USCDI).
Each of these proposed criteria are further described in other sections of this proposed rule; however, in this section of this proposed rule we specifically seek comment on the application of these criteria to pediatric use cases in support of our recommendations for the voluntary certification of health IT for pediatric care.
For example, our proposal for three new 2015 Edition DS4P certification criteria (two for C-CDA ((§ 170.315(b)(12)) and (§ 170.315(b)(13)) and one for FHIR (§ 170.315(g)(11))) could provide functionality to address the concerns of multiple stakeholders in a range of specialty use cases—including pediatric care settings. In this section of this proposed rule, we seek comment specifically related to the inclusion of these criteria in our recommendations. Specifically, stakeholders have expressed the need to—based on the intended recipient of the data—to restrict granular pediatric health data at production. We believe these criteria could, for example, help enable providers to:
• Limit the sharing of reproductive and sexual health data from an EHR in order to protect the minor's privacy;
• Prevent disclosure of an emancipated minor's sensitive health information, while also permitting a parent or legal guardian to provide consent for treatment; and
• Segment child abuse information based on jurisdictional laws, which may have varying information sharing requirements for parents, guardians, and/or other possible legal representatives.
While health care providers should already have processes and workflows in place to address their existing compliance obligations, we recognize that more granular privacy markings at the point of data capture would further support existing and future priorities of pediatric health providers, as well as for multiple medical specialties and sites of service. We also recognize that such point of data capture markings can reduce administrative burden through efficiencies gained in streamlined compliance workflows.
We invite readers to use the technical worksheets in the appendix of this proposed rule to support public comment on the recommendations, the inclusion of specific items from the Children's Format, and the identified proposed new or revised certification criteria as they relate specifically to use cases for pediatric care and sites of service.
However, as discussed, through our experience and engagement with health care providers and health IT developers, we believe that in some cases information resources can aid in implementation in clinical settings. In the past, ONC has worked collaboratively with federal partners, health IT developers, and the health care community to support the development of non-regulatory informational resources that can provide additional support for health IT implementation (see, for example, the ONC Patient Engagement Playbook). Such a resource could include the recommendations and certification criteria here identified and synthesize these technical recommendations with information outside of the Program related to patient safety, usability, privacy and security, and other key considerations for successful implementation of a health IT system within a clinical setting. We believe that the creation of such a resource, in collaboration with clinical and technical stakeholders, would help support the advancement of health IT solutions for use in pediatric care and pediatric settings. We further include additional information on prior ONC initiatives related to health IT for pediatric settings as available on our website at
We have identified a need to explore ways to advance health IT across the care continuum to support efforts to fight the opioid epidemic. To that purpose, we seek comment in this proposed rule on a series of questions related to health IT functionalities and standards to support the effective prevention and treatment of opioid use disorder (OUD) across patient populations and care settings.
We recognize the significance of the opioid epidemic confronting our nation and the importance of helping to support health care providers committed to preventing inappropriate access to prescription opioids and providing safe, appropriate treatment.
HHS has a comprehensive strategy to combat the opioid crisis. It consists of five points that are focused on better: Addiction prevention, treatment, and recovery services; data; pain management; targeting of overdose reversing drugs; and research.
We believe health IT offers promising strategies to help medical specialties and sites of service as they combat opioid use disorder (OUD). For example, health IT has the potential to improve adherence to opioid prescribing guidelines and physician adherence to treatment protocols, to increase the safety of prescribing for controlled substances, to enhance clinician access to PDMPs, and to expand access to addiction treatment and recovery support services. Additionally, through the Program, our goal continues to be to improve access to data from disparate sources and help ensure that key data is consistently available to the right person, at the right place, and at the right time across the care continuum. One component of advancing that goal is through technical standards for exchanging health information that form an essential foundation for interoperability.
ONC has heard from stakeholders including policymakers, implementers, health care providers and patient advocacy groups that additional information is needed to assist in planning for the effective use of health IT in OUD prevention and treatment. We additionally recognize stakeholders' interest in the new opioid measures (Query of PDMP measure and Verify Opioid Treatment Agreement measure) included in CMS's Promoting Interoperability Programs (formerly known as the Medicare and Medicaid EHR Incentive Programs). These two measures support HHS initiatives related to the treatment of opioid and substance use disorders by helping health care providers avoid inappropriate prescriptions, improve coordination of prescribing amongst health care providers, and focus on the advanced use of certified health IT in care coordination for OUD prevention and treatment (83 FR 41644).
In order to support these efforts, in this proposed rule we outline a brief overview of some key areas of health IT implementation that could support OUD prevention and treatment. These include consideration of current health IT certification criteria included in the 2015 Edition, revised or new certification criteria as outlined in this proposed rule, and current health IT initiatives underway in the health care industry or health IT industry which intersect with ONC policy goals. In this section of the proposed rule, we request public comment specifically from the perspective of how our existing Program
We seek public comment on how the existing 2015 Edition certification criteria as well as proposals within this proposed rule for revised or new criteria support OUD prevention and treatment. Specifically, we seek comment on certification criteria previously adopted in the 2015 Edition that can support clinical priorities, advance interoperability for OUD (including care coordination and the effective use of health IT for the treatment and prevention of OUD). In this proposed rule, we summarize some of these 2015 Edition certification criteria identified and indicate how they support care coordination, the prevention of OUD and overdose, and the detection of opioid misuse, abuse, and diversion.
We have also below identified the proposals for revised or new 2015 Edition criteria within this proposed rule that we believe can support clinical priorities, advance interoperability for OUD (including care coordination and also the effective use of health IT for the treatment and prevention of OUD). We welcome input from stakeholders specifically on these criteria within the context of OUD prevention and treatment, as well as input on the identification of other criteria included either in the 2015 Edition and/or that are proposed in other parts of this rule that may be considered a clinical and interoperability priority for supporting OUD treatment and prevention.
We have identified several 2015 Edition certification criteria available now for certification in the Program which could support care coordination and the prevention and detection of opioid misuse, abuse, and diversion. They are:
• The “transitions of care” criterion (§ 170.315(b)(1)) supports structured transition of care summaries and referral summaries that help ensure the coordination and continuity of health care as patients transfer between different clinicians at different health care organizations or different levels of care within the same health care organization. This criteria supports the ability to transmit a summary care record to support an individual with OUD upon discharge from an inpatient setting or from a primary care provider to another setting for their care.
• The “clinical information reconciliation and incorporation” criterion (§ 170.315(b)(2)) allows clinicians to reconcile and incorporate patient health information sent from external sources to maintain a more accurate and up-to-date patient record. This process could help—for example—reduce opioid related errors regarding patients who use multiple pharmacies, have co-morbidity factors, and visit multiple clinicians.
• The “electronic prescribing” criterion (§ 170.315(b)(3)) provides a way to write and transmit prescription information electronically. This criterion facilitates appropriate opioid prescribing by simplifying the review of prescription information during follow-up visits or transitions to other clinicians, by allowing prescribers to communicate prescription-related messages to pharmacies electronically and by capturing and transmitting medication histories that are shared with PDMPs. In this proposed rule, we propose to update the existing electronic prescribing certification criterion as described in section IV.B.2 of this proposed rule.
• The “patient health information capture” (§ 170.315(e)(3)) allows clinicians to incorporate unstructured patient generated health data or data from a non-clinical setting into a patient record. The CMS Promoting Interoperability Programs for eligible hospitals includes a new optional measure which is focused on verifying the existence of a signed Opioid Treatment Agreement for certain patients when a controlled substance is prescribed and incorporating it into the record. In the Hospital Inpatient Prospective Payment Systems final rule, CMS recognized this certification criterion's potential to support this goal within a certified health IT system (83 FR 41654).
• The “social, psychological, and behavioral data” criterion (§ 170.315(a)(15)) can help to provide a more complete view of a patient's overall health status. This is important to help provide a “whole-patient” approach to the treatment of substance use disorders included as part of Medicated-Assisted Treatment (MAT) that involves the use of FDA-approved medications, in combination with counseling and behavioral therapies, to treat individuals recovering from OUD. This data can help to improve care coordination and lead to the identification of appropriate social supports and community resources.
We seek comment on how these criteria and what additional 2015 Edition certification criteria may be considered a clinical and interoperability priority for supporting OUD treatment and prevention. We also seek comment on the value of developing a potential future non- binding informational guide or resource to provide useful information for OUD providers and sites of service related to specific clinical priorities and use cases of focus.
This proposed rule contains additional proposals to revise or add new criteria to the Program to better support care across the continuum. We believe these criteria and standards, highlighted below, can also support treatment and prevention of OUD. We seek comment specifically on the applicability of these criteria to the OUD use case. They are:
•
In addition, because we propose to adopt the USCDI as a standard, health IT developers would be allowed to take advantage of the Maintenance of Certification requirements described in section VII.B.5 of this proposed rule. Therefore, the USCDI would have the potential to further benefit clinical priorities and interoperability for OUD, including safe and appropriate opioid prescribing, through the ability to voluntarily implement and use a new version of an adopted standard or
•
•
•
In addition to the certification criteria established in the 2015 Edition final rule and proposed in this rule, ONC is engaged in a number of health IT and standards initiatives exploring innovation and emerging standards to inform future health IT policy. In some cases, these efforts may not be mature enough or best suited for adoption in the Program; however, we seek comment on the potential consideration of these initiatives for future direction of ONC policy.
•
•
In addition to commenting on the criteria noted in this section, we also encourage stakeholders to participate in the ISA process.
Additionally, through the ISA process, stakeholders are encouraged to comment on the outlined standards and implementation specifications, as ONC updates the ISA regularly. ONC has developed and has plans to develop further ISA content to highlight standards and implementation specifications that support the prevention and treatment of OUD/substance use disorder (SUD). For example, the NCPDP SCRIPT standard allows a prescriber to request a patient's medication history from a state PDMP via the RxHistoryRequest and RxHistoryResponse. ONC is also working to enhance the ISA to make it easier for stakeholders to find standards and implementation specifications related to high-priority use cases, such as OUD/SUD. The ISA has a comment process that occurs each year
We further seek comment on effective approaches for the successful dissemination and adoption of standards including the NCPDP SCRIPT 2017071 standard (see section IV.B.2) that can support the exchange of PDMP data for integration into EHRs and also enable further adoption and use of Electronic Prescribing of Controlled Substances (EPCS). Regarding integration of health IT with PDMPs and EPCS, we believe there are real and perceived challenges and opportunities that involve policy and technical components. As we explore these issues in collaboration with industry and stakeholders, we seek comment on the priority challenges and opportunities for these topics and on any technical and policy distinctions, as appropriate.
We also note that there are many federal initiatives separate from ONC proposed rulemaking and the Program that exist within HHS programs including, but not limited to, CMS Medicaid and Medicare programs. For example, Medicare now provides separate payment for psychiatric collaborative care model/behavioral health integration and chronic care management services (see 81 FR 80233, and 80247), and Medicaid issued guidance on leveraging technology to address the opioid crisis at enhanced funding matches
In addition, CMS sought comment for consideration through separate rulemaking in both the 2019 Physician Fee Schedule proposed rule (83 FR 35923) and Hospital Inpatient Prospective Payment Systems proposed rule (83 FR 20528) regarding whether they should adopt the NCPDP SCRIPT 2017071 standard to facilitate future reporting of the proposed Query of PDMP quality measure. As noted in the Hospital Inpatient Prospective Payment Systems final rule, a few commenters supported the use of NCPDP Script Standard Implementation Guide Version 2017071 medication history transactions for PDMP queries and response. Additionally, CMS encourages advances in standards and their use to deliver innovative, interoperable solutions that will seamlessly integrate PDMP query functionality into clinician-friendly, patient- centered CEHRT-enabled workflows that facilitate safer, more informed prescribing practices and improved patient outcomes (83 FR 41651).
We seek comment on how successful implementation of health IT that supports OUD can aid in the achievement of national and programmatic goals, especially where they may align with initiatives across HHS and with stakeholder and industry led efforts.
Finally, we seek comment on a topic that involves health IT for both pediatric care and OUD prevention and treatment—Neonatal Abstinence Syndrome (or NAS). In its September 2018 report,
Immediate newborn NAS signs include neurological excitability, gastrointestinal dysfunction, and autonomic dysfunction. Newborns with NAS are more likely than other babies to have low birthweight and respiratory complications. ONC believes the pediatric clinical health IT recommendations proposed in this rule (including Priority 8, which includes the linkage of health data in records of the mother and newborn) are important for supporting newborns at birth and as they grow and receive care in various settings. As such, we invite comment on:
• The effective use of health IT itself in support of the NAS use case as involves provider training, establishing
• Existing and potential tools, such as decision support or clinical quality measurement, for supporting children with NAS and on the specific data elements related to the care of these children and use of these tools in practice.
• Identification of any related criteria and the respective corresponding proposed pediatric recommendation for the voluntary certification of health IT for use in pediatric care that supports the NAS use case including but not limited to recommendation number 8 noted above.
We welcome public comment on these health IT policies, functionalities and standards to support providers engaged in the treatment and prevention of OUD.
Section 4002 of the Cures Act requires the Secretary of HHS, through notice and comment rulemaking, to establish Conditions and Maintenance of Certification requirements for the Program. Specifically, health IT developers or entities must adhere to certain Conditions and Maintenance of Certification requirements concerning information blocking; appropriate exchange, access, and use of electronic health information; communications regarding health IT; application programming interfaces (APIs); real world testing for interoperability; attestations regarding certain Conditions and Maintenance of Certification requirements; and submission of reporting criteria under the EHR reporting program.
To implement Section 4002 of the Cures Act, we propose an approach whereby the Conditions and Maintenance of Certification express both initial requirements for health IT developers and their certified Health IT Module(s) as well as ongoing requirements that must be met by both health IT developers and their certified Health IT Module(s) under the Program. If these requirements are not met, then the health IT developer may no longer be able to participate in the Program and/or its certified health IT may have its certification terminated. We propose to implement each Cures Act Condition of Certification with further specificity as it applies to the Program. We also propose to establish the Maintenance of Certification requirements for each Condition of Certification as standalone requirements. This approach would establish clear baseline technical and behavior Conditions of Certification requirements with evidence that the Conditions of Certification are continually being met through the Maintenance of Certification requirements.
The Cures Act requires that a health IT developer, as a Condition and Maintenance of Certification under the Program, not take any action that constitutes “information blocking” as defined in section 3022(a) of the PHSA (see 3001(c)(5)(D)(i) of the PHSA). We propose to establish this information blocking Condition of Certification in § 170.401. The Condition of Certification prohibits any health IT developer under the Program from taking any action that constitutes information blocking as defined by section 3022(a) of the PHSA and proposed in § 171.103.
We clarify that this proposed “information blocking” Condition of Certification and its requirements would be substantive requirements of the Program and would use the definition of “information blocking” established by section 3022(a) of the PHSA and as also proposed in § 171.103, as it relates to health IT developers of certified health IT. In addition to ONC's statutory authority for this Condition of Certification, the HHS Office of the Inspector General (OIG) has both investigatory and enforcement authority over information blocking and may issue civil money penalties for information blocking conducted by health IT developers of certified health IT, health information networks and health information exchanges. OIG may also investigate health care providers for information blocking for which health care providers could be subject to disincentives.
We refer readers to section VII.D of this proposed rule for additional discussion of ONC's enforcement of this and other proposed Conditions and Maintenance of Certification requirements. We also refer readers to section VIII of this proposed rule for our proposals to implement the information blocking provisions of the Cures Act, including proposed § 171.103.
We do not, at this time, propose any associated Maintenance of Certification requirements for this Condition of Certification.
The Cures Act requires that a health IT developer, as a Condition and Maintenance of Certification under the Program, provide assurances to the Secretary, unless for legitimate purposes specified by the Secretary, that it will not take any action that constitutes information blocking as defined in section 3022(a) of the PHSA, or any other action that may inhibit the appropriate exchange, access, and use of electronic health information (EHI). We propose to implement this Condition of Certification and accompanying Maintenance of Certification requirements in § 170.402. As a Condition of Certification requirement, a health IT developer must comply with the Condition as recited here and in the Cures Act. We refer readers to section VIII of this proposed rule for the proposed reasonable and necessary activities specified by the Secretary, which constitute the exceptions to the information blocking definition.
We also propose to establish more specific Conditions and Maintenance of Certification requirements for a health IT developer to provide assurances that it does not take any action that may inhibit the appropriate exchange, access, and use of EHI. These proposed requirements serve to provide further clarity under the Program as to how health IT developers can provide such broad assurances with more specific actions.
We propose, as a Condition of Certification, that a health IT developer must ensure that its health IT certified under the ONC Health IT Certification Program (Program) conforms to the full scope of the certification criteria to which its health IT is certified. This has always been an expectation of ONC and users of certified health IT and, importantly, a requirement of the Program. We believe, however, that by incorporating this expectation and requirement as a Condition of Certification under the Program, there would be assurances, and documentation via the “Attestations” Condition and Maintenance of Certification requirements proposed in § 170.406, that all health IT developers fully understand their responsibilities under the Program, including not to take any action with their certified health IT that may inhibit the appropriate exchange, access, and use of EHI. To this point, certification criteria are designed and issued so that certified health IT can support interoperability and the appropriate exchange, access, and use of electronic health information.
We propose that, as a complementary Condition of Certification, health IT developers of certified health IT must provide an assurance that they have made certified capabilities available in ways that enable them to be implemented and used in production environments for their intended purposes. More specifically, developers would be prohibited from taking any action that could interfere with a user's ability to access or use certified capabilities for any purpose within the scope of the technology's certification. Such actions may inhibit the appropriate access, exchange, or use of EHI and are therefore contrary to this proposed Condition of Certification and the statutory provision that it implements. While such actions are already prohibited under the Program (80 FR 62711), making these existing requirements explicit would ensure that health IT developers are required to attest to them on a regular basis pursuant to the Condition of Certification proposed in § 170.406, which will in turn provide additional assurances to the Secretary that developers of certified health IT support and do not inhibit appropriate access, exchange, or use of EHI.
By way of example, actions that would violate this aspect of the proposed Condition include failing to fully deploy or enable certified capabilities; imposing limitations (including restrictions) on the use of certified capabilities once deployed; or requiring subsequent developer assistance to enable the use of certified capabilities, contrary to the intended uses and outcomes of those capabilities (
We propose, as a Condition of Certification requirement, that a health IT developer that produces and electronically manages EHI must certify health IT to the 2015 Edition “electronic health information export” certification criterion in § 170.315(b)(10). We discuss the proposed “electronic health information (EHI) export” criterion in section IV.B.4 of this proposed rule. Further, as a Maintenance of Certification requirement, we propose that a health IT developer that produces and electronically manages EHI must provide all of its customers of certified health IT with health IT certified to the functionality included in § 170.315(b)(10) within 24 months of a subsequent final rule's effective date or within 12 months of certification for a health IT developer that never previously certified health IT to the 2015 Edition, whichever is longer. Consistent with these proposals, we also propose to amend § 170.550 to require that ONC-ACBs certify health IT to the proposed 2015 Edition “EHI export” when the health IT developer of the health IT presented for certification produces and electronically manages EHI.
As discussed in section IV.C.1 of this proposed rule, the availability of the capabilities in the proposed 2015 Edition “EHI export” certification criterion to providers and patients would promote access, exchange, and use of EHI to facilitate health care providers in switching practices and health IT systems and patients' electronic access to all their health information stored by a provider. As such, health IT developers with health IT certified to the proposed 2015 Edition “EHI export” certification criterion that is made available to its customers provides assurances that the developer is not taking actions that constitute information blocking or any other action that may inhibit the appropriate exchange, access, and use of EHI.
We propose that, as a Maintenance of Certification requirement, a health IT developer must, for a period of 10 years beginning from the date of certification, retain all records and information necessary that demonstrate initial and ongoing compliance with the requirements of the ONC Health IT Certification Program. In other words, records and information should be retained starting from the date a developer first certifies health IT under the Program and applies separately to each unique Health IT Module (or Complete EHR, as applicable) certified under the Program. This retention of records is necessary to verify health IT developer compliance with Program requirements, including certification criteria and Conditions of Certification. We believe that 10 years is an appropriate period of time given that many users of certified health IT participate in various CMS programs, as well as other programs, that require similar periods of records retention. We also refer readers to section VII.D.3.c of this preamble for additional discussion of records access to information necessary to enforce the Conditions and Maintenance of Certification.
In an effort to reduce administrative burden, we also propose, that in situations where applicable certification criteria are removed from the Code of Federal Regulations before the 10 years have expired, records must only be kept for 3 years from the date of removal for those certification criteria and related Program provisions unless that timeframe would exceed the overall 10-year retention period. This “3-year from the date of removal” records retention period also aligns with the records retention requirements for ONC-ACBs and ONC-ATLs under the Program.
We encourage comment on these proposals and whether the proposed requirements can provide adequate assurances that certified health IT developers are demonstrating initial and ongoing compliance with the requirements of the Program; and thereby ensuring that certified health IT can support interoperability, and appropriate exchange, access, and use of EHI.
The Cures Act added section 3001(c)(9) to the PHSA, which requires the National Coordinator to work with stakeholders with the goal of developing or supporting a Trusted Exchange Framework and a Common Agreement (collectively, “TEFCA”) for the purpose of ensuring full network-to-network exchange of health information. Section 3001(c)(9)(B) outlines a process for establishing a TEFCA between health information networks (HINs)—including provisions for the National Coordinator, in collaboration with the NIST, to provide technical assistance on implementation and pilot testing of the TEFCA. In accordance with section 3001(c)(9)(C), the National Coordinator shall publish the TEFCA on its website and in the
We have identified health IT developers that certify health IT to the criteria above because the capabilities included in the criteria support access and exchange of EHI. Therefore, we believe such health IT developers, as opposed to a health IT developer that only supports clinical decision support (§ 170.315(a)(9)) with its certified health IT, would be best suited to participate in the Trusted Exchange Framework and adhere to the Common Agreement. Similarly, we believe that many such health IT developers with the identified certified health IT would be in position, and requested by customers, to provide connection services to HINs. When such criteria are met (certified to the identified criteria above and actually providing connection services), participation in the Trusted Exchange Framework and adherence to the Common Agreement are consistent with this Condition and Maintenance of Certification as specified by the Cures Act, the intent of Congress to establish widespread interoperability and exchange of health information without information blocking, and supports ONC's responsibility, as established by the HITECH Act, to develop and support a nationwide health IT infrastructure that allows for the electronic use and exchange of information. More specifically, by participating in the Trusted Exchange Framework and adhering to the Common Agreement, these health IT developers provide assurances that they are not taking actions that constitute information blocking or any other action that may inhibit the appropriate exchange, access, and use of EHI. For more information on the Trusted Exchange Framework and Common Agreement, please visit:
In consideration of this request for comment, we welcome comment on the certification criteria we have identified as the basis for health IT developer participation in the Trusted Exchange Framework and adherence to the Common Agreement, other certification criteria that would serve as a basis for health IT developer participation in the Trusted Exchange Framework and adherence to the Common Agreement, and whether the current structure of the Trusted Exchange Framework and Common Agreement are conducive to health IT developer participation and in what manner.
The Cures Act requires that a health IT developer, as a Condition and Maintenance of Certification under the Program, does not prohibit or restrict communication regarding the following subjects:
• The usability of the health information technology;
• The interoperability of the health information technology;
• The security of the health information technology;
• Relevant information regarding users' experiences when using the health information technology;
• The business practices of developers of health information technology related to exchanging electronic health information; and
• The manner in which a user of the health information technology has used such technology.
We propose to implement this Condition of Certification and its requirements in § 170.403. The Cures Act placed no limitations on the protection of the communications delineated above (referred to hereafter as “protected communications”). As such, we propose to broadly interpret the subject matter of communications that are protected from developer prohibition or restriction as well as the conduct of developers that implicate the protection afforded to communications by this Condition of Certification and discuss this proposed approach in detail below. While we propose to implement a broad general prohibition against developers imposing prohibitions and restrictions on protected communications, we also recognize that there are circumstances where it is both legitimate and reasonable for developers to limit the sharing of information about their products. As such, we propose to allow developers to impose prohibitions or restrictions on protected communications in certain narrowly defined circumstances. In order for a prohibition or restriction on a protected communication to be permitted, we propose that it must pass a two-part test. First, the communication that is being prohibited or restricted must not fall within a class of communication about which no restriction or prohibition would ever be legitimate or reasonable—such as communications required by law, made to a government agency, or made to a defined category of safety organizations—and which we refer to hereafter as “communications with unqualified protection.” Second, to be permitted, a developer's prohibition or restriction must also fall within a prescribed category of circumstances for which we propose it is both legitimate and reasonable for a developer to limit the sharing of information about its products. This would be because of the nature of the relationship between the developer and the communicator or because of the nature of the information that is, or could be, the subject of the communication (referred to hereafter as “permitted prohibitions and restrictions”). A restriction or prohibition that does not satisfy this two-part test will contravene this Condition of Certification. As discussed in more detail below, we propose that this two-part test strikes a reasonable balance between the need to promote open communication about health IT and related business practices, and the need to protect the legitimate interests of health IT developers and other entities.
This Condition of Certification addresses industry practices that severely limit the ability and willingness of health IT customers, users, researchers, and other stakeholders who use and work with health IT to openly discuss and share their experiences and other relevant information about the performance of health IT, including the ability of health IT to exchange health information electronically. These practices result in a lack of transparency around health IT that can contribute to and exacerbate patient safety risks, system security vulnerabilities, and product performance issues. As discussed below, these issues have been documented and reported on over a number of years.
The challenges presented by health IT developer actions that prohibit or
Other close observers of health IT have similarly noted that broad restrictions on communications can inhibit the communication of information about errors and adverse events.
The issue of health IT developers prohibiting or restricting communications about health IT has been the subject of a series of hearings by the Senate Committee on Health, Education, Labor and Pensions (HELP Committee), starting in the spring of 2015. During several hearings, stakeholders emphasized the lack of transparency around the performance of health IT in a live environment, noting that this can undermine a competitive marketplace, hinder innovation, and prevent improvements in the safety and usability of the technology.
Prior to the HELP Committee hearings described above, the issue of developers prohibiting and restricting communications about the performance of their health IT was also addressed in House Energy and Commerce Committee hearings when committee members heard testimony and held discussions related to the Cures Act.
Developer actions that prohibit or restrict communications about health IT have also been the subject of investigative reporting.
Finally, ONC has itself been made aware of health IT developer contract language that purports to prohibit the disclosure of information about health IT, including even a customer's or user's opinions and conclusions about the performance and other aspects of the technology. Our extensive interactions with health care providers, researchers, and other stakeholders consistently indicate that such terms are not uncommon and that some developers may actively enforce them and engage in other practices to discourage communications regarding developers' health IT products and related business practices.
This proposed Condition of Certification is needed to significantly improve transparency around the functioning of health IT in the field. This will help ensure that the health IT ultimately selected and used by health care providers and others functions as expected, is less likely to have safety issues or implementation difficulties, enables greater interoperability of health information, and more fully allows users to reap the benefits of health IT utilization, including improvements in care and quality, and reductions in costs.
We propose that the protection afforded to communicators under this Condition of Certification would apply irrespective of the form or medium in which the communication is made. Developers must not prohibit or restrict communications whether written, oral, electronic or by any other method if they concern protected communications, unless permitted otherwise by this Condition of
• A post made to an online forum;
• the sharing of screenshots, subject to certain proposed restrictions on their general publication;
• an unattributed written review by a health IT user;
• a quote given by a health care executive to a journalist;
• a presentation given at a trade show;
• a social media post;
• a product review posted on a video-sharing service such as YouTube;
• the statements and conclusions made in a peer-reviewed journal; and
• private communications made between health IT customers about the health IT.
The Cures Act (and § 170.403(a)(1)) identifies a list of subject areas about which developers cannot prohibit or restrict communications. These subject areas address health IT performance and usability, health IT security, and the business practices related to exchanging EHI. For the reasons discussed below, we propose that the terms used to describe the subject areas should be construed broadly, consistent with the scope of communications that Congress specified in the Act. We encourage comment on whether the types of subject matter we identify below are adequate to protect the full range of communications contemplated by the Cures Act.
The term “usability” is not defined in the Cures Act nor in any other relevant statutory provisions. In the National Institute of Standards and Technology (NIST) Usability Initiative, NIST describes “usability” of health IT by referencing the ISO
Section 3000(9) of the PHSA, as amended by the Cures Act, provides a definition of “interoperability” that describes a type of health IT that demonstrates the necessary capabilities to be interoperable. For the purposes of this Condition of Certification, we propose that protected communications regarding the “interoperability of health IT” would include communications about whether a health IT product and associated developer business practices meet the interoperability definition described in section 3000(9) of the PHSA, including communications about aspects of the technology or developer that fall short of the expectations found in that definition. This will include communications about the interoperability capabilities of health IT and the practices of a health IT developer that may inhibit the access, exchange, or use of EHI, including information blocking.
The security of health information technology is primarily addressed under the HIPAA Security Rule,
We propose that the matters that fall within the topic of health IT security should be broadly construed to include any safeguards, whether or not required by the Security Rule, that may be implemented (or not implemented) by a developer to ensure the confidentiality,
• The approach to security adopted for the health IT at issue (
• the resilience of the health IT;
• identified security flaws in the developer's health IT; or
• the response to cyber threats or security breaches by the developer.
The phrase “user experience” is not defined in the Cures Act nor in any other relevant statutory provisions. We propose to afford these terms their ordinary meaning. To qualify as a “user experience,” the experience must be one that is had by a user of health IT. However, beyond this, we do not propose to qualify the types of experiences that would receive protection under the Condition on the basis of the “user experience” subject area. This reflects the great variety of experiences that users may have with health IT and the often subjective nature of such experiences. Thus, we believe that if the user had the experience, the experience is relevant.
To illustrate the breadth of potential user experiences that would be protected by this Condition of Certification, we propose that communications about “relevant information regarding users' experiences when using the health IT” would encompass, for example, communications and information about a person or organization's experience acquiring, implementing, using, or otherwise interacting with health IT. This includes experiences associated with the use of the health IT in the delivery of health care, together with administrative functions performed using the health IT. User experiences would also include the experiences associated with configuring and using the technology throughout implementation, training, and in practice. Further, user experiences would include patients' and consumers' user experiences with consumer apps, patient portals, and other consumer-facing technologies. To be clear, a “relevant user experience” includes any aspect of the health IT user experience that could positively or negatively impact the effectiveness or performance of the health IT.
We propose that protected communications regarding the “manner in which a user has used health IT” would encompass any information related to how the health IT has been used in practice. This subject area largely overlaps with the matters covered under the “user experience” subject area but may include additional perspectives or details beyond those experienced by a user of health IT. Types of information that would fall within this subject area include but are not limited to:
• Information about a work-around implemented to overcome an issue in the health IT;
• customizations built on top of core health IT functionality;
• the specific conditions under which a user used the health IT, such as information about constraints imposed on health IT functionality due to implementation decisions; and
• information about the ways in which health IT could not be used or did not function as was represented by the developer.
We propose that the subject matter of “developer business practices related to exchanging electronic health information” should be broadly construed to include developer policies and practices that facilitate the exchange of electronic health information, and developer policies and practices that impact the ability of health IT to exchange health information. We further propose That the exchange of electronic health information encompasses the appropriate and timely sharing of electronic health information.
We propose that protected communications include, but are not limited to:
• The costs charged by a developer for products or services that support the exchange of electronic health information (
• the timeframes and terms on which developers will or will not enable connections and facilitate exchange with other technologies, individuals, or entities, including other health IT developers, exchanges, and networks;
• the developer's approach to participation in health information exchanges and/or networks;
• the developer's licensing practices and terms as it relates to making available APIs and other aspects of its technology that enable the development and deployment of interoperable products and services; and
• the developer's approach to creating interfaces with third-party products or services, including whether connections are treated as “one off” customizations, or whether similar types of connections can be implemented at a reduced cost.
Importantly, we further propose that information regarding business practices related to exchanging electronic health information would include information about the switching costs imposed by a developer, as we are aware that the cost of switching health IT is a significant factor impacting health care providers adopting the most exchange-friendly health IT products that are available.
The terms “prohibit” and “restrict” are not defined in the Cures Act or in any other relevant statutory provisions. As discussed in detail below, communications can be prohibited or restricted through contractual terms or agreements (
The conduct in question must have some nexus to the making of a protected communication or an attempted or contemplated protected communication. That is, conduct by a developer that may be perceived as intimidating or punitive would not implicate this Condition of Certification unless that conduct was designed to directly or indirectly influence the making of a protected communication. Similarly, health IT contracts may include terms that govern the manner in which the parties conduct themselves, and those terms would not implicate this Condition of Certification unless the operative effect of a term was to restrict or prohibit a protected communication. For abundant clarity, we note that the fact that a customer's health IT product is not performing in the manner the customer expected, or in the manner
We note that contractual prohibitions or restrictions on communications can, in limited circumstances, be legitimate and serve an important role in protecting proprietary information and intellectual property that are essential for health IT developers to innovate and compete. On this basis, we propose to permit certain types of prohibitions and restrictions, subject to strict conditions to ensure that they are narrowly tailored and do not restrict protected communications. These permitted prohibitions and restrictions are discussed in section VII.B.3.b.v below.
The principal way that health IT developers can control the disclosure of information about their health IT is through contractual prohibitions or restrictions. Such prohibitions or restrictions can arise in contractual provisions that address, for example, confidentiality obligations, intellectual property protections, hold-harmless requirements, nondisclosure obligations, non-compete obligations, and publicity rights.
There are different ways that contractual prohibitions or restrictions arise. In some instances a contractual prohibition or restriction will be expressed, and the precise nature and scope of the prohibition or restriction will be explicit from the face of the contract or agreement. For example, a contract will say that the health IT customer must not disclose screenshots of the health IT. However, more often, a contract will impose prohibitions or restrictions in less precise terms. For example, a health IT contract might use broad language when describing the information or materials that customers and users are forbidden from disclosing pursuant to a confidentiality clause, casting a vague net over the developer's “proprietary” information and purporting to cover information that may be neither confidential, secret, nor protected by law. A contract does not need to expressly prohibit or restrict a protected communication in order to have the effect of prohibiting or restricting that protected communication. The use of broad or vague language that obfuscates the types of communications that can and cannot be made may be treated as a prohibition or restriction if it has the effect of restricting legitimate communications about health IT.
Restrictions and prohibitions found in contracts used by developers to sell or license their health IT products can apply to customers directly and can require that the customer “flow-down” obligations onto the customer's employees, contractors, and other individuals or entities that use or work with the developer's health IT. Such contract provisions would not comply with this Condition of Certification if they prohibit or restrict protected communications. Prohibitions or restrictions on communications can also be found in separate nondisclosure agreements (NDAs) that developers require their customers—and in some instances the users of the health IT—to enter into in order to receive or access the health IT. We propose that such agreements are covered by this Condition of Certification. Finally, health IT developers typically may require third-party contractors used by their customers (such as a data analytics vendor engaged by a health care provider to analyze the provider's data) to enter into a NDA with the developer before commencing their contract activities. In some extreme cases, the employees of these third-party contractors are required to sign NDAs in their personal capacities. These NDAs typically include obligations that prohibit or restrict communications about the developer's health IT products, and we propose that any such prohibitions or restrictions within the context of protected communications as defined here would be subject to this Condition of Certification.
We are aware that some health IT developers engage in conduct that has the effect of prohibiting or restricting protected communications. This conduct may arise despite the developer's contract and/or business associate agreement being silent on, or even expressly permitting, the protected communication. The effect of such conduct can be significant, as health care providers are dependent on their health IT developer in order to receive critical software updates or other maintenance services, and sometimes have little bargaining power. Similarly, a third-party developer is dependent on a health IT developer's authorization in order to perform work in connection with the developer's health IT.
We propose that conduct that has the effect of prohibiting or restricting a protected communication would be subject to this Condition of Certification. We emphasize that, as discussed above, the conduct in question must have some nexus to the making of a protected communication or an attempted or contemplated protected communication. As such, developer conduct that was alleged to be intimidating, or health IT performance that was perceived to be substandard, would not, in and of itself, implicate this Condition of Certification unless there was some nexus between the conduct or performance issue and the making of (or attempting or threatening to make) a protected communication. Examples of conduct that could implicate this Condition of Certification include, but are not limited to:
• Taking steps to enforce, including by threatening to enforce, a right arising under contract that contravenes this Condition of Certification.
• Taking steps to enforce, including by threatening to enforce, a legal right that purports to prohibit or restrict a protected communication. This would include, for example, the making of threats, such as via a cease and desist letter, to a researcher who has made a protected communication.
• Employing a technological measure (within the meaning of 17 U.S.C. 1201) that a user would have to circumvent in order to make a protected communication, for example, a technological measure that a health IT user would need to circumvent in order to take a screenshot of the developer's health IT.
• Discouraging the making of protected communications by:
○ Making threats against a health care customer (
○ Taking retaliatory action against a person or entity that has made a protected communication (
• Having policies that disadvantage persons or entities that make protected communications (
• Refusing to publish—or refusing to remove or delete—protected communications made in an online forum that the developer moderates or controls.
• Causing the removal or deletion of a protected communication from any publication (
We propose, and discuss below, a narrow class of communications—consisting of five specific types of communications—that would receive unqualified protection from developer prohibitions or restrictions. With respect to communications with unqualified protection, a developer would be prohibited from imposing
We propose that where a communication relates to subject areas enumerated in § 170.403(a)(1) and there are federal, state, or local laws that would require the disclosure of information related to health IT, developers must not prohibit or restrict in any way protected communications made in compliance with those laws. We note that we expect that most health IT contracts would allow for, or at the very least not prohibit or restrict, any communication or disclosure that is required by law, such as responding to a court or Congressional subpoena, or a valid warrant presented by law enforcement. We further propose that if required by law, a potential communicator should not have to delay any protected communication under this Condition of Certification. Furthermore, we propose that the reasonable limitations and prohibitions that are discussed below and permitted by § 170.403(a)(2) do
It is well established that there is a strong public interest in allowing open communication of information regarding health care hazards, adverse events, and unsafe conditions. Given the central role played by health IT in the delivery of care, information about health IT is a critical component of any investigation into the cause of hazards, adverse events, or unsafe conditions. On the basis of this public policy interest alone, we propose there is an overwhelming interest in ensuring that all communications about health IT that are necessary to identify patient safety risks, and to make health IT safer, not be encumbered by prohibitions or restrictions imposed by health IT developers that may affect the extent or timeliness of communications. In addition to the public policy interest in promoting uninhibited communications about health IT safety, the recognized communication channels for adverse events, hazards, and unsafe conditions provide protections that help ensure that any disclosures made are appropriately handled and kept confidential and secure. Indeed, the class of recipients to which the information can be communicated under this category of communications with unqualified protection should provide health IT developers with comfort that there is very little risk of such communications prejudicing the developer's intellectual property rights. For example, government agencies impose appropriate controls on information they receive, mitigating any risk that developers may feel arises from the disclosure of information about their health IT. Similarly, accrediting bodies for health care delivery observe strict confidentiality policies for information received or developed during the accreditation process and in connection with complaints received.
Finally, the Patient Safety and Quality Improvement Act of 2005 (PSQIA)
We understand that the nature of the information about health IT that would ordinarily be disclosed by a health care provider when reporting an adverse event, hazard, or unsafe conditions to government agencies, health care accreditation organizations, and patient safety organizations, would not ordinarily contain intellectual property or trade secrets. Notwithstanding this, in light of the public policy interest and established reporting mechanisms described above, we do not consider the potential inclusion of intellectual property or trade secrets in the communication should prohibit or restrict a health care provider from making a complete and timely report. For example, proposed § 170.403(a)(2)(ii)(D) permits developers to impose certain restrictions on the general publication of screenshots, but we do not consider that such restrictions should be permitted when the communication is made for one of the purposes, and to one of the recipients, identified in § 170.403(a)(2)(i)(B).
We seek comment on whether the unqualified protection afforded to communications made to a patient safety organizations about adverse events, hazards, and other unsafe conditions should be limited. Specifically, we seek comment on whether the unqualified protection should be limited by the nature of the patient safety organization to which a communication can be made, or the nature of the communication that can made—such as limiting to only material that was created as PSWP.
We propose that if health IT developers were to impose prohibitions or restrictions on the ability of any person or entity to communicate information about cybersecurity threats and incidents to government agencies, such conduct would not comply with this Condition of Certification. Government agencies such as the United States Computer Emergency Readiness Team (US-CERT) respond to and protect both the government and private industry from cyber threats. Their work helps protect the entire health care system from cybersecurity threats and relies on the timely reporting of security issues and vulnerabilities by health care
Communications about security issues related to health IT may alert nefarious individuals or entities to the existence of a security vulnerability which could be exploited before a developer has time to fix the vulnerability. However, we propose that this concern must be balanced against the imperative of ensuring that health IT customers are aware of security vulnerabilities so that they can respond by deploying reactive measures independent of the developer, such as ceasing health information exchange with a compromised system. We seek comment on whether it would be reasonable to permit health IT developers to impose limited restrictions on communications about security issues so as to safeguard the confidentiality, integrity, and security of eHI. For example, should health IT developers be permitted to require that health IT users notify the developer about the existence of a security vulnerability prior to, or simultaneously with, any communication about the issue to a government agency?
As in the circumstances described above, we believe that the public benefit associated with the communication of information to government agencies on information blocking, or any other unlawful practice, outweighs any concerns developers might have about the disclosure of information about their health IT. We believe that reporting information blocking, as well as other unlawful practices, to a government agency would not cause an undue threat to a health IT developer's intellectual property or trade secrets. Generally speaking, agencies collecting reports would protect all information received and keep it confidential to the extent permitted by law.
We propose that the benefits to the public and to users of health IT of communicating information about a health IT developer's failure to comply with a Condition of Certification or other Program requirement (45 CFR part 170) justify prohibiting developers of health IT from placing any restrictions on such protected communications. Information regarding the failure of a health IT product to meet any Condition of Certification or other Program requirement is vital to the effective performance and integrity of the Program, which certifies that health IT functions consistent with its certification. While the current procedures for reporting issues with certified health IT encourage providers to contact developers in the first instance to address certification issues, users of health IT should not hesitate to contact ONC-Authorized Certification Bodies (ONC-ACBs), or ONC itself, if the developer does not provide an appropriate response, or the matter is of a nature that should be immediately reported to an ONC-ACB or to ONC.
We propose that,
• Communications of their own employees;
• Disclosure of non-user-facing aspects of the software;
• Certain communications that would infringe the developer's or another person's intellectual property rights;
• Publication of screenshots in very narrow circumstances; and
• Communications of information that a person or entity knows only because of their participation in developer-led product development and testing.
As discussed in detail in the sections that follow, the proposed Condition of Certification carefully delineates the circumstances under which these types of prohibitions and restrictions would be permitted, including certain associated conditions that developers would be required to meet. To be clear, any prohibition or restriction not expressly permitted would violate the Condition. Additionally, it would be the developer's burden to demonstrate to the satisfaction of ONC that the developer has met all associated requirements. Further, as an additional safeguard, we propose that where a developer seeks to avail itself of one of the permitted types of prohibitions or restrictions, the developer must ensure that potential communicators are clearly and explicitly notified about the information and material that can be communicated, and that which cannot. We propose this would mean that the language of health IT contracts must be precise and specific. Contractual provisions or public statements that support a permitted prohibition or restriction on communication should be very specific about the rights and obligations of the potential communicator. Contract terms that are vague and cannot be readily understood by a reasonable health IT customer will not benefit from the qualifications to this Condition of Certification outlined below.
We recognize that health IT developer employees, together with the entities and individuals who are contracted by health IT developers to deliver products and/or services (such as consultants), may be exposed to highly sensitive, proprietary, and valuable information in the course of performing their duties. We also recognize that the proper functioning of a workforce depends, at least in part, on the ability of an employer to regulate how and when the organization communicates information to the public, and that employees owe confidentiality obligations to their employers. We propose that on this basis, developers are permitted to impose prohibitions or restrictions on the communications of employees and
The purpose of this Condition of Certification is to ensure that health IT users and other potential communicators are not restrained in their ability to communicate—publicly or privately—about certain protected subject areas. We propose that this purpose can generally be achieved without communicators disclosing information about those parts of health IT that are legally protected trade secrets. As such, we propose this Condition of Certification will permit health IT developers to impose prohibitions and restrictions on communications that are not communications with unqualified protection to the extent necessary to ensure that communications do not disclose “non-user-facing aspects of health IT.”
A “non-user-facing aspect of health IT” is, for the purpose of this Condition of Certification, an aspect of health IT that is not a “user-facing aspect of health IT.” A “user-facing aspect of health IT” means those aspects of health IT that that are disclosed and evident to anyone running, using, or observing the operation of health IT. That is, a user-facing aspect of health IT comprises those aspects of the health IT that are manifest in how the health IT software works. User-facing aspects of health IT include the design concepts and functionality that is readily ascertainable from the health IT's user interface and screen display. They do not include those parts of the health IT that are not exposed to persons running, using, or observing the operation of the health IT. We propose that non-user-facing aspects of health IT would include source and object code, software documentation, design specifications, flowcharts, and file and data formats. We welcome comments on whether these and other aspects of health IT should be treated as not being user-facing.
For clarity, we note that the terminology of “user-facing aspects of health IT” is not intended to afford only health IT users with specific protections against developer prohibitions or restrictions on communications. Rather, the terminology is agnostic as to the identity of the communicator and is instead focused on describing those aspects of health IT that are readily ascertainable from the health IT's user interface and screen display. Numerous other potential communicators will also be exposed to “user-facing aspects of health IT,” such as third-party contractors, health information exchange organizations, recipients of a software demonstration, and trade groups or researchers that observe the operation of health IT in the field.
We propose that this approach reasonably implements the Cures Act, which, in direct response to strict confidentiality obligations, broad intellectual property clauses, and non-disclosure provisions in EHR contracts, identified a list of protected subject areas for disclosure (enumerated at section 3001(c)(5)(D)(iii) of the PHSA) that largely targeted the aspects of health IT that are apparent to, and known by, individuals and entities that use or interact with health IT. We propose that if a health IT user were prohibited from describing the user-facing aspects of their health IT product, they could not sensibly communicate useful information about the usability or interoperability of the product, or their experiences as a health IT user. These subject areas are fundamentally tied to the way that the health IT product works, its design, and its functionality.
Protecting the communication of “user-facing aspects of health IT” is also consistent with the treatment of software products under trade secret law, where the public-facing aspects of software products are not generally considered secret because they are evident to anyone running the software program. Moreover, this approach is appropriate given the manner in which health IT is deployed and used by health IT customers. Unlike software products that are deployed and used in a cloistered setting where access to the software is highly restricted, health IT is typically deployed in a setting in which the operation of the health IT can be readily observed by a wide range of persons. Health IT used in a physician's consulting room can be observed by the patient. Health IT deployed in a hospital can be observed by numerous individuals in addition to those who are “authorized users” of the health IT system, including, for example, the patient, the patient's family, volunteer staff, law enforcement, and clergy. As such, because health IT is of a nature that license terms or nondisclosure obligations do not act as a genuine control over the disclosure of those aspects of the software that are “user-facing,” communications about such aspects should be afforded protection from developer prohibitions and restrictions under this proposed Condition of Certification.
Many aspects of health IT—including software and documentation—will contain intellectual property that belongs to the health IT developer (or a third party) and is protected by law. Health IT products may have portions in which copyrighted works exist, or that are subject to patent protection. As in other technology sectors, health IT developers place a high value on their intellectual property and go to significant lengths to protect it, including intellectual property provisions in their health IT contracts.
This Condition of Certification is not intended to operate as a
We welcome comments on whether an appropriate balance has been struck between protecting legitimate intellectual property rights of developers and ensuring that health IT customers, users, researchers, and other stakeholders who use and work with health IT can openly discuss and share their experiences and other relevant
We propose that health IT developers generally would not be permitted to prohibit or restrict communications that disclose screenshots of the developer's health IT. We consider screen displays an essential component of health IT performance and usability, and their reproduction may be necessary in order for a health IT user or other health IT stakeholder to properly make communications about the subject matters enumerated in § 170.403(a)(1). We acknowledge that some health IT developers have historically and aggressively sought to prohibit the disclosure of such communications. We consider that developers may benefit from screen displays being faithfully reproduced so that health IT users and other stakeholders can form an objective opinion on any question raised about usability in communications protected by this proposed Condition of Certification. Moreover, we consider that the reproduction of screenshots in connection with the making of a communication protected by this Condition of Certification would ordinarily represent a “fair use” of any copyright subsisting in the screen display, and developers should not impose prohibitions or restrictions that would limit that fair use.
Notwithstanding the above, we propose to permit certain prohibitions and restrictions on the communication of screenshots. Except in connection with communications with unqualified protection, developers would be permitted to impose certain restrictions on the disclosure of screenshots, as described below.
In order to ensure that disclosures of screenshots are reasonable and represent a faithful reproduction of the developer's screen design and health IT, we propose that developers would be permitted to prevent communicators from altering screenshots, other than to annotate the screenshot or to resize it for the purpose of publication. We consider this a reasonable limitation on the disclosure of screenshots and one that would help developers' health IT avoid being misrepresented by communicators seeking to make a communication protected by this proposed Condition of Certification.
We also propose that health IT developers could impose restrictions on the disclosure of a screenshot on the basis that it would infringe third-party intellectual property rights (on their behalf or as required by license). However, to take advantage of this exception, the developer would need to first put all potential communicators on sufficient written notice of those parts of the screen display that contain trade secrets or intellectual property rights and cannot be communicated, and would still need to allow communicators to communicate redacted versions of screenshots that do not reproduce those parts.
Finally, we also recognize that health IT developers may have obligations under HIPAA as a business associate and that it would be reasonable for developers to impose restrictions on the communication of screenshots that contain protected health information, provided that developers permit the communication of screenshots that have been redacted to conceal protected health information, or the relevant individual's consent or authorization had been obtained.
We are aware that some health IT developers expose aspects of their health IT to health care providers and others for the purpose of testing and development prior to a product's “general availability” release. Such disclosures may relate to beta releases that are shared with certain customers for testing prior to the software being made generally available to the market, or may be made as part of a joint-venture or cooperative development process. In these circumstances, we propose that a health IT developer would be justified in keeping information about its health IT confidential, and we do not intend that the protection afforded to communicators under this Condition of Certification would allow disclosures of this information. This permitted prohibition or restriction would allow developers to seek appropriate intellectual property protection and freely discuss novel, “unreleased” product features with their customer base, which has significant public policy benefits for research and innovation in the health IT industry.
As with the other allowable restrictions listed above, we propose that this permitted restriction would be limited and does not apply to communications which are communications with unqualified protection as described above and specified in § 170.403(a)(2)(i). For example, information that is learned as part of development and testing, such as the hard-coding of test procedure processes that raise serious patient safety concerns, could be communicated for one of the limited purposes specified in § 170.403(a)(2)(i) if the software is certified or released to market. We propose that this permitted restriction would also not apply to communications about the released version of the health IT once the health IT has been released to market or has been certified, provided that the communications otherwise meet all other requirements to be afforded protection under this Condition of Certification and the information communicated could be discovered by any ordinary user of the health IT.
For example, a health IT developer and a large health system enter into an agreement for members of the health IT developer's engineering team to work with members of the health system's clinical team to develop a customization for the system's use of the developer's EHR. In order to properly protect any intellectual property rights, or proprietary information, arising from this work, the developer and health system enter into a contract which imposes on the system and affected members of its clinical team strict nondisclosure related to testing and development of the health IT. This would be reasonable and would not contravene this Condition of Certification, provided that: (1) The nondisclosure obligations were narrowly targeted toward the work product associated with the testing and development; and (2) the obligations ceased immediately upon any resultant software being deployed in the health system, to the extent that the information fell within one of the subject areas enumerated in § 170.403(a)(1) and would be apparent to an ordinary user of the health IT.
To ensure that this permitted prohibition/restriction is not abused, such as by maintaining a product in beta release for an indefinite or lengthy period of time, we request comment on whether we should limit the time this protection would apply for testing purposes. This could be no longer than a year after release of a product or update. We also request comment on whether we should set specific parameters for covered testing. For example, we note above our expectations that a product would be shared with
We propose that to maintain compliance with this Condition of Certification a health IT developer must not establish or enforce any contract or agreement provision that contravenes this Condition of Certification. We are aware that some developers currently have in place health IT contracts that contain provisions that contravene this proposed Condition of Certification because they impose impermissible prohibitions or restrictions on communications. In some instances, the provisions in question will be expressly at odds with this Condition, imposing obligations on health IT customers, or creating rights in favor of the developer, that prohibit or restrict communications that are protected. In other instances, a contract will include a provision that contravenes this Condition because it has been drawn in such broad terms—such as an overly-expansive definition of confidential information—that a reasonable reader of the provision would consider the making of a communication protected by this Condition a breach of the contract.
Health IT contracts are typically for a significant duration—
We propose that a health IT developer must notify all customers and those with which it has contracts/agreements, within six months of the effective date of a subsequent final rule for this proposed rule, that any communication or contract/agreement provision that contravenes this Condition of Certification will not be enforced by the health IT developer. Further, we propose that this notice would need to be provided annually up to and until the health IT developer amends the contract or agreement to remove or make void any contractual provision that contravenes this Condition of Certification. We further propose as a Maintenance of Certification requirement in § 170.405(b)(2) that health IT developers must amend their contracts or agreements to remove or make void any provisions that contravene the Condition of Certification within a reasonable period of time, but not later than two years from the effective date of a subsequent final rule for this proposed rule.
We believe this is an appropriate approach as we understand that health IT developers are in regular contact with their customers, and so the provision of a notice that satisfies this requirement should not present an undue burden for a developer. We would also expect that developers have kept good records of nondisclosure agreements that they have entered into with other organizations or individuals, such as third-party developers, and can communicate with those organizations or individuals as necessary to satisfy this requirement. In the event that a health IT developer cannot, despite all reasonable efforts, locate an entity or individual that previously entered into an agreement with the developer that prohibits or restricts communications protected by this Condition, the developer would not be in contravention of this Condition so long as it takes no step to enforce the prohibition or restriction. For clarity, we do not propose that health IT developers be required to furnish to ONC or their ONC-ACB copies of notices made to customers, or copies of contracts or agreements revised, in satisfaction of this Maintenance of Certification requirement, although those communications may be requested by ONC or an ONC-ACB in the usual course of business. To this point, under the “Enforcement” section of this proposed rule (VII.D), we describe our general enforcement approach outlining a corrective action process for ONC to review instances where Conditions and Maintenance of Certification requirements are not being met by a health IT developer under the Program.
We note that another approach we considered proposing would have been to require that developers amend their current health IT contracts immediately. We have, however, relied on the proposed requirement that developers not enforce contractual terms that contravene this proposed Condition of Certification until they can amend their contracts in a reasonable period of time, but not later than two years from the effective date of a subsequent final rule for this proposed rule. We seek comment on whether this is an adequate approach to removing prohibitions and restrictions on protected communications and ensuring that health IT customers, users, researchers, and other stakeholders are aware of their right to engage in such communications notwithstanding existing contracts or agreements to the contrary.
As a Condition of Certification (and Maintenance thereof) under the Program, the Cures Act requires health IT developers to publish APIs that allow “health information from such technology to be accessed, exchanged, and used without special effort through the use of APIs or successor technology or standards, as provided for under applicable law.” The Cures Act's API Condition of Certification also states that a developer must, through an API, “provide access to all data elements of a patient's electronic health record to the extent permissible under applicable privacy laws.”
The Cures Act's API Condition of Certification includes several key phrases and requirements for health IT developers that go beyond just the technical functionality of the products they present for certification. In this section of the preamble we outline our proposals to implement the Cures Act's API Condition of Certification in order to provide compliance clarity for health IT developers.
These proposals include new standards, new implementation specifications, and a new certification criterion as well as detailed Conditions and Maintenance of Certification requirements. We also propose to modify the Base EHR definition. We note that health IT developers should also consider these proposals in the context of what could warrant review from an information blocking perspective in so far as action (or inaction) that would be inconsistent with this proposed rule's API Conditions and Maintenance of Certification requirements.
One of the most significant phrases in the Cures Act's API Condition of Certification concerns the deployment and use of APIs “without special effort.” Specifically, the Cures Act requires health IT developers to publish APIs and allow health information from such technology “to be accessed, exchanged, and used without special effort.” In this context, we interpret the “effort” exerted (
As we considered the meaning and context associated with the phrase “without special effort” and what
•
•
•
To clearly convey the stakeholders on which our proposals focus and are meant to support, we propose to use the following terms to reflect these meanings and/or roles:
• The term “
• “
• “
• “
We also use:
• The term “
• The term “
APIs can be thought of as a set of commands, functions, protocols, and/or tools published by one software developer (“software developer A”) that enable other software developers (X, Y, and Z) to create programs and applications that interact with A's software without needing to know the “internal” workings of A's software. APIs can facilitate more seamless access to health information and it is important to note for context that ONC adopted three 2015 Edition certification criteria that specified API capabilities for Health IT Modules (criteria adopted in 45 CFR 170.315(g)(7), (g)(8), and (g)(9)). The following sections detail our proposals to adopt standards, implementation specifications, and a new API certification criterion. Together, these proposals account for the technical requirements we propose to associate with the Cures Act's API Condition of Certification and are reinforced through the condition's policy proposals.
Overall, and on balance, we have structured our standards and implementation specifications proposals to best meet the health IT industry where it is most prepared to comply today. As a result, we propose to adopt the HL7® Fast Healthcare Interoperability Resources (FHIR®) standard as a foundational standard within our suite of proposals. Specifically, we propose to adopt FHIR Draft Standard for Trial Use (DSTU) 2 (hereafter referred to as “FHIR Release 2”) as a baseline standard conformance requirement. In so doing, we can work with industry to support a conformance testing infrastructure for a full suite of proposals focused on one FHIR release (its associated implementation specifications) and complementary
The 2015 Edition final rule did not include specific standards or implementation specifications to describe the way in which APIs needed to be designed to meet § 170.315(g)(8). Instead, we specified a functional certification criterion and encouraged the industry to coalesce around a standardized specification for its API functionality, such as the FHIR standard. We did, however, require health IT developers to make their technical API documentation publicly available and we subsequently made such information accessible via the CHPL.
Upon reviewing health IT developers certified to § 170.315(g)(8), approximately 32% have published via the CHPL that they are using FHIR, specifically FHIR Release 2, as of mid- September 2018. Additionally, nearly 51% of health IT developers appear to be using a version of FHIR and OAuth 2.0 together. We also note that when viewed from the perspective of how many providers are served by these FHIR implementers, we estimate that approximate 87% of hospitals and 57% of clinicians are served by developers with a FHIR Release 2 API and 87% of hospitals and 69% of clinicians are served by developers with a FHIR API of any version. In the years since the 2015 Edition final rule, industry stakeholders have made rapid progress to advance the FHIR standard. This includes substantial investments in industry pilots, specification development led through the Argonaut Project
Thus, we propose to adopt FHIR Release 2 as the baseline standard in a new API standards section of our rules at 45 CFR 170.215(a)(1). Additionally, as discussed in further detail below, we reference FHIR Release 2 for use in the new API certification criterion proposed for adoption in § 170.315(g)(10).
Although FHIR Release 3 is published and some health IT developers have included varied support for it in their product(s) at this time, there is limited evidence that its production deployment is as widespread as FHIR Release 2. Thus, we believe that FHIR Release 2 is the most appropriate version to propose to adopt as part of proposed § 170.315(g)(10)'s conformance requirements. This approach would provide a stable and consistent direction in which the industry can go when it comes to deploying (g)(10)-certified APIs that support data access to the USCDI. FHIR Release 2 best reflects the industry's current maturity and implementation readiness, it has been more rigorously tested, and it is largely implemented in most 2015 Edition health IT systems that have and are being deployed in production. Thus, the incremental burden for many health IT developers to get certified to the proposed criterion in § 170.315(g)(10) would be largely limited to the added security and registration conformance requirements we have proposed to include. We recognize, however, that some health IT developers certified to § 170.315(g)(8) chose not to use FHIR and will have more substantial changes to make in order to meet this proposal.
Additionally, FHIR Release 4 has now been published
Given FHIR Release 4's public release and that the industry will begin to implement Release 4 in parallel with this rulemaking, we request comment on the following options we could pursue for a final rule.
In preparing your comments, please fully review our proposed certification criterion in § 170.315(g)(10) and the accompanying Conditions of Certification attributed to the API-oriented certification criteria. Notably, if we were to adopt another FHIR Release in a final rule as an alternative to FHIR Release 2 for the proposed API criterion in § 170.315(g)(10), then we would also adopt the applicable implementation specifications and FHIR profiles (the US FHIR Core profiles) associated with the FHIR Release in order to support USCDI data access. We highly encourage stakeholders to express their perspective and explicitly note their preferred option in comments.
Our proposal to adopt the FHIR standard alone, however, is insufficient to provide the level of consistent implementation that will be necessary to realize the “without special effort” provision in this Condition of Certification. FHIR, much like other standards that are initially developed to be internationally applicable, requires additional implementation specifications in order to further constrain implementation choices and reflect US-based standards policies (such as the use of RxNorm for representing medications). In FHIR, the additional constraints placed on “base FHIR resources” are expressed through what are called “FHIR profiles.” FHIR Profiles typically provide additional rules about which resource elements must be used and what additional elements have been added that are not part of the base FHIR resource. This can include, but not be limited to, rules about which API features are used and how as well as rules about which terminologies are used in particular elements. The term “profile” is a general term that is used in the FHIR standard to describe either an individual FHIR resource, or an entire implementation specification consisting of multiple FHIR resources. Accordingly, we propose to adopt three implementation specifications that will establish a standardized baseline and further constrain API conformance to help assure that APIs can be used “without special effort.”
We propose to adopt in § 170.215(a)(2) an implementation specification that would list a set of base FHIR resources that Health IT Modules certified to the proposed criterion in § 170.315(g)(10) would need to support. We refer to this proposed initial set of FHIR resources as the “API Resource Collection in Health” or “the ARCH.” The ARCH would align with and be directed by the data policy specified in the proposed US Core Data for Interoperability (USCDI) standard (discussed in section IV.B.1 of this proposed rule).
As a result, we propose to include 15 FHIR resources in the ARCH's first version. Based on prior industry efforts, including the Argonaut Project to map FHIR resources to the previously defined Common Clinical Data Set (CCDS), we know that the following 13 FHIR resources map to and support the equivalent data classes specified in the USCDI: AllergyIntolerance; CarePlan; Condition; Device; DiagnosticReport; Goal; Immunization; Medication; MedicationOrder; MedicationStatement; Observation; Patient; and Procedure. We also propose to include, specifically for the Patient resource that the “Patient.address” and “Patient.telecom” elements must be supported as part of the Patient resource. These elements are neither required in the base FHIR resource or additional implementation specifications; however, they are necessary to align with the USCDI's data requirements. With respect to the Device resource, we propose to require that the “Device.udi” element follow the human readable representation of the unique device identifier (UDI) found in the recommendation, guidance, and conformance requirements section of the “HL7 Version 3 Cross Paradigm Implementation Guide: Medical Devices and Unique Device Identification (UDI) Pattern, Release 1,” a document hosted by HL7.
In addition to these 13 FHIR resources, we have included two additional FHIR resources:
(1) The Provenance resource; and (2) the DocumentReference resource to accommodate clinical notes. These additions would make for a total of 15 FHIR resources to reflect the direction of the USCDI v1. With respect to clinical notes, we understand from our own
Over time, and as the USCDI is expanded, we also expect to update this implementation specification to expand the ARCH beyond these 15 FHIR resources. Equally, consistent with the Maintenance of Certification requirements described in section VII.B.5 of this proposed rule (the Standards Version Advancement Process proposals), which would permit health IT developers to voluntarily implement and use a new version of an adopted standard or implementation specification so long as certain conditions are met including that the new version is approved by the National Coordinator for use in certification through the Standards Version Advancement Process, health IT developers would be able to update their certified health IT to include (g)(10)-certified API access to a broader set of data once a new version of the ARCH is approved.
The next implementation specification for the FHIR standard we propose to adopt in § 170.215(a)(3) is the Argonaut Data Query Implementation Guide version 1 (Argonaut IG), hosted by HL7.
The next implementation specification for the FHIR standard we propose the Secretary adopt in § 170.215(a)(4) is the specific portion of the Argonaut IG that refers to the “Argonaut Data Query Implementation Guide Server” conformance requirements. While it could be implied through our proposed adoption of the Argonaut IG that these conformance requirements would be included, we seek to make this an explicit requirement for the API certification criterion proposed in § 170.315(g)(10). Conformance to this implementation specification is essential in order to ensure that all FHIR servers are consistently configured to support the defined data queries and “supported searches” associated with each Argonaut profiled FHIR resource. For clarity, conformance testing would focus on and be limited to the “SHALL” requirements. We also note that the Argonaut Data Query Implementation Guide Server includes conformance requirements for the “DocumentReference Profile,” which defines “how a provider or patient can retrieve a patient's existing clinical document.” This particular specification was produced in support of the 2015 Edition certification criterion adopted in § 170.315(g)(9). As a result, we clarify that this specific portion of the Server IG and conformance requirement would be out of scope for the purposes of proposed § 170.315(g)(10).
We have separately proposed the FHIR standard and each of these implementation specifications so that the National Coordinator may evaluate industry progress and make a unique or combined determination as to the appropriate time to approve for voluntary upgrade pursuant to the standards version advancement process discussed in more detail in section VII.B.5 as well as subsequently go through rulemaking to adopt a new version of: The FHIR standard, the ARCH, implementation specifications that “profile” the resources in the ARCH, and implementation specifications for FHIR server conformance capabilities. While the proposed implementation specifications relate to one another, they can also be updated independently of each other as time goes on. For instance, the National Coordinator could approve a new version of the FHIR standard “Release 5” in the future in accordance with the standards version advancement process. In so doing, the National Coordinator could leave the scope of the ARCH the same and update (necessarily) the implementation specifications for the FHIR profiles and FHIR server conformance requirements accordingly to align with the new FHIR version. As an alternative example, the National Coordinator could leave the FHIR standard version the same and approve a new version of the ARCH to include more FHIR resources.
We note that other federal agencies may be adopting the FHIR standard and additional FHIR implementation guides for their program requirements. We plan to coordinate with such other agencies to focus on strategic alignment among the FHIR standard versions, applicable implementation guides, and use cases.
To enable and support persistent user authentication and app authorization processes, we propose to adopt a standards and additional implementation specification for the FHIR standard. First, we propose to adopt the “OpenID Connect Core 1.0
The SMART Guide specifies the use of “refresh tokens” as optional. We believe that this requirement is necessary in order to enable persistent access by apps, especially in a patient access context. Thus, we propose to make their use mandatory with a minimum refresh token life of 3 months. While this technique would need to be supported for both types of API-enabled services we propose be supported through § 170.315(g)(10), we wish to emphasize that implementing refresh token support is directly intended to enable a patient's “persistent access” to their electronic health information without special effort (
We also propose to require that the “Standalone Launch” and “EHR Launch” requirements specified in the SMART Guide be supported. We believe that requiring API Technology Suppliers to demonstrate both of these capacities will help ensure greater standardization and ease of use among (g)(10)-certified APIs. When a third-party “app” first connects to a FHIR server, it often requires some contextual data to make the app more “user friendly.” This information could include things such as the most recent patient encounter or hospital visit. The contextual information depends on how the “app” is launched.
When an app is launched from “outside of an EHR,” such as from a patient's smartphone or web browser, then the app is considered to be launched in a “Standalone” mode. In this mode, the app has to request that the FHIR server provide appropriate contextual information, which can then be used to customize the app's display for the patient. The SMART Guide has standardized the information that such apps can request from FHIR servers and defined it as “Standalone Launch.”
In other contexts, apps can be launched from “within the EHR.” This is typically the case when a third-party app is integrated as part of an EHR technology. In this case, the app is considered to have been launched in the “EHR” mode. Typically, when such an app is launched from within an EHR, the user (
To implement the Cures Act, we propose to adopt a new criterion in § 170.315(g)(10) to replace the certification criterion adopted in § 170.315(g)(8). Currently, the criterion adopted in § 170.315(g)(8) focuses on a Health IT Module's ability to provide API functionality that can respond with data for each of the data categories specified in the Common Clinical Data Set. Moreover, its focus on read-access/response to requests for specific types of data most directly aligns with the API uses envisioned by industry stakeholders and the Cures Act, which is why we believe it is necessary and appropriate to replace § 170.315(g)(8). In contrast, we do not propose that it is necessary to replace the certification criteria adopted in § 170.315(g)(7) and (g)(9) because the former does not prescribe specific technical approaches (and can continue to be met as technology evolves) and the latter supports a discrete use case relative to an API function that responds with a C-CDA.
We propose our approach to adopt a replacement for § 170.315(g)(8) that will provide clear regulatory compliance requirements for stakeholders because: (1) 2015 Edition testing and certification to § 170.315(g)(8) will continue throughout this rulemaking; (2) presuming we adopt this (or a modified version of this) proposal in a final rule, it will be easier for the industry to distinguish compliance requirements between two separate certification criteria compared to a time/context-sensitive “version” of § 170.315(g)(8); and (3) § 170.315(g)(8) is currently specified in the Base EHR definition so its replacement has compliance effects on health care providers participating in every program that requires the use of Certified EHR Technology, which references the Base EHR definition.
At a high-level, we propose that this new API certification criterion would require FHIR servers to support two types of API-enabled services:
• Services for which a single patient's
• services for which multiple patients' data are at focus, which, hereafter, we refer to as “population-level” to convey the grouped and cohort scope on which the data associated with these services would be focused (
This proposed certification criterion would only require mandatory support for “read” access for both identified services, though we envision a future version of this certification criterion that could include specific “write” conformance requirements (for example, to aid decision support) once FHIR-based APIs are widely adopted. In all cases, this proposed criterion will require that the two types of API services have appropriate security controls implemented. These controls
API services that focus on a single patient would include, but not be limited to, those that interact with software applications controlled and used by a patient to access their data as well as software applications implemented by a provider to enhance their own “internal” clinical care tools and workflow (
Conversely, API services that focus on multiple patients would include, but not be limited to, software applications used by a health care provider to manage various internal patient populations as well as external services a health care provider may contract for to support quality improvement, population health management, and cost accountability vis-à-vis the provider's partners (
Across this spectrum of population-level uses, the scope or quantity of the data may range from a small group to many hundreds or thousands of patients. Moreover, when “external” applications and services are provided access to patient data by the provider, we expect that such access and associated privacy and security protocols would be established consistent with existing legal requirements under the HIPAA Privacy and Security Rules (including business associate agreements), other data use agreements (as applicable), and any other state or federal applicable law. Principally, for the purposes of the proposed certification criterion, we seek to include and ensure through testing and certification that a set of baseline API functionality exists and is deployed for providers to use at their discretion to support their own clinical priorities as well as to use to engage with their partners, such as software developers and developers of third-party applications.
We have explicitly proposed to include support for API services that are population-level focused in this certification criterion because the current certification criterion in § 170.315(g)(8) has largely been tested, certified, and deployed to support the “patient data request” use case. In comparison, population-level focused API services are envisioned to support FHIR-based apps that not only improve clinical workflow and decision support but also help advance a learning health system. In so doing, providers, payers, and other stakeholders will be able to make incrementally better use of FHIR's RESTful API and JSON payload to apply modern computing techniques, including big data analyses and machine learning, to account for, assess, and inform the quality and effectiveness of care delivered. As noted in the proposed API standards section, FHIR Release 4 includes technical specifications to enable standardized population-level services via FHIR-based APIs in a more efficient manner than currently possible. If “Option 3” or “Option 4” is preferred by industry in terms of the FHIR standards options for this certification criterion, these approaches would be demonstrable. Alternatively, if the National Coordinator were to approve FHIR Release 4 for use under this proposed certification criterion (following the Standards Version Advancement Process described in Section VII.B.5 of this preamble) then it would be able to be used to meet these technical expectations.
Lastly, as we considered the necessary oversight responsibilities the Cures Act adds to the Program, we have determined that it would be essential to include a specific population-level API conformance requirement as part of this criterion so that such capabilities could be evaluated post-certification for compliance with (among other requirements) this API Condition of Certification and the information blocking and real world testing Conditions of Certification.
In general, we have approached framing § 170.315(g)(10) in the same way we framed § 170.315(g)(8). This new proposed criterion, however, includes some important differences and specificity compared to § 170.315(g)(8). Taken together, the following proposals are designed to establish a consistent set of API implementation requirements aimed at the API Condition of Certification's “without special effort” requirement. We propose that API technology presented by a health IT developer (otherwise considered an API Technology Supplier in this context) for testing and certification to the proposed certification criterion in § 170.315(g)(10) would need to meet the requirements outlined below. We seek comment on all of the following proposals.
We propose in § 170.315(g)(10)(i) that the health IT presented for testing and certification must be capable of responding to requests for data on a single patient and multiple patients associated with each of the FHIR resources specified in ARCH Version 1 and consistent with FHIR Release 2 and the Argonaut IG implementation specification. More specifically, we clarify that all data elements indicated as “mandatory” and “must support” by the proposed standards and implementation specifications must be supported and would be in scope for testing. Through this approach, certification will provide for a consistent and predictable starting scope of data from which apps and other services can be developed.
We propose to require in § 170.315(g)(10)(ii) that the health IT presented for testing and certification must be capable of responding to all of the “supported searches” specified in the Argonaut Data Query Implementation Guide Server, which as a reminder we have proposed for adoption as an implementation specification in § 170.215(a)(4).
For the DocumentReference and Provenance resources, which are currently present in the base FHIR standard, we request comments on the minimum “search” parameters that would need to be supported.
We propose in § 170.315(g)(10)(iii) that health IT presented for testing and certification must be capable of enabling apps to register with an “authorization server.” This proposed conformance requirement would require an API Technology Supplier to demonstrate its registration process, but would not require that it be done according to a specific standard. We considered proposing the OAuth 2.0 Dynamic Client Registration Protocol (
While requiring Dynamic Registration could create a more consistent registration experience for health IT developers, we did not expressly include this standard because of its relatively low adoption and implementation in the health IT ecosystem. Notably, while the SMART Guide covers a majority of technical steps necessary for an app to connect a FHIR server, it is neutral on the registration process API Technology Suppliers could take. Much like we did with § 170.315(g)(8) in the initial 2015 Edition final rule by not requiring FHIR, we believe that a prudent approach for registration is to require that it be addressed from a functional perspective while the industry reaches consensus on the best techniques to enable registration.
Note, that while this portion of proposed § 170.315(g)(10) focuses on the technical standards conformance, we have also included a specific “maintenance requirement” associated with the API Condition of Certification around the timeliness of this registration process in production settings as applicable to API Technology Suppliers. This proposed requirement will ensure that patients are able to use their apps in a timely manner.
We do not intend to test registration capabilities for apps that would be executed within an API Data Provider's clinical environment. We believe this discretion is warranted as API Technology Suppliers and API Data Providers are best poised to innovate and execute various methods for app registration within a clinical environment. However, we request comment on this perspective.
We propose in § 170.315(g)(10)(iv) that the health IT presented for testing and certification must be capable of establishing a secure and trusted connection with an application that requests patient data in accordance with the SMART Guide. In the context of this proposed criterion, this would require that an “authorization server” be deployed and support, at a minimum, “authorize” and “token” endpoints and the publication of the endpoint URLs via FHIR server's metadata as specified in the SMART Guide to enable automated discovery by apps. Again, we note, consistent with this implementation specification's current scope, that initial conformance would focus on the secure connection parameters with a single patient's data in mind. Given that there is not yet a consistent, standardized specification for FHIR servers to handle secure connection parameters for multiple patients, we clarify that a health IT developer would be permitted to approach secure connections for multiple patients in the manner it deems most efficient to meet this proposed certification criterion.
When an application connects to request data for the first time, we propose in § 170.315(g)(10)(v)(A) that health IT presented for testing and certification must be capable of demonstrating support for user authentication according to the OpenID Connect Core 1.0 incorporating errata set 1
Further, in order to enable patients and providers to get persistent access to health information without having to re-authenticate and re-authorize, we propose to require that a “refresh token” must be provided with an expiration period of at least 3 months from the date issued. The “refresh token” could be subsequently used by the app to obtain a new “access token” after the expiration of the original “access token.” Note the proposed refresh token requirement is different than providing an “access token” with an extended life, which is typically discouraged from a security best practice perspective so as to prevent unauthorized access if for some reason the access token were to be acquired for use by an unauthorized application.
We propose in § 170.315(g)(10)(vi) that health IT presented for testing and certification must demonstrate that it can support subsequent connections by an app and requests data without requiring the user to re-authorize and re-authenticate when a valid refresh token is supplied. Further, we propose that once a valid refresh token has been used to get a new access token that the FHIR server must demonstrate that it can issue a new refresh token to the app, which must be for a new period no shorter than three months. For example, if an application were issued a refresh token that was good for three months upon its first-ever connection and then subsequently connected to the FHIR server one month later, the FHIR server would need to enable that connection to occur without re-authentication and re-authorization, and it would need to issue a new refresh token for a new three-month period from that access date. Again, we intend to test health IT in the “Standalone Launch” and “EHR Launch” contexts pursuant to the SMART Guide.
We have proposed this renewal requirement because industry stakeholders at various meetings and conferences at which we have attended have indicated that a constant need for patients to re-authenticate and re-authorize their apps creates usability challenges and may otherwise contradict the Cures Act's intent associated with the phrase “without special effort.” Further, we are not aware of a standard, consistent
We believe that the three-month period is a reasonable length given the proposal for the re-issuance of a new refresh token. However, we acknowledge that this same policy outcome we discuss above could be achieved by, for example, having a two-month period. Accordingly, we seek comment on whether there are available specifications we should review as well as whether there should be a reasonable upper bound from a timing perspective (
For both the first time connection and subsequent connection proposals, we recognize that there is not yet a consistent, standardized specification for FHIR servers to handle data requests for multiple patients. As noted above, we expect that FHIR Release 4 will have such specificity. However, for the purposes of meeting this proposed certification criterion, we clarify that a health IT developer would be permitted to approach requests for multiple patients in the manner it deems most efficient.
In the 2015 Edition final rule we included transparent documentation requirements for all three of the API-focused certification criteria adopted in § 170.315(g)(7) through (g)(9). These requirements specified that documentation associated with API syntax (and other technical descriptors), the software components and configurations that would be necessary in order for a deployed API to successfully work, and the terms of use for the API be made publicly available. We continue to believe that such a requirement is important for proposed § 170.315(g)(10), especially in light of the Cures Act's “without special effort” provision. Such transparency and openness is commonplace in many other industries and has fueled innovation, growth, and competition. Further, we believe that full transparency is necessary to ensure that software developers building to a health IT developer's (g)(10)-certified API have a thorough understanding of any requirements against which their software will need to be designed.
In reconciling the 2015 Edition final rule's API documentation requirements with the new expectations set forth by the Cures Act regarding a health IT developer's practices, we have determined that revisions are necessary. Accordingly, we propose to revise the documentation provision in the API certification criteria adopted in § 170.315(g)(7) through (g)(9) as well as reflect the same revision in proposed § 170.315(g)(10) and (11). Specifically, we propose to focus the documentation requirement set forth by the certification criteria on solely the technical documentation associated with the API technology. As a result, we propose to remove the provision in § 170.315(g)(7) through (g)(9) associated with “terms of use” as this type of documentation could be considered more reflective of business practice and better placed with other similar requirements. Consistent with the Cures Act's API Condition of Certification, we have proposed more detailed Condition of Certification requirements associated with a health IT developer's API terms of use in order to address business practices that could interfere with and create special effort on the part of an API User.
With respect to the technical documentation that would need to be made publicly available, we recognize that our proposed formal adoption of the FHIR standard and the associated implementation specifications (for § 170.315(g)(10)) would be consistent across all health IT presented for certification. As a result there may be minimal additional documentation needed for these capabilities beyond what is already documented in these standards and specifications. However, pursuant to the limited mandatory scope proposed for “data response” (for § 170.315(g)(10)), we believe that API Technology Suppliers should disclose any additional data their (g)(10)-certified API supports in the context of FHIR resources referenced in ARCH Version1 and associated implementation specifications. For example, the Argonaut IG “Patient Profile” includes optional elements for marital status, photo, and contact (as in contact person like a guardian or friend). To the degree that a (g)(10)-certified API supports such optional data an API Technology Supplier would be required to convey this support in its published technical documentation. Additionally, we note that other specifications, like the RFC 7591, provide developers some latitude in terms of the information that could be supplied for the purposes of registration.
Thus, we propose in § 170.315(g)(10)(vii) that an API Technology Supplier would need to provide detailed information for all aspects of its (g)(10)-certified API, especially for any unique technical requirements and configurations, such as how the FHIR server handles requests for multiple patients (until such time as there is an approved standardized approach that can be cited) as well as app registration requirements. For aspects that are not unique and are fully specified by the FHIR standard and associated implementation specifications, the developer could include hyperlinks to this information as part of its overall documentation. Further, we propose to include the word “complete” in the documentation provision in order to make this point explicit and link this obligation to the associated transparency conditions proposed as part of the overall Condition of Certification. We note for health IT developers that the documentation published must be of the sort and to the level of specificity, precision, and detail that the health IT developer customarily provides to its own employees, contractors, and/or partners who develop software applications for production environments.
Lastly, we note that all of the documentation referenced by this criterion must be accessible to the public via a hyperlink without additional access requirements, including, without limitation, any form of registration, account creation, “click-through” agreements, or requirement to provide contact details or other information prior to accessing the documentation. It would also require that such documentation needs to be submitted as part of testing for this certification criterion and subsequently to ONC-ACBs for review prior to issuing a certification.
To implement the Cures Act, we have designed this API Condition of Certification in a manner that will complement the technical capabilities described in our other proposals, while addressing the broader technology and business landscape in which these API capabilities will be deployed and used.
Consistent with the attributes we have identified for the statutory phrase “without special effort,” our overarching vision for this Condition of Certification is to ensure that (g)(10)- certified APIs, among all API
The specific requirements of this Condition of Certification are discussed in several sections below. These requirements would address certain implementation, maintenance, and business practices for which clear and consistent parameters are needed to ensure that API technology is deployed in a manner that achieves the policy goals we have described. The proposed requirements would also align this Condition of Certification with other requirements and policies of the Cures Act that promote interoperability and deter information blocking, as discussed in more detail in the sections that follow.
To start this Condition of Certification, we propose in § 170.404 to apply this Condition of Certification to health IT developers with health IT certified to any of the API-focused certification criteria. These criteria include the proposed “standardized API for patient and population services” (§ 170.315(g)(10)) and “consent management for APIs” (§ 170.315(g)(11)) as well as the current “application access—patient selection” (§ 170.315(g)(7)), “application access—data category request” (§ 170.315(g)(8)), “application access—all data request” (§ 170.315(g)(9)). In other words, this entire Condition of Certification would not apply to health IT developers that do not have technology certified to any of these API-focused certification criteria. Similarly, this condition is solely applicable to these API-focused certification criteria. As a result, the proposed policies for this Condition of Certification would not apply to a health IT developer's practices associated with, for example, the immunization reporting certification criterion adopted in § 170.315(f)(1) because that criterion is not one of the API-focused criteria. However, health IT developers should remain mindful that other proposals in this proposed rule, especially those related to information blocking, could still apply to its practices associated with non-API-focused certification criteria.
Given the proposed applicability of this condition to current API-focused criteria and that health IT developers with products certified to §§ 170.315(g)(7)-(9) would need to meet new compliance requirements associated with such criteria, we also propose certain compliance timelines associated with this Condition of Certification that would need to be met.
First, we propose to adopt the Cures Act's API Condition of Certification in § 170.404(a)(1) to fully incorporate the statute's compliance requirements. Second, strictly for the scope of the API Condition of Certification, we propose to interpret the meaning of the phrase “all data elements of a patient's electronic health record” as follows.
For the reasons discussed above, the proposed § 170.315(g)(10) certification criterion and associated standards and implementation specifications would facilitate API access to a limited set of data elements (
Again, we reiterate that this specific interpretation does not extend beyond the API Condition of Certification and cannot be inferred to reduce the scope or applicability of other Cures Act Conditions of Certification or the information blocking proposals, which necessarily will include a larger scope of data. For example, other Conditions of Certification will apply to health IT developer behaviors associated with data that are not part of the USCDI or ARCH, such as the proposals at 45 CFR 170.402 and the proposals in Part 171, which apply across several stakeholders including health information networks and health care providers.
We propose as part of this Condition of Certification that API Technology Suppliers be required to make specific business and technical documentation freely and publicly accessible. Thus, we propose to adopt several transparency conditions as part of § 170.404(a)(2).
Similar to our policy associated with the API-focused certification criteria, we propose in § 170.404(a)(2)(i) that all published documentation be complete and available via a publicly accessible hyperlink that allows any person to directly access the information without any preconditions or additional steps. For example, the API Technology Supplier cannot impose any access requirements, including, without limitation, any form of registration, account creation, “click-through” agreements, or requirement to provide contact details or other information prior to accessing the documentation.
In addition to technical documentation, we propose in § 170.404(a)(2)(ii)(A) to require API Technology Suppliers to publish all terms and conditions for use of its API technology. We believe that it is important to make this information readily accessible to API Data Providers, API Users, app developers, and other persons. This transparency would ensure that these stakeholders do not experience “special effort” in the form of unnecessary costs or delays to obtain the terms and conditions for API technology. Further, we believe that full transparency is necessary to ensure that app developers have a thorough understanding in advance of any terms or conditions that might apply to them and do not encounter unanticipated hurdles once they have committed to developing software or attempt to implement or deploy such software in production.
We note that this requirement would apply to
• Develop software applications to interact with the API technology;
• distribute, deploy, and enable the use of software applications in production environments that use the API technology;
• use software applications, including to access, exchange, and use EHI by means of the API technology;
• use any EHI obtained by means of the API technology; and
• register software applications (as discussed in more below).
In addition, we propose in § 170.404(a)(2)(ii)(B) that any and all permitted fees charged by an API Technology Supplier for the use of its API technology must be published and described in detailed, plain language as part of its publicly available terms and conditions. The description of the fees must include all material information, including, but not limited to, the persons or classes of persons to whom the fee applies; the circumstances in which the fee applies; and the amount of the fee, which for variable fees must include the specific variable(s) and methodology(ies) that will be used to calculate the fee.
For the purposes of the specific transparency conditions proposed in § 170.404(a)(2) and their relationship and applicability to API Technology Suppliers with products already certified to § 170.315(g)(7), (8), or (9), we propose to establish a compliance date of six months from the final rule's effective date (which would give developers approximately eight months from the final rule's publication date) to revise their existing API documentation to come into compliance with the final rule. We also recognize that API Technology Suppliers will need to update the proposed publicly available information from time to time. Thus, for the purposes of and with respect to subsequent updates to this information, we expect API technology suppliers to make clear to the public the timing information applicable to their disclosures (
We also note that API Technology Suppliers would be expected to revise and/or construct terms and conditions for its API technology that account for and reflect the proposals associated with this API Condition of Certification and information blocking policies. In so far as an API Technology Supplier would find it necessary to enforce its published terms and conditions, we caution API Technology Suppliers to be mindful of whether such terms and conditions would be acceptable and consistent with the aforementioned policies in the first place—as an impermissible term or condition would be problematic regardless of whether it was actively enforced.
We propose in § 170.404(a)(2)(ii)(C) a final transparency condition associated with API Technology Suppliers' application developer verification processes that takes into account the fact that we did not propose to adopt the Dynamic Registration standard as part of proposed § 170.315(g)(10). Had we proposed requiring Dynamic Registration, we would have also proposed a specific Condition of Certification that would have outright prohibited API Technology Suppliers from identity proofing or verifying authenticity of an app developer when it came to apps that were designed to enable patient access.
On balance, however, we believe that permitting API Technology Suppliers to institute a process to verify the authenticity of application developers will foster additional trust in the growing API ecosystem. We seek comments and recommendations on factors that would enable registration with minimal barriers. For example, permitting API Technology Suppliers to do one- time verification of the app developers (or even rely on centralized vetting by a trusted third party), which would allow the developer's future apps to automatically register without case-by- case checks (or checks for each API Technology Supplier with which the app developer interacts). One risk to consider with Dynamic Registration plus a prohibition on vetting, for instance, is that it would be much easier for a malicious app developer to spoof another legitimate app developer's app. Such an action could ultimately lead to confusion and distrust in the market. However, the Dynamic Registration option would minimize barriers to registration especially for third-party apps designed to enable patient access. We seek comments on options and trade-offs we should consider.
Accordingly, and weighing those concerns with the Cures Act's “without special effort” provision and our proposed information blocking policies, we specifically propose to permit API Technology Suppliers to institute a process to verify the authenticity of application developers so long as such process is completed within five business days
We believe that five business days is sufficient time for API Technology Suppliers to weed out malicious developers seeking to deceive the API Technology Supplier, API Data Providers or API Users, but request public comment on other timing considerations. Moreover, we clarify that this proposed Condition of Certification is meant to set the upper bound for a verification process an API Technology Supplier would be permitted to take and should not be interpreted as compelling API Technology Suppliers to institute such a process (
We remind stakeholders that even in the case where an API Technology Supplier chooses not to vet app developers, the apps would
As a separate matter, we also recognize that in order to assure health care providers that the apps they use within their health IT will operate appropriately, will fully integrate into workflow, and will not degrade overall system performance, that API Technology Suppliers may establish additional mechanisms to vet app developers. Such mechanisms could fit into the “value-added services” permitted fee and result in the app being acknowledged or listed by the health IT developer in some special manner (
As part of this API Condition of Certification, we propose to adopt specific conditions that would set boundaries for the fees API Technology Suppliers would be permitted to charge and to whom those permitted fees could be charged. As a reminder, these proposals would only apply to a health IT developer's business practices associated with its “API technology” (
In § 170.404(a)(3)(i)(A), we propose to establish a general prohibition on API Technology Suppliers imposing fees associated with API technology. This general prohibition is meant to ensure that API Technology Suppliers do not engage in pricing practices that create barriers to entry and competition for apps and API-based services that health care providers seek to use. These outcomes would be inconsistent with the goal of enabling API-based access, exchange, and use of EHI by patients and other stakeholders without special effort.
In establishing this general prohibition, we have been mindful of the need for API Technology Suppliers to recover their costs and to earn a reasonable return on their investments in providing API technology that has been certified under the Program. Accordingly, we have identified categories of “permitted fees” that API Technology Suppliers would be permitted to charge and still be compliant with the Condition of Certification and Program requirements, and discuss these proposals below. We emphasize, however, and propose in detail below, that API Technology Suppliers would not be permitted in any way whatsoever to impose fees on any person in connection with an API Technology Supplier's work to support the use of API technology to facilitate a patient's ability to access, exchange, or use their EHI.
We note that other than for fees charged for “value-added services” (proposed in § 170.404(a)(3)(iv)), the fees permitted under this Condition of Certification must arise between an API Technology Supplier and an API Data Provider. Any fee that arises in connection with an API User's use of API technology would need to exist solely between the API Data Provider and the API User. This policy reinforces the autonomy that we believe API Data Providers should have to establish relationships with API Users. However, as discussed in detail below, API Technology Suppliers would be permitted to charge API Data Providers based on the usage activities of API Users.
We also seek to clarify that while the proposed permitted fees set the boundaries for the fees API Technology Suppliers would be permitted to charge and to whom those permitted fees could be charged, they do not prohibit who may pay the API Technology Supplier's permitted fee. In other words, these conditions limit the party from which an API Technology Supplier may require payment, but they do not speak to who may pay the fee. For example, if through some type of relationship/agreement an API User or other party offered to pay the fee an API Data Provider owed to an API Technology Supplier, that practice would be allowed and unaffected under these conditions. This is an acceptable practice because the fee is first arrived at between the API Technology Supplier and API Data Provider, and then API Technology Supplier receives payment from another party via the API Data Provider or directly on behalf of the API Data Provider. As a general matter, we note that stakeholders should be mindful of other federal and state laws and regulations that could prohibit or limit certain types of relationships involving remuneration.
We note that the proposed “permitted fees conditions” align with the requirements of the information blocking exceptions proposed in 45 CFR 171.204 and 171.206. Any fee that would not be covered by those exceptions, and that would, therefore, be suspect under the information blocking provision, would equally not be permitted by this API Condition of Certification. We strongly encourage readers to review our proposals associated with those exceptions, which are contained in sections VIII.D.4 and VIII.D.6 of this preamble, respectively.
We propose in § 170.404(a)(3)(i)(B) general conditions that an API Technology Supplier's fee must satisfy in order for such fee to be expressly permitted and thus not contravene the proposed Condition of Certification. First, we propose in § 170.404(a)(3)(i)(B)
Moreover, in order to be permitted, the fee must not be based in any part on
Second, we propose in § 170.404(a)(3)(i)(B)
Third, we propose in § 170.404(a)(3)(i)(B)
Last, we propose in § 170.404(a)(3)(i)(B)
We request comments on these general conditions for permitted fees and whether commenters believe we have created effective guardrails to ensure that fees do not prevent EHI from being accessed, exchanged, and used through the use of APIs without special effort.
As noted above, we propose that API Technology Suppliers would be prohibited from charging fees associated with API technology unless such fees are expressly permitted. Additionally, as a reminder, the scope of “API technology” subject to these proposals would only include certified health IT that fulfill the API-focused certification criteria adopted or proposed for adoption at 45 CFR 170.315(g)(7) through (g)(11). Thus, all other API functionality provided by a health IT developer with its product(s) that have no link to these certified capabilities would not be subject to this Condition of Certification.
The following proposals outline the specific circumstances in which an API Technology Supplier would be permitted to charge fees associated with API technology certified under the Program. A fee that satisfies one of the permitted fees in §§ 170.404(a)(3)(ii)-(iv) must also satisfy each of the general conditions in § 170.404(a)(3)(i) in order to be permitted and for its recovery compliant with this Condition of Certification.
In § 170.404(a)(3)(ii), we propose to permit an API Technology Supplier to charge API Data Providers reasonable fees for developing, deploying, and upgrading API technology. Fees for “developing” API technology comprise the API Technology Supplier's costs of designing, developing, and testing API technology to specifications that fulfill the requirements of the API-focused certification criteria adopted or proposed for adoption at 45 CFR 170.315(g)(7) through (g)(11). Fees for developing API technology must not include the API Technology Supplier's costs of updating the non-API related capabilities of the API Technology Supplier's existing health IT, including its databases, as part of its development of the API technology. These costs would be connected to past business decisions made by the API Technology Supplier and typically arise due to health IT being designed or implemented in nonstandard ways that unnecessarily increase the complexity, difficulty or burden of accessing, exchanging, or using EHI. The recovery of the costs associated with updating an API Technology Supplier's health IT generally would be inconsistent with the Cures Act requirement that API technology be deployed “without special effort.”
The API Technology Supplier's fees for “deploying” API technology comprise the API Technology Supplier's costs of operationalizing API technology in a production environment. Such fees include, but are not limited to, standing up hosting infrastructure, software installation and configuration, and the creation and maintenance of API Data Provider administrative functions. An API Technology Supplier's fees for “deploying” API technology does not include the costs associated with managing the traffic of API calls that access the API technology, which an API Technology Supplier can only recover under the permitted fee for usage support costs under § 170.404(a)(3)(iii). For clarity, we reiterate that for the purpose of this Condition of Certification, we consider
The API Technology Supplier's fees for “upgrading” API technology comprise the API Technology Supplier's costs of supplying an API Data Provider with an updated version of API technology. Such costs would include the costs required to bring API technology into conformity with new requirements of the Program, upgrades to implement general software updates (not otherwise covered by development fees or under warranty), or developing and releasing newer versions of the API technology at the request of an API Data Provider.
The nature of the costs that can be charged under this category of permitted fees will depend on the scope of the work to be undertaken by an API Technology Supplier (
We propose that any fees that an API Technology Supplier charges for developing, deploying, or upgrading API technology must be charged solely to the API Data Provider(s) for whom the capabilities are deployed. We propose this limitation because we believe that these costs should be negotiated between the API Technology Supplier that supplies the capabilities and the API Data Provider (
Subject to the general conditions proposed in § 170.404(a)(3)(i) and discussed above, API Technology Suppliers can recover the full range of reasonable costs associated with developing, deploying, and upgrading API technology over time. We believe it is important that API Technology Suppliers be able to recover these costs and earn a reasonable return on their investments so that they have adequate incentives to make continued investments in these technologies. In particular, we anticipate that API Technology Suppliers will need to continually expand the data elements and upgrade the capabilities associated with Certified APIs as the FHIR standard and its implementation specifications mature, and the National Coordinator expands the USCDI and ARCH.
In § 170.404(a)(3)(iii) we propose to permit an API Technology Supplier to charge usage-based fees to API Data Providers to the extent that the API technology is used for purposes other than facilitating access, exchange, or use of EHI by patients or their applications, technologies, or services.
We consider “usage-based” fees to be the fees imposed by an API Technology Supplier to recover the costs that would typically be incurred supporting API interactions at increasing volumes and scale within established service levels. That is, “usage-based” fees recover costs incurred by an API Technology Supplier due to the actual use of the API technology once it has been deployed (
As discussed above, we expect that API usage support fees would only come into play when the API Technology Supplier acts on behalf of the API Data Provider to deploy its API technology. Conversely, in scenarios where the API Data Provider, such as a large hospital system, assumes full responsibility for the technical infrastructure necessary to deploy and host the API technology it has acquired, the volume and scale of its usage would be the API Data Provider's sole responsibility. As a result, in this scenario and under our proposal's structure, an API Technology Supplier would not be permitted to charge usage-based fees. Instead, the API Technology Supplier would be limited to the fees it would be permitted to recover through the “development, deployment, upgrade” permitted fee discussed above.
We reiterate, that “usage-based” fees would need to be settled between an API Technology Supplier and API Data Provider. The API Technology Supplier would have no standing to go around or through the API Data Provider to issue fees to, for example, a population health analytics company engaged by an API Data Provider who accesses the API Data Provider's data via the API technology.
We propose that any usage-based fees associated with API technology be limited to the recovery of the API Technology Supplier's “incremental costs.” An API Technology Supplier's “incremental costs” comprise the API Technology Supplier's costs that are directly attributable to supporting API interactions at increasing volumes and scale within established service levels. We propose than an API Technology Supplier should “price” its costs of supporting access to the API technology by reference to the additional costs that the API Technology Supplier would incur in supporting certain volumes of API use. In practice, we expect that this means that API Technology Suppliers will offer a certain number of “free” API calls based on the fact that, up to a certain threshold, the API Technology Supplier will not incur any material costs in supporting API technology in addition to the costs recovered for deployment services. However, after this threshold is exceeded, we expect that the API Technology Supplier will impose usage-based costs commensurate to the additional costs that the API Technology Supplier must incur to support API technology use at increasing volumes and scale.
We expect that API Technology Suppliers would charge fees that are correlated to the incremental ratchetting up of the cost required to meet increased demand. For example, if, at a certain volume of API calls, the API Technology Supplier needed to deploy
Notwithstanding the above, we note that API Technology Suppliers may choose to charge for their API usage support services on a “pay as you go” basis, such as a fee-per-call pricing structure. This approach could be consistent with the requirement that the API Technology Supplier only impose its incremental costs, and the requirements of this Condition of Certification more generally. However, depending on the amount being charged, this pricing model is open to abuse, with API Data Providers at risk of paying unreasonably high fees if the volume of API use is high and when the API Data Provider does not share in the benefits enjoyed by the API Technology Supplier when delivering a service at scale. As such, the API Technology Supplier would need to be careful to ensure that the total fees paid by an API Data Provider were reasonably related to the API Technology Supplier's costs of supporting the API technology. Where the fees paid over a reasonable measuring period were not reasonably related to the API Technology Supplier's costs, they would not be permitted.
We are also aware that API Technology Suppliers may offer a pricing structure for API usage support based on unlimited API calls. That is, the API Technology Supplier may charge a flat-fee irrespective of the volume of traffic accessing the API technology. Such a pricing model would be allowed under the proposed condition provided that the API Technology Supplier's fee for API usage support was reasonably related to the cost of the services that it had agreed to provide. This would mean that the API Technology Supplier would need to make a realistic estimate of the volume of API calls that it would need to support to fulfill any service level promised, and calculate its fee based on the costs of supporting that call volume. So long as the API Technology Supplier made a realistic estimate of the anticipated volume and support level, the legitimacy of the API Technology Supplier's fees, and its ability to recover them as permitted fees, would be unaffected by API Users making lower than expected use of API technology.
In the context of this proposed permitted fee's scope and the proposed general prohibition on fees, we seek to make clear that API Technology Suppliers would be prohibited from charging (or including in their contracts and agreements with API Data Providers) any usage-based fees for API uses that are associated with the access, exchange, and use of EHI by patients or their applications, technologies, or services. This would include, among other things, API calls or other transactions initiated by or on behalf of a patient, including third parties (
Usage fees associated with the access, exchange, and use of EHI by patients is a specific example of a prohibited fee that would fit under the general prohibition of a “fee not otherwise permitted” and is based on several considerations. First, such fees between an API Technology Supplier and API Data Provider would likely be passed on directly to patients, creating a significant impediment to their ability to access, exchange, and use their EHI, without special effort, through applications and technologies of their choice. More fundamentally, most of the information contained in a patient's electronic record has been documented during the practice of medicine or has otherwise been captured in the course of providing health care services to patients. In our view, patients have effectively paid for this information, either directly or through their employers, health plans, and other entities that negotiate and purchase health care items and services on their behalf. Thus, our proposal reflects our belief that it is inappropriate to charge patients additional costs to access this information, whether those costs are charged directly to patients or passed on as a result of fees charged to persons that provide apps, technologies, and services on a patient's behalf.
To be clear, if an API Data Provider sought to employ API technology for the limited purpose of making EHI available to patients and their apps, the API Data Provider's API Technology Supplier would have no legitimate basis to charge the API Data Provider, or any other person, for the “patient access” usage-based costs associated with the API technology.
Any unreasonable fees associated with a patient's access to their EHI may be suspect under the information blocking provision. Such fees may also be inconsistent with an individual's right of access to their PHI under the HIPAA Privacy Rule (45 CFR 164.524).)
In addition to our proposal in § 170.404(a)(3)(iii)(A) and detailed above that this permitted fee would not include any costs incurred by the API Technology Supplier to support uses of the API technology that facilitate a patient's ability to access, exchange, or use their electronic health information, we also propose to explicitly exclude two additional costs from this permitted fee. In § 170.404(a)(3)(iii)(B), we propose that this permitted fee would not include costs associated with intangible assets (including depreciation or loss of value), except the actual development or acquisition costs of such assets. For instance, an API Technology Supplier could not charge an API Data Provider a fee based on the purported “cost” of allowing the API Data Provider to use the API Technology Supplier's patented API technology. As discussed in more detail in section VIII.D.4 (Information Blocking), we believe it would be inappropriate to permit an actor to charge a fee based on these considerations, which are inherently subjective and could invite the kinds of rent-seeking and opportunistic pricing practices that create barriers to access, use, and exchange of EHI and impede interoperability.
In § 170.404(a)(3)(iii)(C), we propose that this permitted fee would not include opportunity costs, except for the reasonable forward-looking cost of capital. These speculative costs could include revenues that an API Technology Supplier could have earned had it not provided the API technology. We clarify that the exclusion of opportunity costs would not preclude an API Technology Supplier from recovering its reasonable forward-looking cost of capital. We believe these costs are relatively concrete and that permitting their recovery will protect incentives for API Technology Suppliers to invest in developing and providing interoperability elements (as described in section VIII.D.4).
In § 170.404(a)(3)(iv) we propose to permit an API Technology Supplier to charge fees to API Users
We believe it appropriate to permit this type of fee because API Technology Suppliers may offer a wide-range of market differentiating services to make it attractive for API Users to develop software applications that can interact with the API technology supplied by an API Technology Supplier. Such services could include advanced training, premium development tools and distribution channels, and enhanced compatibility/integration testing assessments. For example, an API Technology Supplier would be permitted to charge fees for value-added services that would be associated with but go beyond the scope set by the (g)(10)-certified API, such as write access, co-branded integration into the API Technology Supplier's product(s) workflow, co-marketing arrangements, and promoted placement in an API Technology Supplier's app store. That said, we caution API Technology Suppliers that value-added services would have to be made available in a manner that complies with other requirements of this Condition of Certification and with the information blocking provision.
To illustrate the scope of the fees permitted under this proposal, we clarify that the permitted value-added services fee would enable an API Technology Supplier to recover certain costs associated with operating an “app store.” However, those fees cannot interfere with an API User's ability to efficiently and effectively develop and deploy production-ready apps without special effort. We are aware that API Technology Suppliers offer services associated with the listing and promotion of apps beyond basic app placement. Such fees would be permitted, so long as the API Technology Supplier ensured that basic access and listing in the app store was provided free of charge if an app developer depended on such listing to efficiently and effectively develop and deploy production-ready apps without special effort. Fees charged for additional/specialized technical support or promotion of the API User's app beyond these basic access and listing services would also be permitted. In contrast, if an API Technology Supplier required, for example, a software developer's app to go through a paid listing process as a dependency/precondition to be able to be deployed (and generally accessible) to the API Technology Supplier's health care provider customers to use, this would not be a permitted fee under this Condition of Certification, would constitute special effort, and could raise information blocking concerns.
As discussed above, we proposed that any API-related fee imposed by an API Technology Supplier that is not expressly permitted is prohibited. This approach is necessary because, as discussed in section VIII.C.5.c of this proposed rule, we continue to receive evidence that some health IT developers are engaging in practices that create special effort when it comes to API technology. These practices include fees that create barriers to entry or competition as well as rent-seeking and other opportunistic behaviors. For example, some health IT developers are conditioning access to technical interoperability documentation on revenue-sharing or royalty agreements that bear no plausible relation to the costs incurred by the health IT developer to provide or enable its use. We are also aware of discriminatory pricing policies that have the purpose or effect of excluding competitors from the use of APIs and other interoperability elements. These practices close off the market to innovative applications and services that could empower patients and enable providers to deliver greater value and choice to health care consumers and additional service providers.
To address these concerns we provide the following non-exhaustive examples of fees for services that API Technology Suppliers would be prohibited from charging:
• Any fee for access to the documentation that an API Technology Supplier is required to publish or make available under this Condition of Certification.
• Any fee for access to other types of documentation or information that a software developer may reasonably require to make effective use of API technology for any legally permissible purpose.
• Any fee in connection with any services that would be essential to a developer or other person's ability to develop and commercially distribute production-ready applications that use API technology. These services could include, for example, access to “test environments” and other resources that an app developer would need to efficiently design and develop apps. The services could also include access to distribution channels if they are necessary to deploy production-ready software and to production resources, such as the information needed to connect to FHIR servers (endpoints) or the ability to dynamically register with an authorization server.
We request comment on any additional specific “permitted fees” not addressed above that API Technology Suppliers should be able to recover in order to assure a reasonable return on investment. Furthermore, we request comment on whether it would be prudent to adopt specific, or more granular, cost methodologies for the calculation of the permitted fees. Commenters are encouraged to consider, in particular, whether the approach we have described will be administrable and appropriately balance the need to ensure that patients, providers, app developers, and other stakeholders do not encounter unnecessary costs and other special effort with the need to provide adequate assurance to API Technology Suppliers, investors, and innovators that they will be able to earn a reasonable return on their investments in API technology. We welcome comments on whether the approach adequately balances these concerns or would achieve our stated policy goals, and we welcome comments on potential revisions or alternative approaches. We encourage detailed comments that include, where possible, economic justifications for suggested revisions or alternative approaches.
To provide appropriate accountability, we propose in § 170.404(a)(3)(v) that API Technology Suppliers must keep for inspection
Separately, an API Technology Supplier would need to document the criteria it used to allocate any costs across relevant customers, requestors, or other persons. The criteria must be documented in a level of detail that would enable determination as to whether the API Technology Supplier's cost allocations are objectively reasonable and comply with the cost accountability requirements, including whether fees reflect the API Technology Supplier's actual costs reasonably incurred, were allocated reasonably and between only those API Data Providers that either cause the costs to be incurred or benefit from the associated supply or support of the API technology, and were distributed across customers and other relevant persons in a permissible manner, as described above.
We note that an API Technology Supplier must retain its accounting records consistent with the retention requirement proposed for adoption as part of the Assurances Condition of Certification (proposed for adoption in § 170.402). In the event that a potential violation of this Condition and Maintenance of Certification creates a conformance fact-finding scenario by ONC or information blocking is investigated, we believe that this period of time would provide ONC with appropriate visibility into the API Technology Supplier's business practices.
We request comment on whether these requirements provide adequate traceability and accountability for costs permitted under this API Condition of Certification. We also seek comment on whether to require more detailed accounting records or to prescribe specific accounting standards.
We propose that API Technology Suppliers would have to comply with certain requirements to promote an open and competitive marketplace. As a general condition, we propose in § 170.404(a)(4) that API Technology Suppliers must grant API Data Providers (
As important context for these proposals, we note that the API technology required by this Condition of Certification falls squarely within the concept of “essential interoperability elements” described in section VIII.C.4.b of this preamble and, as such, are subject to strict protections under the information blocking provision. As a corollary, to the extent that API Technology Suppliers claim an intellectual property right or other proprietary interest in the API technology, they must take care not to impose any fees, require any license terms, or engage in any other practices that could add unnecessary cost, difficulty, or other burden that could impede the effective use of the API technology for the purpose of enabling or facilitating access, exchange, or use of EHI. Moreover, even apart from these information blocking considerations, we believe that, as developers of technology certified under the Program, API Technology Suppliers owe a special responsibility to patients, providers, and other stakeholders to make API technology available in a manner that is truly “open” and minimizes any costs or other burdens that could result in special effort. The proposed conditions set forth below are intended to provide clear rules and expectations for API Technology Suppliers so that they can meet these obligations.
We propose in § 170.404(a)(4)(i) that an API Technology Supplier must adhere to a strictly non-discriminatory policy regarding the provision of API technology. As a starting point, we propose to require in § 170.404(a)(4)(i)(A) that API Technology Suppliers comply with all of the requirements discussed in section VIII.C.4.b of this proposed rule regarding the non-discriminatory provision of interoperability elements. Accordingly, and consistent with developers' obligations under the Program and our expectation that API technology be truly “open,” we propose to require that API Technology Suppliers must provide API technology to API Data Providers on terms that are no less favorable than they would provide to themselves and their customers, suppliers, partners, and other persons with whom they have a business relationship. This requirement would apply to both price and non-price terms and thus would apply to any fees that the API Technology Supplier is permitted to charge under the “permitted charges conditions” of this Condition of Certification. We believe this requirement would ensure that API Data Providers (
Next, we propose in § 170.404(a)(4)(i)(B) that any terms and conditions associated with API technology would have to be based on objective and verifiable criteria that are uniformly applied for all substantially similar or similarly situated classes of persons and requests. For example, if the API Technology Supplier applied an “app store” entry/listing process unequally and added arbitrary criteria based on the use case(s) an app was focused on, such business practices would not comply with this specific condition and could also be in violation of the information blocking provision.
Moreover, we propose in § 170.404(a)(4)(i)(C) that an API Technology Supplier would be prohibited from offering or varying such terms or conditions on the basis of impermissible criteria, such as whether the API User with whom the API Data Provider has a relationship is a competitor, potential competitor, or will be using EHI obtained via the API technology in a way that facilitates competition with the API Technology Supplier. The API Technology Supplier would also be prohibited from taking into consideration the revenue or other value the API User with whom the API Data Provider has a relationship may derive from access, exchange, or use of EHI obtained by means of the API technology. We believe these proposals
We propose in § 170.404(a)(4)(ii)(A) that an API Technology Supplier would have to make API technology available in a manner that enables API Data Providers and API Users to develop and deploy apps to access, exchange, and use EHI in production environments. To this end, we propose that an API Technology Supplier must have and, upon request, must grant to API Data Providers and their API Users all rights that may be reasonably necessary to access and use API technology in a production environment. In other words, this proposal is focused on the provision of rights reasonably necessary to access and use API technology and does not extend to other intellectual property maintained by the API Technology Supplier, especially intellectual property that has no nexus with the access and use of API technology. In situations where such a nexus exists, even partially, the API Technology Supplier would have the duty to determine a method to grant the applicable rights reasonably necessary to access and use the API technology. And if practicable, under these partial cases, we note that it would be possible for the API Technology Supplier to exclude the intellectual property that would have no impact on the access and use of the API technology.
Accordingly, following our proposal, API Technology Suppliers would need to grant API Data Providers and their API Users with rights that could include but not be limited to the following in order to sufficiently support the use of the API technology:
• For the purposes of developing products or services that are designed to be interoperable with the API Technology Supplier's health IT or with health IT under the API Technology Supplier's control.
• Any marketing, offering, and distribution of interoperable products and services to potential customers and users that would be needed for the API technology to be used in a production environment. Note, API Technology Suppliers, pursuant to the “value-added services” permitted fee, would be able to offer and charge for services such as preferential marketing agreements, co-marketing agreements, and other business arrangements so long as such services are beyond what is necessary for the API technology to be put into use in a production environment.
• Enabling the use of the interoperable products or services in production environments, including accessing and enabling the exchange and use of electronic health information.
Relatedly, in § 170.404(a)(4)(ii)(B) we propose to prohibit an API Technology Supplier from imposing any collateral terms or agreements that could interfere with or lead to special effort in the use of API technology for any of the above purposes. We note that these collateral terms or agreements may also implicate the information blocking provision for the reasons described in section VIII.D.3.c of this preamble. These specific proposed conditions would expressly prohibit an API Technology Supplier from conditioning any of the rights described above on the requirement that the recipient of the rights do, or agree to do, any of the following:
• Pay a fee to license the rights described above, including but not limited to a license fee, royalty, or revenue-sharing arrangement.
• Not compete with the API Technology Supplier in any product, service, or market.
• Deal exclusively with the API Technology Supplier in any product, service, or market.
• Obtain additional licenses, products, or services that are not related to or can be unbundled from the API technology.
• License, grant, assign, or transfer any intellectual property to the API Technology Supplier.
• Meet additional developer or product certification requirements.
• Provide the API Technology Supplier or its technology with reciprocal access to application data.
These prohibitions largely mirror those proposed under the exception to the information blocking definition in § 171.206 and reflect the same concerns expressed in that context in section VIII.D.3.c of this preamble. However, we note the following important distinction: Whereas proposed § 171.206 would permit a developer to charge a reasonable royalty to license interoperability elements, this API Condition of Certification would not permit any such royalty, license fee, or other type of fee of any kind whatsoever pursuant to the general fee prohibition proposed in the “permitted charges condition.” This additional limitation reflects the more exacting standards that apply to API Technology Suppliers with respect to the provision of API technology under this Condition of Certification. While we believe that, for the reasons described in section VIII.D.3.c of this preamble, health IT developers should generally be permitted to charge reasonable royalties for the use of their intellectual property, we consider API technology to be a special case. Certified health IT developers (
We clarify that the prohibitions explained above against additional developer or Health IT Module certification requirements and, separately, against requirements for reciprocal access to application data, are within the scope of the collateral terms prohibited by proposed § 171.206 even though these additional API Technology Supplier requirements are not explicitly referenced by that exception because they are not generally applicable to all types of interoperability elements. Nevertheless, permitting an API Technology Supplier to impose these kinds of additional requirements would be inconsistent with the Cures Act's expectation that API technology be made available openly and in a manner that promotes competition. For the same reason such practices may raise information blocking concerns.
To support the use of API technology in production environments, we propose in § 170.404(a)(4)(iii) that an API Technology Supplier must provide all support and other services that are reasonably necessary to enable the effective development, deployment, and use of API technology by API Data Providers and its API Users in production environments. In general, the precise nature of these obligations will depend on the specifics of the API Technology Supplier's technology and the manner in which it is implemented and made available for specific customers. Therefore, with the following exceptions, we do not delineate the API Technology Supplier's specific support obligations and instead propose a general requirement to this effect in § 170.404(a)(4)(iii).
We propose to require in § 170.404(a)(4)(iii)(A) that API Technology Suppliers must make reasonable efforts to maintain the compatibility of the API technology they develop and assist API Data Providers to deploy in order to avoid disrupting the use of API technology. Similarly, we propose in § 170.404(a)(4)(iii)(B) that prior to making changes or updates to its API technology or to the terms or conditions thereof, an API Technology Supplier would need to provide notice and a reasonable opportunity for its API Data Provider customers and registered application developers to update their applications to preserve compatibility with its API technology or to comply with any revised terms or conditions. Without this opportunity, clinical and patient applications could be rendered inoperable or operate in unexpected ways unbeknownst to the users or software developers.
Further, we note that this proposal aligns with the exception to the information blocking definition proposed in § 171.206. As explained in section VIII.D.3.c of this preamble, the information blocking definition would be implicated were an API Technology Supplier to make changes to its API technology that “break” compatibility or otherwise degrade the performance or interoperability of the licensee's products or services that incorporate the licensed API technology. We propose these additional safeguards are important in light of the ease with which an API Technology Supplier could make subtle “tweaks” to its technology or related services, which could disrupt the use of the licensee's compatible technologies or services and result in substantial competitive and consumer injury.
We clarify that this requirement would in no way prevent an API Technology Supplier from making improvements to its technology or responding to the needs of its own customers or users. However, the API Technology Supplier would need to demonstrate that whatever actions it took were necessary to accomplish these purposes and that it afforded the licensee a reasonable opportunity under the circumstances to update its technology to maintain interoperability. Relatedly, we recognize that an API Technology Supplier may have to suspend access or make other changes immediately and without prior notice in response to legitimate privacy, security, or patient safety-related exigencies. Such practices would be permitted by this Condition of Certification provided they are tailored and do not unnecessarily interfere with the use of API technology. From an information blocking standpoint, if such practices interfered with access, exchange, or use of EHI, the API Technology Supplier could seek coverage under the exceptions to the information blocking provision described in section VIII.D of this preamble. For instance, if the suspended access was in response to a privacy exigency, the API Technology Supplier may be able to seek coverage under the exception for promoting the privacy of EHI at proposed § 171.202.
We propose to adopt Maintenance requirements for this Condition of Certification. These maintenance requirements would be duties that we believe the Cures Act expected API Technology Suppliers (
In the specific context of application registration, we wish to underscore that to provide a frictionless experience for developers of these applications and individuals that use them, an API Technology Supplier would be required to provide all services and other support necessary to ensure that such apps can be deployed and used in production without any additional assistance or intervention by the API Technology Supplier. For this reason, we propose in § 170.404(b)(1) a specific requirement for API Technology Suppliers that they would need to “register” (in connection with the API technology functionality proposed in § 170.315(g)(10)(iii)) and enable all applications for production use within one business day of completing its verification of an application developer's authenticity as described in proposed § 170.404(a)(2)(ii)(C). We propose this explicit requirement is necessary in order to ensure that a patient's ability to use an app of their choice is not artificially or intentionally slowed by an API Technology Supplier, causing special effort on the part of the patient to gain access to their EHI. We also emphasize that this is specific duty for API Technology Suppliers in the course of maintaining the Health IT Module(s)' certificate to which their API technology is associated. In instances where an API Technology Supplier chooses not to perform app developer verification processes described in proposed § 170.404(a)(2)(ii)(C), it would need to solely meet this one business day requirement from the point of having received a request for registration.
In order to interact with a FHIR RESTful API, an app needs to know the “FHIR Service Base URL,” which is often referred to colloquially as a “FHIR server's endpoint.”
We propose in § 170.404(b)(3) that an API Technology Supplier with API technology previously certified to the certification criterion in § 170.315(g)(8) must provide all API Data Providers with such API technology deployed with API technology certified to the certification criterion in § 170.315(g)(10) within 24 months of this final rule's effective date. We believe this Maintenance of Certification requirement will permit ONC to monitor and facilitate the rollout to health care providers of this important functionality. This is of particular relevance as we propose below to include this functionality in the 2015 Base EHR definition in place of the
As described in detail above, we have propose to adopt a new certification criterion in § 170.315(g)(10) that would replace the current criterion adopted in § 170.315(g)(8) and as referenced in the 2015 Edition Base EHR definition expressed in § 170.102. This change is necessary to fully implement the Cures Act and ensure that API Technology Suppliers have the requisite incentive to deploy standardized APIs that can be used “without special effort” and API Data Providers have added incentive to adopt such functionality. As result, we propose to create a phase-in for the proposed API certification criterion in § 170.315(g)(10) from the issuance of a subsequent final rule. This phase-in period includes separate and sequential time for API Technology Suppliers and API Data Providers.
Consistent with our proposed compliance timing for the certification criterion proposed for adoption in § 170.315(b)(10), we propose to add compliance timeline language to the 2015 Edition Base EHR definition for the transition from § 170.315(g)(8) to § 170.315(g)(10) that would reflect a total of 24 months from the final rule's effective date (which practically speaking would be 25 months because of the 30-day delayed effective date). We believe this approach is best because it identifies a single, specific date for both API Technology Suppliers and API Data Providers by which upgraded API technology needs to be deployed in production. We also believe that 24 months is sufficient for this upgrade because the scope and nature of our proposals intersect and reflect a large portion of capabilities API Technology Suppliers have already developed and deployed to meet § 170.315(g)(8). Moreover, this single date enables API Technology Suppliers (based on their client base and IT architecture) to determine the most appropriate timeline for development, testing, certification, and product release cycles in comparison to having to meet an arbitrary “must be certified by this date” requirement.
The Cures Act requires, as a Condition and Maintenance of Certification under the Program, that health IT developers have successfully tested the real world use of the technology for interoperability in the type of setting in which such technology would be marketed. The Cures Act defines interoperability as “health information technology that enables the secure exchange of electronic health information with, and use of electronic health information from, other health information technology without special effort on the part of the user; allows for complete access, exchange, and use of all electronically accessible health information for authorized use under applicable state or federal law; and does not constitute information blocking as also defined by the Cures Act.”
The Program issues, and will continue to issue under our real world testing approach, certifications to health IT through a process whereby health IT is assessed against the testing requirements established by ONC. Often, this means health IT is tested by an ONC-ATL in a laboratory environment through methods that include a testing proctor's visual inspection of functions, review of developer-provided documentation of functions, and testing tools with simulation test data. An ONC-ACB evaluates the results of testing and makes a determination, based on these test results and an assessment of compliance with other Program requirements, to issue the health IT a certificate. Over the course of the Program's existence, ONC has emphasized the continued conformance of certified health IT products post-certification in real world and clinical settings. For example, ONC expanded the responsibilities of ONC-ACBs in the 2015 Edition final rule to require that they perform in-the-field surveillance. We did this to affirm the Program's long-standing expectations that certified health IT continue to operate in accordance with certification requirements when implemented in the field (80 FR 62707-62719). These efforts are also in line with the Cures Act's real world testing Condition of Certification through their focus on system interoperability and exchange of information as deployed and used in care environments—that is to say, in the “real world.”
The objective of real world testing is to verify the extent to which certified health IT deployed in operational production settings is demonstrating continued compliance to certification criteria and functioning with the intended use cases as part of the overall maintenance of a health IT's certification. Real world testing should ensure certified health IT has the ability to share electronic health information with other systems. Real world testing should assess that the certified health IT is meeting the intended use case(s) of the certification criteria to which it is certified within the workflow, health IT architecture, and care/practice setting in which the health IT is implemented. Accordingly, we propose that successful real world testing means for the purpose of this Condition of Certification that:
• The certified health IT continues to be compliant to the certification criteria to which it is certified, including the required technical standards and vocabulary codes sets;
• The certified health IT is exchanging electronic health information in the care and practice settings for which it is intended for use; and
• Electronic health information is received by and used in the certified health IT.
We propose to limit the applicability of this Condition of Certification to health IT developers with Health IT Modules certified to one or more 2015 Edition certification criteria focused on interoperability and data exchange, which are:
• The care coordination criteria in § 170.315(b);
• The clinical quality measures (CQMs) criteria in § 170.315(c)(1) through (c)(3);
• The “view, download, and transmit to 3rd party” criterion in § 170.315(e)(1);
• The public health criteria in § 170.315(f);
• The application programming interface criteria in § 170.315(g)(7) through (g)(11); and
• The transport methods and other protocols criteria in § 170.315(h).
The 2015 Edition certification criteria that are not included in the proposed list include many functionality-based criteria, administrative criteria, and, overall, criteria that do not focus on interoperability
We solicit comment on whether to include the “patient health information capture” certification criteria in § 170.315(e)(3), including the value of real world testing these functionalities compared to the benefit for interoperability and exchange. We also solicit comment on whether any other 2015 Edition certification criteria should be included or removed from the applicability list for this Condition of Certification.
To fully implement the real world testing Condition of Certification as described above, we propose Maintenance of Certification requirements that would require health IT developers to submit publicly available prospective annual real world testing plans and retrospective annual real world testing results for its certified health IT that include certification criteria focused on interoperability. As we considered the various approaches to implement this Cures Act requirement on health IT developers, we determined that health IT developers would be best positioned to construct how their certified health IT could be tested in the real world. Moreover, by requiring health IT developers to be responsible for facilitating their certified health IT testing in production settings and being held accountable to publicly publish their results, we would balance the respective burden of this statutory requirement with its intended assurances for health care providers. Additionally, ONC is not adequately resourced to centrally administer a real world testing regime among each health IT developer and its customers, nor do we have the specific relationships with health care providers that health IT developers do. Lastly, even if ONC were positioned to support and scale a real world testing regime, we would run the risk of having one-size-fits-all tools that would not necessarily get to the level of detail and granularity necessary and reflective of different health care settings and different scopes of practice that use certified health IT.
Given these considerations, we propose that a health IT developer must submit an annual real world testing plan to its ONC-ACB via a publicly accessible hyperlink no later than December 15, of each calendar year for each of its certified 2015 Edition Health IT Modules that include certification criteria specified for this Condition of Certification. Prior to submission to the ONC-ACB, the plan would need to be approved by a health IT developer authorized representative capable of binding the health IT developer for execution of the plan and include the representative's contact information. The plan would need to include all health IT certified to the 2015 Edition through August 31 of the preceding year. The plan would also need to address the health IT developer's real world testing for the upcoming calendar year and include, for each of the certification criteria in scope:
• The testing method(s)/methodology(ies) that will be used to demonstrate real world interoperability, including a mandatory focus on scenario- and use case-focused testing;
• The care and practice setting(s) that will be tested for real world interoperability, including conformance to certification criteria requirements, and an explanation for the health IT developer's choice of care setting(s) to test;
• The timeline and plans for voluntary updates to standards and implementation specifications that ONC has approved (further discussed below);
• A schedule of key real world testing milestones;
• A description of the expected outcomes of real world testing;
• At least one measurement/metric associated with the real world testing; and
• A justification for the health IT developer's real world testing approach.
The intended testing methods/methodologies would need to address testing scenarios, use cases, and workflows associated with interoperability. Testing may occur in the operational setting using real patient data, in an environment that mirrors the clinical setting using synthetic or real patient data, or in the clinical setting with synthetic data intermixed. Note that when Health IT developers who are HIPAA business associates are conducting testing using ePHI, such testing must be conducted consistent with their business associate agreements and other compliance responsibilities. The health IT developer may also partner with other health IT developers to perform real world testing. We would expect developers to consider such factors as the size of the organization that production systems support, the type of organization and setting, the number of patient records and users, system components and integrations, and the volume and types of data exchange in planning for real world testing. We would also expect developers to explain how they will incorporate voluntary standards updates in their real world testing as discussed further below. While we are not proposing a minimum proportion of the customer base that must be covered in real world testing, we highly encourage developers to find ways to ensure, to the extent practical, proportionate coverage of their customer base that balances the goals of real world testing with burden to providers. Health IT developers would not be required to test the certified health IT in each and every setting in which it is intended for use as this would likely not be feasible due to the associated burden; however, developers must address their choice of care and/or practice settings to test and ONC encourages developers test in as many settings as feasible. Additionally, health IT developers would be required to provide a justification for their chosen approach. Because our approach provides great flexibility for health IT developers with respect to demonstrating compliance, we believe it is imperative that they provide a justification to explain their methodology. Through the transparent reporting of their real world testing plans, the public will have an opportunity to consider a health IT developer's chosen approach(es) and whether it is sufficiently comprehensive to provide assurance that the certified health IT has satisfactorily demonstrated its satisfaction of Program requirements including interoperability in real world settings relevant to their needs.
Health IT developers should consider existing testing tools and approaches that may be used to assess real world interoperability. For example, we encourage health IT developers to consider metrics of use and exchange from existing networks, communities, and tools including, but not limited to, Surescripts, Carequality, CommonWell Health Alliance, the C-CDA One-Click Scorecard, and DirectTrust. We do not believe that testing through the ONC-approved test procedures is sufficient to demonstrate real world use as the test procedures developed for initial laboratory testing and certification are generally setting agnostic, focused on standards conformance, and do not always test the full scope of the certification criteria's intended functionality. We also clarify that the
We propose that health IT developers with multiple certified health IT products that may include the same interoperability-focused certification criteria intended to be implemented in the same settings have the discretion to design their real world testing plans in a way that efficiently tests a combination of products. Likewise, health IT developers may find portions of their real world testing plans are transferrable to their other certified products; thus a health IT developer could choose to submit a real world testing plan that covers multiple certified products as appropriate and as long as there is traceability to the specific certified Health IT Modules. To be clear, developers of health IT products deployed through the cloud who offer their products for multiple types of settings would be required to test the same capability for those different settings. However, we solicit comment on whether we should offer an exemption for services that truly support all of a developer's customers through a single interface/engine and whether this would be sufficient to meet the intent of the real world testing Condition of Certification. Additionally, while the developers' plans must address each of the interoperability-focused certification criteria in their certified health IT, developers can and should design scenario-based test cases that incorporate multiple functionalities as appropriate for the real world workflow and setting.
We propose that a health IT developer would submit annual real world testing results to their ONC-ACBs via a publicly accessible hyperlink no later than January 31, of each calendar year for the preceding calendar year's real world testing. Real world testing results for each interoperability-focused certification criterion must address the elements required in the previous year's testing plan, describe the outcomes of real world testing with any challenges encountered, and provide at least one measurement or metric associated with the real world testing. As noted above, developers are encouraged to use metrics demonstrating real world use from existing networks and communities. We seek comment on whether ONC should require developers submit real world testing results for a minimum “core” set of general metrics/measurements and examples of suggested metrics/measurements. We also invite comment on the proposed annual frequency and timing of required real world testing results reporting.
We acknowledge that a subsequent final rule for this proposed rule may not provide sufficient time for health IT developers to develop and submit plans for a full year of real world testing in 2020. If such a situation comes to fruition, we expect to provide an appropriate period of time for developers to submit their plans and potentially treat 2020 as a “pilot” year for real world testing. We would expect that such pilot testing conform to our proposed real world testing to the extent practical and feasible (
We clarify, and propose, that even if a health IT developer does not have customers or has not deployed their certified Health IT Module at the time the real world testing plan is due, the health IT developer would still need to submit a plan that addresses its prospective testing for the coming year for any health IT certified prior to August 31 of the preceding calendar year. If a health IT developer does not have customers or has not deployed their certified Health IT Module when the annual real world testing results are due, we propose that the developer would need to report as such to meet the proposed Maintenance of Certification requirement. For further clarity, a developer would not need to report on any health IT certified after August 31, in the preceding year.
As new and more advanced versions
We propose to establish the Standards Version Advancement Processnot only to meet the Cures Act's goals for interoperability, but also in response to the continuous stakeholder feedback that ONC has received through prior rulemakings and engagements, which requested that ONC establish a predictable and timely approach within the Program to keep pace with the industry's standards development efforts. Rulemaking has not kept up with the pace of standards development and deployment in the health care market. There is no better evidence of this reality than by example from our 2015 Edition rulemaking finalized approximately three years ago and before the Cures Act added Conditions and Maintenance of Certification provisions to the PHSA. Two version updates of the National Health Care Survey standard (versions 1.1 and 1.2) have been issued since we adopted version 1.0 in the 2015 Edition final rule (October 16, 2015). Health IT developer and health care provider compliance and use of these versions has and will be necessary for submission to Centers for Disease Control and Prevention (CDC) even though the certification criterion adopted in § 170.315(f)(7) continues to require conformance to version 1.0. Similarly, many other adopted standards have seen multiple newer versions introduced to the market since we issued the 2015 Edition final rule, such as for eCQM reporting or e-prescribing. The proposed Standards
We have also been informed by stakeholders that, in other cases, ONC's inability to more nimbly identify and incorporate newer versions to standards and implementation specifications that were already adopted by the Secretary into the Program has perversely impacted standards developing organization (SDO) processes. Although SDOs can rapidly iterate version updates to standards and implementation specifications to address ambiguities and implementation challenges reported from the field and to particularly address matters that adversely impact interoperability, the lack of a clear path for that work effort to be timely realized as part of the Program's certification requirements has had a chilling effect on the pace of change. It can also affect the willingness of volunteers at these SDOs to devote their time to make updates that would be outdated by the time ONC goes through a rulemaking, which can be years. Stakeholders have indicated that certified health IT developers, customers and users of certified health IT, and the SDO industry have been technologically restricted and innovation-stunted as a result of our prior regulatory approach, which focused on certification assuring compliance only to the version of a standard adopted in regulation and did not provide an avenue for the Program to accommodate iterative updates to standards during the time between rulemakings. With the passage of the “maintenance of certification” provision in § 4002 of the Cures Act, we believe the approach proposed here is in line with our new statutory authority regarding Conditions of Certification and Maintenance of Certification and would better and more timely support market demands for widespread interoperability.
In supporting more rapid advancement of interoperability, we believe the proposed Standards Version Advancement Process approach will benefit patient care, improve competition, and spur additional engagement in standards development. To this point, currently, if the USCDI v1 were adopted as currently proposed in § 170.213 and then needed to be updated to add just one data class or data element (
The Standards Version Advancement Process and corresponding proposed revisions to §§ 170.550 and 170.555 would introduce two types of administrative flexibility for health IT developers participating in the Program. First, for those health IT developers with an existing certified Health IT Module, the Health IT Modules would be permitted to be upgraded (in the course of ongoing maintenance) to a new version of an adopted standard within the scope of the certification (without having to retest or recertify) so long as such version was approved by the National Coordinator for use in certification through the Standards Version Advancement Process. Second, for those health IT developers seeking to have a Health IT Module's initial certificate issued, the Health IT Module would be permitted to be presented for certification to a new version of an adopted standard so long as such version was approved by the National Coordinator through the Standards Version Advancement Process. This policy flexibility is similar to the flexibility we introduced several years ago for “minimum standards” code sets, but we would require ONC-ACBs to offer certification under the Standards Version Advancement Process to National-Coordinator-approved newer versions of all standards to which Real World Testing requirements apply.
In order to ensure equitable treatment under the Program and in order for ONC to maintain the Program's overall integrity, each developer that chooses to leverage the proposed Standards Version Advancement Process Maintenance of Certification Program flexibilities would need to satisfy the following.
In instances where a health IT developer has certified a Health IT Module, including but not limited to instances where its customers are already using the certified Health IT Module, if the developer intends to update pursuant to the Standards Version Advancement Process election, the developer would be required to provide advance notice to all affected customers and its ONC-ACB: (a) Expressing its intent to update the software to the more advanced version of the standard approved by the National Coordinator through the Standards Version Advancement Process; (b) the developer's expectations for how the update will affect interoperability of the affected Health IT Module as it is used in the real world; and (c) whether the developer intends to continue to support the certificate for the existing Health IT Module version for some period of time and how long, or if the existing version of the Health IT Module certified to prior version(s) of applicable standards will be deprecated (
We anticipate providing ONC-ACBs (and/or health IT developers) with a means to attribute this updated information to the listings on the CHPL for the Health IT Modules the ONC-ACB has certified, and propose to require in the Principles of Proper Conduct for ONC-ACBs that they are ultimately responsible for this information being made publicly available on the CHPL. We request public comment on any additional information about updated standards versions that may be beneficial to have listed with certified Health IT Modules on the CHPL.
We clarify that a health IT developer would be able to choose which of the updated standards versions approved by the National Coordinator for use in certification through the Standards Version Advancement Process the developer seeks to include in its updated certified Health IT Module and would be able to do so on an itemized basis. In other words, if the National Coordinator were to approve for use through the Standards Version Advancement Process several different new versions of adopted standards that affected different certification criteria within the scope of a certified Health IT Module, the developer would be able to just update one certification criterion to one or more of the applicable new standards and would not have to update its Health IT Module to all of the National Coordinator-approved new versions all at once in order to be able to take advantage of this proposed flexibility.
In instances where a health IT developer presents a Health IT Module for certification for which no prior certificate can serve as the basis for using the Standards Version Advancement Process, we propose that the health IT developer would be permitted to use and implement any and all of the newer versions of adopted standards the National Coordinator approves through the Standards Version Advancement Process. We have implemented this proposed policy through necessary adjustments to the way in which ONC-ACBs process certifications in § 170.550. We recognize that this proposed flexibility reflects certain programmatic and policy trade-offs. On one hand, a health IT developer would be permitted to use the most recent version of standards approved by the National Coordinator instead of having to build in potentially “outdated” standards just to get certified. On the other hand, the Program's testing infrastructure (which is now inclusive of government-developed and non-government-developed tools) may experience certain lag times in terms of when updated test tools to support the approved version advancements would be available to test Health IT Modules for certification purposes. As a result, we propose to provide the ability for ONC-ACBs to accept a developer self-declaration of conformity as to the use, implementation, and conformance to a newer version of a standard (including but not limited to implementation specifications) as sufficient demonstration of conformance in circumstances where the National Coordinator has approved a version update of a standard for use in certification through the Standards Version Advancement Process but an associated testing tool is not yet updated to test to the newer version. Again, we clarify that a health IT developer would be able to choose which National Coordinator-approved standard version(s) it seeks to include in a new or updated certified Health IT Module and would be able to do so on an itemized basis.
On balance, we believe that this programmatic flexibility and the potential interoperability improvements from the use of newer versions of standards outweighs the subsequent oversight challenges. Moreover, these oversight challenges can be mitigated by the Standards Version Advancement Process itself (
In all cases, regardless of whether a health IT developer is updating an existing certified Health IT Module or presenting a new Health IT Module for certification to new versions of adopted standards approved by the National Coordinator through the Standards Version Advancement Process, it would need to adhere to the following once it elects to takes advantage of this proposed flexibility:
• The developer would need to ensure its mandatory disclosures in § 170.523(k)(1) appropriately reflect its use of any National Coordinator-approved newer versions of standards.
• The developer would need to address and adhere to all Conditions of Certification and Maintenance of Certification requirements proposed that are otherwise be applicable to its certified Health IT Modules regardless of whether those Health IT Modules were certified to the exact same versions of adopted standards that are listed in the text of 45 CFR part 170 or National Coordinator-approved newer version(s) of the standard(s). For instance, the developer would need to ensure that its real world testing plan and performance included the National Coordinator-approved standards versions to which it is claiming conformance.
In terms of compliance with the real world testing Condition and Maintenance of Certification requirements, the attestations Condition and Maintenance of Certification requirements proposed in § 170.406, and for the purposes of ONC-ACB surveillance, we note that health IT developers would be accountable for maintaining all applicable certified Health IT Modules in accordance with approved versions of standards and implementation specifications that they voluntarily elect to use in their certified health IT. If, at any point after initial certification or updated certification for
Once a standard has been adopted for use in the Program through notice and comment rulemaking, ONC would undertake an annual, open and transparent process, including opportunity for public comment, to timely ascertain whether a more recent version of that standard or implementation specification should be approved for developers' voluntary use. ONC would identify updated versions of previously adopted standards and implementation specifications based on our own monitoring of market trends and interoperability needs, as well as input received from external stakeholders. Such external input may include, but would not be limited to, recommendations made by the Health Information Technology Advisory Committee as well as input received from SDOs.
ONC expects to use an expanded section of the Interoperability Standards Advisory (ISA) web platform to facilitate the public transparency and engagement process. At a particular time of the year (
Once the formal comment period closes, ONC would review the comments and consider the potential impacts of a new version an adopted standard or implementation specification. We anticipate approving newer versions of adopted standards and implementation specifications based on several interdependent Program and market factors, such as its ability to enhance interoperability and overall compatibility with other adopted versions, how burdensome it would be to update to the newer version and the scope and scale of the changes, whether the new version would be required for reporting by a corresponding program (
Within this proposed approach, we expect that when it comes to a standard, the National Coordinator would identify version updates to an adopted standard consistent with that standard's name and version track. This method would provide long-term consistency for health IT developers in terms of the overall technical conformance requirements on which they will be focused.
With respect to adopted implementation specifications, we believe that more flexibility about the precise name and version track identifiers would be warranted given that implementation specifications are developed by market-driven industry consortia (
The public listing of these National Coordinator determinations to approve version updates to already adopted standards and implementation specifications would serve as the single, comprehensive, and authoritative index of the versions of adopted standards and implementation specifications available for use under the Program. We note, however, that certain Program administration steps would need to occur (such as ONC-ACBs expanding the scope of their accreditations) after the National Coordinator has approved newer versions of adopted standards. As a result, there would likely be a temporary delay between the National Coordinator's approval decision and when certification to new standards versions under the Program would start.
We welcome comments on any and all aspects of our proposed standards
We propose to include a new Principle of Proper Conduct for ONC-ACBs in § 170.523(p) that would require ONC-ACBs to review and confirm that applicable health IT developers submit real world testing plans and results in accordance with our proposals. We expect that ONC-ACBs would review the plans for completeness. Once completeness is confirmed, ONC-ACBs would provide the plans to ONC by December 15 and results to ONC by April 1. The December 15 date is the same date as the health IT developer requirement for submission of the real world testing plan. For purposes of the Program, this treats both regulated entities equally and permits them to work out a process that ensures all real world testing plans are submitted to the CHPL by December 15. For example, a health IT developer that is confident in its plan and does not anticipate any further certification, may submit its plan in July of the preceding year.
The submission of results, however, does not present the same dynamic of the potential need to work together to ensure the plan is complete. As such, we have proposed different dates. We would expect the developers to submit their results by January 31. We believe this would provide sufficient time for ONC-ACBs to review all plans and post them to the CHPL by April 1, including notifying ONC when the results were not in compliance with requirements. ONC would make both the plans and results publicly available via the CHPL. We note that ONC-ACBs will continue to be required to perform in-the-field surveillance of certified Health IT Modules and results of real world testing could be considered information to inform ONC-ACB surveillance activities.
Because we are proposing to allow health IT developers to implement National Coordinator-approved advanced versions of standards and implementation specifications in certified Health IT Modules through a developer self-declaration of conformity presented for certification if an associated testing tool is not yet updated to test to the newer version for the standards and implementation specification version updates they have chosen to use in the Program, we propose two requirements to ensure the public and ONC-ACBs have knowledge of the version of a standard that certified health IT meets. First, we propose to revise the Principle of Proper Conduct in § 170.523(m) to require ONC-ACBs to collect, no less than quarterly, all version updates made to standards successfully included in certified health IT per the requirements within the real world testing Condition of Certification Standards Version Advancement Process. This would ensure that ONC-ACBs are aware of the version of a standard that certified health IT meets for the purposes of surveillance and Program administration. Second, we propose (as discussed above), that a developer that chooses to avail itself of the Standards Version Advancement Process flexibility must address in its real world testing plans and results submissions the timeline and rollout of applicable version updates for standards and implementation specifications. This addition to § 170.523(m) along with existing requirements for weekly ONC-ACB CHPL reporting to versions of standards per § 170.523(f)(1)(xvii) would allow for timely updates to Health IT Module certificate information in the CHPL. Together with the requirements (discussed above) for developers' communication with their current and potential customers, we intend to ensure that the public and end-users have transparency into planned and actual standards and implementation specifications updates for their certified health IT.
In complement to the above requirements to ensure transparency for the public and end users, we propose in § 170.523(t) a new Principle of Proper Conduct for ONC-ACBs requiring them to ensure that developers seeking to take advantage of the Standards Version Advancement Process flexibility in § 170.405(b)(5) comply with the applicable requirements, and that the ONC-ACB both retain records of the timing and content of developers' § 170.405(b)(5) notices and timely post each notice's content publicly on the CHPL attributed to the certified Health IT Modules to which it applies.
We seek comment on the proposed additions to the Principles of Proper Conduct for ONC-ACBs. More specifically, we seek comment on whether ONC-ACBs should be required to perform an evaluation beyond a completeness check for the real world testing plans and results and the value versus the burden of such an endeavor.
The Cures Act requires that a health IT developer, as a Condition and Maintenance of Certification under the Program, provide to the Secretary an attestation to all the Conditions of Certification specified in the Cures Act, except for the “EHR reporting criteria submission” Condition of Certification. We propose to implement the Cures Act “attestations” requirements Condition of Certification in § 170.406. We also propose that, as part of the implementation of this statutory provision, health IT developers would attest, as applicable, to compliance with the Conditions and Maintenance of Certification requirements described in this section of the preamble and proposed in §§ 170.401 through 170.405.
We propose that, as a Maintenance of Certification requirement for the “attestations” Condition of Certification, health IT developers must submit their attestations every 6 months (
The process we plan to implement for providing attestations should minimize burden on health IT developers. First, we propose to provide a 14-day attestation period twice a year. For health IT developers presenting health IT for certification for the first time under the Program, we propose that they would be required to submit an attestation at the time of certification and then also comply with the semiannual attestation periods. Second, we would publicize and prompt developers to complete their attestation
We propose that attestations would be submitted to ONC-ACBs on behalf of ONC and the Secretary. We propose that ONC-ACBs would have two responsibilities related to attestations. One responsibility we propose in § 170.523(q) is that an ONC-ACB must review and submit the health IT developers' attestations to ONC. ONC would then make the attestations publicly available through the CHPL. The other responsibility we propose in § 170.550(l) is that before issuing a certification, an ONC-ACB would need to ensure that the health IT developer of the Health IT Module has met its responsibilities related to the Conditions and Maintenance of Certification requirements as solely evidenced by its attestation. For example, if a health IT developer with an active certification under the Program indicated non-compliant designations in their attestation but is already participating in a corrective action plan under ONC direct review to resolve the non-compliance, certification would be able to proceed while the issue is being resolved.
We welcome comments on the proposed attestations Condition and Maintenance of Certification requirements, including the appropriate frequency and timing of attestations. We also welcome comments on the proposed responsibilities for ONC-ACBs related to the attestations of Condition and Maintenance of Certification requirements.
The Cures Act specifies that health IT developers be required, as a Condition and Maintenance of Certification under the Program, to submit reporting criteria on certified health IT in accordance with the EHR reporting program established under section 3009A of the PHSA, as added by the Cures Act. We have not yet established an EHR reporting program. Once ONC establishes such program, we will undertake future rulemaking to propose and implement the associated Condition and Maintenance of Certification requirement(s) for health IT developers.
The proposed Maintenance of Certification requirements discussed above do not necessarily define all the outcomes necessary to meet the Conditions of Certification. Rather, they provide preliminary or baseline evidence toward measuring whether a Condition is being met. Thus, ONC could determine that a Condition of Certification is not being met through reasons other than the Maintenance of Certification requirements. For example, meeting the proposed Maintenance of Certification requirement that requires a health IT developer to not establish or enforce any contract or agreement that contravenes the Communications Condition of Certification does not excuse a health IT developer from meeting all the requirements specified in the proposed Communications Condition of Certification. This is analogous to clarifications ONC has previously provided about certification criteria requirements whereby testing prior to certification sometimes only tests a subset of the full criterion's intended functions and scope. However, for compliance and surveillance purposes, we have stated that ONC and its ONC-ACBs will examine whether the certified health IT meets the full scope of the certification criterion rather than the subset of functions it was tested against (80 FR 62709-10).
The Cures Act affirms ONC's role in using certification to improve health IT's capabilities for the access, use, and exchange of electronic health information. The Cures Act provides this affirmation through expanded certification authority for ONC to establish Conditions and Maintenance of Certification requirements for health IT developers that go beyond the certified health IT itself. The new Conditions and Maintenance of Certification provisions in section 4002 of the Cures Act focus on the actions and business practices of health IT developers (
Given these considerations, we propose a general enforcement approach outlining a corrective action process for ONC to review potential or known instances where a Condition or Maintenance of Certification requirement has not been or is not being met by a health IT developer under the Program, including the requirement for a health IT developer to attest to meeting the Conditions and Maintenance of Certification. Table 2 below provides an overview of the proposed approach to ONC enforcement of the Conditions and Maintenance of Certification. We provide more specific proposals following Table 2.
We propose to utilize the processes previously established for ONC direct review of certified health IT in the EOA final rule (81 FR 72404) and codified in §§ 170.580 and 170.581 for the enforcement of the Conditions and Maintenance of Certification. We propose this approach for multiple reasons. First, these processes were established to address non-conformities with Program requirements. Conditions and Maintenance of Certification are proposed to be adopted as Program requirements and, as such, any noncompliance with the Conditions and Maintenance of Certification would constitute a Program non-conformity. Second, health IT developers are familiar with the ONC direct review provisions as they were established in October 2016. Third, §§ 170.580 and 170.581 provide thorough and transparent processes for working with health IT developers through notice and corrective action to remedy Program non-conformities. Last, the direct review framework provides equitable opportunities for health IT developers to respond to ONC actions and appeal certain ONC determinations.
We propose to retain use of the term “direct review” as previously adopted in the EOA final rule to continue to distinguish actions ONC takes to directly review certified health IT or health IT developers' actions in comparison to an ONC-ACB's review of certified health IT under surveillance. We propose, however, that ONC would be the sole party responsible for enforcing compliance with the Conditions and Maintenance of Certification. The Conditions and Maintenance of Certification focus on health IT developer behavior and actions in addition to the certified Health IT Module. ONC is more familiar with the behavioral requirements based on its expertise and experience. Conversely, ONC-ACBs are generally more suited, based on their accreditation and current responsibilities, to address non-conformities with technical and other Program requirements. ONC also has the necessary resources and the ability to coordinate with other agencies to enforce the Conditions and Maintenance of Certification, such as with the “information blocking” Condition of Certification (proposed § 170.401). Further, ONC enforcement would provide more predictability and consistency, which would likely benefit stakeholders in matters related to API fees and information blocking. We do, however, discuss below the scope of ONC-ACB surveillance as it relates to ONC's proposed enforcement of the Conditions and Maintenance of Certification.
We propose to substantially adopt the processes as they are currently codified in §§ 170.580 and 170.581 for ONC's review and enforcement of the Conditions and Maintenance of Certification, but propose certain revisions and additions to the processes to properly incorporate the proposed Conditions and Maintenance of Certification and effectuate Congressional intent. These revisions and additions include renaming and restructuring headings for clarity, which we do not discuss below.
We propose to fully incorporate the review of the Conditions and Maintenance of Certification into the provisions of § 170.580(a) and (b). We propose in § 170.580(a)(iii) that if ONC has a reasonable belief that a health IT developer has not complied with a Condition of Certification, then it
We note and recommend that customers and end-users first work with their health IT developers to resolve any issues of potential non-compliance with the Conditions and Maintenance of Certification as prior Program experience has shown that many issues can be resolved at this step. If the issue cannot be resolved, we then recommend the end-user contact the ONC-ACB. However, as discussed above and in section VII.D.5 below, the ONC-ACB purview for certified health IT generally applies to certified capabilities and limited requirements of developer business practices. If neither of these pathways resolves the issue, end-users may provide feedback to ONC via the Health IT Feedback Form.
Section 170.505 states that correspondence and communication with ONC or the National Coordinator shall be conducted by email, unless otherwise necessary or specified. In the EOA final rule, we signaled our intent to send notices of potential non-conformity, non-conformity, suspension, proposed termination, and termination via certified mail (81 FR 72429). However, in accordance with § 170.505, we propose that email should be the default mode of correspondence for direct review of non-compliance with the Conditions and Maintenance of Certification.
Under the EOA final rule, ONC can initiate direct review of certified health IT in limited circumstances, namely when there is a reasonable belief that the certified health IT may be causing or contributing to serious risks to public health or safety or suspected non-conformities present practical challenges that may prevent an ONC-ACB from effectively investigating or responding to the suspected non-conformity. In contrast, we propose in this proposed rule to enable ONC to initiate direct review to address a health IT developer's conduct under the Conditions and Maintenance of Certification requirements in addition to non-conformities in certified health IT. This proposal would create an expanded set of circumstances for ONC to conduct direct review. Accordingly, the type and extent of review by ONC could vary significantly based on the complexity and severity of each fact pattern. For instance, ONC may be able to address certain non-conformities under the Conditions and Maintenance of Certification quickly and with minimal effort (
We solicit comment on the nature and types of non-conformities with the Conditions and Maintenance of Certification requirements that ONC should consider in determining the method of correspondence. We also solicit comment on whether the type of notice should affect the method of correspondence and whether certain types of notices under direct review should be considered more critical than others, thus requiring a specific method of correspondence.
Section 170.580(a)(3) outlines ONC direct review in relation to the roles of ONC-ACBs and ONC-ATLs, which we propose to revise to incorporate Conditions and Maintenance of Certification. We note that we provide situational examples below in section VII.D.5 “Effect on Existing Program Requirements and Processes” regarding ONC direct review and the role of an ONC-ACB. As finalized in the EOA final rule and per § 170.580(a)(3)(v), we remind readers that ONC may refer the applicable part of its review of certified health IT to the relevant ONC-ACB(s) if ONC determines this would serve the effective administration or oversight of the Program (81 FR 72427-72428).
We propose to revise § 170.580(b)(3) to ensure that ONC, or third parties acting on its behalf, has access to the information necessary to enforce the Conditions and Maintenance of Certification. As specified in § 170.580(b)(1)(ii)(A)(
If ONC determined that a health IT developer was not cooperative with the fact-finding process, we propose ONC would have the ability to issue a certification ban and/or terminate a certificate (
We understand that health IT developers may have concerns regarding the disclosure of proprietary, trade secret, competitively sensitive, or other confidential information. As we stated in the EOA final rule (81 FR 72429), ONC would implement appropriate safeguards to ensure, to the extent permissible with federal law, that any proprietary business information or trade secrets ONC may encounter by accessing the health IT developer's records, other information, or technology, would be kept confidential by ONC or any third parties working on behalf of ONC. However, a health IT developer would not be able to avoid providing ONC access to relevant records by asserting that such access would require it to disclose trade secrets or other proprietary or confidential information. Therefore, health IT developers must clearly mark, as described in HHS Freedom of Information Act regulations at 45 CFR 5.65(c), any information they regard as trade secret or confidential commercial or financial information which they seek to keep confidential prior to disclosing the information to ONC or any third party working on behalf of ONC.
We propose that if ONC determines that a health IT developer is noncompliant with a Condition of Certification (
We propose in § 170.581 that if a health IT developer under ONC direct review for non-compliance with a Condition of Certification failed to work with ONC or was otherwise noncompliant with the requirements of the CAP and/or CAP process, ONC could issue a certification ban for the health IT developer (and its subsidiaries and successors). A certification ban, as it currently does for other matters under § 170.581, would prohibit prospective certification activity by the health IT developer.
ONC would also consider termination
We propose this approach, which allows ONC to initiate a certification ban and/or certificate termination under certain circumstances, to ensure that health IT developers are acting in accordance with the Conditions and Maintenance of Certification. However, we stress that our first and foremost priority is to work with health IT developers to remedy any noncompliance with Conditions and Maintenance of Certification through a corrective action process before taking further action. This emphasizes ONC's desire to promote and support health IT developer compliance with the Conditions and Maintenance of Certification and ensure that certified health IT is compliant with Program requirements in order to foster an environment where EHI is exchanged in an interoperable way.
ONC does not believe that noncompliance with a Condition of Certification should always result in the termination of the certificate of one or more of a developer's Health IT Modules for a few reasons. A violation of a Condition of Certification may relate solely to health IT developer business practices or actions that do not affect the Health IT Module's conformance to the requirements of the certification criteria. In this case, termination of the certification could unfairly and negatively affect a provider's ability to use the Health IT Module for participation in CMS programs that require certification because the Health IT Module itself is functioning in accordance with the technical requirements of its certificate.
In considering whether termination of a Health IT Module's certificate(s) and/or a certification ban is appropriate, ONC will consider factors including, but not limited to: Whether the health IT developer has previously been found in noncompliance with the Conditions and Maintenance of Certification or other Program requirements; the severity and pervasiveness of the noncompliance, including the effect of the noncompliance on widespread interoperability and health information exchange; the extent to which the health IT developer cooperates with ONC to review the noncompliance; the extent of potential negative impact on providers who may seek to use the certified health IT to participate in CMS programs; and whether termination and/or a certification ban is necessary to ensure the integrity of the certification process.
As under § 170.580(f)(2), ONC would provide notice of the termination to the health IT developer, including providing reasons for, and information supporting, the termination and instructions for appealing the termination. We propose to add similar notice provisions to § 170.581 for certification bans issued under ONC direct review for non-compliance with the Conditions and Maintenance of Certification, which would also include instructions for requesting reinstatement. In this regard, we propose to apply the current reinstatement procedures under § 170.581 to Conditions and Maintenance of Certification bans, but with an additional requirement that the health IT developer has resolved the non-compliance with the Condition of Certification. In sum, a health IT developer could seek ONC's approval to re-enter the Program and have the certification ban lifted if it demonstrates it has resolved the noncompliance with the Condition of Certification and ONC is satisfied that all affected customers have been provided appropriate remediation.
For clarity, a health IT developer would have an opportunity to appeal an ONC determination to issue a certification ban and/or termination IT resulting from a non-conformity with a Condition of Certification as discussed below and/or seek reinstatement in the Program and have the certification ban lifted. To note, we propose to make terminations effective consistent with current § 170.580(f)(2)(iii) and similarly for certification bans (
• Impose a minimum certification ban length before a health IT developer can request ONC remove the ban for health IT developers who are noncompliant with a Condition of Certification more than once (
• Consider additional factors for a certification ban and/or the termination of a health IT developer's certified health IT resulting from a non-conformity with a Condition of Certification.
We propose to provide a health IT developer an opportunity to appeal an ONC determination to issue a certification ban and/or termination resulting from a non-conformity with a Condition of Certification and would follow the processes specified in § 170.580(g). As such, we propose to revise § 170.580(g) to include ONC direct review of the Conditions and Maintenance of Certification.
Section 170.580 includes a process for suspending the certification of a Health IT Module at any time if ONC has a reasonable belief that the certified health IT may present a serious risk to public health and safety. While this will
Section 170.580 includes an intermediate step between a developer failing to take appropriate and timely corrective action and termination of a certified Health IT Module's certificate, called “proposed termination” (
We propose to publicly list health IT developers and certified Health IT Modules on ONC's website that are subject to a certification ban and/or have been terminated, respectively, for noncompliance with a Condition of Certification or for reasons already specified in § 170.581. We currently take this same approach for health IT with terminated certifications (
We seek comment on this proposal, including input on the appropriate period of time to list health IT developers and affected certified Health IT Modules on healthit.gov. For example, if a developer sought and received reinstatement under the Program (and lifting of the certification ban), should the health IT developer no longer be listed on the ONC website? Alternatively, should we list health IT developers who have been subject to the certification ban under § 170.581 for a certain period of time beyond the active ban, including indefinitely (
The Cures Act introduces new Conditions and Maintenance of Certification that encompass technical and functional requirements of health IT and new actions and business practice requirements for health IT developers, which ONC proposes to adopt in subpart D of Part 170. The pre-Cures Act structure and requirements of the Program provide processes to enforce compliance with technical and functional requirements of certified health IT, and to a more limited extent, requirements for the business practices of health IT developers (see,
We again note that under the proposed enforcement approach, only ONC would have the ability to determine whether a Condition or Maintenance of Certification requirement per subpart D has been or is being met. We propose to delineate the scope of an ONC-ACB's requirements to perform surveillance on certified Health IT Modules as related only to the requirements of subparts A, B, C and E of Part 170. Table 3 below further illustrates the proposed difference in scope of review activities between ONC-ACBs and ONC. Given our proposed approach that would authorize solely ONC to determine whether a Condition or Maintenance of Certification requirement per subpart D has been or is being met, we propose to add a new Principle of Proper Conduct for ONC-ACBs in § 170.523(s) that would require ONC-ACBs to report to ONC, no later than a week after becoming aware, any information that could inform whether ONC should exercise direct review for noncompliance with a Condition of Certification or any matter within the scope of ONC direct review. We believe this is appropriate because ONC-ACBs receive complaints and other information about certified Health IT Modules through their own channels; as this information may relate to potential noncompliance with the Conditions and Maintenance of Certification or other matters within the scope of ONC direct review, ONC should be made aware of this information.
For example and further illustration purposes, ONC may receive a complaint of information blocking alleging that a health IT developer has limited the ability to receive secure Direct messages from users of a competing developer's EHR. The complaint alleges the certified health IT drops the incoming message without alerting the user that a message was ever received. ONC would consider the information blocking concerns (proposed § 170.401) as well as the potential safety concerns presented by dropped messages associated with certified functionality of the 2015 Edition “transitions of care” certification criterion (§ 170.315(b)(1)) and standards for the secure Direct messaging in its review. For the potential safety concerns, ONC would be exercising its authority to review certified health IT that may be causing or contributing to conditions that present a serious risk to public health or safety under § 170.580(a)(2)(i). In contrast, the ONC-ACB would not be responsible for reviewing the information blocking or safety concerns directly, but it
To provide another example, an ONC-ACB could receive complaints from users that a developer's certified health IT does not support the FHIR DSTU 2 standard and associated API resource collection in health (ARCH Version 1) as required in the proposed new 2015 Edition certification criterion § 170.315(g)(10) (proposed under subparts B and C).The respective ONC-ACB(s) responsible for the certification of the certified health IT could surveil this health IT under the requirements of § 170.556 (under subpart E). Additionally, ONC could follow the CAP process under § 170.580(c) to enforce the associated “API” Condition of Certification proposed in § 170.404(a)(2). During the course of the ONC-ACB surveillance, the ONC-ACB subsequently discovers the developer has implemented the FHIR DSTU 2 standard and associated resources in such as a way that the patient's historical medications are being accessed, but not the patient's current medications. The ONC-ACB would notify ONC of its findings as it relates to a Condition of Certification under subpart D and pursue its own corrective action process under the surveillance requirements of § 170.556. Once ONC receives information regarding the complaints from the ONC-ACB, we could consider the potential safety risks for providers using the developer's API to access new or referred patients' medical information for diagnostic and treatment purposes. In this example, ONC could review both the certified health IT and the developer action under § 170.580, which is proposed to be expanded to account for developer actions under the Conditions and Maintenance of Certification (
We clarify that the enforcement approach described in this proposal would apply to ONC's administration of the Conditions and Maintenance of Certification and other requirements under the Program but would not apply to other agencies or offices that have independent authority to investigate and take enforcement action against a health IT developer of certified health IT. Notably, section 3022(b)(1)(A)(ii) of the PHSA, as added by the Cures Act, authorizes the OIG to investigate claims that a health IT developer of certified health IT has engaged in information blocking, which is defined by section 3022(a)(1) of the PHSA subject to reasonable and necessary activities identified by the Secretary as exceptions to the definition as proposed at part 171 (see section VIII. of this proposed rule). Additionally, section 3022(b)(1)(A)(i) authorizes OIG to investigate claims that a health IT developer of certified health IT has submitted a false attestation under the Condition of Certification described at section 3001(c)(5)(D)(vii). We emphasize that ONC's and OIG's respective authorities under the Cures Act (and in general) are independent and that either or both offices may exercise those authorities at any time.
We anticipate, however, that ONC and OIG may coordinate their respective enforcement activities, as appropriate, such as by sharing information about claims or suggestions of possible information blocking or false attestations (including violations of Conditions and Maintenance of Certification that may indicate that a developer has falsely attested to meeting a condition). Therefore, we propose that we may coordinate our review of a claim of information blocking with the OIG or defer to the OIG to lead a review of a claim of information blocking. In addition, we propose that we may rely on OIG findings to form the basis of a direct review action.
The final rule establishing ONC's Permanent Certification Program, “Establishment of the Permanent Certification for Health Information” (76 FR 1261), addresses self-developers. The language in the final rule describes the concept of “self-developed” as referring to a Complete EHR or EHR Module designed, created, or modified by an entity that assumed the total costs for
Section 4004 of the Cures Act added section 3022 of the PHSA (42 U.S.C. 300jj-52, “the information blocking provision”). Section 3022(a)(1) of the PHSA defines practices that constitute information blocking when engaged in by a health care provider, or a health information technology developer, exchange, or network. Section 3022(a)(3) authorizes the Secretary to identify, through notice and comment rulemaking, reasonable and necessary activities that do not constitute information blocking for purposes of the definition set forth in section 3022(a)(1). We propose to establish seven exceptions to the information blocking definition, each of which would define certain activities that would not constitute information blocking for purposes of section 3022(a)(1) of the PHSA because they are reasonable and necessary to further the ultimate policy goals of the information blocking provision. We also propose to interpret or define certain statutory terms and concepts that are ambiguous, incomplete, or provide the Secretary with discretion, and that we believe are necessary to carry out the Secretary's rulemaking responsibilities under section 3022(a)(3).
In this section, we outline the purpose of the information blocking provision and related policy and practical considerations that we considered in identifying the reasonable and necessary activities that are proposed as exceptions to the definition of information blocking described subsequently in section VIII.D of this preamble.
The information blocking provision was enacted in response to concerns that some individuals and entities are engaging in practices that unreasonably limit the availability and use of electronic health information (EHI) for authorized and permitted purposes. These practices undermine public and private sector investments in the nation's health IT infrastructure and frustrate efforts to use modern technologies to improve health care quality and efficiency, accelerate research and innovation, and provide greater value and choice to health care consumers.
The nature and extent of information blocking has come into sharp focus in recent years. In 2015, at the request of Congress, we submitted a Report on Health Information Blocking
Since that time, we have continued to receive complaints and reports of information blocking from patients, clinicians, health care executives, payers, app developers and other technology companies, registries and health information exchanges, professional and trade associations, and many other stakeholders. ONC has listened to and reviewed these complaints and reports, consulted with stakeholders, and solicited input from our federal partners in order to inform our proposed information blocking policies. Stakeholders described discriminatory pricing policies that have the obvious purpose and effect of excluding competitors from the use of interoperability elements. Many of the industry stakeholders who shared their perspectives with us in listening sessions, including several health IT developers of certified health IT, condemned these practices and urged us to swiftly address them. Our engagement with stakeholders confirms that, despite significant public and private sector efforts to improve interoperability and data accessibility, adverse incentives remain and continue to undermine progress toward a more connected health system.
Based on these economic realities and our first-hand experience working with the health IT industry and stakeholders, in the Information Blocking Congressional Report, we concluded that information blocking is a serious problem and recommended that Congress prohibit information blocking and provide penalties and enforcement mechanisms to deter these harmful practices.
Recent empirical and economic research further underscores the intractability of this problem and its harmful effects. In a national survey of health information organizations, half of respondents reported that EHR developers routinely engage in information blocking, and a quarter of respondents reported that hospitals and health systems routinely do so. The survey reported that perceived motivations for such conduct included, for EHR vendors, maximizing short-term revenue and competing for new clients, and for hospitals and health systems, strengthening their competitive position relative to other hospitals and health systems.
The information blocking provision provides a comprehensive response to these concerns. The information blocking provision defines and creates possible penalties and disincentives for
To ensure that individuals and entities that engage in information blocking are held accountable, the information blocking provision encompasses a relatively broad range of potential practices. For example, it is possible that some activities that are innocuous, or even beneficial, could technically implicate the information blocking provision. Given the possibility of these practices, Congress authorized the Secretary to identify reasonable and necessary activities that do not constitute information blocking (see section 3022(a)(3) of the PHSA) (in this proposed rule, we refer to such reasonable and necessary activities identified by the Secretary as “exceptions” to the information blocking provision). The information blocking provision also excludes from the definition of information blocking practices that are required by law (section 3022(a)(1) of the PHSA) and clarifies certain other practices that would not be penalized (sections 3022(a)(6) and (7) of the PHSA).
In considering potential exceptions to the information blocking provision, we must balance a number of policy and practical considerations. To minimize compliance and other burdens for stakeholders, we seek to promote policies that are clear, predictable, and administrable. In addition, we seek to implement the information blocking provision in a way that is sensitive to legitimate practical challenges that may prevent access, exchange, or use of EHI in certain situations. We must also accommodate practices that, while they may inhibit access, exchange, or use of EHI, are reasonable and necessary to advance other compelling policy interests, such as preventing harm to patients and others, promoting the privacy and security of EHI, and promoting competition and consumer welfare.
At the same time, while pursuing these objectives, we must adhere to Congress's plainly expressed intent to provide a comprehensive response to the information blocking problem. Information blocking can occur through a variety of business, technical, and organizational practices that can be difficult to detect and that are constantly changing as technology and industry conditions evolve. The statute responds to these challenges by defining information blocking broadly and in a manner that allows for careful consideration of relevant facts and circumstances in individual cases.
Accordingly, we propose to establish certain defined exceptions to the information blocking provision. These exceptions would be subject to strict conditions that balance the considerations described above. Based on those considerations, in developing the proposed exceptions, we applied three overarching policy criteria. First, each exception would be limited to certain activities that are both reasonable and necessary to advance the aims of the information blocking provision. These reasonable and necessary activities include: Promoting public confidence in the health IT infrastructure by supporting the privacy and security of EHI, and protecting patient safety; and promoting competition and innovation in health IT and its use to provide health care services to consumers. Second, we believe that each exception addresses a significant risk that regulated individuals and entities will not engage in these reasonable and necessary activities because of uncertainty regarding the breadth or applicability of the information blocking provision. Third, and last, each exception is intended to be tailored, through appropriate conditions, so that it is limited to the reasonable and necessary activities that it is designed to protect and does not extend protection to other activities or practices that could raise information blocking concerns.
We discuss these policy considerations in more detail in the context of each of the exceptions proposed in section VIII.D of this preamble.
In this section of the preamble, we discuss how we propose to interpret certain aspects of the information blocking provision that we believe are ambiguous, incomplete, or that provide the Secretary with discretion. We propose to define or interpret certain terms or concepts that are present in the statute and, in a few instances, to establish new regulatory terms or definitions that we believe are necessary to implement the Secretary's authority under section 3022(a)(3) to identify reasonable and necessary activities that do not constitute information blocking. Our goal in interpreting the statute and defining relevant terms is to provide greater clarity concerning the types of practices that could implicate the information blocking provision and, relatedly, to more effectively communicate the applicability and scope of the proposed exceptions outlined in this proposed rule. We believe that these proposals will provide a more meaningful opportunity for the public to comment on the proposed exceptions and our overall approach to interpreting and administering the information blocking provision. Additionally, we believe additional interpretive clarity will assist regulated actors to comply with the requirements of the information blocking provision.
With regard to the statute's exclusion of practices that are “required by law” from the definition of information blocking, we emphasize that “required by law” refers specifically to interferences with access, exchange, or use of EHI that are explicitly required by state or federal law. By carving out practices that are “required by law,” the statute acknowledged that there are state and federal laws that advance important policy interests and objectives by restricting access, exchange, and use of their EHI, and that practices that follow such laws should not be considered information blocking.
We note that for the purpose of developing an exception for reasonable and necessary privacy-protective practices, we have distinguished between interferences that are “required by law” and those engaged in pursuant to a privacy law, but which are not “required by law.” The former does not fall within the definition of information blocking, but the latter may implicate the information blocking provision and an exception may be necessary. For a detailed discussion of this topic, please see section VIII.D.2 of this preamble.
Section 3022(a)(1) of the PHSA, in defining information blocking, refers to four classes of individuals and entities that may engage in information blocking and which include: Health care providers, health IT developers of certified health IT, networks, and exchanges. We propose to adopt definitions of these terms to provide clarity regarding the types of individuals and entities to whom the information blocking provision applies. We note that, for convenience and to avoid repetition in this preamble, we typically refer to these individuals and entities covered by the information blocking provision as “actors” unless it is relevant or useful to refer to the specific type of individual or entity. That is, when the term “actor” appears in this preamble, it means an individual or entity that is a health care provider, health IT developer, exchange, or network. For the same reasons, we propose to define “actor” in § 171.102.
The term “health care provider” is defined in section 3000(3) of the PHSA. We propose to adopt this definition for purposes of section 3022 of the PHSA when defining “health care provider” in § 171.102. We note that this definition is different from the definition of “health care provider” under the HIPAA Privacy and Security Rules. We are considering adjusting the information blocking definition of “health care provider” to cover all individuals and entities covered by the HIPAA “health care provider” definition. We seek comment on whether this approach would be justified, and commenters are encouraged to specify reasons why doing so might be necessary to ensure that the information blocking provision applies to all health care providers that might engage in information blocking.
Section 3022(a)(1)(B) of the PHSA defines information blocking, in part, by reference to the conduct of “health information technology developers.” Because title XXX of the PHSA does not define “health information technology developer,” we interpret section 3022(a)(1)(B) in light of the specific authority provided to OIG in section 3022(b)(1)(A) and (b)(2). Section 3022(b)(2) discusses developers, networks, and exchanges in terms of an “individual or entity,” specifically cross-referencing section 3022(b)(1)(A). Sections 3002(b)(1) and (b)(1)(A) state, in relevant part, that the OIG may investigate information blocking claims regarding a health information technology developer of certified health information technology or other entity offering certified health information technology. Together, these sections make clear that the information blocking provisions and OIG's authority extend to individuals
Notwithstanding this, the Cures Act does not prescribe that conduct that may implicate the information blocking provisions be limited to practices related to
Additionally, the “practice described” in section 3022(a)(2) of the PHSA refers to “certified health information technologies” when illustrating practices that restrict authorized access, exchange, or use of EHI under applicable state or federal laws (section 3022(a)(2)(A) of the PHSA), but omits any reference to certification when describing “health information technology” in the practices described in sections 3022(a)(2)(B) and (C) of the PHSA. Importantly, sections 3022(a)(2)(B) and (C) of the PHSA address practices that are particularly relevant to health IT developers and offerors, although they could be engaged in by other types of actors. We interpret this drafting as a deliberate decision not to link the information blocking provisions with only the performance or use of certified health IT.
Finally, we note that the Cures Act does not impose a temporal nexus that would require that information blocking be carried out at a time when an individual or entity had health IT certified under the Program. Ostensibly, then, once an individual or entity has health IT certified, or otherwise maintains the certification of health IT, the individual or entity becomes forever subject to the information blocking provision. We do not believe that, understood in context, the Cures Act supports such a broad interpretation. Noting the above discussion concerning OIG's scope of authority under section 3022(b)(1)(A) and (b)(2) of the PHSA, we believe that to make developers and offerors of certified health IT subject to the information blocking provision in perpetuity would be inconsistent with the voluntary nature of the Program. However, we also believe that the Cures Act does not provide any basis for interpreting the information blocking provision so narrowly that a developer or offeror of certified health IT could escape penalty as a consequence of having its certification terminated or by withdrawing all of its extant certifications.
We consider that in the circumstances where a health IT developer has its certification terminated, or withdraws its certification, such that it no longer has any health IT certified under the
We are also considering additional approaches to help ensure that developers and offerors of certified health IT remain subject to the information blocking provision for an appropriate period of time after leaving the Program. The rationale for this approach would be that a developer or offeror of certified health IT should be subject to penalties if, following the termination or withdrawal of certification, it refused to provide its customers with access to the EHI stored in the decertified health IT, provided that such interference was not required by law and did not qualify for one of the information blocking exceptions. Adopting this broader approach would help avoid the risk that a developer would be able to engage in the practices described in section 3022(a)(2) of the PHSA in respect to EHI that was collected on behalf of a health care provider when that health care provider would reasonably expect that the information blocking provision would protect against unreasonable and unnecessary interferences with that EHI. If the information blocking provision did not extend to capture such conduct, the protection afforded by the information blocking provision could become illusory, and providers would need to consider securing contractual rights to prevent interference, which we are aware they typically have great difficulty doing.
One way that this could be achieved would be to define “health IT developer of certified health IT” as including developers and offerors of certified health IT that continue to store EHI that was previously stored in health IT certified in the Program. Alternatively, we are considering whether developers and offerors of certified health IT should remain subject to the information blocking provision for an appropriate period of time after leaving the Program. Namely, that the information blocking provision should apply for a specific time period, say one year, after the developer or offeror no longer has any health IT certified in the Program. This second approach has the attraction of providing a more certain basis for understanding which developers are subject to the information blocking provision. However, it also potentially captures developers and offerors who have fully removed themselves from the Program and, for example, no longer exercise control over EHI that was stored in their certified health IT.
We seek comment on which of these two models best achieves our policy goal of ensuring that health IT developers of certified health IT will face consequences under the information blocking provision if they engage in information blocking in connection with EHI that was stored or controlled by the developer or offeror whilst they were participating in the program. Commenters are also encouraged to identify alternative models and approaches for identifying when a developer or offeror should, and should no longer, be subject to the information blocking provision.
We note that a developer or offeror of a single health IT product that has had its certification suspended would be considered to
We clarify that we interpret “individual or entity that develops the certified health IT” as the individual or entity that is legally responsible for the certification status of the health IT, which would be the individual or entity that entered into a binding agreement that resulted in the certification status of the health IT under the Program or, if such rights are transferred, the individual or entity that holds the rights to the certified health IT. We also clarify that an “individual or entity that offers certified health IT” would include an individual or entity that under any arrangement makes certified health IT available for purchase or license. We seek comment on both of our interpretations. More specifically, we seek comment on whether there are particular types of arrangements under which certified health IT is “offered” in which the offeror should not be considered a “health IT developer of certified health IT” for the purposes of the information blocking provisions.
We also clarify that the proposed definition of “health IT developer of certified health IT” and our interpretation of the use of “health information technology developer” applies to Part 171 only and does not apply to the implementation of any other section of the PHSA or the Cures Act, including section 4005(c)(1) of the Cures Act.
We clarify that API Technology Suppliers, as described in section VII.4 of this preamble and defined in § 170.102, would be considered health IT developers of certified health IT subject to the conditions described above.
Last, we clarify that a “self-developer” of certified health IT, as the term has been used in the ONC Health IT Certification Program (Program) and described in this rulemaking (section VII.D.7) and previous rulemaking,
We also seek comment generally on the definition proposed for “health IT developer of certified health IT.”
The terms “network” and “exchange” are not defined in the information blocking provision or in any other relevant statutory provisions. We propose to define these terms so that these individuals and entities that are covered by the information blocking provision understand that they must comply with its provisions. In accordance with the meaning and intent of the information blocking provision, we believe it is necessary to define these terms in a way that does not assume the application or use of certain technologies and is flexible enough to apply to the full range and diversity of exchanges and networks that exist today and may arise in the future. We note that in the past few years alone many new types of exchanges and networks that transmit EHI have emerged, and we expect this trend to accelerate with continued advancements in technology and renewed efforts to advance trusted exchange among networks and other entities under the trusted exchange framework and common agreement provided for by section 4003(b) of the Cures Act.
In considering the most appropriate way to define these terms, we examined how they are used throughout the Cures Act and the HITECH Act. Additionally, we considered dictionary and industry definitions of “network” and “exchange.” While these terms have varied usage and meaning in different industry contexts, certain concepts are common and have been incorporated into the proposed definitions below.
We propose a functional definition of “health information network” (HIN) that focuses on the role of these actors in the health information ecosystem. We believe the defining attribute of a HIN is that it enables, facilitates, or controls the movement of information between or among different individuals or entities that are unaffiliated. For this purpose, we propose that two parties are affiliated if one has the power to control the other, or if both parties are under the common control or ownership of a common owner. We note that a significant implication of this definition is that a health care provider or other entity that enables, facilitates, or controls the movement of EHI within its own organization, or between or among its affiliated entities, is not a HIN in connection with that movement of information for the purposes of this proposed rule.
More affirmatively, we propose that an actor could be considered a HIN if it performs any or any combination of the following activities. First, the actor would be a HIN if it were to determine, oversee, administer, control, or substantially influence policies or agreements that define the business, operational, technical, or other conditions or requirements that enable or facilitate the access, exchange, or use of EHI between or among two or more unaffiliated individuals or entities. Second, an actor would be a HIN if it were to provide, manage, control, or substantially influence any technology or service that enables or facilitates the access, exchange, or use of EHI between or among two or more unaffiliated individuals or entities.
Typically, a HIN will influence the sharing of EHI between many unaffiliated individuals or entities. However, we do not propose to establish any minimum number of parties or “nodes” beyond the requirement that there be some actual or contemplated access, exchange, or use of information between or among at least two unaffiliated individuals or entities that is enabled, facilitated, or controlled by the HIN. We believe such a limitation would be artificial and would not capture the full range of entities that should be considered networks under the information blocking provision. To be clear, any individual or entity that enables, facilitates, or controls the access, exchange, or use of EHI between or among only itself and another unaffiliated individual or entity would not be considered a HIN in connection with the movement of that EHI (although that movement of EHI may still be regulated under the information blocking provision on the basis that the individual or entity is a health care provider or health IT developer of certified health IT). To be a HIN, the individual or entity would need to be enabling, facilitating, or controlling the access, exchange, or use of EHI between or among two or more
To illustrate how the proposed definition would operate, we note the following examples. An entity is established within a state for the purpose of improving the movement of EHI between the health care providers operating in that state. The entity identifies standards relating to security and offers terms and conditions to be entered into by health care providers wishing to participate in the network. The entity offering (and then overseeing and administering) the terms and conditions for participation in the network would be considered a HIN for the purpose of the information blocking provision. We note that there is no need for a separate entity to be created in order that an entity be considered a HIN. For instance, a health system that administers business and operational agreements for facilitating the exchange of EHI that are adhered to by unaffiliated family practices and specialist clinicians in order to streamline referrals between those practices and specialists would likely be considered a HIN.
We note that the proposed definition would also encompass an individual or entity that does not directly enable, facilitate, or control the movement of information, but nonetheless exercises control or substantial influence over the policies, technology, or services of a network. In particular, there may be an individual or entity that relies on another entity—such as an entity specifically created for the purpose of managing a network—for policies and technology, but nevertheless dictates the movement of EHI over that network. For example, a large health care provider may decide to lead an effort to establish a network that facilitates the movement of EHI between a group of smaller health care providers (as well as the large health care provider) and through the technology of health IT developers. To achieve this outcome, the large health care provider, together with some of the participants, creates a new entity that administers the network's policies and technology. In this scenario, the large health care provider would come within the functional definition of a HIN and could be held accountable for the conduct of the network if the large health care provider used its control or substantial influence over the new entity—either in a legal sense, such as via its control over the governance or management of the entity, or in a less formal sense, such as if the large health care provider prescribed a policy to be adopted—to interfere with the access, exchange, or use of EHI. We note that the large health care provider in this example would be treated as a health care provider when utilizing the
We seek comment on the proposed definition of a HIN. In particular, we request comment on whether the proposed definition is broad enough (or too broad) to cover the full range of individuals and entities that could be considered health information networks within the meaning of the information blocking provision. Additionally, we specifically request comment on whether the proposed definition would effectuate our policy goal of defining this term in a way that does not assume particular technologies or arrangements and is flexible enough to accommodate changes in these and other conditions.
We propose to define a “health information exchange” (HIE) as an individual or entity that enables access, exchange, or use of EHI primarily between or among a particular class of individuals or entities or for a limited set of purposes. Our research and experience in working with exchanges drove the proposed definition of this term. HIEs include but are not limited to regional health information organizations (RHIOs), state health information exchanges (state HIEs), and other types of organizations, entities, or arrangements that enable EHI to be accessed, exchanged, or used between or among particular types of parties or for particular purposes. For example, an HIE might facilitate or enable the access, exchange, or use of EHI exclusively within a regional area (such as a RHIO), or for a limited scope of participants and purposes (such as a clinical data registry or an exchange established by a hospital-physician organization to facilitate Admission, Discharge, and Transfer (ADT) alerting). We note that HIEs may be established under federal or state laws or regulations but may also be established for specific health care or business purposes or use cases. Additionally, we note that if an HIE facilitates the access, exchange, or use of EHI for more than a narrowly defined set of purposes, then it may be both an HIE and a HIN.
We seek comment on this proposed definition of an HIE. Again, we encourage commenters to consider whether this proposed definition is broad enough (or too broad) to cover the full range of individuals and entities that could be considered exchanges within the meaning of the information blocking provision, and whether the proposed definition is sufficiently flexible to accommodate changing technological and other conditions.
The definition of information blocking applies to
(i) Electronic protected health information; and
(ii) any other information that—
• is transmitted by or maintained in electronic media, as defined in 45 CFR 160.103;
• identifies the individual, or with respect to which there is a reasonable basis to believe the information can be used to identify the individual; and
• relates to the past, present, or future health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
This definition of EHI includes, but is not limited to, electronic protected health information and health information that is created or received by a health care provider and those operating on their behalf; health plan; health care clearinghouse; public health authority; employer; life insurer; school; or university. In addition, we clarify that under our proposed definition, EHI includes, but is not limited to, electronic protected health information (ePHI) as defined in 45 CFR 160.103. In particular, unlike ePHI and health information, EHI is not limited to information that is created or received by a health care provider, health plan, health care clearinghouse, public health authority, employer, life insurer, school, or university. EHI may be provided, directly from an individual, or from technology that the individual has elected to use, to an actor covered by the information blocking provisions. We propose that EHI does not include health information that is de-identified consistent with the requirements of 45 CFR 164.514(b). We generally request comment on this proposed definition as well as on whether the exclusion of health information that is de-identified is consistent with the requirements of 45 CFR 164.514(b).
To be clear, this definition provides for an expansive set of EHI, which could include information on an individual's health insurance eligibility and benefits, billing for health care services, and payment information for services to be provided or already provided, which may include price information.
The fragmented and complex nature of pricing within the health care system has decreased the efficiency of the health care system and has had negative impacts on patients, health care providers, health systems, plans, plan sponsors and other key health care stakeholders. Patients and plan sponsors have trouble anticipating or planning for costs, are not sure how they can lower their costs, are not able to compare costs, and have no practical way to measure the quality of the care or coverage they receive relative to the price they pay. Pricing information continues to grow in importance with the increase of high deductible health plans and surprise billing, which have resulted in an increase in out-of-pocket health care spending. Transparency in the price and cost of health care would help address the concerns outlined above by empowering patients to make informed health care decisions. Further, the availability of price information could help increase competition that is based on the quality and value of the services patients receive. Consistent with its statutory authority, the Department is considering subsequent rulemaking to expand access to price information for the public, prospective patients, plan sponsors, and health care providers.
Increased consumer demand, aligned incentives, more accessible and digestible information, and the evolution of price transparency tools are critical components to moving to a health care system that pays for value. However, the complex and decentralized nature of how price information is created, structured, formatted, and stored presents many challenges to achieving price transparency. To this point, pricing within health care demands a market-based approach whereby, for example, platforms are created that utilize raw data to provide consumers with digestible price information through their preferred medium.
ONC has a unique role in setting the stage for such future actions by establishing the framework to prevent the blocking of price information. Given that price information impacts the ability of patients to shop for and make decisions about their care, we seek comment on the parameters and implications of including price information within the scope of EHI for purposes of information blocking. In
• Should prices that are included in EHI:
○ Reflect the amount to be charged to and paid for by the patient's health plan (if the patient is insured) and the amount to be charged to and collected from the patient (as permitted by the provider's agreement with the patient's health plan), including for drugs or medical devices;
○ Include various pricing information such as charge master price, negotiated prices, pricing based on CPT codes or DRGs, bundled prices, and price to payer;
○ Be reasonably available in advance and at the point of sale;
○ Reflect all out-of-pocket costs such as deductibles, copayments and coinsurance (for insured patients); and/or
○ Include a reference price as a comparison tool such as the Medicare rate and, if so, what is the most meaningful reference?
• For the purpose of informing referrals for additional care and prescriptions, should future rulemaking by the Department require health IT developers to include in their platforms a mechanism for patients to see price information, and for health care providers to have access to price information, tailored to an individual patient, integrated into the practice or clinical workflow through APIs?
• To the extent that patients have a right to price information within a reasonable time in advance of care, how would such reasonableness be defined for:
○ Scheduled care, including how far in advance should such pricing be available for patients still shopping for care, in addition to those who have already scheduled care;
○ Emergency care, including how and when transparent prices should be disclosed to patients and what sort of exceptions might be appropriate, such as for patients in need of immediate stabilization;
○ Ambulance services, including air ambulance services; and
○ Unscheduled inpatient care, such as admissions subsequent to an emergency visit?
• How would price information vary based on the type of health insurance and/or payment structure being utilized, and what, if any, challenges would such variation create to identifying the price information that should be made available for access, exchange, or use?
• Are there electronic mechanisms/processes available for providing price information to patients who are not registered (
• Should price information be made available on public websites so that patients can shop for care without having to contact individual providers, and if so, who should be responsible for posting such information? Additionally, how would the public posting of pricing information through API technology help advance market competition and the ability of patients to shop for care?
• If price information that includes a provider's negotiated rates for all plans and the rates for the uninsured were to be required to be posted on a public website, is there technology currently available or that could be easily developed to translate that data into a useful format for individuals? Are there existing standards and code sets that would facilitate such transmission and translation? To the extent that some data standards are lacking in this regard, could developers make use of unstandardized data?
• What technical standards currently exist or may be needed to represent price information electronically for purposes of access, exchange, and use?
• Are there technical impediments experienced by stakeholders regarding price information flowing electronically?
• Would updates to the CMS-managed HIPAA transactions standards and code sets be necessary to address the movement of price information in a standardized way?
• How can price transparency be achieved for care delivered through value based arrangements, including at accountable care organizations, demonstrations and other risk-sharing arrangements?
• What future requirements should the Department consider regarding the inclusion of price information in a patient's EHI, particularly as it relates to the amount paid to a health care provider by a patient (or on behalf of a patient) as well as payment calculations for the future provision of health care to such patient?
• If price information is included in EHI, could that information be useful in subsequent rulemaking that the Department may consider in order to reduce or prevent surprise medical billing, such as requirements relating to:
○ The provision of a single bill that includes all health care providers involved in a health care service, including their network status;
○ The provision of a binding quote reasonably in advance of scheduled care (that is, non-emergent care) or some subset of scheduled care, such as for the most “shoppable” services;
○ Ensuring that all health care providers in an in-network facility charge the in-network rate; and
○ Notification of billing policies such as timely invoice dates for all providers and facilities, notwithstanding network status, due date for invoice payments by the prospective patient's payers and out-of-pocket obligations, date when unpaid balances are referred for collections, and appeals rights and procedures for patients wishing to contest an invoice?
The information blocking provision promotes the ability to
The concepts of access, exchange, and use are closely related: EHI cannot be used unless it can be accessed, and this often requires that the EHI be exchanged among different individuals or entities and through various technological means. Moreover, the technological and other means necessary to facilitate appropriate access and exchange of EHI vary significantly depending on the purpose for which the information will be used. For example, the technologies and services that support a payer's access to EHI to assess clinical value will likely differ from those that support a patient's access to EHI via a smartphone app. That is, to deter information blocking in these and many other potential uses of EHI—and, by extension, the many and diverse means of access and exchange that support such uses.
This is consistent with the way these terms are employed in the information blocking provision and in other relevant statutory provisions. For example, section 3022(a)(2) of the PHSA contemplates a broad range of purposes for which EHI may be accessed, exchanged, and used—from treatment, care delivery, and other permitted purposes, to exporting complete information sets and transitioning between health IT systems, to supporting innovations and advancements in health information access, exchange, and use. Separately,
In addition to these statutory provisions, we have considered how the terms access, exchange, and use have been defined or used in existing regulations and other relevant health IT industry contexts. While those definitions have specialized meanings and are not controlling here, they are instructive insofar as they illustrate the breadth with which these terms have been understood in other contexts. For example, the HIPAA Privacy Rule defines an individual's right of access to include the right to have a copy of all or part of their PHI transmitted directly to them or any person or entity he or she designates, in any form and format (including electronically) that the individual requests and that the covered entity holding the information can readily produce (45 CFR 164.524). In a different context, the HIPAA Security Rule defines “access” as the ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource (45 CFR 164.304). The HIPAA Rules also define the term “use,” which includes the sharing, employment, application, utilization, examination, or analysis of individually identifiable health information within an entity that maintains the information (45 CFR 160.103).
As the examples and discussion above demonstrate, the concepts of access, exchange, and use are used in a variety of contexts to refer to a broad spectrum of activities. We believe that the types of access, exchange, and use described above would be promoted under the information blocking provision, as would other types of access, exchange, or use not specifically contemplated in these or other regulations. Further, we note that the information blocking provision would also extend to innovations and advancements in health information access, exchange, and use that may occur in the future (see section 3022(a)(2) of the PHSA).
Consistent with the above, and to convey the full breadth of activities that may implicate the information blocking provision, we propose definitions of access, exchange, and use in § 171.102. We emphasize the interrelated nature of the definitions. For example, the definition of “use” includes the ability to read, write, modify, manipulate, or apply EHI to accomplish a desired outcome or to achieve a desired purpose, while “access” is defined as the ability or means necessary to make EHI available for
In this proposed rule, we use the term “interoperability element” to refer to any means by which EHI can be accessed, exchanged, or used. We clarify that the means of accessing, exchanging, and using EHI are not limited to functional elements and technical information but also encompass technologies, services, policies, and other conditions
To meet the definition of information blocking, a practice must be
We emphasize that any analysis of information blocking necessarily requires a careful consideration of the individual facts and circumstances, including whether the practice was required by law, whether the actor had the requisite statutory knowledge, and whether an exception applies. When we state that a practice would implicate the provision or
We propose in section VIII.D of this preamble to establish seven exceptions to the information blocking provision for certain reasonable and necessary activities. If an actor can establish that an exception applies to each practice for which a claim of information blocking
Based on early discussions with stakeholders during the development of this proposed rule, we are aware that the generality with which the information blocking provision describes practices that are likely to interfere with, prevent, or materially discourage access, exchange, or use of EHI may leave some uncertainty as to the scope of the information blocking provision and the types of practices that will implicate enforcement by ONC and/or OIG. To provide additional clarity on this point, we elaborate our understanding of these important statutory concepts below.
The information blocking provision and its enforcement subsection do not define the terms “interfere with,” “prevent,” and “materially discourage,” and use these terms collectively and without differentiation. Based on our interpretation of the information blocking provision and the ordinary meanings of these terms in the context of EHI, we do not believe they are mutually exclusive, but that prevention and material discouragement are best understood as types of interference, and that use of these terms in the statute to define information blocking illustrates the desire to reach all practices that an actor knows, or should know, are likely to prevent, materially discourage, or otherwise interfere with the access, exchange, or use of EHI. Consistent with this understanding, in this preamble to the proposed rule, we use the terms “interfere with” and “interference” as inclusive of prevention, material discouragement, and other forms of interference that implicate the information blocking provision.
We believe that interference could take many forms. In addition to the prevention or material discouragement of access, exchange, or use, we propose that interference could include practices that increase the cost, complexity, or other burden associated with accessing, exchanging, or using EHI. Additionally, interference could include practices that limit the utility, efficacy, or value of EHI that is accessed, exchanged, or used, such as by diminishing the integrity, quality, completeness, or timeliness of the data. We refer readers to section VIII.C.5.c of this preamble below for a discussion of these and other potential practices that could interfere with access, exchange, or use and thereby implicate the information blocking provision.
Relatedly, to avoid potential ambiguity and clearly communicate the full range of potential practices that could implicate the information blocking provision, we propose to codify a definition of “interfere with” in § 171.102, consistent with our interpretation set forth above.
The information blocking provision is preventative in nature. That is, the information blocking provision proscribes practices that are
We believe that a practice would satisfy the information blocking provision's “likelihood” requirement if, under the circumstances, there is a reasonably foreseeable risk that the practice will interfere with access, exchange, or use of EHI. For example, where an actor refuses to share EHI or to provide access to certain interoperability elements, it is reasonably foreseeable that such actions will interfere with access, exchange, or use of EHI. As another example, it is reasonably foreseeable that a health care provider may need to access information recorded in a patient's electronic record that could be relevant to the treatment of that patient. For this reason, a policy or practice that limits timely access to such information in an appropriate electronic format creates a reasonably foreseeable likelihood of interfering with the use of the information for these treatment purposes.
Whether the risk of interference is reasonably foreseeable will depend on the particular facts and circumstances attending the practice or practices at issue. Because of the number and diversity of potential practices, and the fact that different practices will present varying risks of interfering with access, exchange, or use of EHI, we do not attempt to anticipate all of the potential ways in which the information blocking provision could be implicated. Nevertheless, to assist with compliance, we clarify certain circumstances in which, based on our experience, a practice will almost always be likely to interfere with access, exchange, or use of EHI. We caution that these situations are not exhaustive and that other circumstances may also give rise to a very high likelihood of interference under the information blocking provision. In each case, ONC will consider the totality of the circumstances in evaluating whether a practice is likely to implicate the statute and to give rise to a violation.
Although the information blocking provision applies to all EHI, we believe that information blocking concerns are especially pronounced when the conduct at issue has the potential to interfere with the access, exchange, or use of EHI that is created or maintained during the practice of medicine or the delivery of health care services to patients. We refer to such information in this section of the preamble collectively as “observational health information.” Such information includes, but is not limited to, health information about a patient that could be captured in a patient record within an EHR and other clinical information management systems; as well as information maintained in administrative and other IT systems when the information is clinically relevant, directly supports patient care, or facilitates the delivery of health care services to consumers. We note that there is a special need for timely, electronic access to this information and that, moreover, the clinical and operational utility of this information is often highly dependent on multiple actors exercising varying forms and degrees of control over the information itself or the technological, contractual, or other means by which it can be accessed, exchanged, and used. Against these indications, practices that adversely impact the access, exchange, or use of observational health information will almost always implicate the information blocking provision.
We note that observational health information may be technically structured or unstructured (such as “free text”). Therefore, in general, clinicians' notes would constitute observational health information, at least insofar as the notes contain observations or conclusions about a patient or the patient's care. In contrast, we believe certain types of EHI are qualitatively distinct from observational health information, such as EHI that is created through aggregation, algorithms, and other techniques that transform observational health information into fundamentally new data or insights that are not obvious from the observational
Finally, we clarify that merely collecting, organizing, formatting, or processing observational health information maintained in EHRs and other source systems does not change the fundamental nature of that EHI or obligations under the information blocking provisions. Likewise, the mere fact that EHI is stored in a proprietary format or has been combined with confidential or proprietary information does not alter the actor's obligations under the information blocking provisions to facilitate access, exchange, and use of the EHI in response to a request. For example, the information blocking provision would be implicated if an actor were to assert proprietary rights in medical vocabularies or code sets in a way that was likely to interfere with the access, exchange, or use of observational health information stored in such formats. However, as noted in section VIII.D.6 of this preamble, under the exception for licensing of interoperability elements on reasonable and non-discriminatory terms, an actor could charge a royalty for access to proprietary data or data coded in a proprietary manner so long as that royalty were offered on reasonable and non-discriminatory terms pursuant to the conditions outlined in the exception.
We believe the information blocking provision will almost always be implicated when a practice interferes with access, exchange, or use of EHI for certain purposes, including but not limited to:
• Providing patients with access to their EHI and the ability to exchange and use it without special effort (
• Ensuring that health care professionals, care givers, and other authorized persons have the EHI they need, when and where they need it, to make treatment decisions and effectively coordinate and manage patient care and can use the EHI they may receive from other sources.
• Ensuring that payers and other entities that purchase health care services can obtain the information they need to effectively assess clinical value and promote transparency concerning the quality and costs of health care services.
• Ensuring that health care providers can access, exchange, and use EHI for quality improvement and population health management activities.
• Supporting access, exchange, and use of EHI for patient safety and public health purposes.
The need to ensure that EHI is readily available and usable for these purposes is paramount. Therefore, practices that increase the cost, difficulty, or other burden of accessing, exchanging, or using EHI for these purposes would almost always implicate the information blocking provision. Individuals and entities that develop health IT or have a role in making these technologies and services available should consider the impact of their actions and take steps to support interoperability and avoid impeding the availability or use of EHI.
An actor may have substantial control over one or more interoperability elements that provide the only reasonable means of accessing, exchanging, or using EHI for a particular purpose. In these circumstances, any practice by the actor that could impede the use of the interoperability elements—or that could unnecessarily increase the cost or other burden of using the elements—would almost always implicate the information blocking provision.
The situation described above is most likely when customers or users are dependent on an actor's technology or services, which can occur for any number of reasons. For example, technological dependence may arise from legal or commercial relations, such as a health care provider's reliance on its EHR developer to ensure that EHI managed on its behalf is accessible and usable when it is needed. Relatedly, most EHI is currently stored in EHRs and other source systems that use proprietary data models or formats. Knowledge of the data models, formats, or other relevant technical information (
Separate from these contractual and intellectual property issues, users may become “locked in” to a particular technology, HIE, or HIN for financial or business reasons. For example, many health care providers have invested significant resources to adopt EHR technologies—including costs for deployment, customization, data migration, and training—and have tightly integrated these technologies into their information management strategies, clinical workflows, and business operations. As a result, they may be reluctant to switch to other technologies due to the significant cost and disruption this would entail.
Another important driver of technological dependence is the “network effects” of health IT adoption, which are amplified by a reliance on technologies and approaches that are not standardized and do not enable seamless interoperability. Consequently, health care providers and other health IT users may gravitate towards and become reliant on the proprietary technologies, HIEs, or HINs that have been adopted by other individuals and entities with whom they have the greatest need to exchange EHI. These effects may be especially pronounced within particular product or geographic areas. For example, a HIN that facilitates certain types of exchange or transactions may be so widely adopted that it is a de facto industry standard. A similar phenomenon may occur within a particular geographic area once a critical mass of hospitals, physicians, or other providers adopt a particular EHR technology, HIE, or HIN.
In these and other analogous circumstances of reliance or dependence, there is a heightened risk that an actor's conduct will interfere with access, exchange, or use of EHI. To assist with compliance, we highlight the following common scenarios, based on our outreach to stakeholders, in which
• Health IT developers of certified health IT that provide EHR systems or other technologies used to capture EHI at the point of care are in a unique position to control subsequent access to and use of that information.
• HINs and HIEs may be in a unique position to control the flow of information among particular persons or for particular purposes, especially if the HIN or HIE has achieved significant adoption in a particular geographic area or for a particular type of health information use case.
• Similar control over EHI may be exercised by other entities, such as health IT developers of certified health IT, that supply or control proprietary technologies, platforms, or services that are widely adopted by a class of users or that are a “de facto standard” for certain types of EHI exchanges or transactions.
• Health care providers within health systems and other entities that provide health IT platforms, infrastructure, or information sharing policies may have a degree of control over interoperability or the movement of data within a geographic area that is functionally equivalent to the control exercised by a dominant health IT developer, HIN, or HIE.
To avoid violating the information blocking provision, actors with control over interoperability elements should be careful not to engage in practices that exclude persons from the use of those elements or create artificial costs or other impediments to their use.
We encourage comment on these and other circumstances that may present an especially high likelihood that a practice will interfere with access, exchange, or use of EHI within the meaning of the information blocking provision.
To further clarify the scope of the information blocking provision, below we describe several types of practices that would be likely to interfere with access, exchange, or use of EHI. These examples clarify and expand on those set forth in section 3022(a)(2) of the PHSA.
Because information blocking can take many forms, we emphasize that the categories of practices described below are illustrative only and do not provide an exhaustive list or comprehensive description of practices that may implicate the information blocking provision and its penalties. We also reiterate that to implicate the provision is not necessarily to violate it, and that each case will turn on its own unique facts. For instance, a practice that seemingly meets the statutory definition of information blocking would not be information blocking if it was required by law, if one or more elements of the definition were not met, or if it was covered by one of the proposed exceptions for certain reasonable and necessary activities detailed in section VIII.D of this preamble. For the purposes of the following discussion, we do not consider the applicability of any exceptions proposed in section VIII.D of this preamble; we therefore strongly encourage readers to review that section in conjunction with the discussion of practices in this section below.
The information blocking provision establishes penalties, including civil monetary penalties, or requires appropriate disincentives, for practices that restrict access, exchange, or use of EHI for permissible purposes. For example, section 3022(a)(2)(A) of the PHSA states that information blocking may include practices that restrict authorized access, exchange, or use for treatment and other permitted purposes under applicable law. Section 3022(a)(2)(C)(i) of the PHSA states that information blocking may include implementing health IT in ways that are likely to restrict the access, exchange, or use of EHI with respect to exporting complete information sets or in transitioning between health IT systems.
One means by which actors may restrict access, exchange, or use of EHI is through formal restrictions. These may be expressed in contract or license terms, EHI sharing policies, organizational policies or procedures, or other instruments or documents that set forth requirements related to EHI or health IT. Additionally, in the absence of an express contractual restriction, an actor may achieve the same result by exercising intellectual property or other rights in ways that restrict access, exchange, or use. As an illustration, the following non-exhaustive examples illustrate types of formal restrictions that would likely implicate the information blocking provision. As stated above, the examples throughout this section VIII.C.5.c. are presented without consideration to whether a proposed exception applies, and readers are encouraged to familiarize themselves with section VIII.D of this preamble.
• A health system's internal policies or procedures require staff to obtain an individual's written consent before sharing any of a patient's EHI with unaffiliated providers for treatment purposes even though obtaining an individual's consent is not required by state or federal law.
• An EHR developer's software license agreement prohibits a customer from disclosing to its IT contractors certain technical interoperability information without which the customer and its IT contractors cannot efficiently export and convert EHI for use in other applications.
• A HIN's participation agreement prohibits entities that receive EHI through the HIN from transmitting that EHI to entities who are not participants of the HIN.
• An EHR developer sues to prevent a clinical data registry from providing interfaces to physicians who use the developer's EHR technology and wish to submit EHI to the registry. The EHR developer claims that the registry is infringing the developer's copyright in its database because the interface incorporates data mapping that references the table headings and rows of the EHR database in which the EHI is stored.
Access, exchange, or use of EHI can also be restricted in less formal ways. The information blocking provision would be implicated, for example, where an actor simply refuses to exchange or to facilitate the access or use of EHI, either as a general practice or in isolated instances. The refusal may be expressly stated, or it may be implied from the actor's conduct, as where the actor ignores requests to share EHI or provide interoperability elements; gives implausible reasons for not doing so; or insists on terms or conditions that are so objectively unreasonable that they amount to a refusal to provide access, exchange, or use of the EHI. Some examples of informal restrictions include, but are not limited to:
• A health IT developer of certified health IT refuses to license interoperability elements that are reasonably necessary for the developer's customers, their IT contractors, and other health IT developers to develop and deploy software that will work with the certified health IT.
• A health system incorrectly claims that the HIPAA Rules or other legal requirements preclude it from exchanging EHI with unaffiliated providers.
• An EHR developer ostensibly allows third-party developers to deploy apps that are interoperable with its EHR system. However, as a condition of doing so, the third-party developers must provide their source code and grant the EHR developer the right to use it for its own purposes—terms that almost no developer would willingly accept.
• A provider notifies its EHR developer of its intent to switch to another EHR system and requests a complete export of its EHI. The developer will provide only the EHI in a PDF format, even though it already can and does produce the data in a commercially reasonable structured format.
We emphasize that restrictions on access, exchange, or use that are required by law would not implicate the information blocking provision. Moreover, we recognize that some restrictions, while not required by law, may be reasonable and necessary for the privacy and security of individuals' EHI; such practices may qualify for protection under the exceptions proposed in section VIII.D.2 and 3 of this preamble.
The information blocking provision includes practices that restrict the access, exchange, or use of EHI in various ways (
We propose that the information blocking provision would be implicated if an actor were to deploy technological measures that limit or restrict the ability to reverse engineer the functional aspects of technology in order to develop means for extracting and using EHI maintained in the technology. This may include, for example, employing technological protection measures that, if circumvented, would trigger liability under the Digital Millennium Copyright Act (
The following hypothetical situations illustrate some (though not all) of the types of practices described above and which would implicate the information blocking provision.
• A health system implements locally-hosted EHR technology certified to proposed § 170.315(g)(10) (the health system acts as an API Data Provider as defined by § 170.102). As required by proposed § 170.404(b)(2), the technology developer provides the health system with the capability to automatically publish its production endpoints (
• A hospital directs its EHR developer to configure its technology so that users cannot easily send electronic patient referrals and associated EHI to unaffiliated providers, even when the user knows the Direct address and/or identity (
• An EHR developer that prevents (such as by way of imposing exorbitant fees unrelated to the developer's costs, or by some technological means) a third-party clinical decision support (CDS) app from writing EHI to the records maintained by the EHR developer on behalf of a health care provider (despite the provider authorizing the third-party app developer's use of EHI) because the EHR developer: (1) Offers a competing CDS software to the third-party app; and (2) includes functionality (
• Although an EHR developer's patient portal offers the capability for patients to directly transmit or request for direct transmission of their EHI to a third party, the developer's customers (
• A health care provider has the capability to provide same-day access to EHI in a form and format requested by a patient or a patient's health care provider, but takes several days to respond.
The information blocking provision encompasses practices that create impediments to innovations and advancements to the access, exchange, and use of EHI, including care delivery enabled by health IT (section 3022(a)(2)(C)(ii) of the PHSA). Importantly, the information blocking provision would be implicated and penalties may apply if an actor were to engage in exclusionary, discriminatory, or other practices that impede the development, dissemination, or use of interoperable technologies and services that enhance access, exchange, or use of EHI.
Most acutely, the information blocking provision would be implicated if an actor were to refuse to license or allow the disclosure of interoperability elements to persons who require those elements to develop and provide interoperable technologies or services—including those that might complement or compete with the actor's own technology or services. The same would be true if the actor were to allow access to interoperability elements but were to restrict their use for these purposes. The following examples, which are not exhaustive, illustrate practices that would likely implicate the information blocking provision by interfering with access, exchange, or use of EHI:
• A health IT developer of certified health IT refuses to license an API's interoperability elements, to grant the rights necessary to commercially distribute applications that use the API's interoperability elements, or to provide the related services necessary to enable the use of such applications in production environments.
• An EHR developer of certified health IT requires third-party applications to be “vetted” for security before use but does not promptly conduct the vetting or conducts the vetting in a discriminatory or exclusionary manner.
• A health IT developer of certified health IT refuses to license interoperability elements that other software applications require to efficiently access, exchange, and use
Rather than restricting interoperability elements, an actor may insist on terms or conditions that are burdensome and discourage their use. These practices would implicate the information blocking provision for the reasons described above. Consider the following non-exhaustive examples:
• An EHR developer of certified health IT maintains an “app store” through which other developers can have “apps” listed that run natively on the EHR developer's platform. However, if an app “competes” with the EHR developer's apps or apps it plans to develop, the developer
• A health care provider engages a systems integrator to develop an interface engine. However, the provider's license agreement with its EHR developer prohibits it from disclosing technical documentation that the systems integrator needs to perform the work. The EHR developer states that it will only permit the systems integrator to access the documentation if all of its employees sign a broad non-compete agreement that would effectively bar them from working for any other health IT companies.
The information blocking provision would be implicated also if an actor were to discourage efforts to develop or use interoperable technologies or services by exercising its influence over customers, users, or other persons, as in the following non-exhaustive examples:
• An EHR developer of certified health IT maintains an “app store” through which other developers can have “apps” listed that run natively on the EHR developer's platform. The EHR developer charges app developers a substantial fee for this service unless an app developer agrees not to deploy the app in any other EHR developers' app stores.
• A hospital is working with several health IT developers to develop an application that will enable ambulatory providers who use different EHR systems to access and update patient data in the hospital's EHR system from within their ambulatory EHR workflows. The inpatient EHR developer, being a health IT developer of certified health IT, pressures the hospital to abandon this project, stating that if it does not it will no longer receive the latest updates and features for its inpatient EHR system.
• A health IT developer of certified health IT discourages customers from procuring data integration capabilities from a third-party developer, claiming that it will be providing such capabilities free of charge in the next release of its product. In reality, the capabilities it is developing are more limited in scope and are still 12-18 months from being production-ready.
• A health system insists that local physicians adopt its EHR platform, which provides limited connectivity with competing hospitals and facilities. The health system threatens to revoke admitting privileges for physicians that do not comply.
Similar concerns would arise were an actor to engage in discriminatory practices—such as imposing unnecessary and burdensome administrative, technical, contractual, or other requirements on certain persons or classes of persons—that interfere with access and exchange or EHI by frustrating or discouraging efforts to enable interoperability. The following non-exhaustive examples illustrate some ways this could occur:
• An HIN charges additional fees, requires more stringent testing or certification requirements, or imposes additional terms for participants that are competitors, are potential competitors, or may use EHI obtained via the HIN in a way that facilitates competition with the HIN.
• A health care provider imposes one set of fees and terms to establish interfaces or data sharing arrangements with several registries and exchanges, but offers another more costly or significantly onerous set of terms to establish substantially similar interfaces and arrangements with an HIE or HIN that is used primarily by health plans that purchase health care services from the provider at negotiated reduced rates.
• A health IT developer of certified health IT charges customers fees, throttles speeds, or limits the number of records they can export when exchanging EHI with a regional HIE that supports exchange among users of competing health IT products, but does not impose like fees or limitations when its customers exchange EHI with enterprise HIEs that primarily serve users of the developer's own technology.
• As a condition of disclosing interoperability elements to third-party developers, an EHR developer requires third-party developers to enter into business associate agreements with all of the EHR developer's covered entity customers, even if the work being done is not for the benefit of the covered entities.
• A health IT developer of certified health IT takes significantly longer to provide or update interfaces that facilitate the exchange of EHI with users of competing technologies or services.
We clarify that not all instances of differential treatment would necessarily constitute a discriminatory practice that implicates the information blocking provision. For example, different fee structures or other terms may reflect genuine differences in the cost, quality, or value of the EHI and the effort required to provide access, exchange, or use. We also note that, in certain circumstances, it may be reasonable and necessary for an actor to restrict or impose reasonable and non-discriminatory terms or conditions on the use of interoperability elements, even though such practices could implicate the information blocking provision. For this reason, we propose in section VIII.D.6 of this preamble to establish a narrow exception that would apply to these types of practices.
Certain practices that artificially increase the cost and expense associated with accessing, exchanging, and using EHI will implicate the information blocking provision. Such practices are plainly contrary to the information blocking provision and the concerns that motivated its enactment.
An actor may seek to extract profits or capture revenue streams that would be unobtainable without control of a technology or other interoperability elements that are necessary to enable or facilitate access, exchange, or use of EHI. As discussed in section VIII.C.5.b.iii of this proposed rule, most EHI is currently stored in EHRs and other source systems that use proprietary data models or formats; this puts EHR developers (and other actors that control data models or standards) in a unique position to block access to (including the export and portability of) EHI for use in competing systems or applications, or to charge rents for access to the basic technical information needed to accomplish the access, exchange, or use of EHI for these purposes. These information blocking concerns may be compounded to the extent that EHR developers do not disclose, in advance, the fees they will charge for interfaces, data export, data portability, and other interoperability-related services (
To illustrate, we provide the following non-exhaustive examples, which reflect some of the more common types of rent-seeking and opportunistic behaviors of which we are aware and that are likely to interfere with access, exchange, or use of EHI:
• An EHR developer of certified health IT charges customers a fee to provide interfaces, connections, data export, data conversion or migration, or other interoperability services, where the amount of the fee exceeds the actual costs that the developer reasonably incurred to provide the services to the particular customer(s).
• An EHR developer of certified health IT charges a fee to perform an export using the EHI export capability proposed in § 170.315(b)(10) for the purposes of switching health IT systems or to provide patients access to EHI.
• An EHR developer of certified health IT charges more to export or use EHI in certain situations or for certain purposes, such as when a customer is transitioning to a competing technology or attempting to export data for use with a HIE, third-party application, or other technology or service that competes with the revenue opportunities associated with the EHR developer's own suite of products and services.
• An EHR developer of certified health IT interposes itself between a customer and a third-party developer, insisting that the developer pay a licensing fee, royalty, or other payment in exchange for permission to access the EHR system or related documentation, where the fee is not reasonably necessary to cover any additional costs the EHR developer incurs from the third-party developer's activities.
• An analytics company provides services to the customers of an EHR developer of certified health IT, including de-identifying customer EHI and combining it with other data to identify areas for quality improvement. The EHR developer insists on a revenue sharing arrangement whereby it would receive a percentage of the revenue generated from these activities in return for facilitating access to its customers' EHI, which turns out to be disadvantageous to customers. The revenue the EHR developer would receive exceeds its reasonable costs of facilitating the access to EHI.
The information blocking provision would clearly be implicated by these and other practices by which an actor profits from its unreasonable control over EHI or interoperability elements without adding any efficiency to the health care system or serving any other procompetitive purpose. But the reach of the information blocking provision is not limited to these types of practices. We interpret the definition of information blocking to encompass
Section 3022(a)(2)(B) of the PHSA states that information blocking may include implementing health IT in non-standard ways that substantially increase the complexity or burden of accessing, exchanging, or using EHI. In general, this type of interference is likely to occur when, despite the availability of generally accepted technical, policy, or other approaches that are suitable for achieving a particular implementation objective, an actor does not implement the standard, does not implement updates to the standard, or implements the standard in a way that materially deviates from its formal specifications. These practices lead to unnecessary complexity and burden, such as the additional cost and effort required to implement and maintain “point-to-point” connections, custom-built interfaces, and one-off trust agreements.
While each case will necessarily depend on its individual facts, and while we recognize that the development and adoption of standards across the health IT industry is an ongoing process, we propose that the information blocking provision would be implicated in at least two distinct sets of circumstances. First, information blocking may arise where an actor chooses not to adopt, or to materially deviate from, relevant standards, implementation specifications, and certification criteria adopted by the Secretary under section 3004 of the PHSA. Second, even where no federally adopted or identified standard exists, if a particular implementation approach has been broadly adopted in a relevant industry segment, deviations from that approach would be suspect unless strictly necessary to achieve substantial efficiencies.
To further illustrate these types of practices that would implicate the information blocking provision, we provide the following non-exhaustive examples of conduct that would be likely to interfere with access, exchange, or use of EHI:
• An EHR developer of certified health IT implements the C-CDA for receiving transitions of care summaries but only sends transitions of care summaries in a proprietary or outmoded format.
• A health IT developer of certified health IT adheres to the “required” portions of a widely adopted industry standard but chooses to implement proprietary approaches for “optional” parts of the standard when other interoperable means are readily available.
Even where no standards exist for a particular purpose, actors should not design or implement health IT in non-standard ways that unnecessarily increase the costs, complexity, and other burden of accessing, exchanging, or using EHI. For example, an EHR developer of certified health IT designs its database tables in a way that is unreasonably difficult to “map” to a non-proprietary format, which is a necessary prerequisite to converting the EHI to a format that can be used in other software applications. When a customer requests the capability to export EHI to a clinical data registry, the EHR developer quotes substantial costs resulting from the need to write custom code to enable this functionality. Based on these facts, the fees do not reflect costs that are reasonably incurred to provide the service and are instead the result of the developer's impractical design choices. We are aware that some actors attribute certain non-standard implementations on legacy systems that the actor did not themselves design but which have to be integrated into the actor's health IT. Such instances will be considered on a case by case basis.
Again, we reiterate that information blocking can take many forms and that the practices (and categories of practices) described above do not provide an exhaustive list or comprehensive description of practices that may implicate the information blocking provision.
As discussed above, section 3022(a)(3) authorizes the Secretary to identify, through notice and comment rulemaking, reasonable and necessary
While we acknowledge the terminology used in the Cures Act, we propose to use the term “practice” throughout this proposed rule when we describe conduct that is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information, regardless of whether that conduct meets the conditions for an exception to the information blocking provision. Consistent with this approach, when identifying reasonable and necessary activities in §§ 171.200 through 171.206, we describe
The proposed exceptions would apply to health care providers, health IT developers of certified health IT, HIEs, and HINs who engage in certain practices covered by an exception, provided that all applicable conditions of the exception are satisfied at all relevant times and for each practice for which the exception is sought. The exceptions are generally applicable to all actors. However, in some instances we propose conditions within an exception that apply to a particular type of actor.
We propose that, in the event of an investigation of an information blocking complaint, an actor must demonstrate that an exception is applicable and that the actor met all relevant conditions of the exception at all relevant times and for each practice for which the exception is sought. We consider this allocation of proof to be a substantive condition of the proposed exceptions. As a practical matter, we propose that actors are in the best position to demonstrate compliance with the conditions of the proposed exceptions and to produce the detailed evidence necessary to demonstrate that compliance. We request comment about the types of documentation and/or standardized methods that an actor may use to demonstrate compliance with the exception conditions.
We propose to establish seven exceptions to the information blocking provision. The exceptions would apply to certain activities that may technically meet the definition of information blocking but that are reasonable and necessary to further the underlying public policies of the information blocking provision.
The seven proposed exceptions are based on three related policy considerations. First, each exception is limited to certain activities that clearly advance the aims of the information blocking provision. These reasonable and necessary activities include providing appropriate protections to prevent harm to patients and others; promoting the privacy and security of EHI; promoting competition and innovation in health IT and its use to provide health care services to consumers, and to develop more efficient means of health care delivery; and allowing system downtime in order to implement upgrades, repairs, and other changes to health IT. Second, each exception addresses a significant risk that regulated actors will not engage in these beneficial activities because of uncertainty concerning the breadth or applicability of the information blocking provision. Finally, each exception is subject to strict conditions to ensure that it is limited to activities that are reasonable and necessary.
The first three exceptions, set forth in VIII.D.1-D.3, extend to certain activities that are reasonable and necessary to prevent harm to patients and others; promote the privacy of EHI; and promote the security of EHI, subject to strict conditions to prevent the exceptions from being misused. We believe that without these exceptions, actors may be reluctant to engage in the types of reasonable and necessary activities described below, and that this could erode trust in the health IT ecosystem and undermine efforts to provide access and facilitate the exchange and use of EHI for important purposes. Such a result would be contrary to the purpose of the information blocking provision and the broader policies of the Cures Act.
The next three exceptions, set forth in VIII.D.4-D.6, address activities that are reasonable and necessary to promote competition and consumer welfare. First, we propose to permit the recovery of certain types of reasonable costs incurred to provide technology and services that enable access to EHI and facilitate the exchange and use of that information, provided certain conditions are met. Second, we propose to permit an actor to decline to provide access, exchange, or use of EHI in a manner that is infeasible, subject to a duty to provide a reasonable alternative. And, third, we propose an exception that would permit an actor to license interoperability elements on reasonable
The last exception, set forth in VIII.D.7, recognizes that it may be reasonable and necessary for actors to make health IT temporarily unavailable for the benefit of the overall performance of health IT. This exception would permit an actor to make the operation of health IT unavailable in order to implement upgrades, repairs, and other changes.
As context for the exceptions proposed below in VIII.D.4-D.6, we note that addressing information blocking is critical for promoting competition and innovation in health IT and for the delivery of health care services to consumers. Indeed, the information blocking provision itself expressly addresses practices that impede innovations and advancements in health information access, exchange, and use, including care delivery enabled by health IT (section 3022(a)(2)(C)(ii) of the PHSA). As discussed in section VIII.C.5.b.iii of this preamble, health IT developers of certified health IT, HIEs, HINs, and, in some instances, health care providers may exploit their control over interoperability elements to create barriers to entry for competing technologies and services that offer greater value for health IT customers and users, provide new or improved capabilities, and enable more robust access, exchange, and use of EHI.
Section 3022(a)(5) of the PHSA provides that the Secretary may consult with the Federal Trade Commission (FTC) in defining practices that do not constitute information blocking because they are necessary to promote competition and consumer welfare. We appreciate the expertise and informal technical assistance of FTC staff, which we have taken into consideration in developing the exceptions described in VIII.D.4-D.6 of this preamble. We note that the language in the Cures Act regarding information blocking is substantively and substantially different from the language and goals in the antitrust laws enforced by the FTC. We view the Cures Act as authorizing ONC and OIG to regulate conduct that may be considered permissible under the antitrust laws. On this basis, this proposed rule requires that actors who control interoperability elements cooperate with individuals and entities that require those elements for the purpose of developing, disseminating, and enabling technologies and services that can interoperate with the actor's technology.
We emphasize that ONC is taking this approach because we view patients as having an overwhelming interest in EHI about themselves, and particularly observational health information (see the discussion in section VIII.C.4.b of this preamble). As such, access to EHI, and the EHI itself, should not be traded or sold by those actors who are custodians of EHI or who control its access, exchange, or use. We emphasize that such actors should not be able to charge fees for providing electronic access, exchange, or use of patients' EHI. We propose that actors should be required to share EHI unless they are prohibited from doing so under an existing law or are covered by one of the exceptions detailed in this preamble. In addition, any remedy sought or action taken by HHS under the information blocking provision would be independent from the antitrust laws and would not prevent FTC or DOJ from taking action with regard to the same actor or conduct.
We request comment on the following seven proposed exceptions, including whether they will achieve our stated policy goals.
We propose to establish an exception to the information blocking provision for practices that are reasonable and necessary to prevent harm to a patient or another person, provided certain conditions are met. The exception and corresponding conditions are set forth in the proposed regulation text in § 171.201.
This proposed exception would acknowledge the public interest in protecting patients and other persons against unreasonable risks of harm that, in certain narrowly defined circumstances described below, justify practices that are likely to interfere with access, exchange, or use of EHI and that would implicate the information blocking provision in the absence of an exception.
The exception would be subject to strict conditions, which we believe are necessary to prevent patient safety from being used as a pretext for information blocking or as a post hoc rationalization for practices that are not reasonable and necessary to address material risks of harm to a patient or another person.
We have adopted the terminology of “patient” to denote the context in which the threat of harm arises. That is, this proposed exception has been designed to recognize certain practices taken for the benefit of recipients of health care—those individuals whose EHI is at issue—and other persons whose information may be recorded in that EHI or who may be at risk of harm because of the access, use, or exchange of EHI. The use of the term “patient” does not require, other than in the context of the risk of harm determined by a licensed health care professional (
Consistent with the definition of information blocking, we have identified certain risks to patient harm that arise in the context of access, exchange, or use of EHI. To qualify for this proposed exception, an actor's practice must respond to a risk that is cognizable under this exception.
The exception may apply to practices that prevent harm arising from corrupted or inaccurate EHI being recorded or incorporated in a patient's electronic health record. Users of health IT systems strive to maintain accurate electronic health records by carefully inputting EHI and verifying existing EHI. Occasionally a clinician or other user of health IT is presented with EHI that, due to a failure of the technology, is either entirely incorrect or contains inaccurate information. At other times, EHI could become corrupted. In these cases, the sharing or integration of such EHI could lead to inaccuracies in the patient's electronic health record that then run the risk of being propagated further. We note, however, that known inaccuracies in some data within a record may not be sufficient justification to withhold the entire record if the remainder of the patient's EHI could be effectively shared without also presenting the known incorrect or corrupted information as if it were trustworthy. Also, we would expect that once information is known to be inaccurate or corrupted, a health care provider holding that record would, for example, take action to cure the inaccuracy or corruption. We understand that in the ordinary course of practice, and consistent with professional and legal standards for clinical record keeping, health care providers take appropriate action to remediate known problems with EHI and restore a record as a whole to be safely usable, and therefore safely sharable.
This recognized risk is limited to corruption and inaccuracies caused by performance and technical issues affecting health IT. For example, this exception may be relevant if certified health IT were to incorrectly present an old and superseded version of a medication list, or when only partial copies of laboratory tests are being linked to a patient when the patient's record is exchanged. However, this recognized risk does not extend to purported accuracy issues arising from the incompleteness of a patient's electronic health record generally. Electronic health records, like the paper charts they replaced, are inevitably imperfect records. Many patients see multiple health care providers and so it is unlikely that any single health care provider's record will provide a complete picture of a patient's health. Some patients intentionally keep certain information secret even from their health care providers, and others fail to share potentially critical information with their health care providers because they forget to, or simply do not understand its clinical significance.
While the access, exchange, or use of EHI in these situations could give rise to the risk of harm if the EHI was relied on without qualification, such reliance does not accord with our understanding of clinical practice, as the risk of incompleteness resulting from patients having multiple providers, or from errors of omission by patients and their care providers, is not unique to electronic health records or their interoperable exchange. Therefore, the risk that the EHI a given health care provider holds for a given patient may not be a perfectly complete record of that patient's health or care will not be recognized as being sufficient to support an actor qualifying for this exception in the face of a claim of information blocking.
We also acknowledge that certain federal and state laws, such as 42 CFR part 2 and state medical record laws, require an actor to obtain an individual's written consent before sharing health information. However, we propose that an actor would not be able to benefit from this exception on the basis of a perceived risk arising from exchanging or providing access to EHI when the EHI exchanged or made accessible does not include certain information due to a patient's decision not to consent to its disclosure. For example, this exception would not recognize an actor's conduct in not providing access, exchange, or use of a patient's electronic health record on the basis that the patient's failure to consent to the disclosure of substance abuse treatment information made the patient's record incomplete and thus inaccurate.
The exception may apply to practices that are designed to promote data quality and integrity and support health IT applications properly identifying and matching patient records or EHI. Accurately identifying patients and correctly attributing their EHI to them is a complex task and involves layers of safeguards, including verification of a patient's identity, proper registration in health IT systems, physical identification such as wristbands, and usability and implementation decisions such as ensuring the display of a patient's name and date of birth on every screen of the patient's electronic chart. When a clinician or other health IT user may know or reasonably suspect that specific EHI in a patient's record is or may be misattributed, either within a local record or as received through EHI exchange, it would be reasonable for them to avoid sharing or incorporating the EHI that they know would, or reasonably suspect could, propagate errors in the patient's records and thus pose the attendant risks to the patient. As discussed below, an actor's response to this risk would need to be no broader than necessary to mitigate the risk of harm arising from the potentially misidentified record or misattributed data. A health IT developer of certified health IT could not, for example, refuse to provide a batch export on the basis that the exported records may contain a misidentified record. Similarly, a health care provider that identified that a particular piece of information had been misattributed to a patient would not be excused from exchanging or providing access to all other EHI about the patient that had not been misattributed.
The exception may permit certain restrictions on the disclosure of an individual's EHI in circumstances where a licensed health care professional has determined, in the exercise of professional judgment, that the disclosure is reasonably likely to endanger the life or physical safety of the patient or another person. This would include the situation where a covered entity elected not to treat a person as the personal representative of an individual in situations of potential abuse or endangerment, including in accordance with 45 CFR 164.502(g)(5). In certain cases, the clinician may have individualized knowledge stemming from the clinician-patient relationship that, for a particular patient and for that patient's circumstances, harm could result if certain EHI were shared or transmitted electronically. Consistent with the HIPAA Privacy Rule, a
We request comment on whether the categories of harm described above capture the full range of safety risks that might arise directly from accessing, exchanging, or using EHI. We also request comment on whether we should consider other types of patient safety risks related to data quality and integrity concerns, or that may have a less proximate connection to EHI but that could provide a reasonable and necessary basis for an actor to restrict or otherwise impede access, exchange, or use of EHI in appropriate circumstances. We ask that commenters provide detailed rationale for any suggested revisions to these categories, including additional conditions that may be necessary to ensure that the exception is tailored and does not extend protection to practices that are not reasonable and necessary to promote patient safety and that could present information blocking concerns.
To qualify for this exception, an actor must have had a reasonable belief that the practice or practices will directly and substantially reduce the likelihood of harm to a patient or another person. As discussed above, the type of risk must also be cognizable under this exception.
An actor could meet this condition in two ways.
In most cases, we anticipate that the actor would demonstrate that the practices it engaged in were consistent with an organizational policy that was objectively reasonable and no broader than necessary for the type of patient safety risks at issue. In these circumstances, we propose that an actor's policy would need to satisfy the following requirements.
First, we propose that the policy must be in writing.
Second, it must have been developed with meaningful input from clinical, technical, and other appropriate staff or others who have expertise or insight relevant to the risk of harm that the policy addresses. This condition would not be met if, for example, a hospital imposed top-down information sharing policies or workflows established by the hospital's EHR developer and approved by hospital administrators without meaningful input from the medical staff, IT department, and front-line clinicians who would implement, and thus be affected by, the policy and are in the best position to gauge how effective it will be at mitigating patient safety risks.
Third, we propose that the policy must have been implemented in a consistent and non-discriminatory manner. As part of this condition, the actor must have taken reasonable steps to educate its directors, officers, employees, contractors, and authorized personnel on how to apply the policy and to provide appropriate oversight to ensure that the policy is not applied in an arbitrary, discriminatory, or otherwise inappropriate manner. This condition would not be met if, for example, a policy or practice were based on factors that lacked a direct and substantial correlation with the particular risk of harm at issue.
Last, we propose that the policy must have been be no broader than necessary for the specific risk or type of risk at issue. For example, as evidence that the policy is no broader than necessary, the policy would need to identify the relevant risks and follow an approach to mitigating those risks that is based on current patient safety evidence and best practices, supplemented by input from clinical, technical, and other staff or others who are in the best position to make judgments about the policy's effectiveness, as discussed above. Further evidence that the policy was no broader than necessary would be whether the actor considered alternative approaches and reasonably concluded that, under the circumstances, those approaches were either inadequate to address the identified risks of harm or would not have reduced the likelihood of interference with access, exchange, or use of EHI. For example, a tailored response to the existence of corrupted data would necessarily permit all uncorrupted EHI to continue to be accessed, used, and exchanged. This condition would not be met, for example, if an actor's policy imposed a blanket ban on the sharing of EHI with users of different technologies or with health care providers who are not part of a particular health system, HIE, or HIN.
We recognize that some health care providers (such as small practices) may not have comprehensive and formal policies governing all aspects of EHI and patient safety. Additionally, even if an organizational policy exists, it may not anticipate all of the potential risks of harm that could arise in real-world clinical or production environments of health IT. In these circumstances, in lieu of demonstrating that a practice conformed to the actor's policies and that the policies met the conditions described above, the actor could justify the practice or practices directly by making a finding in each case, based on the particularized facts and circumstances, that the practice is necessary and no broader than necessary to mitigate the risk of harm. To do so, we propose that the actor would need to show that the practices were approved on a case-by-case basis by an individual with direct knowledge of the relevant facts and circumstances and who had relevant clinical, technical, or other appropriate expertise. Such an individual would need to reasonably conclude, on the basis of those particularized facts and circumstances and his/her expertise and best professional judgment, that the practice was necessary, and no broader than necessary, to mitigate the risk of harm to a patient or other persons.
We propose that a licensed health care professional's independent and individualized judgment about the safety of the actor's patients or other persons would be entitled to substantial deference under this proposed exception. So long as the clinician actually considered all of the relevant facts and determined that, under the particular circumstances, the practice was necessary to protect the safety of the clinician's patient or other person, we would not second-guess the clinician's judgment. To provide further clarity on this point, we provide the following illustration.
A clinician suspects that a patient is at risk of domestic abuse. The patient has recently visited the clinic for a pregnancy test, and tells the clinician that the potential father is not her current partner. The test returns a positive result. The clinician notes that in the patient's electronic health record, her partner has been given access to view her test results. The clinician, considering all factors for this particular situation and particular patient, and aware of the clinic's policy towards the restriction of electronic health information sharing, concludes that releasing this result electronically could place the patient at risk of harm. The clinician thus chooses not to release the test result electronically and plans to deliver the result to the patient in a safe manner. The exception would apply in this case because the clinician reasonably believes, based on the relationship with this particular patient and the clinician's best clinical judgment, that the restriction is
We seek public comment on whether this proposed exception is appropriate and adequately balances the interest of promoting access, exchange, and use of EHI with legitimate concerns about the risk of harm to patients and others. In addition to any other relevant issues, we specifically request feedback on whether the exception is broad enough to prevent harm to patients and others and, if not, what additional risks we should address should we finalize this proposal; and whether there are additional safeguards the Secretary should adopt in order to prevent practices that attempt to undermine the policy goal of the exception. We also seek comment on whether there are customary practices (
We propose to establish an exception to the information blocking provision for practices that are reasonable and necessary to protect the privacy of an individual's EHI, provided certain conditions are met. The exception and corresponding conditions are set forth in the proposed regulation text in § 171.202. We note that any practice engaged in to protect the privacy of an individual's EHI must be consistent with applicable laws related to health information privacy, including the HIPAA Privacy Rule as applicable, as well as with other applicable laws and regulations, such as the HITECH Act, 42 CFR part 2, and state laws. This exception to the information blocking provision does not alter an actor's obligation to comply with these and other applicable laws.
We believe this exception is necessary to support basic trust and confidence in health IT infrastructure. Without this exception, there would be a significant risk that actors would share EHI in inappropriate circumstances, such as when an individual has taken affirmative steps to request that the EHI not be shared, or when an actor has been unable to obtain reasonable assurances as to an individual's identity.
In contrast to the other exceptions defined in this proposed rule, this proposed exception has been structured with discrete “sub-exceptions.” An actor's practice must qualify for a sub-exception in order to be covered by this exception. The sub-exceptions have, to a large extent, been crafted to closely mirror privacy-protective practices that are recognized under state and federal privacy laws. In this way, the privacy sub-exceptions to the information blocking provision would recognize as reasonable and necessary practices that are engaged in by actors consistent with privacy laws, provided that certain conditions are met. We have proposed four sub-exceptions that address the following privacy protective practices: (1) Not providing access, exchange, or use of EHI when a state or federal law requires that a condition be satisfied before an actor provides access, exchange, or use of EHI, and the condition is not satisfied (proposed in § 171.202(b)); (2) not providing access, exchange, or use of EHI when the actor is a health IT developer of certified health IT that is not covered by the HIPAA Privacy Rule in respect to a practice (proposed in § 171.202(c)); (3) a covered entity, or a business associate on behalf of a covered entity, denying an individual's request for access to their electronic PHI in the circumstances provided in 45 CFR 164.524(a)(1), (2), or (3) (proposed at § 171.202(d)); and (4) not providing access, exchange, or use of EHI pursuant to an individual's request, in certain situations (proposed in § 171.202(e)). The rationale for each sub-exception is described in detail below.
An actor would need to satisfy at least one sub-exception in order that a purportedly privacy-protective practice that interferes with access, exchange, or use of EHI not be subject to the information blocking provision. Each sub-exception has conditions that must be met in order that an actor's practice qualifies for protection under the sub-exception.
We note that this proposed exception and our discussion below uses certain terms that are defined by the HIPAA Rules
Finally, the term “individual” is defined by the HIPAA Rules at 45 CFR 160.103. Separately, under the information blocking enforcement provision, the term “individual” is used to refer to actors that are health IT developers of certified health IT, HINs, or HIEs, (
We clarify that (2) varies from (1) because there could be individuals who could be the subject of EHI that is being accessed, exchanged, or used under (2), but who would not be the subject of PHI under (1). The purpose of (2) is to include EHI that would be accessed, exchanged or used by entities that are not subject to HIPAA (
We also clarify that (3) encompasses a person with
We have adopted this specialized usage to ensure that this privacy exception extends protection to information about, and respects the privacy preferences of,
Having consulted extensively with the HHS Office for Civil Rights (OCR), who enforce the HIPAA Privacy, Security and Breach Notification Rules, we have developed the information blocking provision to advance our shared goals of preventing information blocking for nefarious or self-interested purposes while maintaining and upholding existing privacy rights and protections for individuals. The proposed exception for promoting the privacy of EHI (also referred to as “the privacy exception”) operates in a manner consistent with the framework of the HIPAA Privacy Rule. We designed these exceptions to ensure that individual privacy rights are not diminished as a consequence of the information blocking provision, and to ensure that the information blocking provision does not require the use or disclosure of EHI in a way that would not be permitted under the HIPAA Privacy Rule. Our intent is that the information blocking provision does not conflict with the HIPAA Privacy Rule. Indeed, the sub-exception proposed in § 171.202(d) reflects a policy judgment that an actor's denial of access to an individual consistent with the limited conditions for such denials that are described in the HIPAA Privacy Rule at 45 CFR 164.524(a)(1), (2), and (3) is reasonable under the circumstances. We believe this resolves any potential conflict between limitations on an individual's right of access under the HIPAA Privacy Rule and the information blocking provision.
We note that the information blocking provision may operate to require that actors provide access, exchange, or use of EHI in situations that HIPAA does not. This is because the HIPAA Privacy Rule permits, but does not require, covered entities to use and disclose ePHI in most circumstances. The information blocking provision, on the other hand, requires that an actor provide access to, exchange, or use of EHI unless they are prohibited from doing so under an existing law or are covered by one of the exceptions detailed in this preamble. To illustrate, the HIPAA Privacy Rule permits health care providers to exchange ePHI for treatment purposes, but does not require them to do so. Under the information blocking provision, unless an exception to information blocking applies, or the interference is required by law, a primary care provider would be required to exchange ePHI with a specialist who requests it to treat an individual who was a common patient of the provider and the specialist, even if the primary care provider offered patient care services in competition with the specialist's practice, or would usually refer its patients to another specialist due to an existing business relationship.
As discussed above, the information blocking provision would not require that actors provide access, exchange, or use of EHI in a manner that is not permitted under the HIPAA Privacy Rule or other privacy laws. As such, the privacy-protective controls existing under HIPAA would not be weakened by the information blocking provision. Moreover, we have structured the privacy exception to ensure that actors can engage in reasonable and necessary practices that advance the privacy interests of individuals.
For example, we believe that, unless required by law, actors should not be compelled to share EHI against patients' wishes or without adequate safeguards out of a concern that restricting the access, exchange, or use of the EHI would constitute information blocking. This could seriously undermine patients' trust and confidence in the privacy of their EHI and diminish the willingness of patients, providers, and other entities to provide or maintain health information electronically in the first place. In addition, such outcomes would undermine and not advance the goals of the information blocking provision and be inconsistent with the broader policy goal of the Cures Act to facilitate trusted exchange of EHI. Trusted exchange requires not only that EHI be shared in accordance with applicable law, but also that it be shared in a manner that effectuates individuals' expressed privacy preferences. We note and discuss below that an individual's expressed privacy preferences will not be controlling in all cases. An actor will not be able to rely on an individual's expressed privacy preference in circumstances where the access, exchange, or use is required by law.
For these reasons, we propose that the proposed sub-exception in § 171.202(e) would generally permit an actor to give effect to individuals' expressed privacy preferences, including their desire not to permit access, exchange, or use of their EHI. For example, provided that corresponding conditions have been met, a health care provider could honor a patient's request not to share their EHI in circumstances in which the HIPAA Privacy Rule would permit (though not require) the provider to disclose the information, such as for treatment purposes. At the same time, however, we believe that the privacy exception must be tailored to ensure that protection of an individual's privacy is not used as a pretext for information blocking. Accordingly, we propose that this exception, which is discussed more fully below, would be subject to strict conditions.
Because the information blocking provision excludes from the definition of information blocking practices that are required by law (section 3022(a)(1) of the PHSA), privacy-protective practices that are required by law do not implicate the information blocking provision and do not require coverage from an exception. For example, the HIPAA Privacy Rule requires that a covered entity must agree to the request of an individual to restrict disclosure of protected health information (PHI) about the individual to a health plan if the disclosure is for the purpose of carrying out payment or health care operations and not otherwise required by law and the PHI pertains solely to a health care item or service for which the individual, or person other than the health plan on behalf of the individual, has paid the covered entity in full.
Practices that are “required by law” can be distinguished from other practices that an actor engages in pursuant to a privacy law, but which are not “required by law.” Such privacy laws are typically framed in a way that
State and federal privacy laws that permit the disclosure of PHI often impose conditions that must be satisfied prior to a disclosure being made. We propose to establish a sub-exception to the information blocking provision that recognizes that an actor will not be engaging in information blocking if an actor does not provide access, exchange, or use of EHI because a necessary precondition required by law has not been satisfied. This exception will apply to all instances where an actor's ability to provide access, exchange, or use is “controlled” by a legal obligation to satisfy a condition, or multiple conditions, prior to providing that access, exchange, or use. To be covered by this exception, the actor must comply with conditions, which are discussed below.
The nature of the preconditions that an actor must satisfy in order to provide access, exchange, or use of EHI will depend on the privacy laws that regulate the actor. An actor that is regulated by a restrictive state privacy law may need to satisfy more conditions than an actor regulated by a less restrictive state privacy law, before providing access, exchange, or use. Similarly, certain state privacy laws may impose standards for meeting preconditions that are more rigorous than the laws in force elsewhere.
To illustrate how we propose this sub-exception would operate, we provide the following examples. We note that this list of examples is not exhaustive and that preconditions required by law that control access, exchange, or use of EHI that are not listed below would still qualify under this proposed sub-exception so long as all conditions are met.
• Certain federal and state laws require that a person provide consent before his or her EHI can be accessed, exchanged, or used for specific purposes. Although the HIPAA Privacy Rule does not have consent requirements for an individual (as that term is defined in the HIPAA Privacy Rule) when a covered entity or business associate is using or disclosing ePHI for treatment, payment or health care operations, some state laws and federal laws and regulations do require that a person's consent be obtained by the disclosing party/entity before disclosing certain health information. For example, for some sensitive health conditions such as HIV/AIDS, mental health, or genetic testing, state laws may impose a higher standard for disclosure of such information (
• If an actor is required by law to obtain an individual's HIPAA authorization before providing access, exchange, or use of the individual's EHI, then the individual's refusal to provide an authorization would justify the actor's refusal to provide access, exchange, or use of EHI. The actor's refusal would, subject to conditions discussed herein, be protected under this exception.
• The HIPAA Privacy Rule, and many state privacy laws, authorize the disclosure of PHI in certain circumstances only once the identity and authority of the person requesting the information has been verified. We acknowledge that it is reasonable and necessary that actors take appropriate steps, consistent with federal and state laws, to ensure that EHI is not disclosed to the wrong person or to a person who is not authorized to receive it. Where an actor cannot verify the identity or authority of a person requesting access to EHI, and such verification is required by law before the actor can provide access, exchange, or use of the EHI, the actor's refusal to provide access, exchange, or use will, subject to the conditions discussed herein, be reasonable and necessary and will not be information blocking.
• Under the HIPAA Privacy Rule, a health care provider may share information with another health care provider for a quality improvement project if it has verified that the requesting entity has a relationship with the person whose information is being requested. Where the actor could not establish if the relationship existed, it would not be information blocking for the actor to refuse to provide access, exchange, or use, subject to the conditions discussed herein.
We seek comments generally on this proposed sub-exception. More specifically, we seek comment on how this proposed sub-exception would be exercised by actors in the context of state laws. We are aware that actors that operate across state lines or in multiple jurisdictions sometimes adopt organization-wide privacy practices that conform with the most restrictive privacy laws regulating their business. In order to ensure that the information blocking provision does not diminish the privacy rights of individuals being serviced by such actors, we are considering the inclusion of an accommodation in this sub-exception that would recognize an actor's observance of a legal precondition that the actor is required by law to satisfy in at least one state in which it operates. We believe this approach would be consistent with practices already in place for multi-state health care systems. For example, some states require specific consent requirements before exchanging sensitive health information such as a patient's mental health condition. As a result, the health care system will utilize one consent form for multi-jurisdiction purposes in order to meet various federal and state law requirements. However, in the event that we did adopt such an accommodation, we would also need to carefully consider how to ensure that before the use of the most stringent restriction is applied in all jurisdictions, the actor has provided all privacy protections afforded by that law across its entire business. This type of approach would ensure that an actor cannot take advantage of a more-restrictive privacy law for the benefit of this exception while not also fulfilling
We also recognize that under the patchwork of state privacy laws, some states have enacted laws that more comprehensively identify the circumstance in which an individual or entity can and cannot provide access, exchange, or use of EHI. We are considering to what extent health care providers that are not regulated by the HIPAA Privacy Rule, and would rely instead on state laws for this sub-exception, would be able to benefit from this sub-exception when engaging in practices that interfere with access, exchange, or use of EHI for the purpose of promoting patient privacy. We seek comment on any challenges that may be encountered by health care providers that are not regulated as covered entities under the HIPAA Privacy Rule when seeking to take advantage of this proposed sub-exception. We also seek comment on whether there exists a class of health care provider that is not regulated by
In most circumstances, an actor would be in a position to influence whether a precondition is satisfied. For example, an actor could deprive a person of the opportunity to take some step that is a prerequisite for the exchange of their EHI, could assume the existence of a fact prejudicial to the granting of access without seeking to discover the truth or otherwise of the fact, or could make a determination that a precondition was not satisfied without properly informing itself of all relevant information. As such, we propose that this exception would be subject to conditions that ensure that the protection of an individual's privacy is not used as a pretext for information blocking.
We propose that an actor can qualify, in part, for this sub-exception by implementing and conforming to organizational policies and procedures that identify the criteria to be used by the actor and, as applicable, the steps that the actor will take, in order to satisfy the precondition. Most actors are covered entities or business associates for the purposes of the HIPAA Privacy Rule, and are already required to have policies and procedures and training programs in place that address how PHI and ePHI is used (as that term is defined in 45 CFR 160.103, as amended) and disclosed. As such, we expect that the overwhelming majority of actors will already be in a position to meet this condition, or would be able to meet this condition with modest additional effort. However, we acknowledge that some actors may not, for whatever reason, have privacy policies and practices in place, or may have implemented privacy policies and practices that do not sufficiently address the criteria to be used, and steps to be taken, to satisfy a precondition relied on by the actor. As such, we propose to provide an alternative basis on which to qualify, in part, for this sub-exception. We propose to permit actors to instead document, on a case-by-case basis, the criteria used by the actor to determine when the precondition will be satisfied, any criteria that were not met, and the reason why the criteria were not met. These alternative conditions, which are discussed in detail below, ensure that this sub-exception does not protect practices that are post hoc rationalizations used to justify improper practices, whilst also ensuring that actors do not face any pressure to disclose EHI in the situation where they do not have privacy policies and practices in place, or where their privacy policies and practices do not respond to the requirements of this condition.
Separately, we propose that if the precondition that an actor purports to have been satisfied relies on the provision of a consent or authorization from an individual, it is a condition of this sub-exception that the actor must have done all things reasonably necessary within its control to provide the individual with a meaningful opportunity to provide that consent or authorization.
We reiterate, again, that the information blocking provision does not require the provision of access, exchange, or use of EHI in a manner that would not be permitted under the HIPAA Privacy Rule.
If an actor seeks to qualify for this sub-exception, in part, by implementing and conforming to organizational policies and procedures, such policies and procedures must be in writing, and specify the criteria to be used by the actor, and, if applicable, the steps that the actor will take, in order to satisfy the precondition relied on by the actor not to provide access, exchange, or use of EHI. It would not be sufficient for an actor to simply identify the existence of the precondition in their organizational policies and procedures.
We acknowledge that certain preconditions may be outside the direct control of the actor. For example, the requirement that an actor receive a valid authorization before releasing EHI in certain circumstances would be a precondition to be satisfied by the individual, and the actor may have little ability to influence the nature of the authorization that it receives. For preconditions of this nature, the actor's policies and procedures would only need to identify the criteria that the actor will apply and the steps that the actor will take to facilitate the satisfaction of the precondition, such as identifying the requirements for a valid authorization and the follow up steps (if any) to be taken in response to receipt of an authorization that does not meet those requirements. In contrast, where the satisfaction of a precondition relies solely on an actor, such as the “minimum necessary” determination made by HIPAA covered entities (or their business associates) when exchanging EHI that is ePHI, the actor's policies and procedures would need to particularize the steps that the actor will take in order to ensure that it satisfies the precondition. Where the precondition falls somewhere in between and relies on actions taken by both the actor and an individual, the actor's policies and procedures would need to address how the actor would do the things necessary within its control, which would include the steps it should take to facilitate all actions needed to be taken by an individual.
Take, for example, the situation where an actor needed to determine whether the subject individual had a relationship with a requesting entity as a precondition to exchanging EHI. The actor's policies and practices should, at minimum, identify the criteria to be applied, being the evidence that the actor would need in order to satisfy itself of the existence of a relationship, such as receipt of a Medicare or other insurance number, or other indicia of a relationship such as the establishment of a doctor-patient relationship.
An actor would only be eligible to benefit from this sub-exception if it has followed its processes and policies. Continuing the above example, an actor
Using a different example, and as discussed above, the HIPAA Privacy Rule generally requires covered entities (and their business associates) to take reasonable steps to limit the use or disclosure of, and requests for, PHI to the minimum necessary to accomplish the intended purpose.
Finally, an actor's policies and procedures must be implemented. This ensures that an actor can only satisfy this condition by reference to privacy policies and practices that individuals in fact benefit from, and not by policies and procedures that have been documented but not applied. Proper implementation would involve making the policies and processes available to all decision makers, and facilitating workforce and contractor understanding and consistent implementation of the actor's policies and procedures such as by providing training. This condition ensures that this sub-exception does not protect practices that are post hoc rationalizations used to justify improper practices.
As discussed above, to the extent existing state and federal laws apply to a given actor, we expect an actor to already have procedures in place to address those legal requirements. Indeed, the HIPAA Privacy Rule requires that covered entities have policies and procedures and training programs in place that address how PHI and ePHI are used (as those terms are defined in 45 CFR 160.103) and disclosed. Moreover, this exception is only enlivened when an actor asserts that its conduct was carried out to satisfy a precondition, and we expect that such conduct should be considered and deliberate.
We seek comment on this proposed condition generally, and specifically, on whether an actor's organizational policies and procedures provide a sufficiently robust and reliable basis for evaluating the bona fides, reasonableness, and necessity of practices engaged in to satisfy preconditions required by state or federal privacy laws.
If an actor's practice does not conform to an actor's organizational policies and procedures as required by § 171.202(b)(1), we propose that that an actor can seek to qualify for this sub-exception, in part, by documenting how it reached its decision that it would not provide access, use, or exchange of EHI on the basis that a precondition had not been satisfied. Such documentation must be created on a case-by-case basis. An actor will not satisfy this condition if, for instance, it sought to document a general practice that it had applied to all instances where the precondition had not been satisfied. Rather, the record created by the actor must address the specific circumstances of the specific practice (or interference) at issue.
The record created by the actor must identify the criteria used by the actor to determine when the precondition is satisfied. That is, it must identify the objective criteria that the actor applied to determine whether the precondition had been satisfied. Consistent with the condition to this sub-exception that the practice must be tailored to the privacy interest at issue (discussed below), those criteria would need to be directly relevant to satisfying the precondition. For example, if the precondition at issue was the provision of a valid HIPAA authorization, the actor's documented record should reflect, at minimum, that the authorization would need to meet each of the requirements specified for a valid authorization at 45 CFR 164.508(c). The record would then need to document the criteria that had not been met, and the reason so. Continuing the example, the actor could record that the authorization did not contain the name or other specific identification of the person making the request because the authorization only disclosed the person's first initial rather than first name, and the actor had records about multiple people with that same initial and last name.
We believe that this condition will provide the transparency necessary to demonstrate whether the actor has satisfied the conditions applicable to this exception. Moreover, it will ensure that a decision to not provide access, exchange, or use of EHI is considered and deliberate, and therefore reasonable and necessary.
We seek comment on this proposed condition.
If the precondition that an actor purports to have satisfied relies on the provision of a consent or authorization from an individual, it is a condition of this sub-exception that the actor must have done all things reasonably necessary within its control to provide the individual with a meaningful opportunity to provide that consent or authorization. This condition will be relevant when, for example, a state privacy law or the HIPAA Privacy Rule requires an individual to provide their consent and/or HIPAA authorization before identifiable information can be accessed, exchanged, or used for specific purposes. For instance, a state law may require that an individual provide consent before a hospital can share her treatment information electronically with another treating health care provider. Under this scenario, the hospital's refusal to exchange the EHI in the absence of the individual's consent would be reasonable and necessary and would not be information blocking, so long as the hospital had provided the individual with a meaningful opportunity to provide that consent and where the criteria and other conditions of this proposed exception were met.
In the context of the provision of consent, a meaningful opportunity would ordinarily require that an actor provide the individual with a legally compliant consent form; make a reasonable effort to inform an individual that she has the right to consent to the disclosure of her EHI; and provide the individual with sufficient information and educational material (commensurate with the circumstances of the disclosure). It would be best practice for an actor to also inform the individual about the revocability of any consent given, if and as provided in the relevant state or federal privacy law, and the actor's processes for acting on any revocation.
We are considering addressing this condition in further detail, whether by way of additional guidance or in regulation text. To this end, we seek comments regarding what actions an actor should take, within the actor's control, to provide an individual with a meaningful opportunity to provide a required consent or authorization, and whether different expectations should arise in the context of a consent versus a HIPAA authorization. For example, commenters may wish to provide comment on the actions to be taken to ensure that an individual has a meaningful opportunity to satisfy a precondition that the individual provide a HIPAA authorization. Specifically, in the context of a requirement that the authorization be signed, what effort should be expected from actors in seeking signatures from: (i) Persons acting for the patient where the patient is unable to sign a form; (ii) former patients whose EHI is being requested from third parties; or (iii) patients that are not in a facility, such as patients of individual physicians?
We clarify that after providing the individual with a meaningful opportunity to consent or provide authorization, we believe that it is the individual's responsibility to complete any required documentation before an actor is able to access, exchange, or use the individual's EHI. We do not expect the actor to “chase” the individual despite using its best efforts provide the individual with an opportunity to sign a consent or authorization form. So long as the actor has provided the individual with a meaningful opportunity to consent, the actor will have fulfilled this aspect of the eligibility requirements of this sub-exception.
Separately, to qualify for this sub-exception, to the extent that the precondition at issue was the provision of a consent or authorization by an individual, the actor must not have improperly encouraged or induced the individual to not provide the consent or authorization. This does not mean that the hospital cannot inform an individual about the advantages and disadvantages of exchanging EHI and any associated risks, so long as the information communicated is accurate and legitimate. However, an actor would not meet this condition in the event that it misled an individual about the nature of the consent to be provided, dissuaded individuals from providing consent in respect of disclosures to the actor's competitors, or imposed onerous requirements to effectuate consent that were unnecessary and not required by law.
We seek comment on whether the proposed condition requiring the provision of a meaningful opportunity and prohibiting improper encouragement or inducement should apply to preconditions beyond the precondition that an individual provide consent or authorization. We seek comment on whether the conditions specified for this sub-exception, when taken in total, are sufficiently particularized and sufficiently strict to ensure that actors that are in a position to influence whether a precondition is satisfied will not be able to take advantage of this sub-exception and seek protection for practices that do not promote the privacy of EHI. We also seek comment on whether we should adopt a more tailored approach to conditioning the availability of this exception. For example, we are considering whether different conditions should apply depending on: (i) The nature of the EHI at issue; (ii) the circumstances in which the EHI is being access, exchanged, or used; (iii) the interest being protected by the precondition; or (iv) the nature of the precondition to be satisfied. Commenters are encouraged to identify scenarios in which the application of the conditions applicable to this sub-exception, as proposed, give rise to unnecessary burden, or would require activities that do not advance the dual policy interests of preventing information blocking and promoting privacy and security.
To qualify for this sub-exception, an actor's privacy-protective practice must be tailored to the specific privacy risks that the practice actually addresses. This condition necessarily presupposes that an actor has carefully evaluated the privacy requirements imposed on the actor, the privacy interests to be managed by the actor, and has developed a considered response that is tailored to protecting and promoting the privacy of EHI. For example, the HIPAA Privacy Rule at 45 CFR 164.514(h) requires that, in certain circumstances, the disclosure of PHI is only authorized once the identity and authority of the person requesting the information has been verified. The privacy issue to be addressed in this instance is the risk that PHI will be disclosed to the wrong individual, or an unauthorized person. If an actor chooses not to provide access, exchange, or use of EHI on the basis that the actor's identity verification requirements have not been satisfied, the actor's practice must be tailored to the specific privacy risks at issue. This would require that the actor ensure that it does not impose identity verification requirements that are unreasonably onerous under the circumstances.
To illustrate, a policy where a driver's license was the only accepted government-issued form of identification would not be a practice that is tailored to the privacy risk at issue because the provider's preference for one form of government-issued identification over another does not meaningfully manage the privacy risk. Similarly, it may be unreasonable for an actor to require the production of documentation demonstrating the parent-child relationship unless the actor was in possession of information that suggested that an adult might not have authority to be the child's legal representative. To do otherwise would be to apply an onerous requirement in all instances of parent-child relationships, which is insufficiently tailored to the privacy risk being managed. Finally, it may be unreasonable for an actor to insist that the individual produce original identification if the individual was able to furnish a scanned copy of their form of identification that the actor could reasonably rely on.
For the purposes of this sub-exception, we clarify that engaging in an interference on the basis that a precondition has not been satisfied would be a practice that addresses a privacy risk or interest, and so tailoring that interference to satisfy a precondition can satisfy this condition. Controls on access, exchange, or use arising under privacy laws serve a privacy interest and so this condition will be met so long as the actor's practice is tailored to the risk or interest being addressed.
We seek comment on this proposed condition.
We propose that in order for a practice to qualify for this sub-exception, the practice must be implemented in a consistent and non-discriminatory manner. This condition would provide basic assurance that the purported privacy practice is directly related to a specific privacy risk and is not being used to interfere with access, exchange, or use of EHI for other purposes to which this exception does not apply.
This condition requires that the actor's privacy-protective practices must be based on objective criteria that apply uniformly for all substantially similar privacy risks. An actor could not, for example, implement an organizational privacy policy that imposed unreasonably onerous requirements on a certain class of individuals or entities without a legitimate justification for doing so. For example, an actor that offered a patient-facing software application (app) would not be able to benefit from this exception if it refused to exchange EHI with a competitor app on the basis of an individual's failure to meet onerous authorization requirements that applied only to health information exchange with the competitor app and did not apply to, for example, the exchange of EHI with health care providers. This condition provides basic assurance that the purported privacy-protective practice is not being used to interfere with access, exchange, or use of EHI for other purposes to which this proposed exception does not apply.
We request comment on this proposed condition.
The sub-exception proposed in § 171.202(b) recognizes as reasonable and necessary the activities engaged in by actors consistent with the controls placed on access, exchange, or use of EHI by federal and state privacy laws. Importantly, that sub-exception is limited to actors that are subject to those federal and state privacy laws; an actor that is not regulated by HIPAA or a state privacy law cannot benefit from the exception proposed in § 171.202(b).
We propose to establish a sub-exception to the information blocking provision that would apply to actors that are health IT developers of certified health IT but not regulated by the HIPAA Privacy Rule in respect to the operation of the actor's health IT product or service (referred to hereafter as “non-covered actors”). We expect that the class of actors to which this proposed sub-exception applies will be very small. The vast majority of health IT developers of certified health IT operate as business associates to health care providers or health plans, are regulated by the HIPAA Privacy Rule, and will be able to benefit from the exception proposed in § 171.202(b) to the extent that the HIPAA Privacy Rule (or applicable state privacy law) imposes preconditions to the provision of access, exchange, or use of EHI. However, we recognize that direct-to-consumer health IT products and services are a growing sector of the health IT market. This class of health IT is often not regulated by the HIPAA Privacy Rule, but could be certified under the Program. We note that the privacy practices of consumer-facing health IT products and services are typically regulated by the Federal Trade Commission Act (FTC Act). However, the FTC Act applies to acts and practices that are unfair and deceptive (15 U.S.C. 45(a)(1)), and does not prescribe privacy requirements to be adopted or followed that can be leveraged for the purpose of recognizing reasonable and necessary privacy-protective practices in this proposed rule.
As discussed in section VIII.C.2.b, where a health IT developer of certified health IT offers a health IT product or service not regulated by the HIPAA Privacy Rule, such product or service is subject to the information blocking provision. We want to ensure that non-covered actors that engage in reasonable and necessary privacy-protective practices that interfere with the access, exchange, or use of EHI can seek coverage under this proposed sub-exception. As such, we propose that a non-covered actor will not engage in information blocking if the actor does not provide access, exchange, or use of EHI where the practice implements a process that is described in the actor's organizational privacy policy and has been disclosed to any individual or entity that uses the actor's health IT. This proposed sub-exception is proposed in § 171.202(c).
As a threshold requirement of this sub-exception, the actor's practice of interfering with access, exchange, or use of EHI must comply with any applicable state or federal privacy laws. While we have developed this sub-exception for the express purpose of addressing privacy-protective practices that are not regulated by the HIPAA Privacy Rule, we acknowledge that there may be other privacy laws implicated by the practice in question. If the actor's practice contravenes a state or federal privacy law, but otherwise satisfies this proposed sub-exception, the actor would not be entitled to benefit from this sub-exception.
In order to qualify for this sub-exception, the practice engaged in by the non-covered actor—the interference with access, exchange, or use of EHI—must also implement a process described in the actor's organizational privacy policy. This requires that a non-covered actor must have documented in detail in its organizational privacy policy the processes and procedures that the actor will use to determine when the actor will not provide access, exchange, or use of EHI. For example, a non-covered actor that proposed to require the provision of written consent for the use or disclosure of EHI would need to describe in its organizational privacy policy the processes and procedures to be utilized by the actor to implement that privacy-protective practice in order that the practice be considered reasonable and necessary and qualify for this sub- exception. A privacy policy that was prepared at a high level—for example, that simply stated that written consent was required—would not qualify. To build on this example, a non-covered actor's consent policy would need to describe the specific requirements that are imposed on individuals when giving consent, together with the processes and procedures to be followed by the non-covered actor to ensure that the individual has a meaningful choice over whether to consent. Compliance with this condition ensures that this sub-exception recognizes only legitimate practices that have been tailored to the privacy needs of the individuals that use the non-covered actor's health IT, and does not recognize practices that are a pretext or after-the-fact rationalization for actions that interfere with access, exchange, or use of EHI.
It necessarily follows that the non-covered actor's practice must implement its documented organizational privacy policy. For example, if a non-covered actor chose not to provide access, exchange, or use of EHI on the basis that it could not verify the identity of the individual requesting the EHI, the non-covered actor would need to be able to demonstrate that it implemented the
A non-covered actor that seeks to benefit from this proposed sub-exception must also ensure that it has previously disclosed the privacy-protective practice to the individuals and entities that use, or will use, the health IT. These users are affected by the practices engaged in by a non-covered actor but may otherwise have no visibility of the non-covered actor's approach to protecting the privacy of EHI. We expect that non-covered actors will seek to satisfy this condition by using a privacy notice.
To qualify for this sub-exception, a non-covered actor would not be required to disclose its organizational privacy policy to its customers or to the public generally. Rather, the non- covered actor need only describe, with sufficient detail and precision to be readily understood by users of the non-covered actor's health IT, the privacy-protective practices that the non-covered actor has adopted and will observe. This is necessary because a non-covered actor that is not subject to prescribed privacy standards in connection with the provision of health IT will have significant flexibility in the privacy-protective practices that it adopts. If an actor is not required to inform the individuals and entities that use, or will use, the health IT, about the privacy- protective practices that it will implement in its product, or when providing its service, there is a risk that this proposed sub-exception will give deference to policies and processes that are post hoc rationalizations used to justify improper practices. This condition also serves as a check on the nature of the interferences that a non-covered actor writes into its organizational privacy policies; transparency will help to ensure that a non-covered actor takes a balanced approach to protecting privacy interests on one hand, and pursuing business interests that might be inconsistent with the information blocking provision, on the other hand. We hope that this requirement will foster a quasi-market based measure of when a privacy-protective practice is “reasonable and necessary,” and ensure that any departure made by a non-covered actor from privacy practices that are recognized by state or federal law is transparent and open.
It will be a matter for non-covered actors to determine the most appropriate way to communicate its privacy practices to users. We believe that it would be reasonable that non- covered actors would, at minimum, post their privacy notices, or otherwise describe their privacy-protective practices, on their websites.
Finally, we propose that in order for a practice to qualify for this sub-exception, an actor's practice must be tailored to the specific privacy risks that the practice actually addresses, and must be implemented in a consistent and non-discriminatory manner. These conditions also apply to the exception proposed in § 171.202(b), and the discussion above addressing these conditions in connection with § 171.202(b) applies to this proposed exception in § 171.202(c). We refer readers to the above discussion and invite comments on these proposed conditions.
We seek comment on this proposed sub-exception generally. Specifically, we seek comment on whether HIEs or HINs would benefit from a similar sub-exception. We also seek comment on whether the conditions applicable to this sub-exception are sufficient to ensure that non-covered actors cannot take advantage of this exception by engaging in practices that are inconsistent with the promotion of individual privacy. We also seek comment on the level of detail that non-covered actors should be required to use when describing their privacy practices and processes to user of health IT.
We propose a limited sub-exception to the information blocking provision that would permit a covered entity or business associate to deny an individual's request for access to their PHI in the circumstances provided under 45 CFR 164.524(a)(1), (2), and (3). We believe this exception would avoid a potential conflict between the HIPAA Privacy Rule and the information blocking provision. Specifically, the HIPAA Privacy Rule contemplates circumstances under which covered entities, and in some instances business associates, may deny an individual access to PHI and distinguishes those grounds for denial which are reviewable from those which are not. This exception applies to both the “unreviewable grounds” and “reviewable grounds” of access. The “unreviewable grounds” for denial for individuals include situations involving: (1) Certain requests that are made by inmates of correctional institutions; (2) information created or obtained during research that includes treatment, if certain conditions are met; (3) denials permitted by the Privacy Act; and (4) information obtained from non-health care providers pursuant to promises of confidentiality. In addition, two categories of information are expressly excluded from the individual right of access: (1) Psychotherapy notes, which are the personal notes of a mental health care provider documenting or analyzing the contents of a counseling session that are maintained separate from the rest of the patient's medical record (
The “reviewable grounds” of access as described in § 164.524(a)(3), which provides that a covered entity may deny access provided that the individual is given a right to have such denials reviewed under certain circumstances. One such circumstance is when a licensed health care professional, in the exercise of professional judgment, determines that the access requested is reasonably likely to endanger the life or physical safety of the individual or another person. In addition, if access is denied, then the individual has the right to have the denial reviewed by a
We propose that if an actor who is a covered entity or business associate denies an individual's request for access to their PHI on the basis of these unreviewable and reviewable grounds, and provided the denial of access complies with the requirements of the HIPAA Privacy Rule in each case, then the actor would qualify for this exception and these practices would not constitute information blocking.
The following example illustrates this proposed sub-exception. An individual is a patient of a psychiatrist who is a HIPAA covered entity. The patient has requested all of his electronic health files from the psychiatrist. The psychiatrist maintains separately from the electronic health record a file containing psychotherapy notes regarding the patient. The psychiatrist grants access to the patient by providing a copy of the information in his electronic health record, but does not provide the patient's psychotherapy notes. Under this example, the psychiatrist would meet the requirements of this proposed exception since the HIPAA Privacy Rule provides that covered entities can deny individuals access to their psychotherapy notes and provides that this is an unreviewable grounds for denial.
We seek comment on this proposed sub-exception.
We propose to establish an exception to the information blocking provision that would, in certain circumstances, permit an actor not to provide access, exchange, or use of EHI if an individual has specifically requested that the actor not do so. This sub-exception is proposed in § 171.202(e). We believe this sub-exception is necessary to ensure that actors are confident that they can respect individuals' privacy choices without engaging in information blocking, and to promote public confidence in the health IT infrastructure by effectuating patients' preference about how and under what circumstances their EHI will be accessed, exchanged, and used. We recognize that individuals may have concerns about permitting their EHI to be accessed, exchanged, or used electronically under certain circumstances. As a matter of public policy, we think that these privacy concerns, if expressed by an individual and agreed to by an actor, would be reasonable and necessary, and an actor's conduct in abiding by its agreement would, if all conditions are met, be an exception to the information blocking provision.
This proposed sub-exception would not apply under circumstances where an actor interferes with a use or disclosure of EHI that is required by law, including when EHI is required by the Secretary to enforce HIPAA under 45 CFR 164.502(a)(2)(ii) and 45 CFR 164.502(a)(4)(i). Stated differently, this sub-exception would not operate to permit an actor to refuse to provide access, exchange, or use of EHI when that access, exchange, or use is required by law. This sub-exception recognizes and supports the public policy objective of the HIPAA Privacy Rule, which identifies uses and disclosures of EHI for which the public interest in the disclosure of the individual's information outweighs the individual's interests in controlling the information.
This sub-exception would permit an actor not to share EHI if the following conditions are met: (1) The individual made the request to the actor not to have his or her EHI accessed, exchanged, or used; (2) the individual's request was initiated by the individual without any improper encouragement or inducement by the actor; and (3) the actor or its agent documents the request within a reasonable time period.
To qualify for this sub-exception, the request that the individual's EHI not be accessed, exchanged, or used must come from the individual. Moreover, the individual must have made the request independently and without any improper encouragement or inducement by the actor. For example, it would be improper to encourage individuals not to share information with unaffiliated providers on the basis of generalized or speculative risks of unauthorized disclosure. On the other hand, if the actor was aware of a specific privacy or security risk, it would not be improper to inform individuals of that risk. Likewise, an actor would be permitted to provide an individual with general information about her privacy rights and options, including for example, the option to not provide consent, provided the information is presented accurately, does not omit important information, and is not presented in a way that is likely to improperly influence the individual's decision about how to exercise their rights.
If an individual submits a request to an actor not to disclose her EHI, and the actor agrees with and documents the request, the request would be valid for purposes of this sub-exception unless and until it is subsequently revoked by the individual. We believe this approach would minimize compliance burdens for actors while also respecting individuals' requests. We propose that once the individual makes the request, she should not, subject to the requirements of applicable federal or state laws and regulations, have to continually reiterate her privacy preferences, such as having to re-submit a request every year. Likewise, we propose that once the actor has documented an individual's request, the actor should not have to repeatedly reconfirm and re-document the request. We seek comment, however, regarding whether this approach is too permissive and could result in unintended consequences. We also seek comment on this proposed sub-exception generally, including on effective ways for an individual to revoke his or her privacy request for purposes of this sub-exception.
We also propose that in order for a practice to qualify for this sub-exception, an actor's practice must be implemented in a consistent and non-discriminatory manner. This condition would provide basic assurance that the purported privacy practice is directly related to the risk of disclosing EHI contrary to the wishes of an individual, and is not being used to interfere with access, exchange, or use of EHI for other purposes to which this exception does not apply. This condition requires that the actor's privacy-protective practice must be based on objective criteria that apply uniformly for all substantially similar privacy risks.
We note that under the HIPAA Privacy Rule, individuals have the right to request restrictions on how a covered entity will use (as that term is defined in 45 CFR160.103) and disclose PHI about them for treatment, payment, and health care operations pursuant to 45 CFR 164.522(a)(1). Under § 164.522(a), a covered entity is not required to agree to an individual's request for a restriction (other than in the case of a disclosure to a health plan under § 164.522(a)(1)(vi)), but is bound by any restrictions to which it agrees.
We wish to clarify that, for the purposes of this proposed sub-exception, the actor may give effect to an individual's request not to have an actor disclose EHI even if state or federal laws would allow the actor not to follow the individual's request. This is consistent with our position that, absent improper encouragement or inducement, and subject to appropriate conditions, it should not be considered information blocking to give effect to
We seek comments on this sub-exception generally. Specifically, we seek comment on what would be considered a reasonable time frame for documentation. In addition, we also seek comment on how this sub-exception would affect public health disclosures and health care research, if an actor did not share a patient's EHI due to a privacy preference, including any effects on preventing or controlling diseases, injury, or disability, and the reporting of disease, injury, and vital events such as births or deaths, and the conduct of public health surveillance and health care research.
We propose to establish an exception to the information blocking provision that would permit actors to engage in practices that are reasonable and necessary to promote the security of EHI, subject to certain conditions. Without this exception, actors may be reluctant to implement security measures or engage in other activities that are reasonable and necessary for safeguarding the confidentiality, integrity, and availability of EHI. This could undermine the ultimate goals of the information blocking provision by discouraging best practice security protocols and diminishing the reliability of the health IT ecosystem.
Robust security protections are critical to promoting patients' and other stakeholders' trust and confidence that EHI will be collected, used, and shared in a manner that protects individuals' privacy and complies with applicable legal requirements. Public confidence in the security of their EHI has been challenged, however, by the growing incidence of cyber-attacks in the health care sector. More than ever, health care providers, health IT developers, HIEs and HINs must be vigilant to mitigate security risks and implement appropriate safeguards to secure the EHI they collect, maintain, access, use, and exchange.
The Cures Act directs the National Coordinator, in consultation with the HHS Office for Civil Rights (OCR), to issue guidance on common “security barriers” that prevent the trusted exchange of EHI (section 3022(c)(2) of the PHSA). However, the Cures Act also seeks to promote the security of EHI, which it defines as an element of interoperability (section 3000(9)(A) of the PHSA) and a target area for the policy development to be undertaken by the Health Information Technology Advisory Committee (section 3002(b)(2)(B)(ii) of the PHSA). The inclusion of these provisions promote broader access, exchange, and use of EHI while at the same time continuing to promote the confidentiality, integrity, and availability of EHI through security practices that are appropriate and tailored to identified vulnerabilities and risks.
To qualify for this exception, we propose that an actor's conduct must satisfy threshold conditions. As discussed in detail below, the particular security-related practice must be directly related to safeguarding the confidentiality, integrity, and availability of EHI, implemented consistently and in a non-discriminatory manner, and tailored to identified security risks.
While the importance of security practices cannot be overstated, this proposed exception would not apply to
As such, we propose that actors would be able to satisfy this exception through practices that implement either security policies and practices developed by the actor, or case-by-case determinations made by the actor. Whether a security-motivated practice meets this exception would be determined on a case-by-case basis using a fact-based analysis of the conditions set forth below. This approach offers the most appropriate framework for analyzing security practices, which are necessarily driven by and must be tailored to actors' individual circumstances.
We wish to emphasize that the security-based practices implemented by a single physician office with limited technology resources, for example, will be different to those implemented by a large health system, and that this difference does not affect an actor's ability to qualify for this exception. The fact-based approach we propose will allow each actor to implement policies, procedures, and technologies that are appropriate for its particular size, organizational structure, and risks to individuals' EHI.
A fact-based analysis also aligns with the HIPAA Security Rule
We propose the following conditions that must be met for an activity or practice to qualify for this exception.
As a threshold condition, the proposed exception would not apply to any practices that are not directly related to safeguarding the security of EHI. In assessing the practice, we would consider whether and to what extent the practice directly addressed specific security risks or concerns. We would also consider whether the practice served any other purposes and, if so, whether those purposes were merely incidental to the overriding security purpose or provided an objectively distinct, non-security-related rationale for engaging in the practice.
We note that it should not be particularly difficult or onerous for an actor to demonstrate, as contemplated above, that its practice was directly related to a specific security risk or concern. For example, the actor may show that the practice was a direct response to a known security incident or threat; or that the practice directly related to the need to verify a person's identity before granting access to EHI; or that the practice was directly related to ensuring the integrity of EHI.
The salient issue under this condition, therefore, would be whether the security practice was actually necessary and directly related to safeguarding EHI. To that end, we would consider the actor's purported basis for adopting the particular security practice, which could be evidenced by the actor's organizational security policy, risk assessments, and other relevant documentation, which most actors are already required to develop pursuant to requirements under the HIPAA Rules.
To qualify for this exception, we propose that an actor's security-related practice must be tailored to specific security risks that the practice actually addressed. This condition necessarily presupposes that an actor has carefully evaluated the risk posed by the security threat and developed a considered response that is tailored to mitigating the vulnerabilities of the actor's health IT or other related systems. For example, the awareness of a security vulnerability in a particular HIE's technology may justify a health care provider's suspending access to EHI from that organization or by participants of that HIE, but only for the period in which the threat persists. In contrast, a response that suspended access by all HIEs or that persisted even after the HIE had addressed the security vulnerability in its technology would not be tailored to address specific risks and would not meet this condition.
As another example, it may be reasonable for a health care provider to refuse to grant access to EHI when an individual has been unable to prove her identity. However, the actor's identity proofing practice would have to be tailored to address risks specifically associated with the disclosure of EHI to unauthorized individuals. For example, identity proofing requirements might be tailored if the practice is based on a risk assessment and best practice policies and procedures and is applied consistently and in a non-discriminatory manner. However, we believe an identity proofing requirement would not be tailored if it were not based on an objectively reasonable security risk assessment and a careful consideration of alternative approaches that could adequately address the specific risk of patient misidentification in a less restrictive fashion.
As a final example, an actor's decision to deny access to the EHI it maintains may be reasonable if the practice responds to a request for EHI from a patient-facing website or application that causes the actor's system to raise a malicious software detection alert or if the request comes from a website or application listed on a security “blacklist.” However, we propose that the actor's response must be tailored to the specific threat. Among other things, the denial of access must be limited to the patient and/or their personal software. So as to ensure that the response is properly tailored, it would be best practice for actors to ensure that they communicate to those persons whose access was denied the reason for the denial of access, and communicate objective timeframes (if feasible to do so) and other parameters for when access would be granted or restored. Moreover, we propose that, to the extent that the practice implements an organizational security policy, the policy must align with applicable consensus-based standards or best practices for responding to these types of incidents. Disagreement with the individual about the worthiness of the third party as a recipient of EHI, or even concerns about what the third party might do with the EHI, except for reasons such as those listed in the “preventing harm” exception, are not acceptable reasons to deny an individual's request.
We propose that in order for a practice to qualify for this proposed exception, the actor's practice must have been implemented in a consistent and non-discriminatory manner. This condition would provide basic assurance that the purported security practice is directly related to a specific security risk and is not being used to interfere with access, exchange, or use of EHI for other purposes to which this exception does not apply.
As an illustration solely of the non-discriminatory manner condition, consider a health IT developer of certified health IT that offers apps to its customers via an app marketplace. If the
As discussed above, an actor's approach to information security management will reflect the actor's particular size, organizational structure, and risk posture. Because of this, it is important that actors develop and implement organizational policies that secure EHI. We propose that, where an actor has documented security policies that align with applicable consensus-based standards, and where the policies are implemented in a consistent and non-discriminatory manner, a practice's conformity with such policies would provide a degree of assurance that the practice was reasonable and necessary to address specific security risks and thus should not constitute information blocking. Conversely, a practice that went beyond an actor's established policies or practices by imposing security controls that were not documented, would not qualify for this exception under this condition (although the actor may be able to qualify under the alternative basis for practices that do not implement a security policy). Further, such practices would be suspect under the information blocking provision if there were indications that the actor's security-related justifications were a pretext or after-the-fact rationalizations for its actions or was otherwise unreasonable under the circumstances.
We reiterate that, to the extent that an actor seeks to justify a practice on the basis of its organizational security policies, such policies must be in writing and implemented in a consistent and non-discriminatory manner. As noted above, what a policy requires will depend on the facts and circumstances. However, we propose that to support a presumption that a practice conducted pursuant to the actor's security policy was reasonable, the policy would have to meet the following conditions.
•
•
•
As a point of clarification, we note that an actor's compliance with the HIPAA Security Rule (if applicable to the actor) would be relevant to, but not dispositive of, whether the actor's policies and procedures were objectively reasonable for the purpose of this exception. An actor's documentation of its security policies and procedures for compliance with the Security Rule may not offer a basis to evaluate whether the actor's security practices unnecessarily interfere with access, use, or exchange of EHI. For example, it could be difficult to determine whether a practice unnecessary interferes with exchange of EHI based on a review of the customized PHI data flow diagram the actor prepared as part of its Security Rule risk analysis. We believe that a documented policy that provides explicit references to consensus-based standards and best practice guidance (such as the NIST Cybersecurity Framework) offer an objective and robust means for ONC and the OIG to evaluate the reasonableness of a particular security control for the purpose of this exception.
We recognize that, as a practical matter, some actors (such as small health care providers or those with limited resources) may have organizational security policies that are less robust or that otherwise fall short of the minimum conditions proposed above. As discussed immediately below, we propose that in these circumstances an actor could still benefit from this proposed exception by demonstrating that the practice at issue was objectively reasonable under the circumstances, without regard to a formal policy.
While we expect that most security practices engaged in by an actor will implement an organizational policy, we recognize that EHI security may present novel and unexpected threats that even a best-practice risk assessment and security policy cannot anticipate. If a practice that does not implement an organizational policy is to qualify for this exception, however, it must meet certain conditions. The actor's practice must, based on the particularized facts and circumstances, be necessary to mitigate the security risk. Importantly, we propose that the actor would have to demonstrate that it considered reasonable and appropriate alternatives that could have reduced the likelihood of interference with access, exchange, or use of EHI, and that there were no reasonable and appropriate alternatives
We note that an actor's consideration of reasonable and appropriate alternatives will depend on the urgency and nature of the security threat in question. We anticipate that an actor's qualification for this exception would accommodate exigent circumstances. For example, we would not expect an actor to delay the implementation of a security measure in response to an emergency on the basis that it has not yet been able to initiate a fully realized risk assessment process. However, we expect that in these exigent circumstances, where the actor has implemented a security practice without first considering whether there were reasonable and appropriate alternatives that were less likely to interfere with access, exchange or use of EHI, the actor would expeditiously make any necessary changes to the practice based on the actor's consideration of reasonable and appropriate alternatives that are less likely to interfere with access, exchange or use of EHI. We propose that the exception would apply in these instances so long as an actor takes these steps and complies with all other applicable conditions.
We encourage comment on these conditions and our overall approach to this proposed exception, including whether our proposal provides adequate flexibility for actors to implement measures that are commensurate to the threats they face, the technology infrastructure they possess, and their overall security profiles and, equally important, whether this exception adequately mitigates the risk that actors will adopt security policies that are unnecessarily restrictive or engage in practices that unreasonably interfere with access, exchange, or use of EHI. Commenters are encouraged to propose additional conditions that may be necessary to ensure that the exception is tailored and does not extend protection to practices that are not reasonable and necessary to promote the security of EHI and that could present information blocking concerns. We also seek comment on whether the use of consensus-based standards and guidance provides an appropriate reference point for the development of security policies. Finally, commenters may wish to offer an alternative basis for identifying practices that do not offer a security benefit (compared with available alternatives) but that cause an information blocking harm by interfering with access, exchange, or use of EHI.
We propose to establish an exception to the information blocking provision that would permit the recovery of certain costs reasonably incurred to provide access, exchange, or use of EHI. The exception and corresponding conditions are set forth in the proposed regulation text in § 171.204. We interpret the definition of information blocking to include
The exception would be subject to strict conditions to prevent its potential misuse. Specifically, we are concerned that a broad or insufficiently tailored exception for the recovery of costs could protect rent-seeking, opportunistic fees, and exclusionary practices that interfere with the access, exchange, and use of EHI. These practices fall within the definition of information blocking and reflect some of the most serious concerns that motivated its enactment (
In the time since we published the Information Blocking Congressional Report, these practices have persisted and, in certain respects, become more pronounced. In a national survey of HIE executives published in 2017, 47% of respondents reported that EHR developers “often/routinely” charge high fees for exchange that are unrelated to cost, and another 40% reported that they “sometimes” do.
As just one illustration, some EHR developers have begun conditioning access or use of customer EHI on revenue-sharing or royalty agreements that bear no plausible relation to the costs incurred by the EHR developer to grant access to the EHI. We have also heard of discriminatory pricing policies that have the obvious purpose and effect of excluding competitors from the use of interoperability elements. Many of the industry stakeholders who shared their perspectives with us in listening sessions prior to this proposed rule, including several health IT developers of certified health IT, condemned these practices and urged us to swiftly address them.
In light of these concerns, we propose that this exception would apply only to the recovery of certain costs and only when the actor's methods for recovering such costs comply with certain conditions at all relevant times. As discussed in more detail below, these conditions would require that the costs the actor recovered were reasonably
Finally, the exception would provide additional conditions applicable to fees charged in connection with: (1) The certified APIs described in § 170.404; and (2) the EHI export capability proposed in § 170.315(b)(10) for the purposes of switching health IT or to provide patients their electronic health information. We emphasize that access to EHI that is provisioned by supplying some form of physical media, such as paper copies (where the EHI is printed out), or where EHI is copied onto a CD or flash-drive, would not be a practice that implicated the information blocking provision provided that the fee(s) charged for that access complied with HIPAA (45 CFR 164.524(c)(4)).
Our intention with this exception is not to set any particular cost that would be considered “reasonably incurred,” but rather to allow the market to define the appropriate price so long as certain methods are followed and certain criteria are met.
Regardless of the type of cost at issue, a basic condition of this proposed exception is that any costs the actor seeks to recover must have been reasonably incurred to provide the relevant interoperability elements to enable access, exchange, or use of EHI. Ultimately, whether a cost was reasonably incurred will depend on the particular facts and circumstances. We believe this fact-based approach is appropriate in light of the considerable diversity in the types of costs that actors might incur and the range of factors that could bear on the reasonableness of those costs. For example, the costs of developing software may vary with the purposes it is intended to serve, the settings in which it will be deployed, the types and scope of capabilities included, and the extent to which these development efforts build on existing development efforts and know-how. Additionally, the costs of providing services, including the implementation of technology in production environments, may vary based on the technology design or architecture, individual customer needs, local implementation conditions, and other factors. An analysis of costs would also account for different distribution and service models under which the costs are calculated. We seek comment on these and other considerations that may be relevant to assessing the reasonableness of costs incurred for purposes of this exception.
To qualify for the exception, we propose that the method by which the actor seeks to recover its costs must be reasonable and non-discriminatory. This would require that the actor base its recovery of costs on objective and verifiable criteria that are uniformly applied for all substantially similar or similarly situated classes of persons and requests. We emphasize that this proposal does not mean that the actor must apply the same prices or price terms for all persons or classes of persons to whom it provides the services. However, any differences in prices or price terms would have to be based on actual differences in the costs that the actor incurred or other reasonable and non-discriminatory criteria. We further propose to require that the method by which the actor recovers its costs must be reasonably related to the actor's costs of providing the type of access, exchange, or use to, or at the request of, the person or entity to whom the fee is charged.
We also propose that the method by which the actor recovers its costs must be reasonably allocated among all customers to whom the technology or service is supplied, or for whom the technology is supported. A reasonable allocation of costs would require that the actor allocate its costs in accordance with criteria that are reasonable and between only those customers that either cause the costs to be incurred or benefit from the associated supply or support of the technology. If an actor developed technology that could be supplied to multiple customers with minimal tailoring, the core costs of developing its technology should be allocated between those customers when recovered as a fee. The actor would not be permitted to recover the total of its core costs from each customer. Similarly, when an actor uses shared facilities and resources to support the usage of technology, it would need to ensure that those shared costs were reasonably allocated between all of the customers that benefited from them. However, whenever an actor is required to provide services and incur costs that are unique to a particular customer, it would not need to distribute those costs among other customers that had deployed technology.
In addition, the exception would not apply if the method by which the actor recovers its costs is based, in any part, on whether the requestor or other person is a competitor, potential competitor, or will be using the EHI in a way that facilitates competition with the actor. The use of such criteria would be suspect because it suggests the fee the actor is charging is not based on its reasonable costs to provide the services and may have the purpose or effect of excluding or creating impediments for competitors, business rivals, or other persons engaged in developing or enabling the use of interoperable technologies and services.
Last, we propose that the method by which the actor recovers its costs must not be based on the sales, profit, revenue, or other value that the requestor or other persons derive or may derive from the access to, exchange of, or use of electronic health information, including the secondary use of such information, that
We seek comment on these conditions and other issues we should consider in assessing whether the methodology by which an actor distributes costs and charges fees should be considered reasonable and necessary for purposes of this exception. In particular we are considering whether to introduce specific factors and methods for assessing when profit will be reasonable. For example, should the pro-competitive or efficiency-adding aspect of an actor's approach to providing access, exchange, or use of EHI be taken into account when assessing the reasonableness of the profit recovered by an actor? We also ask commenters to consider whether there are specific use cases for which actors' profits should be limited or prohibited. We request that commenters provide as much detail as possible when describing methods for quantifying profits and evaluating their reasonableness.
We propose that certain costs should be explicitly excluded from this exception regardless of the method for recovering the costs. We have proposed these excluded costs, which are detailed below, in an effort to provide additional clarity about the scope of this exception and to create guardrails for preventing potential misuse of the exception.
We propose that this exception would not permit the recovery of any cost that the actor incurred due to the health IT being designed or implemented in non-standard ways that unnecessarily increase the complexity, difficulty or burden of accessing, exchanging, or using EHI. To the extent that such costs can be reasonably avoided, we believe that actors should internalize the costs of such behaviors, which do not benefit consumers, and which create unnecessary impediments to access, exchange, and use of EHI. As an illustration, if a health IT developer of certified health IT designed its database tables or other aspects of its technology in ways that make exporting or converting EHI to other formats difficult, the developer could not claim that its costs to provide data conversion services to customers are reasonably incurred. Such costs would not be eligible under this exception (and might implicate the information blocking provision for the reasons noted in section VIII.C.4.c.v of this preamble).
We welcome comments on the exclusion of these types of costs.
We propose to limit this exception to the recovery of costs that an actor
First, an actor would not be permitted to recover any costs associated with intangible assets (including depreciation or loss of value), other than the actual development or acquisition costs of such assets. For example, an actor could not charge a customer a fee based on the purported “cost” of allowing the customer to use the actor's patented technology, computer software, databases, trade secrets, copyrighted works, and the like. We understand that the customer's use of the asset could be considered a “cost” in the sense that, were it not for the information blocking provision, the actor could charge a royalty or other fee for the use of its intangible assets. For this reason, in section VIII.D.6, we propose to permit an actor to license most interoperability elements on reasonable and non-discriminatory terms, subject to certain conditions. For purposes of this more general exception, however, we believe it would be inappropriate to permit an actor to charge a fee based on these considerations, which are inherently subjective and could invite the kinds of rent-seeking and opportunistic pricing practices that fall squarely within the definition of information blocking. We clarify that an actor's practices could qualify for both this exception (recovering costs reasonably incurred) and the exception for licensing of interoperability elements on reasonable and non-discriminatory terms in section VIII.D.6. In that case, the actor could recover costs under both exceptions.
Second, and for similar reasons, an actor would not be permitted to recover costs that are speculative. The exception would not apply to “opportunity costs,” such as the revenues that an actor could have earned had it not provided the interoperability elements. We clarify that the exclusion of opportunity costs would not preclude an actor from recovering its reasonable forward-looking cost of capital. We believe these costs are relatively concrete and that permitting their recovery will protect incentives for actors to invest in developing and providing interoperability elements.
We also propose that the exception would not apply to fees prohibited by 45 CFR 164.524(c)(4). The HIPAA Privacy Rule permits a covered entity to impose a reasonable, cost-based fee if the individual requests a copy of the PHI (or agrees to receive a summary or explanation of the information). The fee may include only the cost of: (1) Labor for copying the PHI requested by the individual, whether in paper or electronic form; (2) supplies for creating the paper copy or electronic media (
We propose that this exception would not apply if the actor charged a fee based in any part on the electronic access by an individual or their personal representative, agent, or designee to the individual's EHI. Such fees are distinguished from the cost-based fees that a covered entity is permitted to charge individuals for the provision of copies of ePHI under HIPAA (45 CFR 164.524(c)(4)), and similar allowable costs under state privacy laws, which would
A fee based on electronic access by an individual or their personal representative, agent, or designee to the individual's EHI, in contrast, would arise if an actor sought to impose on individuals, or their personal representatives, agents, or designees, a fee that operated as a toll for the provision of electronic access. For example, a health care provider that charges individuals a fee in order that the individuals be given access to their EHI via the health care provider's patient portal or another mode of web-based delivery, would not be able to benefit from this exception. Similarly, where an individual authorizes a consumer-facing app to retrieve EHI on the individual's behalf, it would be impermissible for an actor to charge the app or its developer a fee to access or use APIs that enable access to the individual's EHI. This would be true whether the actor is a supplier of the API technology or an individual or entity that has deployed the API technology, such as a health care provider.
The definition of information blocking specifically mentions transitions between health IT systems and the export of complete information sets as protected forms of access, exchange, and use (
For the reasons above, we propose that fees charged for the export, conversion, or migration of data from an EHR technology would not qualify for the exception unless they also meet two additional conditions.
First, we propose that health IT developers of certified health IT would, for purposes of this exception, be precluded from charging a fee to perform an export of EHI via the capability of health IT certified to the proposed 2015 Edition “EHI export” certification criterion (§ 170.315(b)(10)) for the purposes of switching health IT systems or to provide patients their EHI. As part of the “Assurances” Condition of Certification, health IT developers that produce and electronically manage EHI would need to be certified to the “EHI export” criterion and provider the functionality to its customers (
We note that, because this certification criterion provides only a baseline capability for exporting data, we anticipate that health IT developers of certified health IT will need to provide other data portability services to facilitate the smooth transition of health care providers between different health IT systems. We propose that such fees may qualify for protection under the exception, but only if they meet the other conditions described above and in proposed § 171.205(a).
Second, we propose that the exception would not apply to a fee to export or convert data from an EHR technology unless such fee was agreed to in writing at the time the technology was acquired, meaning when the EHR developer and the customer entered into a contract or license agreement for the EHR technology. This condition is designed to promote the disclosure of fees upfront and thereby reduce the potential for actors to engage in installed-base opportunism or attempting to use fees to discourage data portability.
We note that health IT developers of certified health IT subject to the API Condition of Certification proposed in § 170.404 may not charge certain types of fees and are subject to more specific cost accountability provisions than apply generally under this proposed exception. We believe that the failure of developers to comply with these additional requirements would impose impediments to consumer and other stakeholder access to EHI without special effort and would be suspect under the information blocking provision. We propose, therefore, that a health IT developer of certified health IT subject to the API Condition of Certification must comply with all requirements of that condition for all practices and at all relevant times in order to qualify for this exception.
We also believe that a health care provider that acts as an API Data Provider, should be subject to the same constraints. For example, the API Condition of Certification prohibits a health IT developer from charging a usage fee to patient-oriented apps. We believe information blocking concerns would arise if a provider were to charge such a fee, notwithstanding the fact that the provider is not subject to the certification requirements. For this reason, we propose that, if the actor is an API Data Provider, the actor is only permitted to charge the same fees that an API Technology Supplier is permitted to charge to recover costs consistent with the permitted fees specified in the Condition of Certification in § 170.404. In other words, to the extent that a provider is an API Data Provider, the provider will not qualify for this exception if it charges any fee that a health IT developer of certified health IT would be prohibited from charging under the API Condition of Certification.
We clarify that the conditions of this exception, including those governing the methodology and criteria by which an actor calculates and distributes its costs, must be satisfied for
We request comment on this proposed exception. Specifically, we ask commenters to consider alternate approaches to the exception that would also achieve the goal of allowing actors to recover certain types of costs that would promote innovation, competition and consumer welfare and that are unlikely to present information blocking concerns. In assessing other potential approaches to this exception, we encourage commenters to contemplate such considerations as enforceability, potential burden on the parties, and overall effectiveness in meeting the above stated goals.
We propose to establish an exception to the information blocking provision that would permit an actor to decline to provide access, exchange, or use of EHI in a manner that is infeasible, provided certain conditions are met. The exception and corresponding conditions are set forth in the proposed regulation text in § 171.205. We propose that this exception would not apply when a response is required by law. As discussed in section VIII.C.5 of this preamble, we propose that the information blocking provision would be implicated if an actor were to refuse to facilitate access, exchange, or use of EHI, either as a general practice or in isolated instances. However, we believe that in certain circumstances legitimate practical challenges beyond an actor's control may limit its ability to comply with requests for access, exchange, or use. In some cases, the actor may not have—and may be unable to obtain—the requisite technological capabilities, legal rights, financial resources, or other means necessary to provide a particular form of access, exchange, or use. In other cases, the actor may be able to comply with the request, but only by incurring costs or other burdens that are clearly unreasonable under the circumstances.
Actors confronted with these types of practical challenges may be concerned about their exposure under the information blocking provision, which could lead to inefficient outcomes. For example, health care providers may feel compelled to entertain requests to enable or support means of exchange or use that would be disruptive to health care operations or that are not financially sustainable. In some of these instances, the actor may be able, but reluctant, to offer alternative means that would meet the requestor's needs while reducing the burden on the actor, leading to more efficient outcomes overall. Actors could also be forced into a “reactive” posture that limits their ability to make holistic decisions and to implement health IT in a considered, scalable way that facilitates robust interoperability and information sharing. These outcomes would be counterproductive to the policies the information blocking provision encompasses.
The proposed exception would alleviate some of these concerns while safeguarding against pretextual and other unreasonable refusals to provide access, exchange, or use of EHI. The exception would permit an actor to decline a request in certain narrowly-defined circumstances when doing so would be infeasible (or impossible) and when the actor otherwise did all that it reasonably could do under the circumstances to facilitate alternative means of accessing, exchanging, and using the EHI. We believe this approach is principled and tailored in a manner that will promote basic fairness and encourage parties to work cooperatively to implement efficient solutions to interoperability challenges. Importantly, to ensure that the exception is not used inappropriately, we propose a structured, fact-based approach for determining whether a request was in fact “infeasible” within the meaning of this exception. This approach would be limited to a consideration of factors specifically delineated in the exception and that focus the infeasibility inquiry on the immediate and direct financial and operational challenges of facilitating access, exchange, and use, as distinguished from more remote, indirect, or speculative types of injuries.
We encourage comment on these and other aspects of this proposal, which are described in more detail below.
To qualify for this proposed exception, in addition to meeting other conditions, we propose that compliance with the request for access, exchange, or use must be infeasible. We propose a two-step test that an actor would need to meet in order to demonstrate that a request was infeasible.
Under the first step of the infeasibility test, the actor would need to show that complying with the particular request in the manner requested would impose a substantial burden on the actor that is unreasonable under the circumstances. We anticipate that in most cases an actor would meet this requirement by showing that it did not have, and could not readily obtain, the requisite technological capabilities, legal rights, or other means necessary to facilitate the particular type of access, exchange, or use requested. Additionally, the requirement could be met by showing that, had it complied with the request, the actor would have experienced a significant disruption to its health care or business activities or would have incurred significant unbudgeted costs. We would also consider other analogous outcomes that impact the actor's health care or business activities in a direct and substantial way. We seek comment on what those outcomes might be and encourage commenters to be as detailed and specific as possible.
In determining whether these or other types of burdens are substantial, we would consider the actor's particular circumstances, including the type of actor; the nature and purpose of its business or other activities; and the financial, technical, and other resources and expertise at its disposal. In addition, we would also consider any offsetting benefits to the actor of providing the requested access, exchange, or use, such as facilitating the actor's compliance with statutory and regulatory requirements. Due to the variability of circumstances, ONC would take a fact-specific approach to these analyses.
As an illustration, a small physician practice with limited financial and technical resources may find it burdensome to accommodate requests from other providers to establish and maintain outbound interfaces from the practice's EHR system that it neither needs for its own health care activities nor to comply with any regulatory requirements. In contrast, a large health system with a well-resourced IT department may be in a position to accommodate such requests without significant disruption to its business and at relatively minimal additional expense relative to its overall IT budget. Similarly, custom development or other activities that might be burdensome for a health care provider with limited technical expertise may not result in a substantial burden for a health IT developer, exchange, or network whose business is to develop and provide technological solutions.
We clarify that the exception focuses solely on the immediate and direct financial and operational challenges of facilitating access, exchange, or use. The exception does not apply—and we would give no weight—to any putative burdens that an actor experiences that relate primarily to the actor's pursuit of an economic advantage, such as its ability to charge higher prices, capture additional revenue streams, maintain or increase its market share, or otherwise pursue its own economic interests. To the extent that these interests merit an exception under the information blocking provision, they are addressed under the exceptions proposed in §§ 171.204 and 171.206. In the same way, the exception would not apply to any putative burdens that are more appropriately examined under another proposed exception. For example, an actor could not claim that it is burdensome to implement a tailored organizational patient safety policy under proposed § 171.201(b) or to
To show that a request for access, exchange, or use was infeasible, the actor must not only demonstrate that complying with the request would have resulted in a substantial burden, as described above; the actor must also demonstrate that requiring it to comply with the request—and thus to assume the substantial burden demonstrated under the first part of the test—would have been plainly unreasonable under the circumstances. Whether it would have been plainly unreasonable for the actor to assume the burden of providing access, exchange, or use will be highly dependent on the particular facts and circumstances. While for this reason we do not believe that bright-line rules would be appropriate, we do propose to rely primarily on the following key factors enumerated in proposed § 171.205(a)(1):
• The type of EHI and the purposes for which it may be needed;
• The cost to the actor of complying with the request in the manner requested;
• The financial, technical, and other resources available to the actor;
• Whether the actor provides comparable access, exchange, or use to itself or to its customers, suppliers, partners, and other persons with whom it has a business relationship;
• Whether the actor owns or has control over a predominant technology, platform, health information exchange, or health information network through which EHI is accessed or exchanged;
• Whether the actor maintains ePHI on behalf of a covered entity, as defined in 45 CFR 160.103, or maintains EHI on behalf of the requestor or another person whose access, exchange, or use of EHI will be enabled or facilitated by the actor's compliance with the request;
• Whether the requestor and other relevant persons can reasonably access, exchange, or use the information from other sources or through other means; and
• The additional cost and burden to the requestor and other relevant persons of relying on alternative means of access, exchange, or use.
As these factors suggest, the starting point for our inquiry would be to identify the type of EHI at issue and the purposes for which it may be needed. As explained in section VIII.C.5.b.i. of this preamble, certain types of EHI—namely, observational health information—give rise to a heightened risk of interference under the information blocking provision. For purposes of this exception and the information blocking provision more generally, the actor has a strong duty to facilitate the availability and use of this information, which may be needed for important activities for which timely and complete access to EHI is essential, such as providing patients with their EHI; enabling the use of EHI for treatment and care coordination; and making EHI available for quality improvement and population health management activities.
Next, we would consider the severity of the burdens that the actor would have experienced to provide the access, exchange, or use of EHI in the manner requested. For this purpose, we would consider both the burden on the actor of complying with the specific request at issue as well as the burden the actor would experience if it was required to comply with similar types of requests. We would also consider the observed or likely frequency of such requests. As already discussed, we anticipate that the extent of any burden would depend in part on the particular circumstances of the actor. In addition, in considering the burden to the actor, we would also consider any offsetting benefits to the actor of providing the requested access, exchange, or use.
Having ascertained the nature and severity of any burdens that the actor would assume to provide the requested access, exchange, or use, we would balance these burdens against the countervailing costs to the requestor and other persons (including consumers) who would be harmed by the actor's refusal to provide the requested access, exchange, or use. Importantly, we would consider whether the requestor and other persons could have obtained the EHI from other sources or through other means, including those made available by the actor as an accommodation to the requestor, as discussed in more detail below. If alternative means were available, we would examine the extent to which they would have been appropriate for the purposes for which the EHI or interoperability elements were needed and the extent to which requiring the requestor to pursue these alternative means would impose additional costs or burdens on the requestor and other persons. For example, if the EHI was readily available through other means that were equally efficacious, the actor's refusal to provide yet one more means of access, exchange, or use might impose only a minimal burden on the requestor and other persons' use of the EHI. In contrast, if the actor conditions critical technology or infrastructure for accessing, exchanging, or using EHI, or if its control over other interoperability elements means that EHI cannot be efficiently accessed, exchanged, or used without the actor's cooperation, requiring the requestor to pursue other means of access, exchange, or use would likely be unrealistic and represent an insurmountable burden.
One final consideration would inform our analysis. We would consider the balancing of relative burdens in conjunction with the actor's control over interoperability elements. As an example, a dominant health IT developer of certified health IT or network that refuses to facilitate a particular form of access, exchange, or use with other entities would have to demonstrate an extreme burden relative to the need for access, exchange, or use in order to qualify for this exception. This exacting standard would also apply in other circumstances of dependence or reliance on the actor to facilitate access, exchange, or use. For example, a dominant health system that provides local health IT infrastructure would have to demonstrate an extreme hardship to justify denying interconnection requests or access to interoperability elements. Likewise, where the actor is a business associate of a covered entity, or owes some other special duty to the requestor, the actor could not qualify for this exception unless the cost or burden it would have borne was so extreme in comparison to the marginal benefits to the requestor that the request was clearly unreasonable by any objective measure.
We acknowledge that there may be situations when complying with a request for access, exchange, or use would be considered infeasible because an actor is unable to provide such access, exchange, or use due to unforeseeable or unavoidable circumstances that are outside the actor's control. For example, an actor could seek coverage under this exception if it is unable to provide access, exchange, or use of EHI due to a natural disaster (such as a hurricane, tornado or earthquake) or war. These are just a couple examples of such circumstances and are by no means an exhaustive list.
We emphasize that, consistent with the requirements for demonstrating that activities and practices meet the conditions of an exception proposed in section VIII.C.6.c of this preamble, the actor would need to produce evidence and ultimately prove that complying
We note that there are certain circumstances that we propose would not constitute a burden to the actor for purposes of this exception and shall not be considered in determining whether complying with a request would have been infeasible. We propose that it would not be considered a burden if providing the requested access, exchange, or use in the manner requested would have (1) facilitated competition with the actor; or (2) prevented the actor from charging a fee. Throughout this proposed rule, we have highlighted that one of the goals of the information blocking section is to promote competition, and allowing the argument that a request is infeasible because it facilitates competition with the actor would be antithetical to this goal. Similarly, an argument that a request is infeasible because it prevents the actor from charging a fee would also be outside the scope of this exception because such a result would not constitute a substantial, unreasonable burden that this exception seeks to address.
We request comment on the structured, fact-based approach we have proposed for determining whether a request was in fact “infeasible” within the meaning of this exception. We encourage comment on, among other issues, whether the factors we have specifically delineated above properly focus the infeasibility inquiry; whether our approach to weighing these factors is appropriate; and whether there are additional burdens, distinct from the immediate and direct financial and operational challenges contemplated above, that are similarly concrete and should be considered under the fact-based rubric of this exception.
In addition to demonstrating that a particular request or class of requests was infeasible, we propose that an actor would have to show that it satisfied several additional conditions. Specifically, to qualify for this exception, the actor must have timely responded to all requests relating to access, exchange, and use of EHI, including but not limited to requests to establish connections and to provide interoperability elements. Further, for any request that the actor claims was infeasible, the actor must have provided the requestor with a detailed written explanation of the reasons why the actor could not accommodate the request. Finally, the actor must have worked with the requesting party in a timely manner to identify and provide a reasonable alternative means of accessing, exchanging, or using the EHI, as applicable. The actor's failure to meet any of these conditions would disqualify the actor from the exception and could also be evidence that the actor knew that it was engaging in practices that contravened the information blocking provision.
We clarify that the duty to timely respond and provide reasonable cooperation would necessarily be assessed from the standpoint of what is objectively reasonable for an individual or entity in the actor's position. For example, we would not expect a small physician practice to provide the same level of engagement and technical assistance to third parties as a large hospital or health system with considerable health IT resources and expertise at its disposal. In some circumstances, it may even be difficult for a small practice to comply with any request for access, exchange, and use that is more complicated than a simple request for a patient's personal health information. If there are such requests—and there could be—then small practices may be both unable to comply with such requests and poorly situated to assist requesting parties with alternatives. We provide these examples to emphasize that we will look at the specific facts and circumstances of each case to determine what is objectively reasonable.
We believe that these conditions will minimize the risk that this exception could protect improper refusals to provide interoperability elements, including naked refusals to deal as well as other practices, such as improper delays in access or exchange that would present information blocking concerns. Additionally, the requirements for an actor to timely respond and document its justifications for declining a request in writing would prevent an actor from using post hoc rationalizations to justify these and other improper practices. Finally, we believe that establishing a clear duty under the exception for actors to deal on reasonable terms with parties seeking to access, exchange, or use EHI will encourage parties to cooperate to identify and implement efficient solutions to interoperability challenges, thereby avoiding disputes that could lead to information blocking.
We encourage comment on the additional conditions and related considerations described above. Specifically, we request comment regarding potential obstacles to satisfying these conditions and improvements we could make to the proposed process.
We propose to establish an exception to the information blocking provision that would permit actors to license interoperability elements on reasonable and non-discriminatory (RAND) terms, provided that certain conditions are met. The exception and corresponding conditions are set forth in the proposed regulation text in § 171.206. As discussed in section VIII.C.5.a of this preamble, the information blocking provision would be implicated if an actor were to refuse to license or allow the disclosure of interoperability elements to persons who require those elements to develop and provide interoperable technologies or services—including those that might complement or compete with the actor's own technology or services. Moreover, the information blocking provision would be implicated if the actor licensed such interoperability elements subject to terms or conditions that have the purpose or effect of excluding or discouraging competitors, rivals, or other persons from engaging in these pro-competitive and interoperability-enhancing activities. Thus, this licensing requirement would apply in both vertical and horizontal relationships. For instance, it would apply when a developer in a vertical relationship to the actor—a network in this example—wants to use interoperability elements in order to access the EHI maintained in the actor's network. The requirement would also apply when a rival network in a horizontal relationship to the actor (network) wants to use interoperability elements so that its network can be compatible with the applications that have already been developed for use with the actor's network.
We note that some licensees do not require the interoperability elements to develop products or services that can be interoperable with the actor's health IT. For instance, there may be firms that simply want to license the actor's technology for use in developing their own interoperability elements. Their interest would be for access to the technology itself—not for the use of the technology to interoperate with either the actor or its customers. This may be the case, for example, if the relevant intellectual property included patents that were applicable to other information technology applications outside of health IT. In such cases, the actor's licensing of its patents in such a
Below are examples of situations that
• An actor refuses to negotiate a license after receiving a request from a developer.
• An actor offers a license at the request of a developer, but only at a royalty rate that exceeds a RAND rate.
• An actor offers a license to a competitor at a royalty rate significantly higher than was offered to a party not in direct competition with the actor.
• An actor files a patent infringement lawsuit against a developer without first offering to negotiate a license on RAND terms.
There are compelling reasons for this prohibition. In our experience, contractual and intellectual property rights are frequently used to extract rents for access to EHI or to prevent competition from developers of interoperable technologies and services (
Despite these serious concerns, we recognize that the definition of information blocking may be broader than necessary and could have unintended consequences. In contrast to the practices described above, we believe it is generally appropriate for actors to license their intellectual property (IP) on RAND terms that do not block interoperability. Provided certain conditions are met, we believe that these practices would further the goals of the information blocking provision by allowing actors to protect the value of their innovations and earn returns on the investments they have made to develop, maintain, and update those innovations. This in turn will protect future incentives to invest in, develop, and disseminate interoperable technologies and services. Conversely, if actors cannot (or believe they cannot) protect and commercialize their innovations, they may not engage in these productive activities that improve access, exchange, and use of EHI.
While we believe this exception is necessary to promote competition and consumer welfare, we are highly sensitive to the danger that actors will continue to use their contractual and IP rights to interfere with access, exchange, and use of EHI, undermining the information blocking provision's fundamental objectives. For this reason, the exception would be subject to strict conditions to ensure, among other things, that actors license interoperability elements on RAND terms and that they do not impose collateral terms or engage in other practices that would impede the use of the interoperability elements or otherwise undermine the intent of this exception.
We acknowledge that preventing intellectual property holders from extracting rents for access to EHI may differ from standard intellectual property policy. Absent specific circumstances, IP holders are generally free to negotiate with prospective licensees to determine the royalty to practice their IP, and this negotiated royalty frequently reflects the value the licensee would obtain from exercising those rights. However, in the context of EHI, we propose that a limitation on rents is essential due to the likelihood that rents will frustrate access, exchange, and use of EHI, particularly because of the power dynamics that exist in the health IT market.
We remind readers that actors are not required to seek the protection of this (or any other) exception. If an actor does not want to license a particular technology, it may choose to comply with the information blocking provision in another way, such as by developing and providing alternative means of accessing, exchanging, and using EHI that are similarly efficient and efficacious. The purpose of this exception is not to dictate a licensing scheme for all, or even most, health IT, but rather to provide a tailored “safe harbor” that will provide clear expectations for those who desire it.
We propose to require, as a condition of this exception, that any terms upon which an actor licenses interoperability elements must be reasonable and non-discriminatory (RAND). As discussed below, commitments to license technology on RAND terms are frequently required in the context of standards development organizations (SDOs), and we believe that the practical and policy considerations that have led SDOs to adopt these policies are related in many respects to the information blocking concerns presented when an actor exploits control over interoperability elements to extract economic rents or impede the development or use of interoperable technologies and services.
We recognize that strong legal protections for IP rights can promote competition and innovation.
Similar concerns arise when actors who control proprietary interoperability elements demand royalties or license terms from competitors or other persons who are technologically dependent on the use of those interoperability elements. As discussed in section VIII.C.5 of this preamble, to the extent that the interoperability elements are essential to enable the efficient access, exchange, or use of EHI by particular persons or for particular purposes, any practice by the actor that could impede the use of the interoperability elements for that purpose—or that could unnecessarily increase the cost or other burden of using the elements for that purpose—would give rise to an obvious risk of interference with access, exchange, or use of EHI under the information blocking provision.
We believe that a RAND requirement would balance the need for robust IP protections with the need to ensure that this proposed exception does not permit actors to exercise their IP or other proprietary rights in inappropriate ways that block the development, adoption, or use of interoperable technologies and services. The exercise of IP rights in these ways is incompatible with the information blocking provision, which protects the investments that taxpayers and the health care industry have made to adopt technologies that will enable the efficient sharing of EHI to benefit consumers and the health care system. While actors are entitled to protect and exercise their IP rights, to benefit from this exception to the information blocking provision they must do so in a reasonable and non-discriminatory manner that does not undermine these efforts and impede the appropriate flow of EHI.
Accordingly, we propose that, to qualify for this exception, an actor must license requested interoperability elements on RAND terms. To comply with this condition, any terms or conditions under which the actor discloses or allows the use of interoperability elements must meet several requirements set forth below. These requirements apply to both price terms (such as royalties and license fees) and other terms, such as conditions or limitations on access to interoperability elements or the purposes for which they can be used.
We propose that, upon receiving a request to license or use interoperability elements, an actor would be required to respond to the requestor within 10 business days from receipt of the request. We note that the request could be made to “license” or “use” the interoperability elements because a requestor may not always know that “license” is the legal mechanism for “use” when making the request. This provision is intended to ensure that a requestor is given an opportunity to license
In order to meet this requirement, the actor would be required to respond to the requestor within 10 business days from the receipt of the request by: (1) Negotiating with the requestor in a RAND fashion to identify the interoperability elements that are needed; and (2) offering an appropriate license with RAND terms, consistent with its other obligations under this exception. We emphasize that, in order to qualify for this proposed exception, the actor is only required to
We emphasize that there would be circumstances under which the actor could pursue legal action against parties that infringe its intellectual property whilst complying with this exception. For instance, an actor could bring legal action if a firm appropriates the actor's intellectual property without requesting a license or after refusing to accept a license on RAND terms.
We do not propose a set timeframe for when the negotiations must be resolved because it is difficult to predict the duration of such negotiations. For instance, there could be situations when the actor and requestor meet once and the actor makes a RAND offer that is immediately accepted by the requestor. However, there could be other situations when the requestor and actor each make counteroffers, which would extend the negotiations.
We request comment on whether 10 business days is an appropriate amount of time for the actor to respond to the requestor. In proposing this timeframe, we considered the urgency of certain requests to license interoperability elements and our expectation that developers would have standard licenses at their disposal that could be adapted in these situations. We considered proposing response timeframes ranging from 5 business days to 15 business days. We also considered proposing two separate timeframes for: (1) Negotiating with the requestor; and (2) offering the license. If commenters prefer a different response timeframe or approach than proposed, we request that commenters explain their rationale with as much detail as possible.
In addition, we query whether we should create set limits for: (1) The amount of time the requestor has to accept the actor's initial offer or make a counteroffer; (2) if the requestor makes a counteroffer, the amount of time the actor has to accept the requestor's counteroffer or make its own counteroffer; and (3) an allowable number of counteroffers in negotiations.
To qualify for this proposed exception, we propose that the actor must license the requested interoperability elements with all rights necessary to access and use the interoperability elements for the following purposes, as applicable:
• All rights necessary to access and use the interoperability elements for the purpose of developing products or services that are interoperable with the actor's health IT or with health IT under the actor's control and/or any third party who currently uses the actor's interoperability elements to interoperate with the actor's health IT or health IT under the actor's control. These rights would include the right to incorporate and use the interoperability elements in the licensee's own technology to the extent necessary to accomplish this purpose.
• All rights necessary to market, offer, and distribute the interoperable products and services described above to potential customers and users, including the right to copy or disclose the interoperability elements as necessary to accomplish this purpose.
• All rights necessary to enable the use of the interoperable products or services in production environments,
We request comment on whether these rights are sufficiently inclusive to support licensees in developing interoperable technologies, bringing them to market, and deploying them for use in production environments. We also request comment on the breadth of these required rights and if they should be subject to any limitations that would not interfere with the uses we have described above.
As a condition of this exception, we propose that if an actor charges a royalty for the use of interoperability elements, the royalty base and rate must be reasonable. Consistent with the requirements for demonstrating that activities and practices meet the conditions of an exception proposed in section VIII.C.6.c, the actor would need to show that the royalty base was reasonable and that the royalty was within a reasonable range for the interoperability elements at issue. Importantly, we note that the reasonableness of any royalties would be assessed solely on basis of the independent value of the actor's technology to the licensee's product,
In evaluating the actor's assertions and evidence that the royalty was reasonable, we propose that ONC may consider the following factors:
• The royalties received by the actor for the licensing of the proprietary elements in other circumstances comparable to RAND-licensing circumstances.
• The rates paid by the licensee for the use of other comparable proprietary elements.
• The nature and scope of the license.
• The effect of the proprietary elements in promoting sales of other products of the licensee and the licensor, taking into account only the contribution of the elements themselves and not of the enhanced interoperability that they enable.
• The utility and advantages of the actor's interoperability element over the existing technology, if any, that had been used to achieve a similar level of access, exchange, or use of EHI.
• The contribution of the elements to the technical capabilities of the licensee's products, taking into account only the value of the elements themselves and not the enhanced interoperability that they enable.
• The portion of the profit or of the selling price that may be customary in the particular business or in comparable businesses to allow for the use of the proprietary elements or analogous elements that are also covered by RAND commitments.
• The portion of the realizable profit that should be credited to the proprietary elements as distinguished from non-proprietary elements, the manufacturing process, business risks, significant features or improvements added by the licensee, or the strategic value resulting from the network effects, switching costs, or other effects of the adoption of the actor's technology.
• The opinion testimony of qualified experts.
• The amount that a licensor and a licensee would have agreed upon (at the time the licensee began using the elements) if both were considering the RAND obligation under this exception and its purposes, and had been reasonably and voluntarily trying to reach an agreement.
These factors mirror those used by courts that have examined the reasonableness of royalties charged pursuant to a commitment to an SDO to license standard-essential technologies on RAND terms (
Similarly, in the context of information blocking, we propose the RAND inquiry focuses on whether the royalty demanded by the actor represents the independent value of the actor's proprietary technology. We propose that if the actor has licensed the interoperability element through a standards development organization in accordance with such organization's policies regarding the licensing of standards-essential technologies on reasonable and non-discriminatory terms, the actor may charge a royalty that is consistent with such policies. Rather than asking whether the royalty inappropriately captures additional value derived from the technology's inclusion in the industry standard, we would ask whether the actor is charging a royalty that is not based on the value of its technology (embodied in the interoperability elements) but rather includes the strategic value stemming from the adoption of that technology by customers or users. Thus, under this proposed approach and the factors set forth above, we would consider the technical contribution of the actor's interoperability elements to the licensee's products—such as any proprietary capabilities or features that the licensee uses in its product—but would screen out any functional aspects of the actor's technology that are used only to establish interoperability and enable EHI to be accessed, exchanged, and used. Additionally, we propose that
We clarify that, as proposed, this condition would not preclude an actor from licensing its interoperability elements pursuant to an existing RAND commitment to an SDO. We also note that, in addition to complying with the requirements described above, to meet this proposed condition any royalties charged must meet the condition, proposed separately below, that any license terms be non-discriminatory.
We request comment on these aspects of the proposed exception. Commenters are encouraged to consider, in particular, whether the factors and approach we have described will be administrable and appropriately balance the unreasonable blocking by actors of the use of essential interoperability elements with the need to provide adequate assurance to investors and innovators that they will be able to earn a reasonable return on their investments in interoperable technologies. If our proposed approach does not adequately balance these concerns or would not achieve our stated policy goals, we ask that commenters suggest revisions or alternative approaches. We ask that such comments be as detailed as possible and provide rigorous economic justifications for any suggested revisions or alternative approaches.
We propose that for this exception to apply the terms on which an actor licenses and otherwise provides interoperability elements must be non-discriminatory. This requirement would apply to both price and non-price terms, and thus would apply to the royalty terms discussed immediately above as well as other types of terms that may be included in licensing agreements or other agreements related to the provision or use of interoperability elements.
To comply with this condition, the terms on which the actor licensed the interoperability elements must be based on criteria that the actor applied uniformly for all substantially similar or similarly situated classes of persons and requests. This requirement addresses a root cause of information blocking. In order to be considered non-discriminatory, such criteria would have to be objective and verifiable, not based on the actor's subjective judgment or discretion. We emphasize that this proposal does not mean that the actor must apply the same terms for all persons or classes of persons requesting a license. However, any differences in terms would have to be based on actual differences in the costs that the actor incurred or other reasonable and non-discriminatory criteria. Moreover, we propose that any criteria upon which an actor varies its terms or conditions would have to be both competitively neutral—meaning that the criteria are not based in any part on whether the requestor or other person is a competitor, potential competitor, or will be using EHI obtained via the interoperability elements in a way that facilitates competition with the actor—and neutral as to the revenue or other value that the requestor may be derived from access, exchange, or use of the EHI obtained via the interoperability elements, including any secondary use of such EHI. We believe these limitations are necessary in light of the potential for actors to use their control over interoperability elements to engage in discriminatory practices that create unreasonable barriers or costs for persons seeking to develop, offer, or use interoperable technologies to expand access and enhance the exchange and use of EHI.
To clarify our expectations for this proposed condition, we provide the following illustration. Consider an EHR developer that establishes an “app store” through which third-party developers can license the EHR developer's proprietary APIs, which we assume are separate from the APIs required by the API Condition of Certification proposed in § 170.404. The EHR developer could charge a reasonable royalty and impose other reasonable terms to license these interoperability elements. The terms and conditions could vary based on neutral, objectively verifiable, and uniformly applied criteria. These might include, for example, significantly greater resources consumed by certain types of apps, such as those that export large volumes of data on a continuous basis, or the heightened risks associated with apps designed to “write” data to the EHR database or to run natively within the EHR's user interface. In contrast, the EHR developer could
The foregoing conditions are not intended to limit an actor's flexibility to set different terms based on legitimate differences in the costs to different classes of persons or in response to different classes of requests, so long as any such classification was in fact based on neutral criteria (in the sense described above) that are objectively verifiable and were applied in a consistent manner for persons and/or requests within each class. As an important example, the proposed condition would not preclude a covered actor from pursuing strategic partnerships, joint ventures, co-marketing agreements, cross-licensing agreements, and other similar types of commercial arrangements under which it provides more favorable terms than for other persons with whom it has a more arms-length relationship. In these instances the actor should have no difficulty identifying substantial and verifiable efficiencies that demonstrate that any variations in its terms and conditions were based on objective and neutral criteria. We do note an important caveat, however, specifically that a health IT developer of certified health IT who is an “API Technology Supplier” under the Condition of Certification proposed in § 170.404 would not be permitted to offer different terms in connection with the APIs required by that Condition of Certification. As discussed in section VII.B.4 of this preamble, we propose that API Technology Suppliers are
We welcome comments on the foregoing condition and requirements.
We propose five additional conditions that would reinforce the requirements of this exception discussed above. These additional conditions would provide bright-line prohibitions for certain types of collateral terms or agreements that we believe are inherently likely to interfere with access, exchange, or use of EHI. We propose that any attempt to
First, the actor must not require the licensee or its agents or contractors to not compete with the actor in any product, service, or market, including markets for goods and services, technologies, and research and development. We are aware that such agreements have been used to either directly exclude suppliers of interoperable technologies and services from the market or to create exclusivity that reduces the range of technologies and options available to health care providers and other health IT customers and users.
Second, and for similar reasons, the actor must not require the licensee or its agents or contractors to deal exclusively with the actor in any product, service, or market, including markets for goods and services, technologies, and research and development.
Third, the actor must not require the licensee or its agents or contractors to obtain additional licenses, products, or services that are not related to or can be unbundled from the requested interoperability elements. This condition reinforces the condition described earlier requiring that any royalties charged by the actor for the use of interoperability elements be reasonable. Without this condition, we believe that an actor could require a licensee to take a license to additional interoperability elements that the licensee does not need or want, which could enable the actor to extract royalties that are inconsistent with its RAND obligations under this exception. We clarify that this condition would not preclude an actor and a willing licensee from agreeing to such an arrangement, so long as the arrangement was not
Fourth, the actor must not condition the use of interoperability elements on a requirement or agreement to license, grant, assign, or transfer the licensee's own IP to the actor. We believe it is inconsistent with the actor's RAND licensing obligations under this exception, and would raise information blocking concerns, for an actor to use its control over interoperability elements as leverage to obtain a “grant back” of IP rights or other consideration whose value may exceed that of a reasonable royalty. Consistent with our approach under other conditions of this exception, this condition would not preclude an actor and a willing licensee from agreeing to a cross-licensing, co-marketing, or other agreement if they so choose. However, the actor cannot
Finally, the actor must not condition the use of interoperability elements on a requirement or agreement to pay a fee of any kind whatsoever unless the fee meets either the narrowly crafted condition to this exception for a reasonable royalty, or, alternatively, the fee satisfies the separate exception proposed in § 171.204, which permits the recovery of certain costs reasonably incurred. As noted in section VIII.D.4, that exception generally does not allow for the recovery of royalties or other fees associated with intangible assets. However, the exception does allow for the reasonable and actual development and acquisition costs of such assets.
We request comment on the categorical exclusions outlined above. In particular, we encourage commenters to weigh in on our assumption that these practices are inherently likely to interfere with access, exchange, or use of EHI. We also encourage commenters to suggest any conceivable benefits that these practices might offer for interoperability or for competition and consumers that we might have overlooked. Again, we ask that to the extent possible commenters provide detailed economic rationale in support of their comments.
We propose that an actor would be permitted under this exception to require a licensee to agree to a confidentiality or non-disclosure agreement (NDA) to protect the actor's trade secrets, provided that the NDA is no broader than necessary to prevent the unauthorized disclosure of the actor's trade secrets. Further, we propose that the actor would have to identify (in the NDA) the specific information that it claims as trade secrets, and that such information would have to meet definition of a trade secret under applicable law. We believe these safeguards are necessary to ensure that the NDA is not used to impose restrictions or burdensome requirements that are not actually necessary to protect the actor's trade secrets and that impede the use of the interoperability elements. The use of an NDA for such purposes would preclude an actor from qualifying for this exception and would implicate the information blocking provision. We note that if the actor is a health IT developer of certified health IT, it may be subject to the Condition of Certification proposed in § 170.403, which prohibits certain health IT developer prohibitions and restrictions on communications about a health IT developer's technology and business practices. This exception would not in any way abrogate the developer's obligations to comply with that condition.
We encourage comment on this condition of the proposed exception.
In addition to the conditions described above, we propose that an actor's practice would need to comply with additional conditions that ensure that actors who license interoperability elements on RAND terms do not engage in separate practices that impede the use of those elements or otherwise undermine the intent of this exception. These conditions are analogous to the conditions described in our proposal above concerning collateral terms but address a broader range of practices that may not be effected through the license agreements themselves or that occur separately from the licensing negotiations and other dealings between the actor and the licensee. Specifically, we propose that an actor would not qualify for this exception if it engaged in a practice that had the purpose or
Finally, to ensure the actor's commitments under this exception are durable, we propose one additional safeguard: An actor cannot avail itself of this exception if, having licensed the interoperability elements, the actor makes changes to the elements or its technology that “break” compatibility or otherwise degrade the performance or interoperability of the licensee's products or services. We believe this condition is crucial given the ease with which an actor could make subtle “tweaks” to its technology or related services that could disrupt the use of the licensee's compatible technologies or services and result in substantial competitive and consumer injury.
We clarify and emphasize that this proposed condition would in
As a final condition of this proposed exception, we propose that health IT developers of certified health IT who are subject to the Conditions of Certification proposed in §§ 170.402, 170.403, and 170.404 must comply with all requirements of those Conditions of Certification for all practices and at all relevant times. Several of the requirements of these conditions mirror those of this exception. However, in some instances the Conditions of Certification provide additional or more specific requirements that apply to the provision of interoperability elements by developers of certified health IT. For example, developers subject to the API Condition of Certification must make certain public APIs available on terms that are royalty free and no less favorable than provided to themselves and their customers, suppliers, partners, and other persons with whom they have a business relationship. These more prescriptive requirements reflect the specific obligations of health IT developers under the Program, including the duty to facilitate the access, exchange, and use of information from patients' electronic health records without special effort. A health IT developer of certified health IT's failure to comply with these and other certification requirements that specifically support interoperability would, in addition to precluding the developer from invoking this exception, be significant evidence of information blocking.
We propose to establish an exception to the information blocking provision for certain practices that are reasonable and necessary to maintain and improve the overall performance of health IT, provided certain conditions are met. The proposed exception would recognize as reasonable and necessary the practice of an actor making health IT under its control temporarily unavailable to maintain or improve the health IT. The exception and corresponding conditions are set forth in the proposed regulation text in § 171.207.
EHI should be accessible and usable on demand by those that need it. However, in order for this to happen, the health IT through which EHI is accessed, exchanged, or used must perform properly and efficiently. This requires that health IT be maintained and in some instances improved. The performance of such maintenance and improvements sometimes requires that health IT is temporarily taken offline, which can interfere with the access, exchange, and use of EHI. We believe this exception is necessary to ensure that actors are not deterred from maintaining and improving the overall performance of health IT because temporary unavailability of EHI may cause interference with its access, exchange, and use. Without this specific exception, there could be a significant risk that actors may refrain from conducting maintenance and improvements of health IT out of fear that if the purpose was not for preventing harm, promoting security, or for another reason covered by the other exceptions, then their actions might contravene the information blocking provision.
This exception would apply to the unavailability of health IT occasioned by both planned and unplanned maintenance and improvements. Planned maintenance or improvements are typically carried out at regular intervals and address routine repairs, updates, or new releases. Unplanned maintenance or improvements respond to urgent or time-sensitive issues, which cannot wait for the occurrence of a pre-planned time period to implement the required maintenance or improvements.
This proposed exception acknowledges that the performance of health IT is often measured by service level agreements that provide flexibility to ensure that system availability is balanced with essential maintenance and improvements. Where the provision of health IT is subject to an allowance for maintenance or improvement that has been agreed to by the recipient of that health IT, we propose that neither that agreement, nor the performance of it, should constitute information blocking, provided that certain conditions are met.
To ensure that the actor's practice of making health IT, and in turn EHI, unavailable for the purpose of carrying out maintenance or improvements is reasonable and necessary, we have identified conditions that must be satisfied at all relevant times to qualify for this exception.
Any unavailability of health IT must be for a period of time no longer than necessary to achieve the maintenance or improvement purpose for which the health IT is made unavailable. This condition recognizes the critical importance of access to EHI and ensures that health IT is not made unavailable for longer than needed. For example, a health IT developer of certified health IT that has the right under its contract with a large health system to take its system offline for four hours each month to conduct routine maintenance would not qualify for this exception if
Making this evaluation for unplanned maintenance or improvements will be more difficult, because unplanned maintenance or improvements are typically initiated in response to a threat or risk that needs to be responded to on an urgent basis and for so long as the threat or risk persists. However, if, for example, an HIE identified a software failure (not identified as a safety or security risk) that required immediate remediation necessitating the actor take its health IT offline, the actor would be expected to bring the health IT back online as soon as possible after the issue was resolved.
We propose that any unavailability of health IT occasioned by the conduct of maintenance or improvements must be implemented in a consistent and non-discriminatory manner. This condition provides a basic assurance that when health IT is made unavailable for the purpose of performing maintenance or improvements that the unavailability is not abused by the actor that controls the health IT. For example, a health IT developer of certified health IT would not qualify for this exception if the developer, using a standard contract that provided a flexible allowance for planned maintenance or improvements, initiated planned maintenance or improvements for a customer with an expiring health IT contract during a time when users might reasonably be expected to access EHI, but conducted planned maintenance or improvements for new customers in the middle of the night. However, this condition does not require that actors conduct planned maintenance or improvements simultaneously, or require that every health IT contract provide the same promises in regard to planned maintenance or improvements. Indeed, a recipient of health IT may agree to a longer window for unavailability in exchange for a reduced fee for system maintenance, which would not contravene this condition.
In order to benefit from this exception, we propose that the unavailability of health IT due to maintenance or improvements initiated by a health IT developer of certified health IT, HIE, or HIN, must be agreed to by the individual or entity to whom the health IT is supplied. The availability of health IT is typically addressed in a written contract or other written agreements, that puts the recipient of the health IT on notice about the level of EHI and health IT unavailability that can be expected for users of the health IT. By such agreements, the recipient of the health IT willfully agrees to that level of planned and unplanned unavailability (typically referred to in health IT contracts as “downtime”). Some health IT contracts address the question of system availability by way of an “uptime warranty” that specifies the maximum amount of unavailability for a specified period and the timing of any planned unavailability.
We acknowledge that in some cases, health IT needs to be taken offline or maintenance or improvements on an urgent basis and in a way that is not expressly permitted under a health IT contract. An actor may still satisfy this proposed condition so long as the maintenance or improvements are agreed to by the recipient of the health IT. This could be achieved by way of an oral agreement reached between the parties by telephone, but we note that because an actor must demonstrate that it satisfies the requirements of this exception, it would be best practice for an actor to ensure the agreement was in writing or, at minimum, contemporaneously documented.
This proposed condition of this exception only applies when the unavailability of health IT is caused by a health IT developer of certified health IT, HIE, or HIN. In these circumstances, it is the supplier of the health IT that controls if and when health IT is intentionally taken offline for maintenance or improvements. This condition does not apply when health IT is made unavailable for maintenance or improvements at the initiative of a recipient (or customer) of health IT, because in that case, the unavailability has, for the purpose of this exception, nothing to do with the supplier. When it is a customer of health IT that initiates unavailability, the unavailability would not need to be the subject of an agreement with the supplier of that health IT, nor anyone else, in order for the customer of health IT to benefit from this exception. For example, a health care provider that locally hosts and maintains its health IT (being software supplied by a health IT developer) would not need to satisfy this condition if it interfered with access to EHI by taking the health IT offline temporarily to conduct maintenance. However, if the same health care provider was to receive a new release of the health IT developer's software, which was to be implemented by the developer and which required that the health IT be taken offline by the developer for 6 hours, then that unavailability, or an allowance for it, would need to be the subject of prior agreement. Unavailability of health IT initiated by a recipient of health IT (rather than the supplier of the health IT) would still need to satisfy the other conditions of this exception, including that the unavailability be for a period of time no longer than necessary to achieve the maintenance or improvements for which the health IT was made unavailable.
We note that this condition would need to be satisfied by any HIE or HIN that sought to benefit from this exception in connection with any interference with access, exchange, or use occasioned by an HIE or HIN making its health IT unavailable for the purposes of conducting maintenance or improvements. An HIE would need to have secured the agreement of those individuals or entities that use its exchange services, and a HIN would need to have obtained the agreement of the network's participants.
When health IT is made unavailable for maintenance or improvements aimed at preventing harm to a patient or other person, or securing EHI, an actor must comply with the conditions specified in proposed § 171.201 or § 171.203 respectively, in order to qualify for an exception to the information blocking provision. This condition ensures that this exception cannot be used to avoid compliance with conditions applicable under other exceptions. For example, if part of an EHR system was taken offline in response to a health IT developer of certified health IT being alerted to the risk of corrupt or inaccurate data being recorded or incorporated in a patient's health record, any decision to make the EHR unavailable on this basis to conduct unplanned maintenance or improvements would need to accord with the conditions of the proposed exception for preventing harm (see § 171.201 and section VIII.D.1 of this proposed rule). Similarly, unavailability occasioned by maintenance or improvements initiated to secure EHI in response to a suspected malware attack would need to either be implemented in accordance with the actor's organizational security policy that satisfied the requirements of the proposed exception for promoting the
We seek comment on this exception generally. Specifically, we seek comment on whether the proposed conditions impose appropriate limitations on actor-initiated health IT maintenance or improvements that lead to EHI unavailability. Our goal is to ensure that the exception is not abused, while at the same time recognizing reasonable commercial arrangements entered into by parties for the proper maintenance and improvement of health IT.
We are also considering whether to expand this exception to capture a broader class of practices that are the subject of reasonable commercial agreements and which, in the absence of an exception, may be considered information blocking. That is, to extend this exception or create new exceptions for additional types of practices that interfere with access, exchange, or use of EHI, but that are the subject of free agreement and which are reasonable and necessary. For example, we are considering whether a practice taken by an actor to throttle or meter the availability or performance of health IT, where agreed to by the recipient of that health IT, could ever be a practice that we recognize as not being information blocking if such practice does not otherwise qualify under an existing exception.
As discussed in section VIII.C.5 of this preamble, we are aware that actors can use commercial agreements to materially discourage, and in some instances outright prohibit, certain instances of access, exchange, or use of EHI. For example, a HIN might use a participation agreement to prohibit entities that receive EHI through the HIN from transmitting that EHI to entities who are not participants of the HIN. Such an arrangement would not be reasonable or necessary because there is no legitimate justification for it. However, we are also aware of commercial arrangements that are not motivated by anti-competitive considerations but that nonetheless have the effect of interfering with the access, exchange, or use of EHI. For example, a health IT developer of certified health IT may agree to commercial terms with a customer that have the effect of interfering with access, exchange, or use of EHI, but which are designed to appropriately accommodate the customer's limited resources, or to assure the performance of certain health IT functionality.
We expect that most reasonable and necessary commercial arrangements that affect access, exchange, or use of EHI could be recognized under one or more of the existing exceptions. However, we seek comment on whether there exists a class of legitimate commercial arrangements that could implicate the information blocking provision, but which would not benefit from the existing proposed exceptions.
To support full network-to-network exchange of EHI, section 3001(c)(9)(A) of the PHSA, added by section 4003 of the Cures Act, directs the National Coordinator to convene public-private partnerships to develop or support a trusted exchange framework (Trusted Exchange Framework), including a common agreement for a common set of rules for trusted exchange between HINs (Common Agreement). The most recent draft Trusted Exchange Framework was released for public comment on January 5, 2018,
We are considering whether we would should propose, in a future rulemaking, a narrow exception to the information blocking provision for practices that are necessary to comply with the requirements of the Common Agreement. Such an exception may support adoption of the Common Agreement and encourage other entities to participate in trusted exchange through HINs that enter into the Common Agreement. It would do so by providing protection if there are practices that are expressly required by the Common Agreement, or that are necessary to implement such requirements, that might implicate the information blocking provision and would not qualify for another exception. We note that such an exception would be consistent with the complementary roles of the information blocking provision and other provisions of the Cures Act that support interoperability and enhance the trusted exchange of EHI (including the interoperable network exchange provisions at section 3001(c)(9) of the PHSA, the definition of interoperability at section 3000(10) of the PHSA, and the conditions of certification required by section 3001(c)(5)(D) of the PHSA).
We expect that any proposal would be narrowly framed such that contract terms, policies, or other practices that are not strictly necessary to comply with the Common Agreement would not qualify for the exception. Similarly, we expect that the proposal would provide that an actor could benefit from this exception only if the practice or practices that the actor pursued were no broader than necessary under the circumstances. These limitations would ensure that the exception is narrowly tailored to practices that are most likely to promote trusted exchange without unnecessarily impeding access, exchange, or use of EHI.
We ask commenters to provide feedback on this potential exception to the information blocking provision to be considered for inclusion in future rulemaking. Commenters should consider whether such an exception is necessary, given the scope of the other exceptions proposed in this NPRM, and whether there could be any negative effects of such an exception. We ask commenters to consider the appropriate scope of this exception, which could include which actors could benefit from the exception and the conditions that should apply in order to qualify for the exception.
We welcome comment on any potential new exceptions we should consider for future rulemaking. Commenters should consider the policy goals and structure of the proposed exceptions in this proposed rule when providing comment. We ask that commenters provide rationale for any proffered exceptions to the information blocking provisions and any conditions an actor would need to meet to qualify for the proffered exception.
Section 3022(d)(3)(A) of the PHSA directs the National Coordinator to implement a standardized process for the public to submit reports on claims of health information blocking. Such reports could be submitted regarding any practice by health care providers, health IT developers, exchanges, or networks that may constitute information blocking under section 3022(a). These practices include, but are not limited to, health IT products or developers of such products (or other entities offering such products to health care providers) not being interoperable or resulting in information blocking;
We intend to implement and evolve this complaint process by building on existing mechanisms, including the complaint process currently available at
• What types of information are most important to collect in order to identify potential instances of information blocking?
• What types of information are contemplated by the following categories delineated in section 3022(d)(3)(B): The originating institution; location; type of transaction; system and version; timestamp; terminating institution; locations; system and version; failure notice; and other related information?
• What types of information or data elements should be collected under each of the above categories?
• What additional types of information beyond the above may be relevant to complaints and allegations of information blocking, especially practices that involve contractual or other business practices for which some of the categories of technical or transactional information above may not apply?
• How can ONC encourage and streamline the collection of such information so as to minimize burden and encourage the submission of complaints, especially complaints about practices that raise the types of information blocking concerns described in this proposed rule?
• How can ONC facilitate the inclusion of sufficient detail and granularity in complaints to enable effective investigations?
• What safeguards should be provided to support adequate confidentiality and handling of information that could: (1) Identify the source of the complaint or allegation; (2) contain other individually identifiable information; and (3) contain confidential or proprietary business information?
Section 3022(b)(2)(B) of the PHSA provides that any health care provider determined by the OIG to have committed information blocking shall be referred to the appropriate agency to be subject to appropriate disincentives using authorities under applicable federal law, as the Secretary sets forth through notice and comment rulemaking. However, we note that these disincentives may not cover the full range of conduct within the scope of section 3022(a)(1). We request information on disincentives or if modifying disincentives already available under existing HHS programs and regulations would provide for more effective deterrents.
We also seek information on the implementation of section 3022(d)(4) of the PHSA, which provides that in carrying out section 3022(d) of the PHSA, the Secretary shall, to the extent possible, not duplicate penalty structures that would otherwise apply with respect to information blocking and the type of individual or entity involved as of the day before December 13, 2016—enactment of the Cures Act.
Section 4005 (a) and (b) of the Cures Act focuses on interoperability and bidirectional exchange between EHRs and registries, including clinician-led clinical data registries. ONC is approaching these provisions from several angles to address the technical capability of EHRs to exchange data with registries in accordance with applicable recognized standards. Based on stakeholder engagement and public comments on prior ONC regulations, we have identified a wide range of areas where the use of standards could significantly improve bidirectional exchange with registries for a range of purposes, including public health, quality reporting, and care quality improvement.
As discussed in the “Strategy on Reducing Regulatory and Administrative Burden Relating to the Use of Health IT and EHRs” draft report released by ONC for public comment in December of 2018,
For these reasons outlined above, we believe it is appropriate to explore multiple approaches to advancing health IT interoperability for bidirectional exchange with registries in order to mitigate risks based on factors like feasibility and readiness, potential unintended burden on health care providers, and the need to focus on priority clinical use cases. ONC is in the process of conducting research and analysis to determine what evidence-based use cases should be supported and what standards are available to support such use cases. We are also considering the overall maturity of technology adoption within the market to support identified standards and the use of certified EHRs and clinical data registries for these identified use cases in the near term, as well as identifying glide paths for the potential future development of enterprise solutions.
In the 2015 Edition final rule, we included certification criteria and standards that are applicable for specific use cases for bidirectional exchange such as Immunization Information Systems. In this proposed rule, we have proposed processes for updating standards as well as new policies related to real world testing that would help ensure that functionalities are implemented in a manner that is technically feasible in a practice setting. In addition, we have worked with federal partners to advance health IT policies related to bidirectional exchange with registries in a manner that supports and reflects the current market place while encouraging innovation and increased adoption. For example, we have worked with CMS to enhance guidance for QCDRs under the MIPS to support health IT innovation and partnership with health IT organizations. We are also working with the CDC and states to support enhancements to PDMP integration as a
In this proposed rule, we propose to adopt new standards and capabilities for certified APIs that have the potential to change how certain types of information exchange are done, including the potential to exchange information with clinical data and public health registries. In this request for information (RFI), we are seeking information on how health IT solutions and the proposals throughout this rule can aid bidirectional exchange with registries for a wide range public health, quality reporting, and clinical quality improvement initiatives. For example, in December of 2018, in the “Strategy on Reducing Regulatory and Administrative Burden Relating to the Use of Health IT and EHRs” draft report, we noted that HL7 was working on an update to the FHIR standard to support API access to request data on populations of patients, which could potentially address additional use cases, including supporting payer needs, public health and quality improvement efforts, and health research organizations. As discussed in section VII.4, FHIR Release 4 has now been published
We seek comment on use cases where an API using FHIR Release 4 might support improved exchange between a provider and a registry. Specifically, we seek comment on how the use of this standard might:
• Reduce the burden of implementing multiple solutions for various types of exchange, while still supporting the variability needed to exchange information with registries devoted to the care of a population defined by a particular disease, condition, exposure, or therapy;
• Allow for the collection of detailed, standardized data on an ongoing basis for medical procedures, services, or therapies for particular diseases, conditions, or exposures;
• Support an overall approach to data quality, including the systematic collection of clinical and other health care data, using standardized data elements and procedures to verify the completeness and validity of those data;
• Improve and enhance the ability of providers to leverage feedback from a registry to improve patient care; and
• Address a sufficiently wide range of use cases to warrant the prioritization of technical innovation on API-based options over the continued development of use-case-specific solutions in future rulemaking.
We also welcome any other comments stakeholders may have on implementation of the registries provisions under section 4005 of the Cures Act.
Patient matching is a critical component to interoperability and the nation's health information technology infrastructure. Accurate patient matching helps health care providers access and share the right information on the right patient when and where it is needed.
Inaccurate patient matching can compromise safety, privacy, and lead to increased health care costs, as acknowledged in the Departments of Labor, Health and Human Services, and Education, and Related Agencies Appropriation Bill, 2017:
The Committee is aware that one of the most significant challenges inhibiting the safe and secure electronic exchange of health information is the lack of a consistent patient data matching strategy. With the passage of the HITECH Act, a clear mandate was placed on the Nation's healthcare community to adopt electronic health records and health exchange capability. Although the Committee continues to carry a prohibition against HHS using funds to promulgate or adopt any final standard providing for the assignment of a unique health identifier for an individual until such activity is authorized, the Committee notes that this limitation does not prohibit HHS from examining the issues around patient matching. Accordingly, the Committee encourages the Secretary, acting through the Office of the National Coordinator for Health Information Technology and CMS, to provide technical assistance to private-sector led initiatives to develop a coordinated national strategy that will promote patient safety by accurately identifying patients to their health information.
Similarly, the Fiscal Year 2018 Appropriations Bill
The Committee is aware that a challenge inhibiting the safe and secure electronic exchange of health information is the lack of a consistent approach to matching patient data. The Committee encourages ONC to engage with stakeholders on private-sector led initiatives to develop a coordinated strategy that will promote patient safety by accurately identifying patients to their health information.
Section 4007 of the 21st Century Cures Act (Pub. L. 114-255) directs the Government Accountability Office (GAO) to conduct a study on patient matching. Specifically, the GAO was charged to review the policies and activities of the Office of the National Coordinator for Health Information Technology (ONC) and other relevant stakeholders, including standards development organizations, developers, providers, suppliers, payers, quality organizations, States, health information technology policy and technical experts, and other appropriate entities. The GAO report,
Patient matching may be defined as the linking of one patient's data within and across health care providers in order to obtain a comprehensive and longitudinal view of that patient's health care. At a minimum, this is accomplished by linking multiple demographic data fields such as name, birth date, sex, phone number, and
In this Request for Information (RFI), we seek comment on additional opportunities that may exist in the patient matching space and ways that ONC can lead and contribute to coordination efforts with respect to patient matching. ONC and CMS collaborated to jointly issue complementary requests for information regarding patient matching. ONC is particularly interested in ways that patient matching can facilitate improved patient safety, better care coordination, and advanced interoperability. Inaccurate patient matching can lead to inappropriate and unnecessary care; unnecessary burden on both patients and providers to correct misidentification, time consuming and expensive burden on health systems to detect and reconcile duplicate patient records and improper record merges; and poor oversite into fraud and abuse. Per a survey by the College of Healthcare Information Management Executives, one in five providers named lack of an appropriate patient matching strategy as the primary reason for inadvertent illness or injury.
We specifically seek input on the following:
• It is a common misconception that technology alone can solve the problem of poor data quality, but even the most advanced, innovative technical approaches are unable to overcome data quality issues. Thus, we seek input on the potential effect that data collection standards may have on the quality of health data that is captured and stored and the impact that such standards may have on accurate patient matching. We also seek input on other solutions that may increase the likelihood of accurate data capture, including the implementation of technology that supports the verification and authentication of certain demographic data elements such as mailing address, as well as other efforts that support ongoing data quality improvement efforts.
• In concert with the GAO study referenced above, we seek input on what additional data elements could be defined to assist in patient matching as well as input on a required minimum set of elements that need to be collected and exchanged. We encourage stakeholders to review the Patient Demographic Record Matching section of the Interoperability Standards Advisory
• Also in alignment with the GAO study, we seek input on whether and what requirements for electronic health records could be established to assure data used for patient matching is collected accurately and completely for every patient. For instance, the adopted 2015 Edition “transitions of care” certification criterion (§ 170.315(b)(1)) currently includes patient matching requirements for first name, last name, previous name, middle name, suffix, date of birth, address, phone number, and sex. These requirement also include format constraints for some of the data.
• There are unique matching issues related to pediatrics and we seek comment on innovative and effective technical or non-technical approaches that could support accurate pediatric record matching.
• Recent research suggests that involving patients in patient matching may be a viable and effective solution to increase the accuracy of matching, and giving patients access to their own clinical information empowers engagements and improved health outcomes. We seek comment on potential solutions that include patients through a variety of methods and technical platforms in the capture, update and maintenance of their own demographic and health data, including privacy criteria and the role of providers as educators and advocates.
• In addition, we seek input on standardized metrics for the performance evaluation of available patient matching algorithms. Health IT developers are each relying on a number of patient matching algorithms, however, without the adoption of agreed upon metrics for the evaluation of algorithm performance across the industry, existing matching approaches cannot be accurately evaluated or compared across systems or over time.
• At the same time, we seek input on transparent patient matching indicators such as database duplicate rate, duplicate creation rate, and true match rate, for example, that are necessary for assessment and reporting. The current lack of consensus, adoption, and transparency of such indicators makes communication, reporting, and cross-provider or cross-organizational comparisons impossible, impedes a full and accurate assessment of the extent of the problem, prohibits informed decision making, limits research on complementary matching methods, and inhibits progress and innovation in this area.
• There are a number of emerging private-sector led approaches in patient matching that may prove to be effective, and we seek input on these approaches, in general. A number of matching services that leverage referential matching technology have emerged in the market recently, yet evaluations of this type of approach has either not been conducted or has not been made public. Other innovative technical approaches such as biometrics, machine learning and artificial intelligence, or locally developed unique identifier efforts, when used in combination with non-technical approaches such as patient engagement, supportive policies, data governance, and ongoing data quality improvement efforts may enhance capacity for matching.
• Finally, ONC seeks input on new data that could be added to the United States Core Data for Interoperability (USCDI) or further constrained within it in order to support patient matching.
The Office of the Federal Register has established requirements for materials (
To make the materials we intend to incorporate by reference reasonably available, we provide a uniform resource locator (URL) for the standards and implementation specifications. In many cases, these standards and implementation specifications are directly accessible through the URLs provided. In instances where they are not directly available, we note the steps and requirements necessary to gain access to the standard or implementation specification. In most of these instances, access to the standard or implementation specification can be gained through no-cost (monetary) participation, subscription, or membership with the applicable standards developing organization (SDO) or custodial organization. In certain instances, where noted, access requires a fee or paid membership. As an alternative, a copy of the standards may be viewed for free at the U.S. Department of Health and Human Services, Office of the National Coordinator for Health Information Technology, 330 C Street SW, Washington, DC 20201. Please call (202) 690-7171 in advance to arrange inspection.
The National Technology Transfer and Advancement Act (NTTAA) of 1995 (15 U.S.C. 3701
As required by § 51.5(a), we provide summaries of the standards we propose to adopt and subsequently incorporate by reference in the Code of Federal Regulations. We also provide relevant information about these standards and implementation specifications throughout the preamble.
We have organized the following standards and implementation specifications that we propose to adopt through this rulemaking according to the sections of the Code of Federal Regulation (CFR) in which they would be codified and cross-referenced for associated certification criteria and requirements that we propose to adopt. We note, in certain instances, that we request comment in this proposed rule on multiple standards or implementation specifications that we are considering for adoption
This is a direct access link.
This is a direct access link.
Access requires a “user account” and a license agreement. There is no monetary cost for a user account and license agreement.
Access requires a “user account” and a license agreement. There is no monetary cost for a user account and license agreement.
Access requires registration, membership fee, a user account, and license agreement to obtain a copy of the standard.
This is a direct access link.
This is a direct access link.
This is a direct access link.
This is a direct access link.
This is a direct access link.
This is a direct access link.
The standard can be accessed through this link.
This is a direct access link.
This is a direct access link.
This is a direct access link.
This is a direct access link.
Because of the large number of public comments normally received in response to
We note that, throughout this proposed rule, we identified areas where we need more information before making a proposal (
The Paperwork Reduction Act of 1995 (PRA) requires agencies to provide a 60-day notice in the
1. Whether the information collection is necessary and useful to carry out the proper functions of the agency;
2. The accuracy of the agency's estimate of the information collection burden;
3. The quality, utility, and clarity of the information to be collected; and
4. Recommendations to minimize the information collection burden on the affected public, including automated collection techniques.
Under the PRA, the time, effort, and financial resources necessary to meet the information collection requirements referenced in this section are to be considered. We explicitly seek, and will consider, public comment on our assumptions as they relate to the PRA requirements summarized in this section. To comment on the collection
We propose to add new ONC-ACB collection and reporting requirements for the certification of health IT to the 2015 Edition (and any subsequent edition certification) in § 170.523(p), (q), (t), and § 170.550(1).
As proposed for §§ 170.550(l), ONC-ACBs would not be able to certify health IT until they review and verify health IT developers' attestations confirming that the developers are compliant with Conditions and Maintenance of Certification requirements. ONC-ACBs would also submit the health IT developer attestations to ONC as proposed by § 170.523(q). We believe this will require minimal effort on behalf of ONC-ACBs as the ONC submission part will be electronically facilitated via the CHPL.
As proposed for § 170.523(p)(3), ONC-ACBs would be required to collect and report certain information to ONC related to real world testing plans and results. ONC-ACBs would be required to verify that the health IT developer submits an annual, publicly available real world testing plan and perform a completeness check for both real world testing plans and results. We believe ONC-ACBs will face minimum burden in complying with these new proposed requirements.
As proposed for § 170.523(t), ONC-ACBs would ensure health IT developers opting to take advantage of the Standard Version Advancement Process flexibility per § 170.405(b)(5) provide timely advance written notice to the ONC-ACB and all affected customers. ONC-ACBs would maintain a record of the date of issuance and the content of developers' notices, and timely post content of each notice received publicly on the CHPL attributed to the certified Health IT Module(s) to which it applies. We believe this will require minimal effort on behalf of ONC-ACBs as the submission part will be electronically facilitated via the CHPL.
In the 2015 Edition proposed rule (80 FR 16894), we estimated fewer than ten annual respondents for all of the regulatory “collection of information” requirements that applied to the ONC-AA and ONC-ACBs, including those previously approved by OMB. In the 2015 Edition final rule (80 FR 62733), we concluded that the regulatory “collection of information” requirements for the ONC-AA and the ONC-ACBs were not subject to the PRA under 5 CFR 1320.3(c). We continue to estimate less than ten annual respondents for all of the proposed regulatory “collection of information” requirements for ONC-ACBs under Part 170 of Title 45, including those previously approved by OMB and proposed in this proposed rule. Accordingly, the regulatory “collection of information” requirements under the Program described in this section are not subject to the PRA under 5 CFR 1320.3(c). We welcome comments on these conclusions and the supporting rationale on which they are based. For costs estimates of these proposed new regulatory requirements, we refer readers to section XIV. (
We propose in 45 CFR 170.580(a)(2)(iii) that ONC may take action against a health IT developer for failure to comply with Conditions and Maintenance of Certification requirements. We proposed to generally use the same processes previously codified in regulation (§§ 170.580 and 170.581) to take administrative enforcement action. These processes would require health IT developers to submit information to ONC to facilitate and conclude its review. The PRA, however, exempts these information collections. Specifically, 44 U.S.C. 3518(c)(1)(B)(ii) excludes collection activities during the conduct of administrative actions or investigations involving the agency against specific individuals or entities.
We propose in 45 CFR 170.402(b)(1) that a health IT developer must, for a period of 10 years beginning from the date each of a developer's health IT is first certified under the ONC Health IT Certification Program, retain all records and information necessary to demonstrate initial and ongoing compliance with the requirements of the ONC Health IT Certification Program. We believe it will take approximately two hours per week on average to comply with our proposed record retention requirement. We welcome comments if stakeholders believe more or less time should be included in our estimate.
This proposed rule is necessary to meet our statutory responsibilities under the 21st Century Cures Act (Cures Act) and to advance HHS policy goals to promote interoperability and mitigate burden for stakeholders. Proposals that could result in monetary costs for stakeholders include the: (1) Proposals to update the 2015 Edition health IT certification criteria; (2) proposals related to Conditions and Maintenance of Certification for a health IT developer; (3) proposals related to oversight for the Conditions and Maintenance of Certification; and (4) proposals related to information blocking.
While much of the costs of this proposed rule will fall on health IT developers that seek to certify health IT under the ONC Health IT Certification Program (Program), we believe the implementation and use of health IT certified to the 2015 Edition (including the new criteria in this proposed rule), compliance with the Conditions and Maintenance of Certification, and the
We note in this RIA that there were instances in which we had difficulty quantifying certain benefits due to a lack of applicable studies and/or data. However, in such instances, we highlight the significant qualitative benefits of our proposals to advance an interoperable health system that empowers individuals to use their electronic health information (EHI) to the fullest extent and enables health care providers and communities to deliver smarter, safer, and more efficient care.
We assessed whether there are alternatives to our proposals, specifically our proposals concerning EHI export, application programming interfaces (APIs), and real world testing. We have been unable to identify alternatives that would appropriately implement our responsibilities under the Cures Act and support interoperability. We believe our proposals take the necessary steps to fulfill the mandates specified in the Public Health Service Act (PHSA), as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Cures Act, in the least burdensome way. We are, however, open to less burdensome alternatives that meet statutory requirements and our goals. Accordingly, we welcome comments on our assessment and any alternatives we should consider.
We have examined the impact of this proposed rule as required by Executive Order 12866 on Regulatory Planning and Review (September 30, 1993), Executive Order 13563 on Improving Regulation and Regulatory Review (February 2, 2011), Executive Order 13771 on Reducing Regulation and Controlling Regulatory Costs, the Regulatory Flexibility Act (5 U.S.C. 601
Executive Orders 12866 on Regulatory Planning and Review and 13563 on Improving Regulation and Regulatory Review direct agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). A regulatory impact analysis (RIA) must be prepared for major rules with economically significant effects ($100 million or more in any one year). OMB has determined that this proposed rule is an economically significant rule as the potential costs associated with this proposed rule could be greater than $100 million per year. Accordingly, we have prepared an RIA that to the best of our ability presents the costs and benefits of this proposed rule.
Executive Order 13771 on Reducing Regulation and Controlling Regulatory Costs was issued on January 30, 2017 and directs agencies to repeal two existing regulations for each new regulation issued in fiscal year (FY) 2017 and thereafter. It further directs agencies, via guidance issued by the Office of Management and Budget (OMB), that the total incremental costs of all regulations should be no greater than zero in FY 2018. The analysis required by Executive Order 13771, as supplemented by Executive Order 13777, adds additional requirements for analysis of regulatory actions. The new requirements under Executive Orders 13771 and 13777 do not change or reduce existing requirements under Executive Orders 12866 or 13563.
We have estimated the potential monetary costs and benefits of this proposed rule for health IT developers, health care providers, patients, ONC-Authorized Certification Bodies (ONC-ACBs), ONC-Authorized Testing Laboratories (ONC-ATLs), and the federal government (
In accordance with Executive Order 12866, we have included the RIA summary table as Table 25. In addition, we have included a summary to meet the regulatory reform analysis requirements under Executive Order 13771.
We note that we have rounded all estimates to the nearest dollar and that all estimates are expressed in 2016 dollars as it is the most recent data available to address all cost and benefit estimates consistently. We also note that estimates presented in the following “Employee Assumptions and Hourly Wage,” “Quantifying the Estimated Number of Health IT Developers and Products,” and “Number of End Users that Might Be Impacted by ONC's Proposed Regulations” sections are used throughout this RIA.
For proposals where research supported direct estimates of impact, we estimated the benefits. For proposals where no such research was identified to be available, we developed estimates based on a reasonable proxy.
We note that interoperability can positively impact patient safety, care coordination, and improve health care processes and health outcomes.
For the purpose of this analysis, we used regression analysis to calculate the impact of our real world testing and API proposals on interoperability. We assumed that the real world testing and API proposals would collectively have the same impact on interoperability as health IT certified to the 2014 Edition. Therefore, we estimated linear probability models that identified the impact of 2014 Edition certified health IT on hospitals' interoperability.
While we acknowledge that there might be shared benefits across proposals, we have taken steps to ensure that the benefits attributed to each proposal is unique to the proposal referenced. We assumed that this marginal effect is true for our proposals and distributed the 5% benefit across our real world testing and API proposals at (.1-1%) to (1-4%) respectively. Moreover, the number of providers impacted is proposal specific. Given data limitations, we believe this approach allows us to estimate the benefits of our proposals without double counting the impact each proposal might have on interoperability.
We have made employee assumptions about the level of expertise needed to complete the proposed requirements in this section. For wage calculations for federal employees and ONC-ACBs, we have correlated the employee's expertise with the corresponding grade and step of an employee classified under the General Schedule (GS) Federal Salary Classification, relying on the associated employee hourly rates for the Washington, DC locality pay area as published by the Office of Personnel Management for 2016.
We have used Bureau of Labor Statistics (BLS) data to calculate private sector employee wage estimates (
All wage estimates (GS and BLS) have been calculated in 2016 dollars because OMB requested that agencies generate cost and benefit estimates in 2016 dollars under Executive Order 13771. If we were to represent wage estimates in 2017 dollars, then costs and benefits, including net benefits, would increase by 4%. For our final rule, we will consider using 2017 and even 2018 dollars, if available, for our cost and benefit estimates.
We welcome comments on our methodology for estimating labor costs.
In this section, we describe the methodology used to assess the potential impact of new 2015 Edition certification criteria on the availability of certified products in the health IT market. This analysis is based on the number of certified health IT products (
Market consolidation may occur as a result of a natural evolvement of a new industry.
Not all products are certified to all of the edition's certification criteria available in the Program. Modular certification allows a health IT developer to present a product for certification to a narrower scope of
1.
2.
3.
As shown in Table 6 below, based on the assumptions 1-3 above, we have estimated the total number of 2015 products (545) and their developers (458).
For the purpose of this analysis, the population of end users differs according to the regulatory action proposed. In many cases, the end user population impacted is the number of hospitals and health care providers that possess certified health IT. Due to data limitations, our analysis regarding the number of hospitals and health care providers impacted by the regulatory action is based on the number of hospitals and health care providers that have historically participated in the Centers for Medicare & Medicaid Services (CMS) EHR Incentive Programs. Although there are limitations to this approach, participants in the CMS EHR Incentive Programs represent an adequate sample on which to base our estimates.
We do not expect costs to be associated with the deregulatory action proposals.
We expect the proposals for deregulatory actions to result in significant benefits for health IT developers, providers, ONC-ACBs, ONC-ATLs, and ONC. These expected benefits are detailed below.
We have proposed to revise § 170.556(c) by revising the requirement that ONC-ACBs
These proposals would reduce burden on health care providers by reducing their exposure to randomized in-the-field surveillance of their health IT products. Health care providers expressed concern about the time commitment to support ONC-ACB randomized surveillance of health IT products, particularly if no non-conformities with certified health IT were found. Providers have generally stated that reactive surveillance (
We note that we considered other potential benefits that we were unable to quantify. We considered that health care provider burden may decrease from the elimination of the 2% minimum threshold requirements because a provider would previously aid the ONC-ACB in software demonstrations. However, we acknowledge that in the long term and moving forward, providers will likely be the party reporting more of the complaints that could result in reactive surveillance. We also considered that an additional benefit of the proposal would be reduced burden on ONC-ACBs. Feedback from ONC-ACBs indicates that having to meet a set number of surveillance activities in 12 months can be quite burdensome, especially when factoring in the active engagement necessary from provider participants. Last, we considered the potential benefit to health IT developers in having more surveillance focused on situations dealing with actual end-user concerns and/or difficulties. Health IT developers have indicated that they benefit from such surveillance, as feedback about conformance and capability can improve their products.
We welcome comments on potential means, methods, and relevant comparative studies and data that we could use to better quantify these benefits.
We have proposed to remove the 2014 Edition certification criteria from the Code of Federal Regulations, which would directly benefit health IT developers, ONC-ACBs, ONC-ATLs, and ONC and indirectly benefit health care providers. When looking at the cost savings for removing the 2014 Edition certification criteria, we considered the current costs for maintaining those certifications and their surveillance (reactive), as well as the maintenance and administrative costs associated with supporting customer use of certified health IT for CMS EHR Incentive Program participation. The estimates below consider ONC analysis of the financial sustainability of ONC-ACBs and reflect data from as late as 2015.
We estimate that health IT developers would realize monetary savings from no longer supporting the 2014 Edition certification criteria due to a reduction in activities related to maintaining certification and surveillance. We are aware that one of our ONC-ACBs charges an inherited certified status (ICS) fee of $1,000. This fee has been applied over the last calendar year. Over that time period, the number of new, unique 2014 Edition products has been declining (24 products in the last calendar year, and no new products in the last four months) compared to the number of ICS certifications (569). Just assuming the cost of continued ICS certification, health IT developers would be paying approximately $569,000 each year to keep their 2014 Edition products up-to-date.
We are not aware of comparable fees charged by ONC-ATLs; however, based on our experience with the Program, we expect health IT developers would realize similar cost savings associated with ONC-ATL maintenance of the testing component associated with ICS. Thus, we estimate an additional $569,000 cost savings for health IT developers due to the reduced testing requirements.
A recent study conducted by ONC indicates that 2014 Edition ICS certification is not profitable for ONC-ACBs, which is why one ONC-ACB charged an additional $3,000 annual fee per product for surveillance for 2015 Edition certifications. In 2015, the net income for ONC-ACBs dropped 99% from about $5,310,000 in 2014 to $67,000 due to a decline in revenue from a drop in new 2014 Edition certified health IT products without a significant drop in expenses. We do not have enough information to calculate what percentage of ONC-ACB expenses are the direct result of 2014 Edition certification maintenance; however, our research indicates that it is significantly less profitable for ONC-ACBs to maintain 2014 Edition certification criteria (
We also attempted to identify a potential reduction in maintenance and administrative costs as a result of removing 2014 Edition certification criteria. We could not obtain data to conduct a full quantitative analysis specific to the reduction of health IT developer and health care provider costs related to supporting and maintaining the 2014 Edition. We seek comment on methods to quantify potential costs for maintaining and supporting products to previous editions.
We did conduct a review of academic literature and qualitative analysis regarding potential savings from no longer supporting the 2014 Edition. We looked at data in IT industry systems as whole, which showed that upgrading outdated legacy systems saves resources otherwise spent on maintaining compatibilities to multiple systems and also increases quality and efficiency.
From the implementer's perspective, the research indicates that retaining legacy systems tends to inhibit scalability and growth for businesses. The perpetuity of outdated legacy systems increases connection and system integration costs and limits the ability to realize increased efficiency through IT implementation. Newer products are developed to current specifications and updated standards, which decreases barriers and marginal cost of ancillary product implementation and increases the accessibility of data in ancillary systems—including via mobile devices and the latest applications. Finally, office staff in a health care setting would no longer need to be trained to accommodate differing data access
The research also indicates that retaining legacy software would not be beneficial or profitable to the health IT market. Prolonging backwards compatibility of newer products to legacy systems encourages market fragmentation.
We also estimate that additional savings could be realized by reducing regulatory complexity and burden caused by having two certification editions. For example, in the 2015 Edition final rule, we added new requirements, such as disclosure and transparency requirements, that applied to all certified product editions. This required significant effort by health IT developers and ONC-ACBs to execute the requirements, and both groups found it challenging to complete the task in the original timeframe provided by ONC. We have observed that the task of managing two different editions within different rules increases complexity and burden for ONC staff, contractors, ONC-ACBs, CMS programs referencing the certification criteria, and other stakeholders, as compared to our proposal to remove the 2014 Edition certification criteria. However, we are unable to estimate these benefits because we have no means for quantifying the benefits gained from only using the 2015 Edition. We welcome comments on potential means, methods, and relevant comparative studies and data that we could use to quantify these benefits.
We also expect that health care providers would benefit from this proposal because such action would likely motivate health IT developers to certify health IT products to the 2015 Edition, thus enabling providers to use the most up-to-date and supported systems to care for patients. The 2015 Edition certification criteria facilitates greater interoperability for several clinical health information purposes and enables health information exchange, including APIs, through new and enhanced certification criteria, standards, and implementation specifications. The certification criteria also allow for updates to documents and data standards and focus on the establishment of an interoperable health information infrastructure. We welcome comments on potential means, methods, and relevant comparative studies and data that we could use to quantify these benefits.
We expect ONC to realize monetary cost savings from the proposal to remove the ONC- Approved Accreditor (ONC-AA) from the Program. We expect ONC to realize costs savings from no longer: (1) Developing and publishing a
The ONC-AA's expertise is in the ISO/IEC 17065 standard. Therefore, to effectively collaborate with the ONC-AA for Program activities, ONC allocates resources for working with the ONC-AA and informing the ONC-AA of scheme requirements and applicable policy interpretations, which we have and can provide directly to the ONC-ACBs. The amount of ONC resources allocated depends on current Program activities and need. For our calculations, we used the estimated hours for collaborating with and informing an ONC-AA in 2017 (using 2016 wage estimates). We estimate that ONC spent approximately 110 hours collaborating with the ONC-AA in 2017, which includes (all at the GS-13, Step 1 level): Annual assessments; providing appropriate guidance; implementing new requirements and initiatives; and consultations as necessary. The hourly wage with benefits for a GS-13, Step 1 employee located in Washington, DC is approximately $88.30. Therefore, we estimate the annual cost savings to be $3,238.
We estimate that ONC would commit approximately eight hours of staff time to develop the
We estimate that ONC would commit approximately two hours of staff time by an analyst at the GS-13, Step 1 level to draft, review, and publish the listserv to announce the
We estimate that ONC would commit approximately 25 hours of staff time to manage the open application process, review applications and reach application decisions, which would include approximately: 20 hours by an analyst at the GS-13, Step 1 level; three hours by senior certification staff at the GS-14, Step 1 level; and two hours for review and approval by Immediate Office staff at the GS-15, Step 1 level. The hourly wage with benefits for a GS-13, Step 1 employee located in Washington, DC is approximately $88.30. The hourly wage with benefits for a GS-14, Step 1 employee located in Washington, DC is approximately $104.34. The hourly wage with benefits for a GS-15, Step 1 employee located in Washington, DC is approximately $122.74. Therefore, we estimate the annual cost savings to be $775.
Taking all of these potential costs savings into consideration, we estimate
In section III.B.4 of this proposed rule, we propose to remove the following certification criteria from the 2015 Edition: § 170.315(b)(4) “Common Clinical Data Set summary—create;” (b)(5) “Common Clinical Data Set summary—receive”, § 170.315(a)(10) “Drug formulary and preferred drug list checks,” § 170.315(a)(11) “Smoking status,”§ 170.315(a)(13) “Patient-specific education resources” and § 170.315(e)(2) “Secure messaging.”
For determining calculations for the majority of the proposed removal of certain 2015 Edition certification criteria, we used the assumptions below. For the proposed removal of § 170.315(b)(4) Common Clinical Data Set summary—create and (b)(5) Common Clinical Data Set summary—receive, we took a slightly different approach discussed in section 1.4.1.
In the 2015 Edition final rule, we estimated the costs for developing and preparing health IT to meet the 2015 Edition certification criteria. The development and preparation costs we estimated were derived through a health IT developer per criterion cost. We estimated the development and preparation costs over a four-year period and we projected the costs would be unevenly distributed. In figuring out the cost savings for the deregulatory actions, we initially used the distribution from the 2015 Edition, but then adjusted the percentages of development and preparation costs due to current empirical and anecdotal evidence. The distribution was reevaluated to account for 2019 and we estimate the actual development and preparation distribution for 2018 to be 35% and for 2019 to be 15%. We took the average development and preparation cost estimates (low and high) per criterion from Table 14 of the 2015 Edition final rule (80 FR 62737). We then used our new distribution to figure out the cost per year for years 2018 and 2019. We took the total estimated costs for 2018 and 2019 and divided that by 12 to determine the cost savings per month and took a range of 6-12 months.
To determine the testing costs of the deregulatory actions, we took the number of health IT developers who develop products for certification for the identified criteria from the 2015 Edition final rule and then figured out the average cost per criterion. Based on the costs that one of the ONC-ATLs charges for testing, we estimated the average cost for testing per criterion and determined subsequent cost savings. In 2017, only about five to ten percent of products have been tested and certified compared to the number of certified 2014 Edition products. Therefore, up to 90 to 95 percent of products remain to be tested and certified to the 2015 Edition.
We estimate the total cost savings by multiplying the number of health IT developers who developed products for certification to a certain criterion by the estimated cost per criterion, $475. We then took five percent of that number to figure out the high end for the cost savings. We then took 10 percent to figure out the low end. The five percent was derived from looking at the number of unique developers who have at least one active 2014 Edition product and the number of unique developers who have at least one active 2015 Edition. The denominator is the number of unique developers who have at least one active 2014 Edition product, which is 793. The numerator is the number of unique developers who have at least one active 2015 Edition product and one active 2014 edition product, which is 41. (41/793 = 0.0517024 or 5 percent).
We propose to remove the Common Clinical Data Set summary—create (§ 170.315(b)(4)) and Common Clinical Data Set summary—receive (§ 170.315(b)(5)) criteria.
We expect ONC to realize cost savings associated with internal infrastructure support and maintenance, which would include actions such as (1) developing and maintaining information regarding these criteria on the ONC website; (2) creating documents related to these criteria and making those documents 508 compliant; (3) updating, revising, and supporting Certification Companion Guides, test procedures, and test tools; and (4) responding to inquiries concerning these criteria. Based on ONC data on the number of inquiries received since early 2016, we estimate approximately 12 annual inquiries about § 170.315(b)(4) and (5) respectively (24 total inquiries for two criteria). We estimate it will take an analyst at the GS-13, Step 1 level an average of two hours to conduct all tasks associated with each inquiry. The hourly wage with benefits for a GS-13, Step 1 employee located in Washington, DC is approximately $88.30. Therefore, we estimate the annual cost savings to be $4,238.
We do not expect cost savings associated with software maintenance because both of these criteria incorporate the Common Clinical Data Set and essentially the same data input and validation requirements as the transitions of care criterion (§ 170.315(b)(1)). The removal of these two criteria would not affect the test data and software maintenance costs, as the same test data and software validation elements remain in § 170.315(b)(1) and the Common Clinical Data Set used in other criteria.
ONC-ACBs could realize minimal savings, as they would need to conduct slightly less surveillance based on the two products that are currently certified to these criteria. We expect these potential cost savings to be de minimis and have therefore not estimated them.
Taking all these potential costs savings into consideration, we estimate the overall annual costs savings for our proposal to remove the Common Clinical Data Set summary record certification criteria from the 2015 Edition to be $4,238. We welcome comments on the above estimates and methods we could use to better quantify these benefits.
We propose to remove the 2015 Edition “drug formulary and preferred drug list checks” criterion in § 170.315(a)(10)). To calculate the cost savings for removing this criterion, we used the 2015 Edition estimated costs for development and preparation for this criterion which were between $15,750 and $31,500. We believe that 35% of developers would be still newly certifying in 2018 and 15% in 2019 and applied the proportions respectively. We estimated the cost of development and preparation costs to be between $5,512.50 and $11,025 for 2018 and $2,362.50 and $4,725 for 2019. We calculated the cost per month for years 2018 and 2019 and using the high point estimates, estimated the development and preparation costs over a 6 to 12 month period between August 2018 to August 2019 to be between $4,068.75 and $6,825.
To calculate the cost for testing for this criterion, we multiplied the 5 developers that we estimated in the 2015 Edition to develop products to this criterion by our estimated cost to test per criterion of $475. The estimated cost per criterion was based on what one ONC-ATL charged for testing and averaged per criterion. To be conservative in our calculations, we reduced the number by 10% and 5% respectively resulting in $2,137.50 and $2,256.25.
Taking these estimated costs into account we expect cost savings to
We propose to remove the 2015 Edition “smoking status” criterion (§ 170.315(a)(11)), which would include removing it from the 2015 Edition Base EHR definition. To calculate the cost savings for removing this criterion, we used the 2015 Edition estimated costs of developing and preparing the criterion to the 2015 Edition, between $15,750 and $31,500 and estimated that 35% of developers would be newly certified in 2018 and 15% in 2019. We estimated the cost of development and preparation costs to be between $5,512.50 and $11,025 for 2018 and $2,362.50 and $4,725 for 2019. We calculated the cost per month for years 2018 and 2019 and using the high point estimates, estimated the development and preparation costs over a 6 to 12 month period between August 2018 and August 2019. We estimated the costs to be between $4,068.75 at 6 months and $6,825 at 12 months.
To calculate the cost for testing for this criterion, 5 developers were estimated in the 2015 Edition to develop products to this criterion. We multiplied the 5 developers by our estimated cost to test per criterion of $475. This estimated cost per criterion was based on what one ONC-ATL charged for testing and averaged per criterion. To be conservative, we reduced the number by 10% and 5% respectively resulting in $2,137.50 and $2,256.25.
Taking these estimated costs into account we expect cost savings to remove the 2015 Edition “smoking status” criterion to be between $8,962.50 and $9,081.25.
We propose to remove the 2015 Edition “patient-specific education resources” certification criterion (§ 170.315(a)(13)). To estimate the cost of removing this criterion, we used the 2015 Edition estimated costs for development and preparation which is between $4,709,880 and $6,279,840. We believe that 35% of developers would be still newly certifying in 2018 and 15% in 2019 and applied the proportions respectively. We estimated the cost of development and preparation to be between $1,648,458 and $2,197,944 for 2018 and $706,482 and $941,976 for 2019. We calculated the cost per month for years 2018 and 2019 and using the high point estimates, estimated the development and preparation costs over a 6 to 12 month period, within August 2018 to August 2019. We estimated the costs to be between $850,395 at 6 months and $1,360,632 at 12 months. To calculate the testing cost for this criterion, we multiplied the estimates from the 2015 Edition of 249 developers that we estimated would develop products to this criterion by our estimated cost to test per criterion of $475. The estimated cost per criterion was based on what one ONC-ATL charged for testing and averaged per criterion. To be conservative, we reduced the number by 10% and 5% respectively resulting in $106,447.50 and $112,361.25. Taking these estimated costs into account, we expect the cost savings of removing the 2015 Edition “Patient-specific education resources” criterion to be between $1,467,079.50 and $1,472,993.25.
We propose to remove the 2015 Edition “secure messaging” criterion (§ 170.315(e)(2)). To estimate the cost savings of removing this criterion, we used the estimates from the 2015 Edition final rule for development and preparation costs which is between $1,552,320 and $3,104,640. We estimated that 35% of developers would be still newly certifying in 2018 and 15% in 2019 and applied the proportions respectively. We estimated the cost of development and preparation costs to be between $543,312 and $1,086,624 for 2018 and $232,848 and $465,696 for 2019. We then calculated the cost per month for years 2018 and 2019 and using the high point estimates, estimated the development and preparation costs over a 6 to 12 month period, between August 2018 to August 2019 to be between $401,016 at 6 months and $672,672 at 12 months. To calculate the cost for testing this criterion, we multiplied the 246 developers that we estimated in the 2015 Edition would develop products to this criterion by our estimated cost to test per criterion of $475. The estimated cost per criterion was based on what one ONC-ATL charged for testing and averaged per criterion. To be conservative, we reduced the number by 10% and 5%, respectively, resulting in $105,165 and $111,007.50. Taking these estimated costs into account, we estimate the cost savings of removing the 2015 Edition “Secure messaging” criterion to be between $777,837 and $783,678.50.
We propose to remove § 170.523(k)(1)(iii)(B), which requires ONC-ACBs to ensure that certified health IT includes a detailed description of all known material information concerning limitations that a user may encounter in the course of implementing and using the certified health IT, whether to meet “meaningful use” objectives and measures or to achieve any other use within the scope of the health IT's certification. We also propose to remove § 170.523(k)(1)(iv)(B) and (C), which state that the types of information required to be disclosed include but are not limited to: (B) Limitations, whether by contract or otherwise, on the use of any capability to which technology is certified for any purpose within the scope of the technology's certification; or in connection with any data generated in the course of using any capability to which health IT is certified; (C) Limitations, including but not limited to technical or practical limitations of technology or its capabilities, that could prevent or impair the successful implementation, configuration, customization, maintenance, support, or use of any capabilities to which technology is certified; or that could prevent or limit the use, exchange, or portability of any data generated in the course of using any capability to which technology is certified.
To calculate the savings related to removing these two disclosure requirements, we estimated 830 products certified to the 2015 Edition. We did so by applying the market consolidation rate of −23.2% which was the rate observed between 2011 and 2014 Editions. Assuming that an ONC-ACB spends 1 hour on average reviewing costs, limitations and mandatory disclosures, we estimate the time saved by no longer having to review the limitations to be two-thirds of an hour. The hourly wage with benefits for a GS-13, Step 1 employee located in Washington, DC is approximately $88.30 and we assume this to be the hourly rate for an ONC-ACB reviewer. We multiplied 830, the projected number of certified products, by two- thirds of an hour and the assumed hourly rate and calculated the cost savings to be $48,859.
The following section details the costs and benefits for updates to the 2015 Edition health IT certification criteria, which includes (1) costs and benefits to update certain 2015 Edition criteria to due to the adoption of the United States Core Data for Interoperability (USCDI) as a standard and (2) costs for new 2015 Edition criteria for electronic health
In order to advance interoperability by ensuring compliance with new structured data and code sets that support the data, we propose in this proposed rule to remove the “Common Clinical Data Set” definition and its references from the 2015 Edition and replace it with the “United States Core Data for Interoperability” (USCDI) standard, naming Version 1 (v1) in § 170.213 and incorporating it by reference in § 170.299. The USCDI v1 establishes a minimum set of data classes (including structured data) that are required for health IT to be interoperable nationwide and is designed to be expanded in an iterative and predictable way over time.
The USCDI v1 adds 2 new data classes, “Clinical Notes” and “Provenance” that were not defined in the CCDS, which will require updates to the Consolidated Clinical Document Architecture (C-CDA) standard and updates to the following certification criteria: § 170.315(b)(1) (transitions of care); (e)(1) (view, download, and transmit to 3rd party); (g)(6) (Consolidated CDA creation performance); (f)(5) (transmission to public health agencies—electronic case reporting); and (g)(9) (application access—all data request). From our analysis of the C-CDA standard, we conclude that the requirements of “Provenance” data class are already met by the existing C-CDA standard, and will not require any new development. Therefore, we have estimated the proposed cost to health IT developers to add support for “Clinical Notes” data class in C-CDA, and the necessary updates to the affected certification criteria. These estimates are detailed in Table 7 below and are based on the following assumptions:
1.
2.
3. According to the May 2016 BLS occupational employment statistics, the mean hourly wage for a “Software Developer” is $50.14.
We estimate that the cost to a health IT developer to develop support for the additional USCDI data element would range from $190,532 to $481,344. Therefore, assuming 545 products, we estimate that the total annual cost to all health IT developers would, on average, range from $103.8 million to $262.3 million. This would be a one-time cost to developers per product that is certified to the specified certification criteria and would not be perpetual.
We believe this proposal would benefit health care providers, patients, and the industry as a whole. Clinical notes and provenance were included in the draft USCDI v1 based on significant feedback from the industry, which highly regarded their desirability as part of interoperable exchanges. The free text portion of the clinical notes was most often relayed by clinicians as the data they sought, but were often missing during electronic health information exchange. Similarly, the provenance of data was also referenced by stakeholders as a fundamental need to improve the trustworthiness and reliability of the data being exchanged. We expect improvements to interoperable exchange of information and data provenance to significantly benefit providers and patients. However, we are not aware of an approach for quantifying these benefits and welcome comments on potential approaches to quantifying these benefits.
We have proposed a new 2015 Edition certification criterion for “electronic health information export” in § 170.315(b)(10). The intent of this criterion is to provide patients and health IT users a means to efficiently export the entire electronic record for a single patient or all patients in a computable, electronic format. Further, it would facilitate the receiving health IT system's interpretation and use of the EHI to the extent reasonably practicable using the health IT developer's existing technology. This outcome would promote exchange, access, and use of electronic health information. It would also facilitate health care providers' ability to switch health IT systems or migrate electronic health information for use in other technologies. This proposed criterion supports two specific use cases. First, it supports the export for a single patient that would need to be enabled upon valid request from a user or a patient. Second, the EHI export functionality for all patients' data would support a health care provider or health system in switching health IT systems.
This section describes the estimated costs of the “electronic health information export” certification criterion. The cost estimates are based on the following assumptions:
1.
2.
3. According to the May 2016 BLS occupational employment statistics, the mean hourly wage for a “Software Developer” is $50.14.
Based on the stated assumptions and costs outlined in Table 8, the total estimated cost for health IT developers to develop products to the electronic health information export certification criterion will range from $17.5 million to $174.9 million. Assuming 458 health IT developers, there would be an average cost per health IT developer ranging from $38,185 to $381,852. The midpoint of ranges stated is used as the primary estimate of costs and benefits. We note that the development costs, which equal half of the total, would be a one-time cost and would not be perpetual.
There are a number of benefits to the electronic health information export functionality. In our analysis, we have calculated the benefits in terms of the reduced costs of the electronic health information export functionality compared to performing data export without the electronic health information export functionality. The benefit calculations below are based on the following assumptions:
1.
2.
3. According to the May 2016 BLS occupational employment statistics, the mean hourly wage for a “Software Developer” is $50.14.
Table 12 provides an example calculation for how we calculated our total costs presented in table 13.
We multiplied the costs to switch health IT by the estimated number of hospitals and clinical practices affected. Thus the estimated annual benefit, in terms of cost savings to hospitals and clinical practices would range from $240.7 million to $2.4 billion. If we assume, based on our upper bound estimates above, that the total cost to health IT developers is $174.9 million and that increased developer costs are passed to customers, then the net benefit to hospitals and clinical practices would range from $65.8 million to $2.2 billion. The midpoint of ranges stated is used as the primary estimate of costs and benefits.
Our proposals regarding APIs in this proposed rule reflect the full depth and scope of what we believe is necessary to implement the API Condition of Certification. We propose to include new standards, new implementation specifications, and a new certification criterion. Our proposal also includes a detailed Condition of Certification and associated Maintenance of Certification requirements, as well as a proposal to modify the Base EHR definition.
This section describes the potential costs of the API certification criterion. The cost estimates below are based on the following assumptions:
1.
2.
3. According to the May 2016 BLS occupational employment statistics, the mean hourly wage for a “Software Developer” is $50.14.
Table 15 provides an example calculation for how we calculated our total costs presented in Table 16.
We note that we have proposed to adopt in § 170.404(b)(3) a specific requirement that an API Technology Supplier must support the publication of Service Base URLs for all of its customers regardless of whether they are centrally managed by the API Technology Supplier or locally deployed. The API Technology Supplier must make such information publicly available at no charge. Thus, we are placing the responsibility of publishing the URLs on health IT developers and those costs are captured in the registration portal cost estimation in this RIA.
Based on the stated assumptions and costs outlined in Table 16, the total estimated costs for health IT developers to develop and maintain a product to the API criterion would range from $181.7 million to $414.0 million with an average cost per developer ranging from $461,228 to $1,050,656. We note that the “other costs,” which account for $2.1 million to $10.7 million of this total are one-time costs and are not perpetual. The midpoint of ranges stated is used as the primary estimate of costs and benefits.
The Medicare Access and CHIP Reauthorization Act (MACRA) tasks ONC with measuring interoperability in the health IT industry.
• Reduction in provider burden associated with locating patient data;
• Reduced costs related to reductions in duplicate lab tests, readmissions, emergency room (ER) visits, and adverse drug events due to increased interoperability. We focused on these outcomes for two reasons: (i) Evidence in literature indicates that health information exchange impacts the chosen measures; and (ii) cost of care associated with these measures is high and the impact of health information exchange is likely to result in significant benefits in the form of cost reduction.
• Increase in the number of individuals with access to their health information.
The benefit calculations are based on the following assumptions:
1.
2.
3.
As noted previously, there might be shared benefits across certain proposals and we have taken steps to ensure that the benefits attributed to each proposal are unique to the proposal referenced. Specifically, we used regression analysis to calculate the impact of our real world testing and API proposals on interoperability. We assumed that the collective impact of real world testing and API proposals on interoperability would not exceed the impact of 2014 Edition certified health IT. Therefore, we estimated linear probability models that identified the impact of 2014 Edition certified health IT on hospitals' interoperability.
While we acknowledge that there might be shared benefits across proposals, we have taken steps to ensure that the benefits attributed to each proposal is unique to the proposal referenced. We assumed that this marginal effect is true for our proposals and distributed the 5% benefit across our real world testing and API proposals at (.1-1%) to (1-4%) respectively. Moreover, the number of providers impacted is proposal specific. Given data limitations, we believe this approach allows us to estimate the benefits of our proposals without double counting the impact each proposal might have on interoperability.
The first table below shows benefits of APIs for providers where we monetize the impact of APIs as total amount saved by reducing provider time spent with the health IT. Sinsky et al found physicians spend 27% of their total time on direct clinical face time with patients, and 49.2% of their time on EHR and desk work.
Based on the above calculations, we estimate the annual benefit to health care providers for the use of the proposed API capabilities would, on average, range from $651 million to $3.3 billion. We estimate the annual benefit for patients and payers would, on average, range from $278 million to million to $1.1 billion. Therefore, we estimate the total annual benefit of APIs to, on average, range from $929 million to $4.4 billion. If we assume, based on our cost estimates, an annual cost to health IT developers of $414 million and that increased developer costs are passed to customers, then the net benefit to hospitals/providers would range from $515 million to $3.3 billion. The midpoint of ranges stated is used as the primary estimate of benefits.
As we stated above, for Table 17, we assume APIs provide both patients and clinicians with increased access to EHI, which will have a direct impact on physicians by making their work more efficient. Extrapolating the numbers from literature, we assume this technology will improve physicians' time by 1%-5%. Also as stated above, for Table 18, we assume APIs affect utilization through marginal improvements in interoperability. For this reason, in addition to APIs, we needed to incorporate the impact of interoperability on each of the outcomes. We request comment on these assumptions. Specifically, whether they are appropriate and whether there are alternative assumptions or bases upon which we should make our assumptions.
We expect additional benefits from the use of APIs could be derived from increased patient, and eventually payer, access to EHI. APIs make it easier for patients to transmit data to and from different sources. According to the Health Information National Trends Survey,
In addition, the use of APIs to support the exchange and analysis of payment related data (including price information) would improve cost transparency in the market, increase the availability of valuable information for payers and patients, and likely drive down health care prices. For instance, a recent study by the Minnesota Department of Health showed that the pricing for knee replacement surgery, which is a standard procedure in many hospitals, can vary significantly across practices in the same locality. The Minnesota study showed that Minnesota insurers paid as much as $47,000 for a patient's total knee replacement and as little as $6,200—a nearly eight-fold price difference. In addition to total knee replacements, the study found that total hip replacement costs ranged from $6,700 to $44,000, a 6
While the examples above emphasize procedures that tend to have defined end points, the eventual population health queries would more broadly allow payers and analytics firms working for employers to computationally examine the care providers render. Not only is price transparency currently missing from the marketplace, but for most inpatient care, the actual details of care are largely unobtainable through any APIs. However, we are not aware of an approach for quantifying these types of benefits and welcome comments on potential approaches to quantifying these benefits.
To be certified to the new privacy and security certification criteria, encrypt authentication credentials (§ 170.315(d)(12)) and multi-factor authentication (MFA) (§ 170.315(d)(13)), we are proposing to require health IT developers to assess their Health IT Modules' capabilities and attest “yes” or “no” to the certification criteria. As specified in section IV.C.3 of this proposed rule, we are proposing to make these certification criteria applicable to all Health IT Modules under the Program. For encrypt authentication credentials and multi-factor authentication, we are proposing to require a simple attestation. For MFA, we are also proposing to require that if the health IT developer attests to supporting MFA, the health IT developer would need to explain how it supports MFA. We also request public comment on whether there is value in adopting an MFA criterion and whether the health IT developer should explain how it supports MFA.
These criteria are not intended to place additional burden on health IT developers as they do not require new development or implementation. Rather, a health IT developer is only required to attest to whether they encrypt authentication credentials or support MFA. We expect the costs associated with attesting to these criteria to be de minimis because we do not expect additional forms to be required and expect minimal effort would be required to complete the attestation. We welcome comments on these expectations. The midpoint of ranges stated is used as the primary estimate of costs and benefits.
As stated previously, we are not requiring health IT developers to encrypt authentication credentials or support MFA. Instead, we are requiring they attest to whether they support the certification criteria or not. By requiring an attestation, we are promoting transparency, which might motivate some health IT developers that do not currently encrypt authentication credentials or support MFA to do so. If health IT developers are motivated by this criteria and ultimately do encrypt authentication credentials and/or support MFA, we acknowledge that there would be costs to do so; however, we assume that the benefits would substantially exceed the costs. Encrypting authentication credentials and adopting MFA would reduce the likelihood that authentication credentials would be compromised and would eliminate an unnecessary use of IT resources. Encrypting authentication credentials and adopting MFA could directly reduce providers' operating/support costs, which would reduce their administrative and financial burden. Encrypting authentication credentials would also help decrease costs and burden by reducing the number of password resets due to possible phishing or other vulnerabilities.
According to Verizon's 2017 Data Breach Investigations Report, 81% of hacking-related breaches leveraged either stolen and/or weak passwords.
We propose to remove the current 2015 Edition Data Segmentation for Privacy (DS4P)-send (§ 170.315(b)(7)) and DS4P-receive (§ 170.315(b)(8)) certification criteria which apply the DS4P standard at the document level. We propose to replace these two criteria with three new 2015 Edition DS4P certification criteria (two for C-CDA and one for FHIR) that would support a more granular approach to privacy tagging data for health information exchange supported by either the C-CDA- or FHIR-based exchange standards. In place of the removed 2015 Edition DS4P criteria, we propose to adopt new DS4P-send (§ 170.315(b)(12)) and DS4P-receive (§ 170.315(b)(13))
We anticipate this proposal could result in up-front costs to health IT developers as this new criteria would require the health IT to support all three levels—document, section, and entry—as specified in the current DS4P standard. However, we note that these criteria are not being required in any program at this time. As of the beginning of the third quarter of the 2018 CY, only about 20 products (products with multiple certified versions were counted once) were certified to the current 2015 Edition DS4P certification criteria. We estimate that 10-15 products will implement the new DS4P criteria. Developers may need to perform fairly extensive health IT upgrades to support the more complex and granular data tagging requirements under these criteria. We anticipate developers will need approximately 1,500-2,500 hours to upgrade databases and/or other backend infrastructure to appropriately apply security labels to data and/or develop access control capabilities. Moreover, developers will likely incur costs to upgrade health IT to generate a security-labeled C-CDA conforming to the DS4P standard. We estimate developers will need 400-600 hours per criterion to make these upgrades on systems that had previously certified to the document-level DS4P criteria, or 720-1,220 hours per criterion for systems that are implementing these criteria for the first time. We believe this work would be performed by a “Software Developer.” According to the May 2016 BLS occupational employment statistics, the mean hourly wage for software developer is $50.14. As noted previously, we have assumed that overhead costs (including benefits) are equal to 100% of pre-tax wages, so the hourly wage including overhead costs is $100.28. Therefore, we estimate the total cost to developers could range from $2,306,440 to $7,430,748. We note that this would be a one-time cost. The midpoint of ranges stated is used as the primary estimate of costs and benefits.
Additionally, our proposal supports the capability to respond to requests for patient consent information through an API compatible with FHIR Release 3. In order to meet the “consent management for APIs” criteria, developers would demonstrate compatibility with the standards framework used for the Consent Implementation Guide. We have estimated costs associated with this aspect of our proposal using the following assumptions:
1. We estimate developers will require 1,500-3,500 hours to upgrade health IT to align with the FHIR STU3 data model and develop a STU3 compatible FHIR server.
2. As with the two DS4P criteria, we anticipate developers will need approximately 1,500-2,500 hours to upgrade databases and/or other backend infrastructure to appropriately apply security labels to data and/or develop access control capabilities. We expect that this would be a one-time cost.
3. Because certification to this criterion is voluntary and because supporting this criterion requires implementation of a version of FHIR (STU3) that does not align with the other API criterion in this rule (based on DSTU2), we estimate the number of products that will support this criterion is approximately 5% of the total number of 2015 certified products. We used a proxy to determine the number of health IT developers that may develop an API for the 2015 Edition. There were 598 products and 506 developers with at least one 2014 Edition certified product that could perform transitions of care. We then multiplied this number by our certified health IT market consolidation estimates of −22.1% and −23.2% to project the number of 2015 developers and products, respectively; we estimate that 459 products from 394 developers will contain the API criterion. Therefore, we anticipate 23 products from 20 developers will certify to the “consent management for APIs” criterion. We believe this work would be performed by a “Software Developer.”
4. According to the May 2016 BLS occupational employment statistics, the mean hourly wage for a “Software Developer” is $50.14.
Our cost estimates are explained in the table below.
We believe this proposal involving standardized APIs, as well as the voluntary nature of the proposal, would significantly mitigate health IT developer costs. We also expect developers to see a return on their investment in developing and preparing their health IT for these certification criteria given the benefits to interoperable exchange. We welcome comments on this analysis.
We anticipate potential costs for ONC related to this proposal associated with: (1) Developing and maintaining information regarding these new criteria on the ONC website; (2) creating documents related to these new criteria and making those documents 508 compliant; (3) updating, revising, and supporting Certification Companion Guides, test procedures, and test tools; and (4) responding to inquiries concerning these criteria. We estimate an ONC analyst at the GS-13, Step 1 level staff would devote, on average, 200 hours to the above tasks annually. The hourly wage with benefits for a GS-13, Step 1 employee located in Washington, DC is approximately $88.30. Therefore, we estimate the annual costs to be $17,660.
We believe leveraging the DS4P standard's ability to allow for both document level and more granular tagging would offer functionality that is more valuable to providers and patients, especially given the complexities of the privacy landscape for multiple care and specialty settings. We also believe this proposal would benefit providers, patients, and ONC because it would support more complete records, contribute to patient safety, and enhance care coordination. We believe this proposal could also reduce burden for providers by enabling an automated option, rather relying on case-by-case manual redaction and subsequent workarounds to transmit redacted documents. We emphasize that health care providers already have processes and workflows to address their existing compliance obligations, which could be made more efficient and cost effective through the use of health IT. We expect these benefits for providers, patients, and ONC to be significant; however, we are unable to quantify these benefits at this time because we do not have adequate information to support quantitative estimates. We welcome comments regarding potential approaches for quantifying these benefits.
For a discussion of the costs and benefits of the exceptions to information blocking proposed in this rule, please see section (5) of this RIA.
We are proposing that health IT developers must make certain assurances as Conditions and Maintenance of Certification: (1) Assurances regarding the electronic health information export certification criterion in § 170.315(b)(10) and (2) assurances regarding retaining records and information.
We propose, as a Condition of Certification requirement, that a health IT system that produces and electronically manages electronic health information must be certified to the 2015 Edition “electronic health information export” certification criterion in § 170.315(b)(10). Further, as a Maintenance of Certification requirement, health IT developers must comply with this proposed Condition of Certification requirement within 24 months of a subsequent final rule's effective date or at the time of certification if the health IT developer never previously certified health IT to the 2015 Edition. As another Maintenance of Certification requirement, we propose that health IT developers must provide all of their customers with the functionality included in § 170.315(b)(10).
For a detailed discussion of the costs and benefits of the assurances regarding the electronic health information export certification criterion in § 170.315(b)(10), please see section 2.2 of this RIA above.
We propose that, as a Maintenance of Certification requirement, a health IT developer must, for a period of 10 years beginning from the date of certification, retain all records and information necessary that demonstrate initial and ongoing compliance with the requirements of the ONC Health IT Certification Program. In an effort to reduce administrative burden, we also propose, that in situations where applicable certification criteria are removed from the Code of Federal Regulations before the 10 years have expired, records must only be kept for 3 years from the date of removal for those certification criteria and related Program provisions unless that timeframe would exceed the overall 10-year retention period. This “3-year from the date of removal” records retention period also aligns with the records retention requirements for ONC-ACBs and ONC-ATLs under the Program.
Currently, there are no existing regulatory requirements regarding record and information retention by health IT developers. We expect the costs to developers to retain the records and information described above to be mitigated due to the following factors. First, we expect that health IT developers are already keeping the majority of their records and information in an electronic format. Second, we expect that health IT developers already have systems in place for retaining records and information. Last, we expect that some developers may already be retaining records and information for extended periods of time due to existing requirements of other programs, including for those programs their customers participate in. For instance, Medicaid managed care companies are required to keep records for ten years from the effective date of a contract.
We estimate that each health IT developer will, on average, spend two hours each week to comply with our proposed record retention requirement. We expect that a health IT developer's office clerk could complete the record retention responsibilities. According to
Health IT developers would need to notify their customers about the unenforceability of communications and contract provisions that violate this Condition of Certification. Generally, health IT developers should already have mechanisms in place, whether via online postings, email, mail, or phone, for alerting customers to changes in their policies and procedures. Such alerts should be standard practice. However, we have estimated the potential costs for health IT developers to draft the notice and mail the notice as appropriate. We estimate that a health IT developer's office clerk will commit (overall) approximately 40 hours to drafting and mailing notices when necessary. According to the May 2016 BLS occupational employment statistics, the mean hourly wage for an office clerk is $15.87.
We also note that mailing is one option for delivery, along with other means such as email. We do not have information concerning how health IT developers will deliver their notices. We have estimated a total cost for all developers to mail the notices (including postage) to be $80,000. Again, we note that this is a one-time cost. We welcome comments on these cost estimates.
In order to meet the Cures Act requirement that health IT developers do not prohibit or restrict communication regarding health IT, some health IT developers would eventually need to amend their contracts to reflect such a change. Many standard form health IT contracts limit the ability of users to voluntarily discuss problems or report usability and safety concerns that they experience when using their health IT. This type of discussion or reporting is typically prohibited through broad confidentiality, nondisclosure, and intellectual property provisions in the vendor's standard form health IT contract. Some standard form health IT contracts may also include non- disparagement clauses that prohibit customers from making statements that could reflect negatively on the health IT developer. These practices are often referred to colloquially in the industry as “gag clauses.” We expect amendments to these clauses to be accomplished in the normal course of business, such as when renegotiating contracts or updating them for HIPAA or other compliance requirements. As such, we do not estimate any direct or indirect costs for health IT developers to amend their contracts to comply with this condition of certification.
We expect health care providers to benefit from this proposal. There is growing recognition that these practices of prohibiting or restricting communication do not promote health IT safety or good security hygiene and that health IT contracts should support and facilitate the transparent exchange of information relating to patient care. We are unable to estimate these benefits because we do not have adequate information to determine the prevalence of gag clauses and other such restrictive practices, nor do we have a means to quantify the value to providers of being able to freely communicate and share information. We welcome comments on approaches to quantify these benefits.
For a discussion of the costs and benefits of the new API criterion, please see section 2.3 of this RIA.
We propose as part of the Conditions and Maintenance of Certification that API Technology Suppliers be required to make specific business and technical documentation necessary to interact with the APIs in production freely and publicly accessible. We expect that the API Technology Suppliers would perform the following tasks related to transparency of business and technical documentation and would devote the following number of hours annually to such task: (1) Health Level 7's (HL7®) Fast Healthcare Interoperability Resources (FHIR®) API documentation (the vendor would most likely point to the HL7 FHIR standard for API documentation) (estimated eight hours); (2) patient application registration documentation, which would include a development effort to create a website that manages the application registration activity (estimated 40 hours); (3) publication of the FHIR Endpoint—Base URLs for all centrally managed providers (estimated 40 hours); (4) publication of FHIR Endpoints for provider-managed APIs (estimated 160 hours); and (5) API cost information documentation, which would typically be documented as a tiered rate based on usage or some form of monthly rate (estimated 40 hours).
We believe each of the above tasks would be performed by a “Software Developer.” According to the May 2016 BLS occupational employment statistics, the mean hourly wage for software developer is $50.14
The objective of real world testing is to verify the extent to which deployed health IT products in operational production settings are demonstrating compliance to certification criteria and functioning with the intended use cases for continued maintenance of certification. Real world testing should ensure certified health IT products have the ability to share electronic health information between other systems. Real world testing should assess that the certified health IT is meeting the intended use case(s) of the certification criteria to which it is certified within the workflow, health IT architecture,
This section describes the potential costs of the real world testing requirements in this proposed rule. The costs estimates are based on the following assumptions:
1.
2.
The tables below describe the various costs to health IT developers to perform real world testing by task.
Based on the stated assumptions and costs outlined in the above tables, we estimate the total annual cost for real world testing would, on average, be $46 million with an average cost per developer of $107,259.
There are a number of benefits that can be attributed to real world testing. Real world testing may impact the effective integration of varied health IT systems, including integration of certified health IT with non-certified and ancillary technologies such as picture archiving and communications systems (PACS) or specialty specific interfaces. Real world testing might also have an effect on the effective implementation of workflows in a clinical setting. In this analysis, we have
1. Provider time saved documenting in their EHR due to improved usability.
2. Increased provider satisfaction with their EHR resulting in fewer providers incurring the costs of switching products.
3. Benefits related to reductions in duplicate lab tests, readmissions, ER visits, and adverse drug events due to increased interoperability. We focused on these outcomes for two reasons: (i) Evidence in literature indicate that health information exchange impacts the chosen measures; and (ii) cost of care associated with these measures is high and the impact of health information exchange is likely to result in significant benefits in the form of reduced costs.
The benefit calculations are based on the following assumptions:
1.
2.
3.
4.
5.
As noted previously in this analysis, we acknowledge that there might be shared benefits across certain proposals and have taken steps to ensure that the benefits attributed to each proposal are unique to the proposal referenced. Specifically, we used regression analysis to calculate the impact of our real world testing and API proposals on interoperability. We assumed that the real world testing and API proposals would collectively have the same impact on interoperability as use of 2014 Edition certified health IT. Therefore, we estimated linear probability models that identified the impact of 2014 Edition certified health IT on hospitals' interoperability.
While we acknowledge that there might be shared benefits across proposals, we have taken steps to ensure that the benefits attributed to each proposal is unique to the proposal referenced. We assumed that this marginal effect is true for our proposals and distributed the 5% benefit across our real world testing and API proposals at (.1-1%) to (1-4%) respectively. Moreover, the number of providers impacted is proposal specific. Given data limitations, we believe this approach allows us to estimate the benefits of our proposals without double counting the impact each proposal might have on interoperability.
The first table below shows benefits of real world testing for providers where we monetize the impact of real world testing as total amount saved by reducing provider time spent with the health IT. The impact of real world testing on provider time is expected to represent a larger impact (5%) than the impact of real world testing on health outcomes (1%-4%) and cost. This is primarily because provider behavior is more directly affected by improvements in interoperability.
Based on the stated assumptions and benefits outlined in Table 22 above, we estimate the total annual benefit for real world testing to providers would, on average, range from $105 million to $516 million. Based on the stated assumptions and benefits outlined in Table 23 above, we estimate the total annual benefit for patients and payers would, on average, range from $4.3 million to $25.5 million. Therefore, we estimate the total benefit of real world testing would, on average, range from $109.3 million to $541.5 million. If we assume, based on our cost estimates, the average annual costs to health IT developers would be $46 million and that increased health IT developer costs are passed to customers, then the net benefit to hospitals/providers would range from $63.3 million to $495.5 million.
We recognize that health IT developers may deploy their systems in a number of ways, including cloud-based deployments, and seek comment on whether our cost estimates of real world testing should factor in such methods of system deployment. For example, we request feedback about whether health IT developers would incur reduced real world testing costs through cloud-based deployments as opposed to other deployment methods. We specifically solicit comment on the general ratio of cloud-based to non-cloud-based deployments within the health care ecosystem and specific cost variations in performing real world testing based on the type of deployment. We also request comment on our assumptions about the burden to providers in time spent assisting health IT developers since we encourage health IT developers to come up with ways to perform real world testing that mitigate provider disruption.
We propose to revise the Principle of Proper Conduct in § 170.523(m) to require ONC-ACBs to collect, no less than quarterly, all updates successfully made to standards in certified health IT pursuant to the developers having opted to avail themselves of the Standards Version Advancement Process flexibility under the real world testing Condition of Certification. Under § 170.523(p), ONC-ACBs will be responsible for: (1) Reviewing and confirming that applicable health IT developers submit real world testing plans in accordance with § 170.405(b)(1); (2) reviewing and confirming that applicable health IT developers submit real world testing results in accordance with § 170.405(b)(2); and (3) submitting real world testing plans by December 15 and results by April 1 of each calendar year to ONC for public availability. In addition, under § 170.523(t), ONC-ACBs will be required to: (1) Maintain a record of the date of issuance and the content of developers' notices; and (2) timely post content of each notice on the CHPL.
Using the information from the “Real World Testing” section of this RIA, we estimate that 429 developers will be impacted by real world testing. We estimate that, on average, it will take an ONC-ACB employee at the GS-13, Step 1 level approximately 30 minutes to collect all updates made to standards in Health IT Modules in accordance with § 170.523(m). The hourly wage with benefits for a GS-13, Step 1 employee located in Washington, DC is approximately $88.30. Since the collection must occur no less than quarterly, we assume it occurs, on average, four times per year. Therefore, we estimate the annual cost to ONC-ACBs to comply with the collection requirements under § 170.523(m) to be $139,867.
We estimate that, on average, it will take an ONC-ACB employee at the GS-13, Step 1 level approximately 1 hour to review and confirm that applicable health IT developers submit real world testing plans in accordance with § 170.405(b)(1). We estimate that, on average, it will take an ONC-ACB employee at the GS-13, Step 1 level approximately 30 minutes to review and confirm that applicable health IT developers submit real world testing results in accordance with § 170.405(b)(2). We estimate that, on average, it will take an ONC-ACB employee at the GS-13, Step 1 level approximately 30 minutes to submit real world testing plans and results to ONC for public availability. The hourly wage with benefits for a GS-13, Step 1 employee located in Washington, DC is approximately $88.30. Therefore, we estimate the annual cost to ONC-ACBs to comply with the submission and reporting requirements under §§ 170.523(m) and 170.550(l) to be $143,891.
Throughout the RIA we have used 830 products as our 2015 Edition Projection. We came up with this projection by multiplying a −23.2% market consolidation rate from the total number of products certified to 2014 Edition. This assumption was based on the market consolidation rate observed between the 2011 and 2014 Editions. We have estimated the number of 2015 Edition products that will certify each criteria included in the real world testing Condition of Certification. We assume that there will be a cost associated with a notice for each certified criteria (even if an individual product were to update the same standard across multiple criteria that use that standard). This estimation was calculated by multiplying the current percent of 2015 Edition products that certify a criteria by the estimated number of total 2015 Edition products (830).
We assume that the amount of time for an ONC-ACB staff person to (1) maintain a record of the date of issuance and the content of developers' notices; and (2) to timely post content of each notice on the CHPL can be anywhere from 30 minutes to 1 hour.
The hourly wage with benefits for a GS-13, Step 1 employee located in Washington, DC is approximately $88.30. This was the hourly rate we used for the RIA, so it's consistent with prior calculations. This wage is used to determine the ONC-ACB time cost to complete this requirement under § 170.523(t). Our minimum estimate for the amount of time to comply is 30 minutes per notice. If 25% of certified products update any of the applicable standards, we estimate it will cost $58,807. If all products update any of the applicable standards, we estimate it will cost $235,231. Our maximum estimate for the amount of time to comply is 1 hour per notice. If 25% of certified products update any of the applicable standards, we estimate it will cost $117,615. If all products update any of the applicable standards, we estimate it will cost $470,462. Our lower bound estimate for the cost of this requirement is $58,807. Our upper bound estimate for the cost of this requirement is $470,462.
The Cures Act requires that a health IT developer, as a Condition and Maintenance of Certification under the Program, provide to the Secretary an attestation to all the Conditions and Maintenance of Certification specified in the Cures Act, except for the “EHR reporting program” Condition of Certification. It also requires that a health IT developer attest to ensuring that its health IT allows for health information to be exchanged, accessed, and used in the manner described by the API Condition of Certification. We propose to implement the Cures Act “attestations” Condition of Certification in § 170.406 by requiring health IT developers to attest to the aforementioned conditions. For the purposes of estimating the potential burden of these attestations on health IT developers, ONC-ACBs, and ONC, we are estimating that all health IT developers under the Program will submit an attestation biannually. As noted previously in this RIA, there are 792 health IT developers certified to the 2014 Edition.
We estimate it will take a health IT developer employee approximately one hour on average to prepare and submit each attestation to the ONC-ACB. According to the May 2016 BLS occupational employment statistics, the mean hourly wage for a software developer is $50.14
We propose that attestations would be submitted to ONC-ACBs on behalf of ONC and the Secretary. We assume there will be three ONC-ACBs as this is the current number of ONC-ACBs, and we also assume an equal distribution in responsibilities among ONC-ACBs. ONC-ACBs would have two responsibilities related to attestations. One responsibility we propose in § 170.523(q) is that an ONC-ACB must review and submit the health IT developers' attestations to ONC. We estimate it will take an ONC-ACB employee at the GS-13, Step 1 level approximately 30 minutes on average to review and submit each attestation to ONC. The other responsibility we propose in § 170.550(l) is that before issuing a certification, an ONC-ACB would need to ensure that the health IT developer of the Health IT Module has met its responsibilities related to the Conditions and Maintenance of Certification requirements as solely evidenced by its attestation. We estimate it will take an ONC-ACB
We propose that ONC would make the attestations publicly available on the CHPL once they are submitted by the ONC-ACBs. ONC posts information regularly to the CHPL and we estimate the added costs to post the attestation will be de minimis. We welcome comments if stakeholders believe more or less networks should be included in our estimate.
ONC's processes for overseeing the Conditions and Maintenance of Certification will, for the most part, mirror ONC's processes for direct review of non-conformities in certified health IT as described in current § 170.580. We have proposed that ONC may directly review a health IT developer's actions to determine whether they conform to the Conditions and Maintenance of Certification requirements proposed in this proposed rule. The estimated costs and benefits for such oversight and review are detailed below.
We estimated the potential monetary costs of our proposal to allow ONC to directly review a health IT developer's actions to determine whether the actions conform to the requirements of the Program as follows: (1) Costs for health IT developers to correct non-conforming actions identified by ONC; (2) costs for health IT developers and ONC related to ONC review and inquiry into non-conforming actions by the health IT developer; and (3) costs for ONC-ACBs related to the new proposed reporting requirement in the Principles of Proper Conduct in § 170.523(s).
We do not believe health IT developers face additional direct costs for the proposed ONC direct review of health IT developer actions (
If ONC identifies a non-conforming action by a health IT developer, the costs incurred by the health IT developer to bring its actions into conformance would be determined on a case-by-case basis. Factors that would be considered include, but are not limited to: (1) The extent of customers and/or business affected; (2) how pervasive the action(s) is across the health IT developer's business; (3) the period of time that the health IT developer was taking the action(s) in question; and (4) the corrective action required to resolve the issue. We are unable to reliably estimate these costs as we do not have cost estimates for a comparable situation. We request comment on existing relevant data and methods we could use to estimate these costs.
In order to calculate the potential costs to health IT developers and ONC related to ONC review and inquiry into health IT developer actions, we have created the following categories for potential costs: (1) ONC review and inquiry prior to the issuance of a notice of non-conformity; (2) ONC review and inquiry following the issuance of a notice of non-conformity and the health IT developer does not contest ONC's findings (
We anticipate that ONC will receive, on average, between 100 and 200 complaints per year concerning the Conditions and Maintenance of Certification that will warrant review and inquiry by ONC. We estimate that such initial review and inquiry by ONC would require, on average, two to three analysts at the GS-13 level working one to two hours each per complaint. The hourly wage with benefits for a GS-13, Step 1 employee located in Washington, DC is approximately $88.30. Therefore, we estimate each review and inquiry would cost ONC, on average, between $177 and $529. We estimate the total annual cost to ONC would, on average, range from $17,700 and $105,800. This range takes into account both the low end of reviews that are resolved quickly and the high end in which staff would need to discuss issues with ONC leadership or in some cases, HHS senior leadership including the Office of General Counsel. We have not estimated health IT developer costs associated with ONC review prior to the issuance of a notice of non-conformity because, in most cases, health IT developers are not required to take action prior to the notice of non-conformity.
This category would capture cases that require review and inquiry following ONC's issuance of a notice of non-conformity, but that would not proceed to the appeals process. Examples of such situations would include, but not be limited to: (1) A health IT developer violates a Condition of Certification and does not contest ONC's finding that it is in violation of the Condition of Certification; or (2) a health IT developer fails to meet a deadline, such as for its corrective action plan (CAP). We estimate that ONC will, on average, conduct between 12 and 18 of these reviews annually.
We estimate that a health IT developer may commit, on average and depending on complexity, between 10 and 40 hours of staff time per case to provide ONC with all requested records and documentation that ONC would use to review and conduct an inquiry into health IT developer actions, and, when necessary, make a certification ban and/or termination determination. We assumed that the work would be performed by a “Computer Systems Analyst.” According to the May 2016 BLS occupational employment statistics, the mean hourly wage for computer systems analyst is $44.05.
We estimate that ONC may commit, on average and depending on complexity, between 8 and 80 hours of staff time to complete a review and inquiry into health IT developer actions. We assume that the expertise of a GS-15, Step 1 federal employee(s) would be
We welcome comments on our estimated costs and any comparable processes and costs that we could use to improve our cost estimates.
As discussed in section VII.C of this preamble, we propose to permit a health IT developer to appeal an ONC determination to issue a certification ban and/or terminate a certification under § 170.581(a)(2)(iii). This category of cost calculations captures cases that require review and inquiry following ONC's issuance of a notice of non-conformity and where the health IT developer contests ONC's finding and files an appeal. We estimate that ONC will, on average, conduct between three and five of these reviews annually.
We estimate that a “Computer Systems Analyst” for the health IT developer may commit, on average and depending on complexity, between 20 and 80 hours to provide the required information to appeal a certification ban and/or termination under § 170.581(a)(2)(iii) and respond to any requests from the hearing officer. According to the May 2016 BLS occupational employment statistics, the mean hourly wage for a computer systems analyst is $44.05.
We estimate that ONC would commit, on average and depending on complexity, between 40 and 160 hours of staff time to conduct each appeal. This would include the time to represent ONC in the appeal and support the costs for the hearing officer. We assume that the expertise of a GS-15, Step 1 federal employee(s) would be necessary. The hourly wage with benefits for a GS-15, Step 1 employee located in Washington, DC is approximately $122.74. Therefore, based on the estimate on between three and five cases each year, we estimate the cost for ONC to conduct an appeal would, on average, range from $14,729 to $98,192. We note that some appeals may cost less and some may cost more than this estimated cost range. Further, we note that these costs would be perpetual.
Based on the above estimates, we estimate the total annual costs for health IT developers related to ONC review and inquiry into health IT developer actions would, on average, range from $15,858 to $98,672. We estimate the total annual costs for ONC related to ONC review and inquiry into health IT developer actions would, on average, range from $44,212 to $380,737.
We welcome comments on our estimated costs and any comparable processes and costs that we could use to improve our cost estimates.
We also note that ONC-ACBs could realize costs associated with the new proposed reporting requirement in the Principles of Proper Conduct in § 170.523(s) that they report, at a minimum, on a weekly basis to the National Coordinator any circumstances that could trigger ONC direct review per § 170.580(a)(2). We estimate that, on average, it will take an ONC-ACB employee at the GS-13, Step 1 level approximately 30 minutes to prepare the report. The hourly wage with benefits for a GS-13, Step 1 employee located in Washington, DC is approximately $88.30. Since the collection must occur no less than weekly, we will assume it occurs, on average, 52 times per year. Therefore, given that there are currently three ONC-ACBs, we estimate the annual cost to ONC-ACBs to comply with the reporting requirement under § 170.523(s) would, on average, be $6,889.
This proposed rule's provisions for ONC direct review of the Conditions and Maintenance of Certification requirements would promote health IT developers' accountability for their actions and ensure that health IT developers' actions conform with the requirements of the Cures Act and Conditions and Maintenance of Certification requirements in §§ 170.400-406. Specifically, ONC's direct review of health IT developer actions will facilitate ONC's ability to require comprehensive corrective action by health IT developers to address non-conforming actions determined by ONC. If ONC ultimately implements a certification ban and/or terminates a certification(s), such action will serve to protect the integrity of the Program and users of health IT. While we do not have available means to quantify the benefits of ONC direct review of health IT developer actions, we note that ONC direct review supports and enables the National Coordinator to fulfill his responsibilities under the HITECH Act and Cures Act, instills public confidence in the Program, and protects public health and safety.
We expect ONC to incur an annual cost for issuing guidance related to the information blocking “reasonable and necessary” exceptions. We assume that the guidance would be provided by ONC staff with the expertise of a GS-15, Step 1 federal employee(s). The hourly wage with benefits for a GS-15, Step 1 employee located in Washington, DC is approximately $122.74. We estimate it would take ONC staff between 200 and 400 hours to develop the guidance. Therefore, we estimate the annual cost to ONC would, on average, range from $98,192 to $196,384.
Information blocking not only interferes with effective health information exchange, but also negatively impacts many important aspects of health and health care. To make informed health care decisions, providers and individuals must have timely access to information in a form that is usable. When health information is unavailable, decisions can be impaired—and so too the safety, quality, and effectiveness of care provided to patients. Information blocking impedes progress towards reforming health care delivery and payment because sharing information seamlessly across the care continuum is fundamental to moving to a person-centered, high-performing health care system. Information blocking can undermine consumers' confidence in their health care providers by preventing individuals from accessing their health information and using it to make informed decisions
In addition, information blocking is a practice that is profoundly anti-consumer and anti-competition. Information blocking can be used to increase revenue, escalate prices, and prevent market competition both for current and future competitors and for new services. For instance, a study released in 2017 about the prevalence of information blocking and how to address it assessed the perceived motivations for information blocking. The study found that respondents perceived that information-blocking practices by health IT developers were often motivated by a desire to maximize short-term revenue and to increase the likelihood that providers will select their health IT instead of a competitor's health IT. Among hospitals and health systems, the most frequent perceived motivation was also related to improving revenue, namely to strengthen their competitive position in the market, followed by accommodating more important internal priorities than health information exchange.
According to leaders of health information exchange efforts, information blocking is relatively widespread.
• Deployment of products with limited interoperability (49%);
• High fees for health information exchange unrelated to cost (47%); and
• Making third-party access to standardized data difficult (42%).
Many hospitals have experienced the negative impacts of health IT developer information blocking practices. In 2015, almost half of hospitals (46%) nationwide reported difficulty exchanging data with providers whose health IT system differed from theirs and one-quarter of hospitals reported paying additional costs to exchange electronic health information with providers outside their hospital system.
We have also included provisions in this proposed rule that would establish exceptions to the definition of information blocking, which we estimate will generate significant net benefits. As noted above, section 3022 of the PHSA defines information blocking broadly section 3022(a)(3) instructs authorizes the Secretary to identify reasonable and necessary activities that would be considered establish exceptions to the definition of information blocking. In this rule, we propose to establish several exceptions. The exceptions, if finalized, would create clear guidelines for industry regarding pro-competitive and other beneficial activities and would enable stakeholders to determine more easily and with greater certainty whether their activities are excepted from the information blocking definition. The additional clarity provided by the exceptions would make it easier for these regulated entities to comply with the statute—resulting in reduced compliance costs—and would result in increased predictability, which would allow regulated entities to more effectively plan and invest resources in developing and using interoperable technologies and services to improve health care efficiency and value. Overall, the proposed exceptions are accommodating to legitimate industry practices for health IT developers, hospitals, and health care providers and, we believe, would ease the burden and compliance costs for these parties.
Due to limited data and research available, we have only estimated the benefits of our information blocking proposals for payers, specifically patients and insurers. In order to quantify the magnitude of information blocking and the benefits of restricting information blocking, we estimated the following expression, which gives us the imposed cost of information blocking for each health outcome: [% providers that engage in cross-vendor exchange] × [marginal effect (ME) of information blocking] × [ME effect of interoperability] × [total cost of health outcome].
We extracted the “ME effect of interoperability” and “cost of health outcomes” from academic literature (
We estimated the “ME of information blocking” through the following research design. We looked at hospitals that switched vendors and examined their referral patterns before and after the switch. If hospitals that switched vendors also had to change their referral patterns, this could be evidence of information blocking. To operationalize this experiment, we estimated the following equation:
In this equation, the variables are as follows:
We used CMS referral data and linked it with Healthcare Information and Management Systems Society (HIMSS) and AHA data for information on hospitals' vendors and other characteristics. Our estimate for “b” is 0.4 percentage points, meaning if a
Our estimates are detailed in the table below.
We request comment on our approach to estimating these benefits, as well as the benefit estimates in the table above.
We estimate that the total annual cost for this proposed rule for the first year after it is finalized (including one-time costs), based on the cost estimates outlined above and throughout this RIA, would, on average, range from $365 million to $919 million with an average annual cost of $642 million. We estimate that the total perpetual cost for this proposed rule (starting in year two), based on the cost estimates outlined above, would, on average, range from $228 million to $452 million with an average annual cost of $340 million. We also include estimates based on the stakeholder group affected. We estimate the total costs to health IT developers to be between $373 million and $933 million (including one-time and perpetual costs) with $569,000 in cost savings. We estimate the total costs to ONC-ACBs to be between $213,000 and $311,000. We estimate the government (ONC) costs to be between $44,800 and $269,000 while saving $4,500. In addition, to the above mentioned cost savings that are attributable to specific stakeholder groups, we estimate to an additional cost savings of $6.8 million to $13.7 million to all stakeholders affected by this proposal. We are unable to attribute these amounts to specific stakeholder groups.
We estimate the total annual benefit for this proposed rule, based on the benefit estimates outlined above, would range from $3.08 billion to $9.15 billion with an average annual benefit of $6.1 billion. We attribute between $756 million and $3.8 billion in benefits to hospitals and clinicians. We attribute between $2.1 billion and $2.9 billion to payers and patients. Our estimates include benefits attributed to the whole health care system, not just to the stakeholders mentioned above.
We estimate the total annual net benefit for this proposed rule for the first year after it is finalized (including one-time costs), based on the estimates outlined above, would range from $2.7 billion to $8.2 billion with an average net benefit of $5.5 billion. We estimate the total perpetual annual net benefit for this proposed rule (starting in year two), based on the estimates outlined above, would range from $2.9 billion to $8.7 billion with an average net benefit of $5.8 billion.
When a rule is considered an economically significant rule under Executive Order 12866, we are required to develop an accounting statement indicating the classification of the expenditures associated with the provisions of the proposed rule. Monetary annual benefits are presented as discounted flows using 3% and 7% factors in Table 25 below. We are not able to explicitly define the universe of
The Regulatory Flexibility Act (RFA) requires agencies to analyze options for regulatory relief of small businesses if a rule has a significant impact on a substantial number of small entities. The Small Business Administration (SBA) establishes the size of small businesses for federal government programs based on average annual receipts or the average employment of a firm.
While health IT developers that pursue certification of their health IT under the Program represent a small segment of the overall information technology industry, we believe that many health IT developers impacted by the requirements proposed in this proposed rule most likely fall under the North American Industry Classification System (NAICS) code 541511 “Custom Computer Programming Services.”
We estimate that the proposed requirements in this proposed rule would have effects on health IT developers, some of which may be small entities, that have certified health IT or are likely to pursue certification of their health IT under the Program. We believe, however, that we have proposed the minimum amount of requirements necessary to accomplish our primary policy goal of enhancing interoperability. Further, as discussed in section XIV.B of this RIA above, there are no appropriate regulatory or non-regulatory alternatives that could be developed to lessen the compliance burden associated with this proposed
We do not believe that the proposed requirements of this proposed rule would create a significant impact on a substantial number of small entities, but request comment on whether there are small entities that we have not identified that may be affected in a significant way by this proposed rule. Additionally, the Secretary proposes to certify that this proposed rule would not have a significant impact on a substantial number of small entities.
Executive Order 13132 establishes certain requirements that an agency must meet when it promulgates a proposed rule (and subsequent final rule) that imposes substantial direct requirement costs on state and local governments, preempts state law, or otherwise has federalism implications. Nothing in this proposed rule imposes substantial direct compliance costs on state and local governments, preempts state law, or otherwise has federalism implications. We are not aware of any state laws or regulations that are contradicted or impeded by any of the proposals in this proposed rule. We welcome comments on this assessment.
Section 202 of the Unfunded Mandates Reform Act of 1995 requires that agencies assess anticipated costs and benefits before issuing any rule that imposes unfunded mandates on state, local, and tribal governments or the private sector requiring spending in any one year of $100 million in 1995 dollars, updated annually for inflation. The current inflation-adjusted statutory threshold is approximately $150 million. While the estimated potential cost effects of this proposed rule reach the statutory threshold, we do not believe this proposed rule imposes unfunded mandates on state, local, and tribal governments or the private sector. We welcome comments on these conclusions.
Executive Order 13771 (January 30, 2017) requires that the costs associated with significant new regulations “to the extent permitted by law, be offset by the elimination of existing costs associated with at least two prior regulations.” The Department believes that this rule is a significant regulatory action as defined by Executive Order 12866 which imposes costs, and therefore is considered a regulatory action under Executive Order 13771. The Department estimates that this rule generates $275 million in annualized costs at a 7% discount rate, discounted relative to 2016, over a perpetual time horizon.
OMB reviewed this proposed rule.
Computer technology, Electronic health record, Electronic information system, Electronic transactions, Health, Health care, Health information technology, Health insurance, Health records, Hospitals, Incorporation by reference, Laboratories, Medicaid, Medicare, Privacy, Reporting and recordkeeping requirements, Public health, Security.
Computer technology, Electronic health record, Electronic information system, Electronic transactions, Health, Health care, Health care provider, Health information exchange, Health information technology, Health information network, Health insurance, Health records, Hospitals, Privacy, Reporting and recordkeeping requirements, Public health, Security.
For the reasons set forth in the preamble, 45 CFR subtitle A, subchapter D, is proposed to be amended as follows:
42 U.S.C. 300jj-11; 42 U.S.C 300jj-14; 5 U.S.C. 552.
The standards, implementation specifications, and certification criteria adopted in this part apply to Health IT Modules and the testing and certification of such Health IT Modules.
The revisions and additions read as follows:
(3) Has been certified to the certification criteria adopted by the Secretary in—
(i) Section 170.315(a)(1), (2), or (3); (5); (9); (14); (b)(1); (c)(1); (g)(7) and (9); and (h)(1) or (2);
(ii) Section 170.315(g)(8) or (10) until [24 months from the final rule's effective date]; and
(iii) Section 170.315(b)(10) and (g)(10) on and after [24 months from the final rule's effective date].
(i) Enables the secure exchange of electronic health information with, and use of electronic health information from, other health information technology without special effort on the part of the user;
(ii) Allows for complete access, exchange, and use of all electronically accessible health information for authorized use under applicable state or federal law; and
(iii) Does not constitute information blocking as defined in § 171.103 of this subchapter.
The revisions read as follows:
(a) * * *
(4) * * *
(i)
(ii) [Reserved]
(b) * * *
(1)
(h) * * *
(3) CMS Implementation Guide for Quality Reporting Document Architecture Category I Hospital Quality Reporting Implementation Guide for 2019 (incorporated by reference in § 170.299).
(k) * * *
(3) CMS Implementation Guide for Quality Reporting Document Architecture Category III Eligible Clinicians and Eligible Professionals Programs Implementation Guide for 2019 (incorporated by reference in § 170.299).
The Secretary adopts the following application programming interface (API) standards and associated implementation specifications:
(a)(1)
(2)
(3)
(4)
(5)
(b)
(c)(1)
(2)
The additions and revisions read as follows:
(e) * * *
(4) CMS Implementation Guide for Quality Reporting Document Architecture Category I Hospital Quality Reporting Implementation Guide for 2019, May 4, 2018, IBR approved for § 170.205(h).
(5) CMS Implementation Guide for Quality Reporting Document Architecture Category III Eligible Clinicians and Eligible Professionals Programs Implementation Guide for 2019, October 8, 2018, IBR approved for § 170.205(k).
(f) * * *
(30) HL7 CDA Release 2 Implementation Guide: C-CDA Templates for Clinical Notes R1 Companion Guide, Release 1, March 2017, IBR approved for § 170.205(a).
(31) HL7 Fast Healthcare Interoperability Resources (FHIR®) Release 2.0, Draft Standard for Trial Use (DSTU) Version 1.0.2-7202, October 24, 2015, IBR approved for § 170.215(a).
(32) HL7 Fast Healthcare Interoperability Resource Specification (FHIR®) Release 3 Standard for Trial Use (STU), Version 3.0.1, February 21, 2017, IBR approved for § 170.215(c).
(33) HL7 Fast Healthcare Interoperability Resources Specification (FHIR®) Release 4, Version 4.0.0,
(34) HL7 Implementation Specification—FHIR Profile: Consent2Share FHIR Consent Profile Design, December 11, 2017, IBR approved for § 170.215(c).
(35) HL7 CDA R2 Implementation Guide: C-CDA Supplemental Templates for Unique Device Identification (UDI) for Implantable Medical Devices, Release 1—US Realm, November 15, 2018, IBR approved for § 170.205.
(36) HL7 SMART Application Launch Framework Implementation Guide Release 1.0.0, November 13, 2018, IBR approved for § 170.215(a).
(g) HL7® FHIR® Foundation. 3300 Washtenaw Avenue, Suite 227, Ann Arbor, MI 48104; Telephone (734) 677-7777 or
(1) Argonaut Data Query Implementation Guide. Version 1.0.0, December 23, 2016, IBR approved for § 170.215(a).
(2) Argonaut Data Query Implementation Guide Server, Version 1.0.2, December 15, 2016, IBR approved for § 170.215(a).
(i) * * *
(4) OAuth 2.0 Dynamic Client Registration Protocol (RFC 7591), July 2015, IBR approved for § 170.215.
(l) * * *
(3) National Council for Prescription Drug Programs (NCPDP), Script Standard Implementation Guide, Version 2017071 (Approval Date for ANSI: July 28, 2017), IBR approved for § 170.205(b).
(n) * * *
(5) ONC United States Core Data for Interoperability (USCDI), Version 1 (v1), February 11, 2019, IBR approved for § 170.213; available at
(6) API Resource Collection in Health (ARCH) Version 1, February 1, 2019, IBR approved for § 170.215(a); available at
(p) OpenID Foundation, 2400 Camino Ramon, Suite 375, San Ramon, CA 94583, Telephone +1 925-275-6639,
(1) OpenID Connect Core 1.0 Incorporating Errata Set 1, November 8, 2014, IBR approved for § 170.215(b).
(2) [Reserved]
The revisions and additions read as follows:
(b) * * *
(1) * * *
(iii) * * *
(A) The data classes expressed in the standard in § 170.213 and, including as specified for the following data:
(4) [Reserved]
(5) [Reserved]
(6) [Reserved]
(7) [Reserved]
(8) [Reserved]
(9)
(i) The Care Plan document template, including the Health Status Evaluations and Outcomes Section and Interventions Section (V2), in the standard specified in § 170.205(a)(4); and
(ii) The standard in § 170.205(a)(4)(i).
(10)
(A) Enable a user to timely create an export file(s) with all of a single patient's electronic health information the health IT produces and electronically manages on that patient.
(B) A user must be able to execute this capability at any time the user chooses and without subsequent developer assistance to operate.
(C) Limit the ability of users who can create such export file(s) in at least one of these two ways:
(1) To a specific set of identified users.
(2) As a system administrative function.
(D) The export file(s) created must be electronic and in a computable format.
(E) The export file(s) format, including its structure and syntax, must be included with the exported file(s).
(ii)
(A) The export created must be electronic and in a computable format.
(B) The export's format, including its structure and syntax must be included with the export.
(iii)
(11)
(A) Ask mailbox (GetMessage).
(B) Relay acceptance of transaction (Status).
(C) Error response (Error).
(D) Create new prescriptions (NewRx, NewRxRequest, NewRxResponseDenied).
(E) Change prescriptions (RxChangeRequest, RxChangeResponse).
(F) Renew prescriptions (RxRenewalRequest, RxRenewalResponse).
(G) Resupply (Resupply).
(H) Return receipt (Verify).
(I) Cancel prescriptions (CancelRx, CancelRxResponse).
(J) Receive fill status notifications (RxFill, RxFillIndicatorChange).
(K) Drug administration (DrugAdministration).
(L) Transfer (RxTransferRequest, RxTransferResponse, RxTransferConfirm).
(M) Recertify (Recertification).
(N) Request and receive medication history (RxHistoryRequest, RxHistoryResponse).
(O) Complete risk evaluation and mitigation strategy transactions (REMSInitiationRequest, REMSInitiationResponse, REMSRequest, and REMSResponse).
(ii) For each transaction listed in paragraph (b)(11)(i) of this section, the technology must be able to receive and transmit the reason for the prescription using the diagnosis elements in DRU Segment.
(iii)
(iv) Limit a user's ability to prescribe all oral liquid medications in only metric standard units of mL (
(v) Always insert leading zeroes before the decimal point for amounts less than one and must not allow trailing zeroes after a decimal point when a user prescribes medications.
(12)
(13)
(i) Receive a summary record that is formatted in accordance with the standard adopted in § 170.205(a)(4) and (a)(4)(i) that is tagged as restricted at the document, section, and entry (data element) level and subject to restrictions on re-disclosure according to the standard adopted in § 170.205(o)(1); and
(ii) Preserve privacy markings to ensure fidelity to the tagging based on consent and with respect to sharing and re-disclosure restrictions.
(c) * * *
(3)
(d) * * *
(12)
(i) “Yes.” Health IT Module encrypts stored authentication credentials in accordance with standards adopted in § 170.210(a)(2).
(ii) “No.” Health IT Module does not encrypt stored authentication credentials.
(13)
(i) “Yes.” Health IT Module supports authentication through multiple elements the identity of the user with industry recognized standards.
(ii) “No.” Health IT Module does not support authentication through multiple elements the identity of the user with industry recognized standards.
(e) * * *
(1) * * *
(i) * * *
(A) * * *
(ii) * * *
(B) [Reserved]
(f) * * *
(5) * * *
(iii) * * *
(B) * * *
(1) The data classes expressed in the standard in § 170.213.
(g)
(2)
(3) * * *
(i) User-centered design processes must be applied to each capability technology includes that is specified in the following certification criteria: Paragraphs (a)(1) through (5), (9), and (14); and (b)(2), (3), and (11).
(6)
(i)
(A) Assessment and plan of treatment. In accordance with the “Assessment and Plan Section (V2)” of the standard specified in § 170.205(a)(4) and (a)(4)(i); or in accordance with the “Assessment Section (V2)” and “Plan of Treatment Section (V2)” of the standard specified in § 170.205(a)(4) and (a)(4)(i).
(B) Goals. In accordance with the “Goals Section” of the standard specified in § 170.205(a)(4) and (a)(4)(i).
(C) Health concerns. In accordance with the “Health Concerns Section” of the standard specified in § 170.205(a)(4) and (a)(4)(i).
(D) Unique device identifier(s) for a patient's implantable device(s). In accordance with the “Product Instance” in the “Procedure Activity Procedure Section” of the standard specified in § 170.205(a)(4) and (a)(4)(i).
(iv)
(8) [Reserved]
(9) * * *
(i) * * *
(A) Respond to requests for patient data (based on an ID or other token) for all of the data classes expressed in the standard in § 170.213 at one time and return such data (according to the specified standards, where applicable) in a summary record formatted according to the standard specified in § 170.205(a)(4) and (a)(4)(i) following the CCD document template, including as specified for the following data:
(1) Assessment and plan of treatment. In accordance with the “Assessment and Plan Section (V2)” of the standard specified in § 170.205(a)(4) and (a)(4)(i); or in accordance with the “Assessment Section (V2)” and “Plan of Treatment Section (V2)” of the standard specified in § 170.205(a)(4) and (a)(4)(i).
(2) Goals. In accordance with the “Goals Section” of the standard specified in § 170.205(a)(4) and (a)(4)(i).
(3) Health concerns. In accordance with the “Health Concerns Section” of the standard specified in § 170.205(a)(4) and (a)(4)(i).
(4) Unique device identifier(s) for a patient's implantable device(s). In accordance with the “Product Instance” in the “Procedure Activity Procedure Section” of the standard specified in § 170.205(a)(4) and (a)(4)(i).
(10)
(i)
(ii)
(iii)
(iv)
(v)
(A)
(B)
(vi)
(vii)
(1) API syntax, function names, required and optional parameters supported and their data types, return variables and their types/structures, exceptions and exception handling methods and their returns.
(2) The software components and configurations that would be necessary for an application to implement in order to be able to successfully interact with the API and process its response(s).
(3) All applicable technical requirements and attributes necessary for an application to be registered with an authorization server.
(B) The documentation used to meet paragraph (g)(10)(vii)(A) of this section must be available via a publicly accessible hyperlink.
(11)
(A) The standard adopted in § 170.215(c)(1); and
(B) The implementation specification adopted in § 170.215(c)(2).
(ii)
(1) API syntax, function names, required and optional parameters supported and their data types, return variables and their types/structures, exceptions and exception handling methods and their returns.
(2) The software components and configurations that would be necessary for an application to implement in order to be able to successfully interact with the API and process its response(s).
(3) All applicable technical requirements and attributes necessary for an application to be registered with an authorization server.
(B) The documentation used to meet paragraph (g)(11)(ii)(A) of this section must be available via a publicly accessible hyperlink.
This subpart implements section 3001(c)(5)(D) of the Public Health Service Act by setting forth certain Conditions and Maintenance of Certification requirements for health IT developers participating in the ONC Health IT Certification Program.
(a)
(b)
(a)
(2) A health IT developer must ensure that its health IT certified under the ONC Health IT Certification Program conforms to the full scope of the certification criteria.
(3) A health IT developer must not take any action that could interfere with a user's ability to access or use certified capabilities for any purpose within the scope of the technology's certification.
(4) A health IT developer that manages electronic health information must certify health IT to the certification criterion in § 170.315(b)(10).
(b)
(i) A period of 10 years beginning from the date each of a developer's health IT is first certified under the Program; or
(ii) If for a shorter period of time, a period of 3 years from the effective date that removes all of the certification criteria to which the developer's health IT is certified from the Code of Federal Regulations.
(2) A health IT developer that must comply with the requirements of paragraph (a)(4) of this section must provide all of its customers of certified health IT with the health IT certified to the certification criterion in § 170.315(b)(10) within 24 months of this final rule's effective date or within 12 months of certification for a health IT developer that never previously certified health IT to the 2015 Edition, whichever is longer.
(a)
(i) The usability of its health IT;
(ii) The interoperability of its health IT;
(iii) The security of its health IT;
(iv) Relevant information regarding users' experiences when using its health IT;
(v) The business practices of developers of health IT related to exchanging electronic health information; and
(vi) The manner in which a user of the health IT has used such technology.
(2) A health IT developer must not engage in any practice that prohibits or restricts a communication regarding the subject matters enumerated in paragraph (a)(1) of this section, unless the practice is specifically permitted by this paragraph and complies with all applicable requirements of this paragraph.
(i)
(A) Making a disclosure required by law;
(B) Communicating information about adverse events, hazards, and other unsafe conditions to government agencies, health care accreditation organizations, and patient safety organizations;
(C) Communicating information about cybersecurity threats and incidents to government agencies;
(D) Communicating information about information blocking and other unlawful practices to government agencies; or
(E) Communicating information about a health IT developer's failure to comply with a Condition of Certification, or with any other requirement of this part, to ONC or an ONC-ACB.
(ii)
(A)
(B)
(C)
(1) A health IT developer does not prohibit or restrict, or purport to prohibit or restrict, communications that would be a fair use of a copyright work; and
(2) A health IT developer does not prohibit the communication of screenshots of the developer's health IT, subject to the limited restrictions described in paragraph (a)(2)(ii)(D) of this section.
(D)
(1) Not alter screenshots, except to annotate the screenshot, resize it, or to redact the screenshot in accordance with § 170.403(a)(2)(ii)(D)(3) or to conceal protected health information;
(2) Not infringe the intellectual property rights of any third parties, provided that—
(i) The developer has used all reasonable endeavors to secure a license (including the right to sublicense) in respect to the use of the third-party rights by communicators for purposes of the communications protected by this Condition of Certification;
(ii) The developer does not prohibit or restrict, or purport to prohibit or restrict, communications that would be a fair use of a copyright work;
(iii) The developer has put all potential communicators on sufficient written notice of each aspect of its screen display that contains third-party content that cannot be communicated because the reproduction would infringe the third-party's intellectual property rights; and
(iv) Communicators are permitted to communicate screenshots that have been redacted to not disclose third-party content; and
(3) Redact protected health information, unless the individual has provided all necessary consents or authorizations or the communicator is otherwise authorized, permitted, or required by law to disclose the protected health information.
(E)
(b)
(i) Within six months of the effective date of the final rule that any communication or contract provision that contravenes paragraph (a) of this section will not be enforced by the health IT developer.
(ii) Within one year of the final rule, and annually thereafter until paragraph (b)(2)(ii) of this section is fulfilled, that any communication or contract provision that contravenes paragraph (a) of this section will not be enforced by the health IT developer.
(2)
(ii) If a health IT developer has a contract or agreement in existence at the time of the effective date of this final rule that contravenes paragraph (a) of this section, then the developer must in a reasonable period of time, but not later than two years from the effective date of this rule, amend the contract or agreement to remove or void the contractual provision that contravenes paragraph (a) of this section.
The following Condition of Certification applies to developers of Health IT Modules certified to any of the certification criteria adopted in § 170.315(g)(7) through (11).
(a)
(2)
(ii)
(1) Develop software applications to interact with the API technology;
(2) Distribute, deploy, and enable the use of software applications in production environments that use the API technology;
(3) Use software applications, including to access, exchange, and use electronic health information by means of the API technology;
(4) Use any electronic health information obtained by means of the API technology; and
(5) Register software applications.
(B)
(1) The persons or classes of persons to whom the fee applies;
(2) The circumstances in which the fee applies; and
(3) The amount of the fee, which for variable fees must include the specific variable(s) and methodology(ies) that will be used to calculate the fee.
(C)
(3)
(B) For all permitted fees, an API Technology Supplier must:
(1) Ensure that fees are based on objective and verifiable criteria that are uniformly applied for all substantially similar or similarly situated classes of persons and requests.
(2) Ensure that fees imposed on API Data Providers are reasonably related to the API Technology Supplier's costs of supplying and, if applicable, supporting API technology to, or at the request of, the API Data Provider to whom the fee is charged.
(ii)
(iii)
(A) Any costs incurred by the API Technology Supplier to support uses of the API technology that facilitate a patient's ability to access, exchange, or use their electronic health information;
(B) Costs associated with intangible assets (including depreciation or loss of value), except the actual development or acquisition costs of such assets; or
(C) Opportunity costs, except for the reasonable forward-looking cost of capital.
(iv)
(v)
(4)
(i)
(B) The terms on which an API Technology Supplier provides API technology must be based on objective and verifiable criteria that are uniformly applied for all substantially similar or similarly situated classes of persons and requests.
(C) An API Technology Supplier must not offer different terms or service on the basis of:
(1) Whether the API User with whom an API Data Provider has a relationship is a competitor, potential competitor, or will be using electronic health information obtained via the API technology in a way that facilitates competition with the API Technology Supplier.
(2) The revenue or other value the API User with whom an API Data Provider has a relationship may derive from access, exchange, or use of electronic health information obtained by means of API technology.
(ii)
(1) For the purposes of developing products or services that are designed to be interoperable with the API Technology Supplier's health information technology or with health information technology under the API Technology Supplier's control;
(2) Any marketing, offering, and distribution of interoperable products and services to potential customers and users that would be needed for the API technology to be used in a production environment; and
(3) Enabling the use of the interoperable products or services in production environments, including accessing and enabling the exchange and use of electronic health information.
(B) An API Technology Supplier must not condition any of the rights described in paragraph (a)(4)(ii)(A) of this section on the requirement that the recipient of the rights do, or agree to do, any of the following:
(1) Pay a fee to license such rights, including but not limited to a license fee, royalty, or revenue-sharing arrangement.
(2) Not compete with the API Technology Supplier in any product, service, or market.
(3) Deal exclusively with the API Technology Supplier in any product, service, or market.
(4) Obtain additional licenses, products, or services that are not related to or can be unbundled from the API technology.
(5) License, grant, assign, or transfer any intellectual property to the API Technology Supplier.
(6) Meet additional developer or product certification requirements.
(7) Provide the API Technology Supplier or its technology with reciprocal access to application data.
(iii)
(A)
(B)
(b)
(2)
(3)
(a)
(b)
(i) The plan must be approved by a health IT developer authorized representative capable of binding the health IT developer for execution of the plan and include the representative's contact information.
(ii) The plan must include all health IT certified to the 2015 Edition through August 31st of the preceding year.
(iii) The plan must address the following for each of the certification criteria identified in paragraph (a) of this section that are included in the Health IT Module's scope of certification:
(A) The testing method(s)/methodology(ies) that will be used to demonstrate real world interoperability and conformance to the certification criteria's requirements, including scenario- and use case-focused testing;
(B) The care setting(s) that will be tested for real world interoperability and an explanation for the health IT developer's choice of care setting(s) to test;
(C) The timeline and plans for any voluntary updates to standards and implementation specifications that the National Coordinator has approved through the Standards Version Advancement Process.
(D) A schedule of key real world testing milestones;
(E) A description of the expected outcomes of real world testing;
(F) At least one measurement/metric associated with the real world testing; and
(G) A justification for the health IT developer's real world testing approach.
(2)
(i) The method(s) that was used to demonstrate real world interoperability;
(ii) The care setting(s) that was tested for real world interoperability;
(iii) The voluntary updates to standards and implementation specifications that the National Coordinator has approved through the Standards Version Advancement Process.
(iv) A list of the key milestones met during real world testing;
(v) The outcomes of real world testing including a description of any challenges encountered during real world testing; and
(vi) At least one measurement/metric associated with the real world testing.
(3)
(i) Update their certified health IT to be compliant with the revised versions of these criteria adopted in this final rule; and
(ii) Provide its customers of the previously certified health IT with certified health IT that meets paragraph (b)(3)(i) of this section within 24 months of the effective date of this final rule.
(4)
(i) Update their certified health IT to be compliant with the revised versions of these criteria adopted in this final rule; and
(ii) Provide its customers of the previously certified health IT with certified health IT that meets paragraph (b)(4)(i) of this section within 24 months of the effective date of this final rule.
(5)
(i) Provide advance notice to all affected customers and its ONC-ACB—
(A) Expressing its intent to update the software to the more advanced version of the standard approved by the National Coordinator;
(B) The developer's expectations for how the update will affect interoperability of the affected Health IT Module as it is used in the real world;
(C) Whether the developer intends to continue to support the certificate for the existing certified Health IT Module version for some period of time and how long or if the existing certified Health IT Module version will be deprecated; and
(ii) Successfully demonstrate conformance with approved more recent versions of the standard(s) or implementation specification(s) included in applicable 2015 Edition certification criterion specified in paragraph (a) of this section.
(a)
(1) Having not taken any action that constitutes information blocking as defined in 42 U.S.C. 300jj-52 and § 171.103;
(2) Having provided assurances satisfactory to the Secretary that they will not take any action that constitutes information blocking as defined in 42 U.S.C. 300jj-52 and § 171.103, unless for legitimate purposes specified by the Secretary; or any other action that may inhibit the appropriate exchange, access, and use of electronic health information;
(3) Not prohibiting or restricting the communications regarding—
(i) The usability of its health IT;
(ii) The interoperability of its health IT;
(iii) The security of its health IT;
(iv) Relevant information regarding users' experiences when using its health IT;
(v) The business practices of developers of health IT related to exchanging electronic health information; and
(vi) The manner in which a user of the health IT has used such technology; and
(4) Having published application programming interfaces (APIs) and allowing health information from such technology to be accessed, exchanged, and used without special effort through the use of application programming interfaces or successor technology or standards, as provided for under applicable law, including providing access to all data elements of a patient's electronic health record to the extent permissible under applicable privacy laws;
(5) Ensuring that its health IT allows for health information to be exchanged, accessed, and used, in the manner described in paragraph (a)(4) of this section; and
(6) Having undertaken real world testing of its Health IT Module(s) for interoperability (as defined in 42 U.S.C. 300jj(9)) in the type of setting in which such Health IT Module(s) will be/is marketed.
(b)
(2) A health IT developer must attest semiannually to compliance with §§ 170.401 through 170.405 for all its health IT that had an active certification at any time under the ONC Health IT Certification Program during the prior six months.
(a) Correspondence and communication with ONC or the National Coordinator shall be conducted by email, unless otherwise necessary or specified. The official date of receipt of any email between ONC or the National Coordinator and an applicant for ONC-ACB status, an applicant for ONC-ATL status, an ONC-ACB, an ONC-ATL, health IT developer, or a party to any proceeding under this subpart is the date on which the email was sent.
(b) In circumstances where it is necessary for an applicant for ONC-ACB status, an applicant for ONC-ATL status, an ONC-ACB, an ONC-ATL, health IT developer, or a party to any proceeding under this subpart to correspond or communicate with ONC or the National Coordinator by regular, express, or certified mail, the official date of receipt for all parties will be the date of the delivery confirmation to the address on record.
(a) * * *
(3) Documentation that confirms that the applicant has been accredited to ISO/IEC 17065, with an appropriate scope, by any accreditation body that is a signatory to the Multilateral Recognition Arrangement (MLA) with the International Accreditation Forum (IAF) (incorporated by reference in § 170.599).
The revisions and additions read as follows:
(a)
(f)
(2) [Reserved]
(g)
(2) Make the records available to HHS upon request during the retention period described in paragraph (g)(1) of this section;
(h)
(1) Tested, using test tools and test procedures approved by the National Coordinator, by an:
(i) ONC-ATL;
(ii) ONC-ATL, NVLAP-accredited testing laboratory under the ONC Health IT Certification Program, and/or an ONC-ATCB for the purposes of performing gap certification; or
(2) Evaluated by it for compliance with a conformance method approved by the National Coordinator.
(k)
(1) * * *
(ii) For a Health IT Module certified to 2015 Edition health IT certification criteria, the information specified by paragraphs (f)(1)(i), (vi) through (viii), (xv), and (xvi) of this section as applicable for the specific Health IT Module.
(iii) In plain language, a detailed description of all known material information concerning additional types of costs or fees that a user may be required to pay to implement or use the Health IT Module's capabilities, whether to meet provisions of HHS programs requiring the use of certified health IT or to achieve any other use within the scope of the health IT's certification. The additional types of costs or fees required to be disclosed include but are not limited to costs or fees (whether fixed, recurring, transaction-based, or otherwise) imposed by a health IT developer (or any third party from whom the developer purchases, licenses, or obtains any technology, products, or services in connection with its certified health IT) to purchase, license, implement, maintain, upgrade, use, or otherwise enable and support the use of capabilities to which health IT is certified; or in connection with any data generated in the course of using any capability to which health IT is certified.
(2) [Reserved]
(3) [Reserved]
(4) A certification issued to a Health IT Module based solely on the applicable certification criteria adopted by the ONC Health IT Certification Program must be separate and distinct from any other certification(s) based on other criteria or requirements.
(m) * * *
(1) All adaptations of certified Health IT Modules;
(2) All updates made to certified Health IT Modules affecting the capabilities in certification criteria to which the “safety-enhanced design” criteria apply;
(3) All updates made to certified Health IT Modules in compliance with § 170.405(b)(3) and (4); and;
(4) All voluntary standards updates successfully made to certified Health IT Modules per § 170.405(b)(5).
(p)
(2) Review and confirm that applicable health IT developers submit real world testing results in accordance with § 170.405(b)(2).
(3) Submit real world testing plans by December 15 of each calendar year and results by April 1 of each calendar year to ONC for public availability.
(q)
(r)
(1) In good standing under the ONC Health IT Certification Program, and
(2) Compliant with its ISO 17025 accreditation requirements.
(s)
(t)
(1) Maintain a record of the date of issuance and the content of developers' § 170.405(b)(5) notices; and
(2) Timely post content of each § 170.405(b)(5) notice received publicly on the CHPL attributed to the certified Health IT Module(s) to which it applies.
(f)
(2) Make the records available to HHS upon request during the retention period described in paragraph (f)(1) of this section;
The additions and revisions read as follows:
(e) ONC-ACBs must provide an option for certification of Health IT Modules to any one or more of the criteria referenced in § 170.405(a) based on newer versions of standards included in the criteria which have been approved by the National Coordinator for use in certification through the Standards Version Advancement Process.
(f) [Reserved]
(g) * * *
(5) Section 170.315(b)(10) when the health IT developer of the health IT presented for certification produces and electronically manages electronic health information.
(h) * * *
(3) * * *
(i) Section 170.315(a)(1) through (3), (5) through (8), (11), and (12) are also certified to the certification criteria specified in § 170.315(d)(1) through (7). Section 170.315(a)(4), (9), (10), and (13) are also certified to the certification criteria specified in § 170.315(d)(1) through (3), and (5) through (7).
(iii) Section 170.315(c) is also certified to the certification criteria specified in § 170.315(d)(1), (2)(i)(A), (B), (ii) through (v), (3), and (5);
(v) Section 170.315(e)(2) and (3) is also certified to the certification criteria specified in § 170.315(d)(1), (d)(2)(i)(A), (B), (ii) through (v), (3), (5), and (9);
(vii) Section 170.315(g)(7) through (11) is also certified to the certification criteria specified in § 170.315(d)(1) and (9); and (d)(2)(i)(A), (2)(i)(B), 2(ii) through (v), or (10);
(viii) Section 170.315(h) is also certified to the certification criteria specified in § 170.315(d)(1), (2)(i)(A), (2)(i)(B), (2)(ii) through (v), and (3); and
(ix) If applicable, any criterion adopted in § 170.315 is also certified to the certification criteria specified in § 170.315(d)(12) and/or (13).
(l)
(b) * * *
(1) ONC-ACBs are not required to certify Complete EHRs and/or Health IT Module(s) according to newer versions of standards adopted and named in subpart B of this part, unless:
(i) The National Coordinator identifies a new version through the Standards Version Advancement Process and a health IT developer voluntarily elects to update its certified health IT to the new version in accordance with § 170.405(b)(5); or
(ii) The new version is incorporated by reference in § 170.299.
(a)
(c)
(2) [Reserved]
The additions and revisions read as follows:
(a) * * *
(1)
(2) * * *
(i)
(ii)
(iii)
(3) * * *
(i) ONC's review of certified health IT or a health IT developer's actions or practices is independent of, and may be in addition to, any surveillance of certified health IT conducted by an ONC-ACB.
(4)
(ii) ONC may rely on Office of Inspector General findings to form the basis of a direct review action.
(iv) An ONC-ACB and ONC-ATL shall provide ONC with any available information that ONC deems relevant to its review of certified health IT or a health IT developer's actions or practices.
(v) ONC may end all or any part of its review of certified health IT or a health IT developer's actions or practices under this section at any time and refer the applicable part of the review to the relevant ONC-ACB(s) if ONC determines that doing so would serve the effective administration or oversight of the ONC Health IT Certification Program.
(b) * * *
(1) * * *
(i)
(iii) * * *
(D) Issue a notice of proposed termination if the health IT is under review in accordance with paragraphs (a)(2)(i) or (ii) of this section.
(2) * * *
(i)
(
(i) All records related to the development, testing, certification, implementation, maintenance and use of its certified health IT;
(ii) Any complaint records related to the certified health IT;
(iii) All records related to the Condition(s) and Maintenance of Certification requirements, including marketing and distribution records, communications, and contracts; and
(iv) Any other relevant information.
(c) * * *
(1)
(e) * * *
(1)
(f) * * *
(1)
(i) A determination is made that termination is appropriate after considering the information provided by the health IT developer in response to the proposed termination notice;
(ii) The health IT developer does not respond in writing to a proposed termination notice within the timeframe specified in paragraph (e)(3) of this section; or
(iii) A determination is made that the health IT developer is noncompliant with a Condition or Maintenance of Certification requirement under subpart D of this part or for the following circumstances when ONC exercises direct review under paragraph (a)(2)(iii) of this section:
(A) The health IT developer fails to timely respond to any communication from ONC, including, but not limited to:
(1) Fact-finding;
(2) A notice of potential non-conformity within the timeframe established in accordance with paragraph (b)(1)(ii)(A)(
(3) A notice of non-conformity within the timeframe established in accordance with paragraph (b)(2)(ii)(A)(
(B) The information or access provided by the health IT developer in response to any ONC communication, including, but not limited to: Fact-finding, a notice of potential non-conformity, or a notice of non-conformity is insufficient or incomplete;
(C) The health IT developer fails to cooperate with ONC and/or a third party acting on behalf of ONC;
(D) The health IT developer fails to timely submit in writing a proposed corrective action plan;
(E) The health IT developer fails to timely submit a corrective action plan that adequately addresses the elements required by ONC as described in paragraph (c) of this section;
(F) The health IT developer does not fulfill its obligations under the corrective action plan developed in accordance with paragraph (c) of this section; or
(G) ONC concludes that the non-conformity(ies) cannot be cured.
(g) * * *
(1)
(i) ONC incorrectly applied ONC Health IT Certification Program requirements for a
(A) Suspension;
(B) Termination; or
(C) Certification ban under § 170.581(a)(2); or
(2)
(i) Termination;
(ii) Suspension; or
(iii) Certification ban under § 170.581(a)(2).
(3) * * *
(i) A statement of intent to appeal must be filed within 10 days of a health IT developer's receipt of the notice of:
(A) Suspension;
(B) Termination; or
(C) Certification ban under § 170.581(a)(2).
(4)
(ii) A request for appeal does not stay the suspension of a Health IT Module.
(iii) A request for appeal stays a certification ban issued under § 170.581(a)(2).
(5) * * *
(i) The hearing officer may not review an appeal in which he or she participated in the initial suspension, termination, or certification ban determination or has a conflict of interest in the pending matter.
(6) * * *
(v) ONC will have an opportunity to provide the hearing officer with a written statement and supporting documentation on its behalf that clarifies, as necessary, its determination to suspend or terminate the certification or issue a certification ban.
(a)
(1) The certification of one or more of the health IT developer's Complete EHRs or Health IT Modules is:
(i) Terminated by ONC under the ONC Health IT Certification Program;
(ii) Withdrawn from the ONC Health IT Certification Program by an ONC-ACB because the health IT developer requested it to be withdrawn when the health IT developer's health IT was the subject of a potential non-conformity or non-conformity as determined by ONC;
(iii) Withdrawn by an ONC-ACB because of a non-conformity with any of the certification criteria adopted by the Secretary under subpart C of this part;
(iv) Withdrawn by an ONC-ACB because the health IT developer requested it to be withdrawn when the health IT developer's health IT was the subject of surveillance for a certification criterion or criteria adopted by the Secretary under subpart C of this part, including notice of pending surveillance; or
(2) ONC determines a certification ban is appropriate per its review under § 170.580(a)(2)(iii).
(b)
(1) An explanation of the certification ban;
(2) Information supporting the certification ban;
(3) Instructions for appealing the certification ban if banned in accordance with paragraph (a)(2) of this section; and
(4) Instructions for requesting reinstatement into the ONC Health IT Certification Program, which would lift the certification ban.
(c)
(2) For certification bans issued under paragraph (a)(2) of this section, the ban
(i) The expiration of the 10-day period for filing a statement of intent to appeal in § 170.580(g)(3)(i) if the health IT developer does not file a statement of intent to appeal.
(ii) The expiration of the 30-day period for filing an appeal in § 170.580(g)(3)(ii) if the health IT developer files a statement of intent to appeal, but does not file a timely appeal.
(iii) A final determination to issue a certification ban per § 170.580(g)(7) if a health IT developer files an appeal timely.
(d)
(1) A health IT developer must request ONC's permission in writing to participate in the ONC Health IT Certification Program.
(2) The request must demonstrate that the customers affected by the certificate termination, certificate withdrawal, or non-compliance with a Condition or Maintenance of Certification have been provided appropriate remediation.
(3) For non-compliance with a Condition or Maintenance of Certification requirement, the non-compliance must be resolved.
(4) ONC is satisfied with the health IT developer's demonstration under paragraph (d)(2) of this section that all affected customers have been provided with appropriate remediation and grants reinstatement into the ONC Health IT Certification Program.
42 U.S.C. 300jj-52; 5 U.S.C. 552.
(a)
(b)
This part applies to health care providers, health IT developers of certified health IT, health information exchanges, and health information networks, as those terms are defined in § 171.102.
For purposes of this part:
(1) Electronic protected health information; and
(2) Any other information that identifies the individual, or with respect to which there is a reasonable basis to believe the information can be used to identify the individual and is transmitted by or maintained in electronic media, as defined in 45 CFR 160.103, that relates to the past, present, or future health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
(1) Determines, oversees, administers, controls, or substantially influences policies or agreements that define business, operational, technical, or other conditions or requirements for enabling or facilitating access, exchange, or use of electronic health information between or among two or more unaffiliated individuals or entities.
(2) Provides, manages, controls, or substantially influences any technology or service that enables or facilitates the access, exchange, or use of electronic health information between or among two or more unaffiliated individuals or entities.
(1) Any functional element of a health information technology, whether hardware or software, that could be used to access, exchange, or use electronic health information for any purpose, including information transmitted by or maintained in disparate media, information systems, health information exchanges, or health information networks.
(2) Any technical information that describes the functional elements of technology (such as a standard, specification, protocol, data model, or schema) and that a person of ordinary skill in the art may require to use the functional elements of the technology,
(3) Any technology or service that may be required to enable the use of a compatible technology in production environments, including but not limited to any system resource, technical infrastructure, or health information exchange or health information network element.
(4) Any license, right, or privilege that may be required to commercially offer and distribute compatible technologies and make them available for use in production environments.
(5) Any other means by which electronic health information may be accessed, exchanged, or used.
Information blocking means a practice that—
(a) Except as required by law or covered by an exception set forth in subpart B of this part, is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information; and
(b) If conducted by a health information technology developer, health information exchange, or health information network, such developer, exchange, or network knows, or should know, that such practice is likely to interfere with, prevent, or materially discourage the access, exchange, or use of electronic health information; or
(c) If conducted by a health care provider, such provider knows that such practice is unreasonable and is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.
A practice shall not be treated as information blocking if the actor satisfies an exception to the information blocking provision by meeting all applicable requirements and conditions of the exception at all relevant times.
To qualify for this exception, each practice by an actor must meet the following conditions at all relevant times.
(a) The actor must have a reasonable belief that the practice will directly and substantially reduce the likelihood of harm to a patient or another person arising from—
(1) Corrupt or inaccurate data being recorded or incorporated in a patient's electronic health record;
(2) Misidentification of a patient or patient's electronic health information; or
(3) Disclosure of a patient's electronic health information in circumstances where a licensed health care professional has determined, in the exercise of professional judgment, that the disclosure is reasonably likely to endanger the life or physical safety of the patient or another person, provided that, if required by applicable federal or state law, the patient has been afforded any right of review of that determination.
(b) If the practice implements an organizational policy, the policy must be—
(1) In writing;
(2) Based on relevant clinical, technical, and other appropriate expertise;
(3) Implemented in a consistent and non-discriminatory manner; and
(4) No broader than necessary to mitigate the risk of harm.
(c) If the practice does not implement an organizational policy, an actor must make a finding in each case, based on the particularized facts and circumstances, and based on, as applicable, relevant clinical, technical, and other appropriate expertise, that the practice is necessary and no broader than necessary to mitigate the risk of harm.
To qualify for this exception, each practice by an actor must satisfy at least one of the sub-exceptions in paragraphs (b) through (e) of this section at all relevant times.
(a)
(1) An individual as defined by 45 CFR 160.103.
(2) Any other natural person who is the subject of the electronic health information being accessed, exchanged, or used.
(3) A person who legally acts on behalf of a person described in paragraph (a)(1) or (2) of this section, including as a personal representative, in accordance with 45 CFR 164.502(g).
(4) A person who is a legal representative of and can make health care decisions on behalf of any person described in paragraph (a)(1) or (2) of this section.
(5) An executor, administrator or other person having authority to act on behalf of a deceased person described in paragraph (a)(1) or (2) of this section or the individual's estate under State or other law.
(b)
(1) The actor's practice—
(i) Conforms to the actor's organizational policies and procedures that:
(A) Are in writing;
(B) Specify the criteria to be used by the actor and, as applicable, the steps that the actor will take, in order that the precondition can be satisfied; and
(C) Have been implemented, including by taking reasonable steps to ensure that its workforce members and its agents understand and consistently apply the policies and procedures; or
(ii) Has been documented by the actor, on a case-by-case basis, identifying the criteria used by the actor to determine when the precondition would be satisfied, any criteria that were not met, and the reason why the criteria were not met; and
(2) If the precondition relies on the provision of consent or authorization from an individual, the actor:
(i) Did all things reasonably necessary within its control to provide the individual with a meaningful opportunity to provide the consent or authorization; and
(ii) Did not improperly encourage or induce the individual to not provide the consent or authorization.
(3) The actor's practice is—
(i) Tailored to the specific privacy risk or interest being addressed; and
(ii) Implemented in a consistent and non-discriminatory manner.
(c)
(1) Complies with applicable state or federal privacy laws;
(2) Implements a process that is described in the actor's organizational privacy policy;
(3) Had previously been meaningfully disclosed to the persons and entities that use the actor's product or service;
(4) Is tailored to the specific privacy risk or interest being addressed; and
(5) Is implemented in a consistent and non-discriminatory manner.
(d)
(e)
(1) The individual requests that the actor not provide such access, exchange, or use;
(2) Such request is initiated by the individual without any improper encouragement or inducement by the actor;
(3) The actor or its agent documents the request within a reasonable time period; and
(4) The actor's practice is implemented in a consistent and non-discriminatory manner.
To qualify for this exception, each practice by an actor must meet the following conditions at all relevant times.
(a) The practice must be directly related to safeguarding the confidentiality, integrity, and availability of electronic health information.
(b) The practice must be tailored to the specific security risk being addressed.
(c) The practice must be implemented in a consistent and non-discriminatory manner.
(d) If the practice implements an organizational security policy, the policy must—
(1) Be in writing;
(2) Have been prepared on the basis of, and directly respond to, security risks identified and assessed by or on behalf of the actor;
(3) Align with one or more applicable consensus-based standards or best practice guidance; and
(4) Provide objective timeframes and other parameters for identifying, responding to, and addressing security incidents.
(e) If the practice does not implement an organizational security policy, the actor must have made a determination in each case, based on the particularized facts and circumstances, that:
(1) The practice is necessary to mitigate the security risk to the electronic health information; and
(2) There are no reasonable and appropriate alternatives to the practice that address the security risk that are less likely to interfere with, prevent, or materially discourage access, exchange or use of electronic health information.
To qualify for this exception, each practice by an actor must meet the following conditions at all relevant times.
(a)
(b)
(1) Must be based on objective and verifiable criteria that are uniformly applied for all substantially similar or similarly situated classes of persons and requests;
(2) Must be reasonably related to the actor's costs of providing the type of access, exchange, or use to, or at the request of, the person or entity to whom the fee is charged;
(3) Must be reasonably allocated among all customers to whom the technology or service is supplied, or for whom the technology is supported;
(4) Must not be based in any part on whether the requestor or other person is a competitor, potential competitor, or will be using the electronic health information in a way that facilitates competition with the actor; and
(5) Must not be based on the sales, profit, revenue, or other value that the requestor or other persons derive or may derive from the access to, exchange of, or use of electronic health information, including the secondary use of such information, that exceeds the actor's reasonable costs for providing access, exchange, or use of electronic health information.
(c)
(1) Costs that the actor incurred due to the health IT being designed or implemented in non-standard ways that unnecessarily increase the complexity, difficulty or burden of accessing, exchanging, or using electronic health information;
(2) Costs associated with intangible assets (including depreciation or loss of value), other than the actual development or acquisition costs of such assets;
(3) Opportunity costs, except for the reasonable forward-looking cost of capital;
(4) A fee prohibited by 45 CFR 164.524(c)(4);
(5) A fee based in any part on the electronic access by an individual or their personal representative, agent, or designee to the individual's electronic health information;
(6) A fee to perform an export of electronic health information via the capability of health IT certified to § 170.315(b)(10) of this subchapter for the purposes of switching health IT or to provide patients their electronic health information; or
(7) A fee to export or convert data from an EHR technology, unless such fee was agreed to in writing at the time the technology was acquired.
(d)
(2) If the actor is an API Data Provider, the actor is only permitted to charge the same fees that an API Technology Supplier is permitted to charge to recover costs consistent with the permitted fees specified in the Condition of Certification in § 170.404 of this subchapter.
To qualify for this exception, each practice by an actor must meet the following conditions at all relevant times.
(a)
(i) The type of electronic health information and the purposes for which it may be needed;
(ii) The cost to the actor of complying with the request in the manner requested;
(iii) The financial, technical, and other resources available to the actor;
(iv) Whether the actor provides comparable access, exchange, or use to itself or to its customers, suppliers, partners, and other persons with whom it has a business relationship;
(v) Whether the actor owns or has control over a predominant technology, platform, health information exchange, or health information network through which electronic health information is accessed or exchanged;
(vi) Whether the actor maintains electronic protected health information on behalf of a covered entity, as defined in 45 CFR 160.103, or maintains electronic health information on behalf of the requestor or another person whose access, exchange, or use of electronic health information will be enabled or facilitated by the actor's compliance with the request;
(vii) Whether the requestor and other relevant persons can reasonably access, exchange, or use the electronic health information from other sources or through other means; and
(viii) The additional cost and burden to the requestor and other relevant persons of relying on alternative means of access, exchange, or use.
(2) The following circumstances do not constitute a burden to the actor for purposes of this exception and shall not be considered in determining whether the actor has demonstrated that complying with a request would have been infeasible.
(i) Providing the requested access, exchange, or use in the manner requested would have facilitated competition with the actor.
(ii) Providing the requested access, exchange, or use in the manner requested would have prevented the actor from charging a fee.
(b)
(c)
(d)
To qualify for this exception, each practice by an actor must meet the following conditions at all relevant times.
(a)
(1) Negotiating with the requestor in a reasonable and non-discriminatory fashion to identify the interoperability elements that are needed; and
(2) Offering an appropriate license with reasonable and non-discriminatory terms.
(b)
(1)
(i) Developing products or services that are interoperable with the actor's health IT, health IT under the actor's control, or any third party who currently uses the actor's interoperability elements to interoperate with the actor's health IT or health IT under the actor's control.
(ii) Marketing, offering, and distributing the interoperable products and/or services to potential customers and users.
(iii) Enabling the use of the interoperable products or services in production environments, including accessing and enabling the exchange and use of electronic health information.
(2)
(i) The royalty must be non-discriminatory, consistent with paragraph (b)(3) of this section.
(ii) The royalty must be based solely on the independent value of the actor's technology to the licensee's products, not on any strategic value stemming from the actor's control over essential means of accessing, exchanging, or using electronic health information.
(iii) If the actor has licensed the interoperability element through a standards development organization in accordance with such organization's policies regarding the licensing of standards-essential technologies on reasonable and non-discriminatory terms, the actor may charge a royalty that is consistent with such policies.
(3)
(i) The terms must be based on objective and verifiable criteria that are uniformly applied for all substantially similar or similarly situated classes of persons and requests.
(ii) The terms must not be based in any part on—
(A) Whether the requestor or other person is a competitor, potential competitor, or will be using electronic health information obtained via the interoperability elements in a way that facilitates competition with the actor; or
(B) The revenue or other value the requestor may derive from access, exchange, or use of electronic health information obtained via the interoperability elements, including the secondary use of such electronic health information.
(4)
(i) Not compete with the actor in any product, service, or market.
(ii) Deal exclusively with the actor in any product, service, or market.
(iii) Obtain additional licenses, products, or services that are not related to or can be unbundled from the requested interoperability elements.
(iv) License, grant, assign, or transfer to the actor any intellectual property of the licensee.
(v) Pay a fee of any kind whatsoever, except as described in paragraph (b)(2) of this section, unless the practice meets the requirements of the exception in § 171.204.
(5)
(i) The agreement states with particularity all information the actor claims as trade secrets; and
(ii) Such information meets the definition of a trade secret under applicable law.
(c)
(1) Impeding the efficient use of the interoperability elements to access, exchange, or use electronic health information for any permissible purpose.
(2) Impeding the efficient development, distribution, deployment, or use of an interoperable product or service for which there is actual or potential demand.
(3) Degrading the performance or interoperability of the licensee's products or services, unless necessary to improve the actor's technology and after affording the licensee a reasonable opportunity to update its technology to maintain interoperability.
(d)
To qualify for this exception, each practice by an actor must meet the following conditions at all relevant times.
(a)
(1) For a period of time no longer than necessary to achieve the maintenance or improvements for which the health IT was made unavailable;
(2) Implemented in a consistent and non-discriminatory manner; and
(3) If the unavailability is initiated by a health IT developer of certified health IT, HIE, or HIN, agreed to by the individual or entity to whom the health IT developer of certified health IT, HIE, or HIN supplied the health IT.
(b)
(c)
The following appendix will not appear in the Code of Federal Regulations.
These worksheets contain information on how each recommendation corresponds to the Children's EHR Format and to the existing or proposed new ONC certification criteria. We invite readers to use these worksheets to inform public comment on the recommendations, the inclusion of specific items from the Children's EHR Format,
We welcome public comment on the identified certification criteria for each recommendation. Specifically, we seek comment for each recommendation on the following four broad questions:
•
•
•
•
Commenters are encouraged to reference the specific recommendation number (110) with the corresponding question number in their response. For example, “Recommendation 1. Q3.” Commenters are highly encouraged to use the template ONC has created to support public comment on the proposed rule.
Stakeholders identified alignment with the Children's EHR Format Requirement as follows:
ONC believes this recommendation is supported by the 2015 Edition definition and criteria listed below:
ONC believes this recommendation is supported by the proposed new and updated certification criteria in this proposed rule:
We seek feedback about the relevance of the following potential supplemental Children's EHR Format requirements and their correlation to Recommendation 1.
1.
2.
3.
Stakeholders identified alignment with the Children's EHR Format Requirement as follows:
ONC believes this recommendation is supported by the 2015 Edition criterion listed below:
•
Includes an
ONC believes this recommendation is supported by the proposed new and updated certification criteria in this proposed rule:
•
•
We seek feedback about the relevance of the following potential Children's EHR Format requirements and their correlation to Recommendation 2.
1.
2.
Stakeholders identified alignment with the Children's EHR Format Requirement as follows:
ONC believes this recommendation is supported by the 2015 Edition criteria listed below, and ONC believes this priority also is supported by health IT beyond what is included in the certification program.
•
•
•
•
•
ONC believes tis priority is supported by the proposed new and updated certification criteria in this proposed rule:
•
•
•
We seek feedback about the relevance of the following potential supplemental Children's EHR Format requirements and their correlation to Recommendation 3.
1.
2.
3.
4.
Stakeholders identified alignment with the Children's EHR Format Requirement as follows:
ONC believes this recommendation is supported by the 2015 Edition Criteria listed below, and ONC believes this recommendation is supported by health IT beyond what is included in the certification program
•
○ Data segmentation for privacy—send criterion provides the ability to create a summary record (formatted to Consolidated CDA (C-CDA) Release 2.1) that is tagged at the document level as restricted and subject to re-disclosure restrictions using the HL7 Implementation Guide: Data Segmentation for Privacy (DS4P), Release 1.
○ Data segmentation for privacy—receive criterion requires the ability to receive a summary record (formatted to Consolidated CDA Release 2.1) that is document—level tagged as restricted and subject to re-disclosure restrictions using the HL7 Implementation Guide: Data Segmentation for Privacy (DS4P), Release 1. Requires the ability to separate the document-level tagged document from other documents received. Requires the ability to view the restricted document without having to incorporate any of the data from the document.
•
ONC believes this recommendation is supported by the proposed new and updated certification criteria in this proposed rule:
•
•
•
We seek feedback about the relevance of the following potential Children's EHR Format requirements and their correlation to Recommendation 4.
1.
Stakeholders identified alignment with the Children's EHR Format Requirement as follows:
ONC believes this recommendation is supported by the 2015 Edition Criterion listed below:
•
○ Provides the ability to create immunization information according to the implementation guide for Immunization Messaging Release 1.5, and the July 2015 addendum, using CVX codes for historical vaccines and NDC codes for newly administered vaccines.
○ Provides the ability to request, access, and display the evaluated immunization history and forecast from an immunization registry for a patient in accordance with the HL7 2.5.1 standard, the HL7 2.5.1. IG for Immunization Messaging, Release 1.5, and July 2015 addendum.
•
○ Provides the ability for patients (and their authorized representatives) to view, download, and transmit their health information to a third party via internet-based technology consistent with one of the Web Content Accessibility Guidelines (WCAG) 2.0 Levels A or AA.
○ Requires the ability for patients (and their authorized representatives) to view, at a minimum, the Common Clinical Data Set, laboratory test report(s), and diagnostic image reports.
•
•
We seek feedback about the relevance of the following potential Children's EHR Format requirements and their correlation to Recommendation 5.
1.
Stakeholders identified alignment with the Children's EHR Format Requirements as follows:
ONC believes this recommendation is supported by the 2015 Edition criterion listed below:
ONC believes this priority could also be supported by health IT beyond what is included in the certification program.
•
•
Stakeholders identified alignment with the Children's EHR Format Requirement as follows:
ONC believes this recommendation is supported by the 2015 Edition criterion below.
•
○ Provides the ability for patients (and their authorized representatives) to view, download, and transmit their health information to a third party via internet-based technology consistent with one of the Web Content Accessibility Guidelines (WCAG) 2.0 Levels A or AA.
○ Requires the ability for patients (and their authorized representatives) to view, at a minimum, the Common Clinical Data Set, laboratory test report(s), and diagnostic image reports.
•
•
We seek feedback about the relevance of the following potential Children's EHR Format requirements and their correlation to Recommendation 7.
1.
Stakeholders identified alignment with the Children's EHR Format Requirement as follows:
ONC believes this recommendation is supported by the 2015 Edition criterion below:
•
•
•
•
•
•
•
Stakeholders identified alignment with the Children's EHR Format Requirement as follows:
ONC believes this recommendation is supported by the 2015 Edition criterion below:
•
○ Record and export criterion ensures that health IT systems can record and export CQM data electronically; the export functionality gives clinicians the ability to export their results to multiple programs.
○ import and calculate criterion supports streamlined clinician processes through the importing of CQM data in a standardized format and ensures that health IT systems can correctly calculate eCQM results using a standardized format.
○ filter criterion supports the capability for a clinician to make a query for eCQM results using or a combination of data captured by the certified health IT for quality improvement and quality reporting purposes.
•
ONC believes this recommendation is supported by the proposed new and updated certification criteria in this proposed rule:
•
Stakeholders identified alignment with the Children's EHR Format Requirement as follows:
ONC believes this recommendation is supported by the 2015 Edition criterion below.
•
•
•
○ Record and export criterion ensures that health IT systems can record and export CQM data electronically; the export functionality gives clinicians the ability to export their results to multiple programs.
○ import and calculate criterion supports streamlined clinician processes through the importing of CQM data in a standardized format and ensures that health IT systems can correctly calculate eCQM results using a standardized format.
○ filter criterion supports the capability for a clinician to make a query for eCQM results using or a combination of data captured by the certified health IT for quality improvement and quality reporting purposes.
ONC believes this recommendation is supported by the proposed new and updated certification criteria in this proposed rule:
•
•
Centers for Medicare & Medicaid Services (CMS), HHS.
Proposed rule.
This proposed rule is intended to move the health care ecosystem in the direction of interoperability, and to signal our commitment to the vision set out in the 21st Century Cures Act and Executive Order 13813 to improve access to, and the quality of, information that Americans need to make informed health care decisions, including data about health care prices and outcomes, while minimizing reporting burdens on affected plans, health care providers, or payers.
To be assured consideration, comments must be received at one of the addresses provided below, no later than 5 p.m. on May 3, 2019.
In commenting, please refer to file code CMS-9115-P. Because of staff and resource limitations, we cannot accept comments by facsimile (FAX) transmission.
Comments, including mass comment submissions, must be submitted in one of the following three ways (please choose only one of the ways listed):
1.
2.
Please allow sufficient time for mailed comments to be received before the close of the comment period.
3.
For information on viewing public comments, see the beginning of the
Alexandra Mugge, (410) 786-4457, for issues related to interoperability, CMS health IT strategy, technical standards and patient matching.
Natalie Albright, (410) 786-1671, for issues related to Medicare Advantage.
John Giles, (410) 786-1255, for issues related to Medicaid.
Emily Pedneau, (301) 492-4448, for issues related to Qualified Health Plans.
Meg Barry, (410) 786-1536, for issues related to CHIP.
Thomas Novak, (202) 322-7235, for issues related to trust exchange networks and payer to payer coordination.
Sharon Donovan, (410) 786-9187, for issues related to federal-state data exchange.
Daniel Riner, (410) 786-0237, for issues related to Physician Compare.
Ashley Hain, (410) 786-7603, for issues related to hospital public reporting.
Melissa Singer, (410) 786-0365, for issues related to provider directories.
CAPT Scott Cooper, USPHS, (410) 786-9465, for issues related to hospital and critical access hospital conditions of participation.
Lisa Bari, (410) 786-0087, for issues related to advancing interoperability in innovative models.
Russell Hendel, (410) 786-0329, for issues related to the Collection of Information or the Regulation Impact Analysis sections.
This proposed rule is the first phase of proposed policies centrally focused on advancing interoperability and patient access to health information using the authority available to the Centers for Medicare & Medicaid Services (CMS). We believe this is an important step in advancing interoperability, putting patients at the center of their health care and ensuring they have access to their health information. We are committed to solving the issue of interoperability and achieving complete access to health information for patients in the United States (U.S.) health care system, and are taking an active approach to move participants in the health care market toward interoperability and the secure and timely exchange of health information by proposing and adopting policies for the Medicare and Medicaid programs, the Children's Health Insurance Program (CHIP), and issuers of qualified health plans (QHPs).
Throughout this proposed rule, we refer to terms such as patient, consumer, beneficiary, enrollee, and individual. We note that every reader of this proposed rule is a patient and has or will receive medical care at some point in their life. In this proposed rule, we use the term “patient” as an inclusive term, but because we have historically referred to patients using other terms in our regulations, we use specific terms as applicable in sections of this proposed rule to refer to individuals covered under the health care programs that CMS administers and regulates. We also use terms such as payer, plan, and issuer in this proposed rule. Certain portions of this proposed rule are applicable to the Medicare Fee-for-Service (FFS) Program, the Medicaid FFS Program, the CHIP FFS program, Medicare Advantage (MA) Organizations, Medicaid Managed Care plans (managed care organizations (MCOs), prepaid inpatient health plans (PIHPs) and prepaid ambulatory health plans (PAHPs)), CHIP Managed Care entities (MCOs, PIHPs, and PAHPs), and QHP issuers in Federally-facilitated Exchanges (FFEs). We use the term “payer” as an inclusive term, but we use specific terms as applicable in sections of this proposed rule.
We are dedicated to enhancing and protecting the health and well-being of all Americans. One critical issue in the U.S. health care system is that people cannot easily access their complete health information in interoperable forms. Patients and the health care providers caring for them are often presented with an incomplete picture of their health and care as pieces of their information are stored in various, unconnected systems and do not accompany the patient to every care setting.
We believe patients should have the ability to move from health plan to health plan, provider to provider, and have both their clinical and administrative information travel with them throughout their journey. When a patient receives care from a new provider, a complete record of their health information should be readily available to that care provider, regardless of where or by who care was previously provided. When a patient is discharged from a hospital to a post-acute care (PAC) setting there should be no question as to how, when, or where their data will be exchanged. Likewise, when an enrollee changes health plans or ages into Medicare, the enrollee should be able to have their claims history and encounter data follow so that information is not lost.
For providers in clinical settings, health information technology (health IT) should be a resource, designed to make it faster and easier for providers to deliver high quality care, creating efficiencies and allowing them to access all available data for their patients. Health IT should not detract from the clinician-patient relationship, from the patient's experience of care, or from the quality of work life for physicians, nurses, and other health care professionals. Through standards-based interoperability and exchange, health IT has the potential to be a resource and facilitator for efficient, safe, high-quality care for individuals and populations.
All payers, including health plans, should have the ability to exchange data seamlessly with other payers for timely benefits coordination or transitions, and with providers to facilitate more coordinated and efficient care. Health plans are in a unique position to provide enrollees a complete picture of their claims and encounter data, allowing patients to piece together their own information that might otherwise be lost in disparate systems. This information can contribute to better informed decision making, helping to inform the patient's choice of coverage options and care providers to more effectively manage their own health, care, and costs.
We are committed to solving the issue of interoperability and patient access in the U.S. health care system while reducing administrative burdens on providers and are taking an active approach using all available policy levers and authorities to move participants in the health care market toward interoperability and the secure and timely exchange of health care information.
On October 12, 2017, President Trump issued Executive Order 13813 to Promote Healthcare Choice and Competition Across the United States. Section 1(c)(iii) of Executive Order 13813 states that the Administration will improve access to, and the quality of, information that Americans need to make informed health care decisions, including information about health care prices and outcomes, while minimizing reporting burdens on affected plans, providers, and payers.
In support of Executive Order 13813, the Administration launched the MyHealthEData initiative. This government-wide initiative aims to empower patients by ensuring that they have full access to their own health information and the ability to decide how their data will be used, while keeping that information safe and secure. MyHealthEData aims to break down the barriers that prevent patients from gaining electronic access to their health information from the device or application of their choice, empowering patients and taking a critical step toward interoperability and patient data exchange.
In March 2018, the White House Office of American Innovation and the CMS Administrator announced the launch of MyHealthEData, and CMS's direct, hands-on role in improving patient access and advancing interoperability. As part of the MyHealthEData initiative, we are taking a patient-centered approach to health information access and moving to a system in which patients have immediate access to their computable health information and can be assured that their health information will follow them as they move throughout the health care system from provider to provider, payer to payer. To accomplish this, we have launched several initiatives related to data sharing and interoperability to empower patients and encourage plan and provider competition. In this proposed rule, we continue to advance the policies and goals of the MyHealthEData initiative through various proposals as outlined in the following sections.
Our proposals are wide-reaching and would have an impact on all facets of the health care system. Several key
•
•
•
Under our proposals to standardize data and technical approaches to advance interoperability, we believe health care providers and their patients, as well as other key participants within the health care ecosystem such as plans and payers, will have appropriate access to the information necessary to coordinate individual care, analyze population health trends, outcomes, and costs, and manage benefits and the health of populations, while tracking progress through quality improvement initiatives. We are working with other federal partners including the Office of the National Coordinator for Health Information Technology (ONC) on this effort with the clear objective to improve patient access and care, alleviate provider burden, and reduce overall health care costs.
The Department of Health and Human Services (HHS) has been working to advance the interoperability of electronic health information since 2004, when the ONC was initially created via Executive Order 13335. From 2004 to 2009, ONC worked with a variety of federal and private sector stakeholders to coordinate private and public actions, began harmonizing data standards, and worked to advance nationwide health information exchange. In 2009, the National Coordinator position, office, and statutory duties were codified by the Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment Act of 2009 (Pub. L. 111-5, enacted February 17, 2009), at Title 42—Health Information Technology and Quality (42 U.S.C. 300jj
The HITECH Act provided the opportunity to move interoperability forward in many additional meaningful ways. A few are particularly worth noting in relation to this proposed rule. For instance, HITECH also amended the Social Security Act (the Act), authorizing CMS to make incentive payments (and in later years, make downward adjustments to Medicare payments) to eligible professionals, eligible hospitals and critical access hospitals (CAHs), and MA organizations to promote the adoption and meaningful use of certified electronic health record technology (CEHRT). In 2010, through rulemaking, we established criteria for the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs to encourage eligible professionals, eligible hospitals, and CAHs to adopt, implement, upgrade, and demonstrate the meaningful use of CEHRT. The programs were implemented in three stages:
• Stage 1 set the foundation for the EHR Incentive Programs by establishing requirements for the electronic capture of clinical data, including providing patients with electronic copies of health information.
• Stage 2 expanded upon the Stage 1 criteria with a focus on advancing clinical processes and ensuring that the meaningful use of EHRs supported the aims and priorities of the National Quality Strategy. Stage 2 criteria encouraged the use of CEHRT for continuous quality improvement at the point of care and the exchange of information in the most structured format possible.
• Stage 3 focuses on using CEHRT to improve health outcomes.
The federal government has spent over $35 billion under the EHR Incentive Programs to incentivize the adoption and meaningful use of EHR systems by eligible professionals, eligible hospitals, and CAHs; however, despite the fact that 78 percent of physicians
In 2010, under the HITECH Act, ONC adopted an initial set of standards, implementation specifications, and certification criteria, and established the Temporary Certification Program for Health Information Technology, under which health IT developers could begin to obtain certification of the EHR technology that eligible professionals, eligible hospitals, and CAHs would need to adopt and use to satisfy CMS Stage 1 requirements for demonstration of meaningful use of CEHRT. In January 2011, ONC replaced the Temporary Certification Program with the Permanent Certification Program for Health Information Technology (45 CFR part 170). The Secretary has adopted iterative editions of the set of standards, implementation specifications, and certification criteria included in the Programs to keep pace with advances in standards, health information exchange, and the health IT market. In addition, this helps to maintain alignment with the needs of health care providers seeking to succeed within health IT-linked federal programs.
In April 2015, Congress passed the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) (Pub. L. 114-10, enacted April 16, 2015), which declared it a national
In April 2018, we renamed the EHR Incentive Programs and the MIPS Advancing Care Information performance category to the Promoting Interoperability (PI) Programs and Promoting Interoperability performance category, respectively (83 FR 41635). This refocusing and rebranding of the initiatives is just one part of the CMS strategic shift in focus to advancing health IT and interoperability.
CMS appreciates the pathways Congress opened for action on interoperability, as will be discussed in more detail throughout this proposed rule and has been working diligently with ONC to support implementation. In addition, in order to make sure we have as much stakeholder feedback on all the options CMS specifically has available to best take advantage of this new opportunity to promote interoperability, over a span of several months in 2018, we released interoperability Requests for Information (RFIs) in several Medicare payment rules, including in the FY 2019 Inpatient Prospective Payment System (IPPS) proposed rule (83 FR 20164). While the Interoperability RFI in the FY 2019 IPPS proposed rule was focused primarily on how and whether changes to Hospital Conditions of Participation and other like program requirements could impact or contribute to advancing interoperability, stakeholders provided additional input that we are taking under advisement for the purposes of advancing interoperability generally in this proposed rule. For example, some commenters recommended aligning existing standards and adopting common standards and/or data elements across the health care industry as a whole (not just focusing on providers), incentivizing the use of standards, and removing barriers as possible ways to address gaps in interoperability. Commenters also expressed support for the use of open APIs but cautioned CMS to consider the need to ensure health information security. Support was also expressed for enhancing applications that are designed for patient, or consumer use, such as Blue Button 2.0 (CMS' Medicare FFS open API for patient access to health information), and the development of patient-facing consumer applications that aggregate various longitudinal health information for the patient into one location. We plan to continue to review the public comments we receive to help identify opportunities for CMS to advance interoperability in future rulemaking and subregulatory guidance.
CMS is also working with partners in the private sector to promote interoperability. In 2018, CMS began participating in the Da Vinci project, a private-sector initiative led by Health Level 7 (HL7), a standards development organization. For one of the use cases under this project—called “Coverage Requirements and Documentation Rules Discovery”—the Da Vinci project developed a draft Fast Healthcare Interoperability Resources (FHIR) standard during the summer and fall of 2018. In June 2018, in support of the Da Vinci project, the CMS Medicare FFS program began: (1) Developing a prototype Documentation Requirement Lookup Service for the Medicare FFS program; (2) populating it with the list of items/services for which prior authorization is required by the Medicare FFS program; and (3) populating it with the documentation rules for oxygen and Continuous Positive Airway Pressure (CPAP) devices. More information about the FFS Medicare program's efforts to support these Da Vinci use cases are available at
We encourage all payers, including but not limited to MA organizations, Medicaid managed care plans and CHIP managed care entities, and QHP issuers in FFEs to follow CMS's example and align with the Da Vinci Project to: (1) Develop a similar lookup service; (2) populate it with their list of items/services for which prior authorization is required; and (3) populate it with the documentation rules for at least oxygen and CPAP. By taking this step, health plans can join CMS in helping to build an ecosystem that will allow providers to connect their EHRs or practice management systems and efficient work flows with up-to-date information on which items and services require prior authorization and what the documentation requirements are for various items and services under that patient's current plan enrollment.
In the 8 years since the first HHS rulemakings to implement HITECH, significant progress has been made in the adoption of EHRs by hospitals and clinicians; however, progress on interoperability needs to be accelerated.
In section 106(b) of MACRA, Congress declared it a national objective to achieve widespread exchange of health information through interoperable certified EHR technology nationwide by December 31, 2018. Not later than July 1, 2016, the Secretary was to establish metrics to be used to determine if and to the extent this objective was achieved. If the objective is not achieved by December 31, 2018, the Secretary must submit a report not later than December 31, 2019, that identifies barriers to the objective and recommends actions that the federal government can take to achieve the objective. In April 2016, ONC published the “Office of the National Coordinator for Health Information Technology; Medicare Access and CHIP Reauthorization Act of 2015; Request for Information Regarding Assessing Interoperability for MACRA” RFI (81 FR 20651). Based on stakeholder input received in response to the RFI, ONC subsequently identified the following two metrics for interoperability (see
• Measure #1: Proportion of health care providers who are electronically engaging in the following core domains of interoperable exchange of health information: sending, receiving, finding (querying), and integrating information received from outside sources.
• Measure #2: Proportion of health care providers who report using the information they electronically receive from outside providers and sources for clinical decision-making.
ONC recently provided an update on these metrics in its 2018 Report to
In addition, the Cures Act included provisions to advance interoperability and health information exchange, including, for example, enhancements to ONC's Health IT certification program and a definition of “information blocking” (as discussed further in section VIII. of this proposed rule). These provisions have been addressed in depth in ONC's proposed rule “21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program” (published elsewhere in this issue of the
Section 4003 of the Cures Act added a definition of “interoperability” as paragraph 10 of section 3000 of the PHSA (42 U.S.C. 300jj (9)) (as amended). Under section 3000 of the PHSA, `interoperability', with respect to health IT, means technology that enables the secure exchange of electronic health information with, and use of electronic health information from, other health IT without special effort on the part of the user. It also allows for complete access, exchange, and use of all electronically accessible health information for authorized use under applicable state or federal law and does not constitute information blocking as defined in section 3022(a) of the PHSA.
This definition aligns with the definition under MACRA and the HHS vision and strategy for achieving a health information ecosystem within which all individuals and their health care providers are able to send, receive, find, and use electronic health information in a manner that is appropriate, secure, timely, and reliable to support the health and wellness of individuals through informed shared decision-making, as well as through patient choice of health plans and providers. Accordingly, except where we further or otherwise specify for a specific policy or purpose, when we use the term “interoperability” within this proposed rule we are referring to the definition in section 3000 of the PHSA.
Through significant stakeholder feedback, we understand that there are many barriers to interoperability which have obstructed progress over the years. We have conducted stakeholder meetings and roundtables; solicited comments via RFIs; and received additional feedback through letters and rulemaking. All of this input together has contributed to our proposals in this proposed rule. Some of the main barriers shared with us are addressed in the following sections. While we have made efforts to address some of these barriers in this proposed rule and through prior rules and actions, we believe there is still considerable work to be done to overcome some of these considerable challenges toward achieving interoperability.
In the Interoperability RFI in the FY 2019 IPPS proposed rule (83 FR 20550), we solicited feedback on positive solutions to better achieve interoperability or the sharing of health care information between providers. A number of commenters noted that the lack of a unique patient identifier (UPI) inhibited interoperability efforts because, without a unique identifier for each patient, the safe and secure electronic exchange of health information is constrained because it is difficult to ensure that the relevant records are all for the same patient.
As part of efforts to reduce the administrative costs of providing and paying for health care, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub. L. 104-191, enacted August 21, 1996) required the adoption of a “unique individual identifier for healthcare purposes,” commonly referred to as a UPI. At the time HIPAA was enacted, HHS began to consider what information would be needed to develop a rule to adopt a UPI standard. An initial Notice of Intent to issue a proposed rule on requirements for a unique health identifier for individuals was published in the November 2, 1998
Such an identifier has the potential to facilitate the accurate portability of health information by allowing correct patient matching because the universal identifier allows for accurate and timely patient record linking between providers across the care continuum and it allows a patient's complete record to easily move with them from provider to provider. However, stakeholders immediately raised significant concerns regarding the impact of this UPI on health information security and privacy. Stakeholders were concerned that if there was a single identifier used across systems, it would be easier for that information to be compromised, exposing protected health information (PHI) more easily than in the current medical record environment that generally requires linking several pieces of personally identifying information to link health records.
The National Committee on Vital Health Statistics (NCVHS), the statutory public advisory body to the Secretary of Health and Human Services (the Secretary) for health data, statistics, privacy, and national health information policy and HIPAA, conducted extensive hearings in the first year after HIPAA was enacted to evaluate this and other HIPAA-related implementation issues. The NCVHS First Annual Report to the Congress on the Implementation of the Administrative Simplification Provisions of the Health Insurance Portability and Accountability Act, February 3, 1998, outlines the NCVHS' efforts to obtain feedback on the UPI (
The NCVHS recommended that the Secretary not move forward with a proposed rule on a patient identifier until further discussions could be had to fully understand the privacy and data security concerns, as well as the full breadth of options beyond a single identifier. NCVHS suggested the Secretary work to maximize public participation in soliciting a variety of options for establishing an identifier or an alternative approach for identifying individuals and linking health information of individuals for health purposes.
Appreciating the significant concerns raised by stakeholders regarding implementing a UPI, Congress included language in the Omnibus Consolidated and Emergency Supplemental Appropriations Act of 1999 (Pub. L. 105-277, enacted October 21, 1998) and in each subsequent Appropriations bill, stating “None of the funds made available in this Act may be used to
In recent years, concerns regarding the privacy and security of information have only increased. For example, in the first quarter through third quarter of FY 2018 (October 1, 2017 through June 30, 2018), 276 breach incidents were reported to the HHS Office of Civil Rights (OCR) affecting 4,341,595 individuals (
Although the appropriations language regarding the UPI standard has remained unchanged, in the report accompanying the 2017 appropriations bill, Congress additionally stated, “Although the Committee continues to carry a prohibition against HHS using funds to promulgate or adopt any final standard providing for the assignment of a unique health identifier for an individual until such activity is authorized, the Committee notes that this limitation does not prohibit HHS from examining the issues around patient matching. Accordingly, the Committee encouraged the Secretary, acting through ONC and CMS, to provide technical assistance to private-sector led initiatives to develop a coordinated national strategy that will promote patient safety by accurately identifying patients to their health information.” (H.R. Rep. No. 114-699, p. 110,
Unlike a UPI, which assigns a unique identifier—either numerical or otherwise—to each patient, patient matching is a process by which health information from multiple sources is compared to identify common elements, with the goal of identifying records representing a single patient. This is generally done by using multiple demographic data fields such as name, birth date, gender, and address. The goal of patient matching is to link one patient's data across multiple databases within and across health care providers in order to obtain a comprehensive view of that patient's health care information.
ONC has stated that patient matching is critically important to interoperability and the nation's health IT infrastructure as health care providers must be able to share patient health information and accurately match a patient to his or her data from a different provider in order for many anticipated interoperability benefits to be realized.
Patient matching can be less precise than a UPI due to the reliance on demographic attributes (such as name and date of birth) which are not unique traits to a particular patient; further, patient matching is often dependent on manual data entry and data maintained in varying formats. Matching mistakes can contribute to adverse events, compromised safety and privacy, and increased health care costs (see
Many stakeholders commenting on the interoperability RFIs included in the 2019 proposed payment rules indicated that patient matching is a “core functionality” of patient identification and necessary to ensure care coordination and the best patient outcomes. Commenters also noted that a consistently used matching strategy could accomplish the original goals of a UPI with a diminished risk to individual privacy and health information security.
Several commenters noted that the lack of a UPI impacted interoperability, but finding a suitable and consistent matching strategy could address this issue. These commenters often specifically supported Congress' guidance to have ONC and CMS provide technical assistance to the private sector to identify this strategy. To help jump start the process of finding a solution to patient matching, ONC launched the Patient Matching Algorithm Challenge in 2017, awarding six winners $75,000 in grants in late 2017 (
We continue to support ONC's work promoting the development of patient matching initiatives. Per Congress' guidance, ONC is looking at innovative ways to provide technical assistance to private sector-led initiatives to further develop accurate patient matching solutions in order to promote interoperability without requiring a UPI.
We understand the significant health information privacy and security concerns raised around the development of a UPI standard and the current prohibition against using HHS funds to adopt a UPI standard. Recognizing Congress' statement regarding patient matching and stakeholder comments stating that a patient matching solution would accomplish the goals of a UPI, we seek comment for future consideration on ways for ONC and CMS to continue to facilitate private sector efforts on a workable and scalable patient matching strategy so that the lack of a specific UPI does not impede the free flow of information. We also seek comment on how we may leverage our program authority to provide support to those working to improve patient matching. In addition, we intend to use comments for the development of policy and future rulemaking.
Lack of standardization inhibits the successful exchange of health information without additional effort on the part of the end user. To achieve secure exchange of health information across health IT products and systems that can be readily used without special effort by the user, both the interface technology and the underlying data must be standardized, so all systems are “speaking the same language.” Consistent use of modern computing standards and applicable content standards (such as clinical vocabularies) are fundamental to achieving full-scale technical interoperability (systems can connect and exchange data unaltered) and semantic interoperability (systems can interpret and use the information that has been exchanged). Lack of such standards creates a barrier to
In this proposed rule, similar to CMS' Blue Button 2.0 approach for Medicare FFS,
The lack of a sufficiently mature API functionality technical standard has posed a challenge and impediment to advancing interoperability. In 2015, ONC finalized an API functionality certification criterion in the “2015 Edition Health Information Technology (Health IT) Certification Criteria, 2015 Edition Base Electronic Health Record (EHR) Definition, and ONC Health IT Certification Program Modifications” Final Rule (2015 Edition final rule) (80 FR 62602). However, while a consensus technical standard specific to the API technical functionality was in development, it had not yet matured enough for inclusion in the 2015 Edition final rule, which does not identify a specific standard for API functionality.
As discussed in greater detail in section II of this proposed rule, we believe that a specific foundational standard for API functionality has matured sufficiently enough for ONC to propose it for HHS adoption (published elsewhere in this issue of the
As explained above, information blocking is defined in section 3022(a) of the PHSA. Understanding this definition, information blocking could be considered to include the practice of withholding data, or intentionally taking action to limit or restrict the compatibility or interoperability of health IT. Through stakeholder outreach, roundtables, and letters we have received, we understand that health care providers may limit or prevent data exchange in an effort to retain patients. By withholding a patient's health information from competing health care providers, a health care provider can effectively inhibit a patient from freely moving within the health care market because that patient would not otherwise have access to their complete health information.
We additionally understand from stakeholder feedback that in certain cases a health IT vendor has prohibited the movement of data from one health IT system to another in an effort to maintain their customer base.
Information blocking is a significant threat to interoperability and can limit the ability for providers to coordinate care and treat a patient based on the most comprehensive information available. In sections VIII.B. and C. of this proposed rule we propose to publicly report the names of clinicians and hospitals who submit a “no” response to certain attestation statements related to the prevention of information blocking in order to deter health care providers from engaging in conduct that could be considered information blocking.
Preventing and avoiding information blocking is important to advancing interoperability. We believe this proposal would help discourage health care providers from information blocking and clearly indicates CMS's commitment to preventing such practices.
PAC facilities are critical in the care of patients' post-hospital discharge, and can be a determining step in the health progress for those patients.
While a majority of skilled nursing facilities (SNFs) used an EHR in 2016 (64 percent), there is considerable work to be done to increase adoption and the exchange of data in this provider population. In that same year, only three out of 10 SNFs electronically exchanged (that is, sent or received) key clinical health information, and only 7 percent had the ability to electronically send, receive, find, and integrate patient health information. In 2017, an ONC survey found that more HHA) (78 percent) adopted EHRs than SNFs (66 percent), but integration of received information continued to lag behind for both HHAs (36 percent) and SNFs (18 percent). While both ONC surveys focused on SNFs, it is important to note the large provider overlap between SNFs and other nursing facilities. In 2014, 14,409 out of 15,640 (92 percent) of nursing homes were certified for both Medicare and Medicaid.
Long-term hospitals, inpatient rehabilitation facilities (IRFs), SNFs, and HHAs are required to submit to CMS standardized patient assessment data described in section 1899B(b)(1) of the Act (as added by section 2(a) of the Improving Medicare Post-Acute Care Transformation Act of 2014 (IMPACT Act) (Pub. L. 113-185, enacted October 6, 2014)). We have defined the term “standardized patient assessment data” (or “standardized resident assessment data” for purposes of SNFs) as patient or resident assessment questions and
The Privacy, Security, and Breach Notification Rules under HIPAA (45 CFR parts 160 and 164) support interoperability by providing assurance to the public that PHI as defined in 45 CFR 160.103 is maintained securely and shared only for appropriate purposes or with express authorization of the individual. For more than a decade, the HIPAA Rules have provided a strong privacy and security foundation for the health care system. However, we have heard that lack of harmonization between federal and state privacy and security standards can create uncertainty or confusion for HIPAA covered entities that want to exchange health information. Resources about how the HIPAA Rule permits health care providers and health plans to share health information using health IT for purposes like treatment or care coordination is available on the HHS OCR website. See
Although barriers to interoperability do exist, HHS and private industry are actively working to address them. On June 6, 2018, the HHS Deputy Secretary initiated the Regulatory Sprint to Coordinated Care (RS2CC). In support of this effort, the HHS Office of Inspector General (OIG) released an RFI on barriers to coordinated care or value-based care, which was out for public comment through October 26, 2018 (83 FR 43607). Together, CMS and ONC are working to address information blocking via rulemaking. We are actively working to improve data standardization, particularly through the use of APIs. And, we are using available policy levers to encourage greater adoption of EHR technology and interoperability among PAC providers. We provide resources to help providers see how HIPAA and interoperability work together. And, we are leveraging private sector relationships to find patient matching solutions in lieu of a patient identifier.
To empower beneficiaries of Medicaid and CHIP FFS programs and enrollees in MA organizations, Medicaid and CHIP managed care entities, and QHP issuers in the FFEs (when mentioned throughout this proposed rule, this includes QHPs certified by FFEs regardless of whether enrollees enroll through the FFE or off the FFE), we are proposing several initiatives to break down the barriers that impede patients' ease of access to their electronic health care information; we propose to create and implement new mechanisms for them to access to their own health care information, as well as the ability to decide how, when, and with whom to share their information. We are proposing to require that a variety of information be made accessible to these impacted patients via “openly published” (or simply “open”) APIs- that is, APIs for which the technical and other information required for a third-party application to connect to them is publicly available. This will provide these patients with convenient access to their health care information in accordance with the HIPAA Privacy Rule access standard at 45 CFR 164.524, and an increase in their choice of applications with which to access and use their own electronic health information, as discussed above, and other information relevant to managing their health, enabling open APIs to improve competition and choice as they have in other industries. We propose to require MA organizations, Medicaid state agencies, state CHIP agencies, Medicaid managed care plans, CHIP managed care entities, and QHP issuers in FFEs (by requiring them to comply with the proposed ONC standard) to implement open APIs consistent with the API technical standards proposed by ONC for adoption by HHS and to use content and vocabulary standards adopted by HHS at 45 CFR part 162 and 42 CFR 423.160, and proposed by ONC for adoption by HHS at 45 CFR 170.213 (published elsewhere in this issue of the
Effective coordination and appropriate sharing of enrollee information between health plans can reduce the need for providers to write duplicative letters of medical necessity, or it could reduce instances of subjecting beneficiaries to unnecessary repetition of step therapy, or repeated utilization reviews, risk screenings and assessments. It could also help to streamline prior authorization procedures or reduce instances where the clinician might need to intervene personally with a payer to ensure his or her patient received the treatment necessary. We are proposing to require payers to support beneficiaries in coordinating their own care via payer to payer care coordination. In addition to existing care coordination efforts between plans, we propose that a plan must, if asked by the beneficiary, forward his or her information to a new plan or other entity designated by the beneficiary for up to 5 years after the beneficiary has disenrolled with the plan. Such transactions would be made in compliance with applicable laws. We are proposing a requirement for MA Plans, Medicaid and CHIP Managed Care entities (MCOs, PIHPs, PAHPs), and QHP issuers in FFEs to coordinate care between plans by exchanging, at a minimum, the data elements in the United States Core Data for Interoperability (USCDI) standard
We believe that payers' ability to share enrollee claims, encounter data, utilization history, and clinical health information they may have for their enrollees with one another, as well as their ability to share that information with patients and health care providers, when approved by the patient and appropriate under applicable law, using interoperable electronic means will considerably improve patient access to information, reduce provider burden, and reduce redundant and otherwise unnecessary data-related policies and procedures. We are proposing to require that all MA organizations, Medicaid and CHIP Managed Care entities (MCOs, PIHPs, and PAHPs), and QHP issuers in FFEs (with the exception of stand-alone dental plans (SADPs)) must participate in a trusted health information exchange network meeting criteria for
States and CMS routinely exchange data to support the administration of benefits to Medicare-Medicaid dually eligible beneficiaries. This includes “buy-in” data on who is enrolled in Medicare, and who is liable for paying the dual eligible beneficiary's Part A and B premiums. Buy-in data exchanges support state, CMS, and Social Security Administration (SSA) premium accounting, collections, and enrollment functions. This also includes “MMA” data on dual eligibility status (called the “MMA file” after the Medicare Prescription Drug, Improvement and Modernization Act of 2003 (MMA) (Pub. L. 108-173, enacted December 8, 2003)), which are used in all four Parts of Medicare. We are proposing to establish frequency requirements to require all states to participate in daily exchange of buy-in data with CMS by April 1, 2022, and to update frequency requirements to require all states to submit MMA file data to CMS daily by April 1, 2022.
We are actively working with our partners throughout HHS to deter the practice of information blocking. We believe it would benefit patients to know if their health care providers attested negatively to any of the prevention of information blocking attestation statements under the Quality Payment Program (QPP) or the Medicare FFS Promoting Interoperability Program. In previous testing with patients and caregivers, we have learned that effective use of CEHRT is important to them when making informed health care decisions. To address this issue, we are proposing to publicly post information about negative attestations on appropriate CMS websites.
Section 4003 of the Cures Act recognized the importance of making provider digital contact information available through a common directory. To facilitate this, CMS has updated the National Plan and Provider Enumeration System (NPPES) to be able to capture this digital contact information. Now that the systems are in place, we seek to increase the number of clinicians with valid and current digital contact information available through NPPES. We are proposing to publicly identify those clinicians who have not submitted digital contact information in NPPES. Further, we are proposing to align program requirements for MA organizations, Medicaid state agencies, Medicaid managed care plans, CHIP agencies that operate FFS systems, CHIP managed care entities, and QHP issuers in FFEs (with the exception of issuers of SADPs) such that each payer/plan issuer would make provider directory information publicly available via an API.
Electronic patient event notifications from hospitals, or clinical event notifications, are widely recognized as an effective tool for improving care coordination across settings, especially for patients at admission, discharge, and transfer. We are proposing to revise the conditions of participation for hospitals (including short-term acute care hospitals, long-term care hospitals (LTCHs), rehabilitation hospitals, psychiatric hospitals, children's hospitals, and cancer hospitals) and CAHs to require that these entities send patient event notifications to another health care facility or to another community provider. We propose to limit this requirement to only those Medicare- and Medicaid-participating hospitals and CAHs that possess EHRs systems with the technical capacity to generate information for electronic patient event notifications.
We also plan to test ways to promote interoperability across the health care spectrum through models tested by the Center for Medicare and Medicaid Innovation (“Innovation Center”). Innovation Center models offer a unique opportunity to engage with health care providers and other entities in innovative ways and to test concepts that have the ability to accelerate change in the U.S. health care system, including to promote interoperability. As such, we are soliciting public comment on general principles around interoperability within Innovation Center models for integration into new models, through provisions in model participation agreements or other governing documents. In applying these general principles, we intend to be sensitive to the details of individual model design, and the characteristics and capacities of the participants in each specific model.
One of the many proposals we considered but did not include in this proposed rule was a proposal to make updates to the Promoting Interoperability Program (formerly the Medicare and Medicaid EHR Incentive Programs) to encourage eligible hospitals and CAHs to engage in certain activities focused on interoperability. This concept was initially introduced in a request for public comment in the FY 2019 IPPS/LTCH PPS proposed rule (83 FR 20537 through 20538). We discussed a possible future strategy in which we would create a set of priority health IT or “interoperability” activities that would serve as alternatives to measures in the Promoting Interoperability Program. We discussed creating a set of priority health IT activities with a focus on interoperability and simplification to reduce health care provider burden while allowing flexibility to pursue innovative applications of health IT to improve care delivery. We offered three different examples of activities which might be included under such an approach, including:
• Participation in, or serving as, a health information network which is part of the Trusted Exchange Framework and Common Agreement (TEFCA);
• Maintaining an open API which allows persistent access to third parties which enables patients to access their health information; and
• Participating in piloting and testing of new standards that support emerging interoperability use cases.
While we are not proposing this here, we expect to introduce a proposal for establishing “interoperability activities” in the FY 2020 IPPS/LTCH PPS rulemaking in conjunction with other updates to the Promoting Interoperability Program. To help inform future rulemaking, we invite comments on the concepts discussed above, as well as other ideas for “interoperability activities” for which eligible hospitals and CAHs could receive credit in lieu of reporting on program measures.
Finally, we include two RFIs. One related to interoperability and health IT adoption in PAC settings, and one related to the role of patient matching in interoperability and improved patient care.
The MACRA defines interoperability as the ability of two or more health information systems or components to exchange clinical and other information and to use the information that has been exchanged using common standards such as to provide access to longitudinal information for health care providers in order to facilitate coordinated care and improved patient outcomes. Interoperability is also defined in section 3000 of the Public Health Service Act (PHSA) (42 U.S.C. 300jj), as amended by section 4003 of the Cures Act. Under that definition, “interoperability”, with respect to health IT, means such health IT that enables the secure exchange of electronic health information with, and use of electronic health information from, other health IT without special
We believe the PHSA definition of interoperability is useful as a foundational reference for our approach to advancing interoperability and exchange of electronic health information for individuals throughout the United States, and across the entire spectrum of provider types and care settings with which health plan issuers and administrators need to efficiently exchange multiple types of relevant data. We note the PHSA definition of interoperability is not applied only to a specific program or initiative but to all activities under the title of the PHSA that establishes ONC's responsibilities to support and shape the health information ecosystem, including exchange infrastructure for the United States health care system as a whole. The PHSA definition of interoperability is also consistent with HHS's vision and strategies for achieving a health information ecosystem within which all individuals, their families, and health care providers are able to send, receive, find, and use electronic health information in a manner that is appropriate, secure, timely, and reliable to support the health and wellness of individuals through informed, shared decision-making,
A core policy principle we aim to support across all proposals in this proposed rule is that every American should be able, without special effort or advanced technical skills, to see, obtain, and use all electronically available information that is relevant to their health, care, and choices—of plans, providers, and specific treatment options. This includes two types of information: Information specifically about the individual that requires appropriate diligence to protect the individual's privacy, such as their current and past medical conditions and care received, as well as information that is of general interest and should be widely available, such as plan provider networks, the plan's formulary, and coverage policies.
While many consumers today can often access their own electronic health information through patient/enrollee portals and proprietary applications made available by various providers and health plans, they must typically go through separate processes to obtain access to each system, and often need to manually aggregate information that is delivered in various, often non-standardized, formats. The complex tasks of accessing and piecing together this information can be burdensome and frustrating to consumers.
In contrast, consider the ease with which consumers can choose and use a navigation application which integrates information on their current location, preferences, and real-time traffic conditions to choose the best route to a chosen destination. Consumers do not have to log into a different “location” portal to learn their current geographic coordinates, write them down, and then log into a separate “map” portal to enter their current coordinates to request directions to their destination.
An API can be thought of as a set of commands, functions, protocols, or tools published by one software developer (“A”) that enable other software developers to create programs (applications or “apps”) that can interact with A's software without needing to know the internal workings of A's software, all while maintaining consumer privacy data standards. This is how API technology enables the seamless user experiences associated with applications familiar from other aspects of many consumers' daily lives, such as travel and personal finance. Standardized, transparent, and pro-competitive API technology can enable similar benefits to consumers of health care services.
While acknowledging the limits of our authority to require use of APIs to address our goals for interoperability and data access, we are proposing in this rule to use our programmatic authority in Medicare, Medicaid, CHIP, and over QHPs in FFEs to advance these goals. Therefore, we are proposing to require that a variety of data be made accessible to MA enrollees, Medicaid beneficiaries, CHIP enrollees, and enrollees in QHPs in FFEs, by requiring that MA organizations, Medicaid state agencies, Medicaid managed care plans, CHIP agencies, CHIP managed care entities, and QHPs in FFEs, adopt and implement “openly published” (or simply “open”) APIs. Having certain data available through open APIs would allow these enrollees to use the application of their choice to access and use their own electronic health information and other information relevant to managing their health.
Much like our efforts under the Medicare Blue Button 2.0 and MyHealthEData initiatives, which made Parts A, B, and D claims data available to Medicare beneficiaries, our proposal would result in claims and coverage information being accessible for the vast majority of Medicare beneficiaries by requiring MA organizations to take new steps—by implementing the API described in this proposed rule—to make claims data available to their enrollees. We expect that our proposal would also benefit all Medicaid beneficiaries because our proposal applies to Medicaid state agencies (which administer Medicaid FFS programs), and all types of Medicaid managed care plans (MCOs, PIHPs, and PAHPs), and CHIP agencies (which administer CHIP FFS) and CHIP managed care entities (MCOs, PIHPs, and PAHPs). Finally, while our proposal is only applicable to QHPs in FFEs, we hope that states operating Exchanges might consider adopting similar requirements for QHPs in State-Based Exchanges (SBEs), and that other payers in the private sector might consider voluntarily offering data accessibility of the type included in this proposal so that even more patients across the American health care system can easily have and use such information to advance their choice and participation in their health care. We hope that the example being set by CMS will raise consumers' expectations and encourage other payers in the market to take similar steps to advance patient access and empowerment outside the scope of our proposed requirements.
An “open API,” for purposes of this proposed rule, is simply one for which the technical and other information required for a third-party application to connect to it is openly published. Open API does not imply any and all applications or application developers would have unfettered access to people's personal or sensitive information. Rather, an open API's published technical and other information specifically includes what an application developer would need to
We recommend reviewing the discussion of the standardized API criterion and associated policy principles and technical standards included in ONC's proposed rule “21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program” (published elsewhere in this issue of the
In developing this proposed rule, we considered how to advance the sort of interoperability and innovation in the health system supported by open APIs in other industries. We have also collaborated with ONC to align with and leverage relevant API policies ONC has proposed to implement Cures Act requirements. In general, we believe three attributes of open APIs are particularly important to achieve the goal of offering individuals convenient access, through applications they choose, to available and relevant electronic health information. The three API attributes are:
• The API technologies themselves, not just the data accessible through them, are standardized;
• The APIs are technically transparent; and
• The APIs are implemented in a pro-competitive manner.
In this section, we discuss these concepts generally and how they are applicable in the health care context for all payers, as well as explain how these are relevant to our specific proposals, which are discussed in detail in section III. of this proposed rule.
Technical consistency and implementation predictability are fundamental to scale API-enabled interoperability and reduce the level and costs of custom development otherwise necessary to access, exchange, and use health information. From an industry standpoint, a consistent and predictable set of API functions, as well as content and formatting standards, provide the health IT ecosystem with known technical requirements against which application developers can build applications (including but not limited to “mobile apps”) and other innovative services which users can select to access and manage the data they need. Therefore, to achieve interoperability consistent with the PHSA definition, the proposals in section III. of this proposed rule would effectively require that API technologies deployed by health plans subject to this rule use modern computing standards (such as RESTful interfaces
Transparency and openness around API documentation is commonplace in many other industries and has fueled innovation, growth, and competition. Documentation associated with APIs deployed by health care providers, health plans, and other entities engaged in exchanging electronic health information typically addresses the information that would be material to persons and entities that use or create software applications that interact with the API (API users). Information material to API users includes, but is not necessarily limited to, all terms and conditions for use of the API, including terms of service, restrictions, limitations, obligations, registration process requirements, or other similar requirements that would be needed to:
• Develop software applications to interact with the API;
• Connect software applications to the API to access electronic health information through the API;
• Use any electronic health information obtained by means of the API technology; and
• Register software applications to connect with the API.
As discussed in section III. of this proposed rule, we are proposing that certain entities (MA organizations, State Medicaid agencies, Medicaid managed care plan, State CHIP agencies, CHIP managed care entities, and QHPs in FFEs), supported by the suppliers of their API technology, and for the API technology they use to comply with the requirements we propose in this proposed rule, be required to make freely and publicly accessible the specific business and technical documentation necessary to interact with these APIs. Thus, we propose to require that these entities comply with the requirements that ONC has proposed that the Secretary adopt for developers and users of health IT certified to the API criteria at 45 CFR 170.315 (published elsewhere in this issue of the
Pro-competitive practices in selecting, configuring, and maintaining APIs are those business practices that promote the efficient access to, exchange of, and use of electronic health information to support a competitive marketplace that enhances consumer value and choice of direct-to-consumer technology, health coverage, and care. We believe that an ultimate goal of all participants in the health care ecosystem is that individuals should be able to use an application they choose to connect and access, without special effort, their electronic health information held by health care providers, health plans, or any health information networks, within practical and prudent limits that do not needlessly hinder their ability to connect to the API in a persistent manner.
Such acceptable limits include technical compatibility and ensuring the application does not pose an unacceptable level of risk to a system when connecting to an API offered by that system, consistent with the HIPAA Privacy and Security Rules and guidance issued by the HHS OCR,
We recognize that organizations subject to the open API requirements proposed in section III. of this proposed rule need to take reasonable and necessary steps to fulfill the organizations' duties under all applicable laws and regulations to protect the privacy and security of personally identifiable information (PII), including but not limited to PHI under HIPAA as defined at 45 CFR 160.103; those privacy and security protection obligations remain applicable even in the context of complying with our proposal. However, we do not believe it is appropriate to use security and privacy concerns as an opportunity to engage in anti-competitive practices. Anti-competitive practices might include declining to assess the technical compatibility or security risk of an application provided to prospective enrollees by a competing plan, despite an enrollee request to disclose their PHI to that application through the API.
We have received a wide range of stakeholder feedback on privacy and security issues in response to prior proposals
We appreciate these concerns. Deploying API technology that offers consumers the opportunity to access their electronic health information that is held by a covered entity (which includes but is not limited to MA organizations, the Medicare Part A and B programs, the Medicaid program, CHIP, QHP issuers on the FFE, and other health plan issuers) does not lessen the covered entity's duties under HIPAA and other law to protect the privacy and security of information it holds, including but not limited to PHI. A covered entity implementing an API to enable individuals to access their health information must take reasonable steps to ensure an individual's information is only disclosed as permitted or required by applicable law. The entity must take greater care in configuring and maintaining the security functionalities of the API and the covered entities' electronic information systems to which it connects than would be needed if it was implementing an API simply to allow easier access to widely available public information.
HIPAA covered entities and their business associates continue to be responsible for compliance with the HIPAA Rules, the Federal Trade Commission Act (FTC Act), and all other laws applicable to their business activities including but not limited to their handling of enrollees' PHI and other data. As we state repeatedly throughout this proposed rule, nothing in this proposed rule is intended to alter or should be construed as altering existing responsibilities to protect PHI under the HIPAA Rules and requirements.
However, we note that a number of stakeholders may believe that they are responsible for determining whether an application to which an individual directs their PHI be disclosed applies appropriate safeguards for the information it receives. Based on the OCR guidance discussed below, covered entities are not responsible under the HIPAA Rules for the security of PHI once it has been received by a third-party application chosen by an individual.
Under the HIPAA Privacy Rule,
We refer readers to further OCR guidance on related issues, including: The liability of a covered entity in responding to an individual's access request to send the individual's PHI to a third party (FAQ 2039);
We have also noted stakeholder concerns about protections which apply to non-covered entities such as direct-
When a non-HIPAA-covered entity discloses an individual's confidential information in a manner or for a purpose not consistent with the privacy notice and terms of use to which the individual agreed, the FTC has authority under the FTC Act to investigate and take action against unfair or deceptive trade practices. The FTC has applied this authority to a wide variety of entities. The FTC also enforces the FTC Health Breach Notification Rule, which applies to certain types of entities that fall outside of the scope of HIPAA, and therefore, are not subject to the HIPAA Breach Notification Rule.
We recognize that this is a complex landscape for patients, who we anticipate will want to exercise due diligence on their own behalf in reviewing the terms of service and other information about the applications they consider selecting. Therefore, we propose in section III. of this proposed rule specific requirements on the payers subject to these proposed regulations to ensure enrollees have the opportunity to become more informed about how to protect their PHI, important things to consider in selecting an application, and where they can lodge a complaint if they believe a HIPAA covered entity or business associate may have breached their duties under HIPAA or if they believe they have been subjected to unfair or deceptive actions or practices related to a direct-to-consumer application's privacy practices or terms of use.
In some circumstances, information that would be required to be made available through an API per an enrollee's information request under this proposed rule—which we view as consistent with the enrollee's right of access from a covered entity under the Privacy Rule—may not be readily transferable through the API. For instance, the covered entity may not hold certain information electronically. However, such a scenario would in no way limit or alter responsibilities and requirements under other law (including though not limited to HIPAA Privacy, Security, and Breach Notification Rules) that apply to the organizations that would be subject to our proposed regulations. Even if the open API access requirements proposed in section III.C. of this proposed rule were to be finalized and implemented, the organization may still be called upon to respond to individuals' request for information not available through the API, or for all of their information through means other than the API. We encourage HIPAA covered entities or business associates to review the OCR website for resources on the individual access standard at
Achieving interoperability throughout the health system is essential to achieving an effective, value-conscious health system within which consumers are able to choose from an array of health plans and providers. An interoperable system should ensure that consumers can both easily access their electronic health information held by plans and routinely expect that their claims, encounter, and other relevant health history information will follow them smoothly from plan to plan and provider to provider without burdensome requirements for them or their providers to reassemble or re-document the information. Ready availability of health information can be especially helpful when an individual cannot access their usual source of care, for instance if care is needed outside their regular provider's business hours, while traveling, or in the wake of a natural disaster.
The specific proposals within this rule as described in section III.C.2. would impose new requirements on MA organizations, state Medicaid and CHIP FFS programs, Medicaid managed care plans, CHIP managed care entities, and QHP issuers in FFEs (excluding issuers of SADPs) to implement standardized, transparent APIs. Using the API, these entities would be required to provide current and former enrollees with certain claims and encounter data and certain specific clinical information. These entities would also be required to make available through the API information already required to be widely available, such as provider directory and plan coverage information. In developing our proposal delineating the information that must be available through an API consistent with the proposed technical requirements, we were guided by an intent to have available through the API all of the individual's electronic health information held by the plan in electronic format that is compatible with the API or that can, through automated means, be accurately rendered compatible with representation through the API. We were also guided by an intent to make available through standardized, transparent API technology all of the provider directory and plan coverage information that is held in formats readily compatible with the API.
Both the API technology itself and the data it makes available must be standardized to support true interoperability. Therefore, we propose in section III.C.2.b. of this proposed rule to require compliance with both (1) ONC's 21st Century Cures Act proposed regulations regarding content and vocabulary standards for representing electronic health information and (2) technical standards for an API by which the electronic health information must be made available. For the proposals described in section III.C.2.b. of this proposed rule (which include purposes
In proposing to require that regulated entities comply with ONC-proposed regulations (published elsewhere in this issue of the
While we intend to preclude regulated entities from using content and vocabulary standards other than those described in 42 CFR 423.160, 45 CFR part 162, or proposed 45 CFR 170.213 and 170.215, we recognize there may be circumstances which render the use of other content and vocabulary alternatives necessary. As discussed below, we propose to allow the use of other alternatives in two circumstances. First, where other content or vocabulary standards are expressly mandated by applicable law, we would allow for use of those other mandated standards. Second, where no appropriate content or vocabulary standard exists within 45 CFR part 162, 42 CFR 423.160, or proposed 45 CFR 170.213 and 170.215, we would allow for use of any suitable gap-filling options, as may be applicable to the specific situation.
We are using two separate rulemakings because ONC's 21st Century Cures Act proposed rule, which includes API interoperability standards proposed for HHS adoption, would have broader reach than the scope of this proposed rule. At the same time, we wish to assure stakeholders that the API standards required of MA organizations, state Medicaid agencies, state CHIP agencies, Medicaid managed care plans, CHIP managed care entities, and QHP issuers in FFEs under this proposal would be consistent with the API standards proposed by ONC for HHS adoption because we would require that the regulated entities follow specified, applicable provisions of the ONC-proposed requirements.
Requiring that regulated entities comply with the regulations regarding standards in ONC's 21st Century Cures Act proposed rule will support greater interoperability across the health care system, as health IT products and applications that will be developed for different settings and use cases would be developed according to a consistent base of standards that supports more seamless exchange of information. We welcome public comment on the proposed required compliance with regulations regarding standards in this proposed rule to those proposed for adoption by HHS through ONC' 21st Century Cures Act proposed rule, as well as on the best method to provide support in identifying and implementing the applicable content and vocabulary standards for a given data element.
Finally, while we believe that the proposed required compliance with regulations regarding standards requirements in this proposed rule to those proposed by ONC for HHS adoption is the best approach, we seek public comment on an alternative by which CMS would separately adopt the proposed ONC standards identified throughout this proposed rule, as well as future interoperability, content and vocabulary standards. We anticipate that any such alternative would include incorporating by reference the FHIR and OAuth technical standards and the USCDI content and vocabulary standard (described in sections II.A.3.b. and II.A.3.a. of this proposed rule, respectively) in CMS regulation, and replacing references to ONC regulations at 45 CFR 170.215, 170.213, and 170.205, respectively. However, we specifically seek comment on whether this alternative would present an unacceptable risk of creating multiple regulations requiring standards or versions of standards across HHS' programs, and an assessment of the benefits or burdens of separately adopting new standards and incorporating updated versions of standards in CFR text on a program by program basis. Furthermore, we seek comment on: How such an option might impact health IT development timelines; how potentially creating multiple regulations regarding standards over time across HHS might impact system implementation; and other factors related to the technical aspect of implementing these requirements.
The HHS-adopted content and vocabulary standards applicable to the data provided through the API will vary by use case and within a use case. For instance, content and vocabulary standards supporting consumer access vary according to what specific data elements MA organizations, state Medicaid and CHIP FFS programs, Medicaid managed care plans, CHIP managed care entities, and QHP's in FFEs have available electronically. Where another law does not require use of a specific standard, we are proposing to require use of, in effect, a catalogue of content and vocabulary standards from which the regulated entities may choose in order to satisfy the proposed requirements in 42 CFR 422.119, 431.60, 457.730, 438.252, and 457.1233, and 45 CFR 156.221.
We propose in section III.C.2.b. of this proposed rule that the applicable entity must comply with regulations regarding certain content and vocabulary standards for data available through the API, where applicable to the data type or data element, unless an alternate standard is required by other applicable law. Specifically, we propose the applicable entity must use:
• Content and vocabulary standard ONC proposes for HHS adoption at 45 CFR 170.213 (USCDI Version 1) where such standards are the only available standards for the data type or element;
• HIPAA Administrative Simplification transaction standards under 45 CFR part 162 or the Part D e-prescribing transaction standards at 42 CFR 423.160 where required by other applicable law, or where such standards are the only available standards for the data type or element; or
• Where a specific data type or element might be encoded or formatted using either a 45 CFR part 162 or 42 CFR 423.160 standard or the USCDI Version 1 standard at 45 CFR 170.213, the applicable entity may use any of these content and vocabulary standards as determined appropriate for the data type or element. We describe these proposals in more detail below.
First, we propose in section III.C.2.b. of this proposed rule to require compliance with the ONC-proposed regulations regarding the content and vocabulary standard at 45 CFR 170.213 as applicable to the data type or data element. This is the USCDI Version 1 set of data classes that can be supported by commonly used standards, and establishes a minimum set of data classes that would be required to be interoperable nationwide.
Second, we propose to require that entities use standards specified at 45 CFR part 162 for HIPAA transactions as required by applicable law, as well as the standards specified at 42 CFR 423.160 for Part D e-prescribing transactions, as required by applicable law. We reiterate that this proposed rule would not alter these other regulations, and should not be construed as altering any organization's compliance requirements for these other regulations. The standards proposed in this regulation are intended for instances where other statutes and regulations do not dictate the standard by which regulated parties are to convey or otherwise make available electronic information.
Where there is no legally mandated standard applicable to a specific data type or data element in a particular exchange context, and the HIPAA Administrative Simplification transaction standards under 45 CFR part 162 or the Part D e-prescribing transaction standards at 42 CFR 423.160 are the only standards available for a specific data element or type, we propose to require entities subject to these proposals to use these HIPAA standards when making data available through the API. We further clarify that, for purposes of formatting, making available, and sending electronic data under this proposed rule, we would require compliance with: (1) The content and vocabulary standards identified in 45 CFR part 162 regardless of whether the entities are covered entities, and (2) the Part D e-prescribing standards in 42 CFR 423.160 to exchange e-prescribing and related data (such as drug formulary and preferred drug list data) regardless of whether they are conducting a Part D e-prescribing transaction.
Third, in information exchanges where applicable law does not mandate a certain standard and where a specific data type or element might be encoded or formatted using the 45 CFR part 162 or 42 CFR 423.160 standard, or the USCDI Version 1 standard at 45 CFR 170.213, we propose in section III.C.2.b. of this proposed rule that the regulated entities subject to our proposal would have the freedom to provide data through the API that complies with any of these format or encoding standards. Specifically, we believe payers should use standards that are most efficient and effective based on their existing systems, data mapping considerations, or those standards that best meets enrollees' needs, while remaining technically practicable for use in conjunction with API technology conformant to the 45 CFR 170.215 proposed standards (published elsewhere in this issue of the
Finally, we encourage payers or plans to implement additional, widely used, consensus-based standards identified by other means—such as by HHS for other purposes or through a consensus standards development organization—for additional data in their information systems for which no standard is adopted at 45 CFR part 162, 42 CFR 423.160, or 45 CFR 170.213 to the extent feasible, while maintaining compatibility with the required API technical standards. We also encourage entities to pilot emerging standards identified by HHS, or by a consensus standards development organization through development or approval for trial use, where such a pilot maintains compatibility with the proposed API technical standards. However, MA organizations, state Medicaid and CHIP agencies, Medicaid managed care plans, CHIP managed care entities, and QHPs in FFEs that choose to make non-standardized data available through their APIs would be required to ensure that their API documentation provides sufficient information to an application developer for their applications to handle this information accurately and automatically. We welcome public comment on these proposals.
In section III.C.2.b. of this proposed rule, we propose to require compliance with the API technical standard proposed by ONC for HHS adoption at 45 CFR 170.215 (published elsewhere in this issue of the
The FHIR standard holds great potential for supporting interoperability and enabling new entrants and competition throughout the health care industry. FHIR leverages modern computing techniques to enable users to access health care “resources” over the internet via a standardized RESTful API. Developers can create tools that interact with FHIR APIs to provide actionable data to their stakeholders. In the short time since FHIR was first created, the health care industry has rapidly embraced the standard through substantial investments in industry pilots, specification development, and the deployment of FHIR APIs supporting a variety of business needs. With the exception of the API Resource Collection in Health (ARCH) (proposed by ONC for HHS adoption at 45 CFR 170.215(a)(2)), the API technology standards and implementation specifications proposed at 45 CFR 170.215 (published elsewhere in this issue of the
We note that while all APIs that would be used by software applications to provide consumers access to their electronic health information would be required to adhere to the foundational FHIR standard, and other essential standards such as security protocols applicable to the data exchanged, we do not anticipate that all of the standards, implementation specifications, and
We note that an API implemented by regulated entities described in section III.C. of this proposed rule is not required to be certified by ONC under the ONC Health IT Certification Program for the related certification criteria. Furthermore, because the data required to be made available by an API as proposed in section III.C. of this proposed rule includes information beyond the USCDI Version 1 data set (proposed by ONC for HHS adoption at 45 CFR 170.213), certification to the ONC certification criteria at 45 CFR 170.215 would not alone be sufficient to ensure the API's capacity to support the full range of data elements required under the proposal in section III.C. of this proposed rule.
Finally, we are aware that the implementation specifications currently proposed by ONC for HHS adoption at 45 CFR 170.215 (published elsewhere in this issue of the
As noted in our proposal in section III.C.2.b. of this proposed rule, we have determined to align our proposal to the types of data, technology use, and available standards that are consistent with an overall HHS approach to support interoperability while mitigating provider and developer burden by requiring compliance with applicable HHS regulations. We hope to see continued innovation and advancement in standards development for identified gaps in health information data classes and data elements, as well as improved bi-directional patient engagement functionalities. For example, we are not proposing to require that organizations subject to the requirements proposed in section III.C. of this proposed rule offer patients or providers the ability through the API to write information directly to patient records held by the organization. However, we hope that organizations and their health IT developers build on the API technology we do propose to require and accelerate innovation responsive to providers' and patients' calls for API write functionality at the fastest pace practicable given the maturity of needed standards. We believe this innovation may be fostered by the concrete steps forward in data exchange and API capabilities we are proposing to require across the significant segment of payers subject to this proposed rule.
In addition to our efforts to align standards across HHS, we recognize that while we must codify in regulation a specific version of each standard, the need for continually evolving standards development has historically outpaced our ability to amend regulatory text. In order to address how standards development can outpace our rulemaking schedule, we propose in section III.C.2.b. of this proposed rule that regulated entities may use updated versions of required standards if use of the updated version is required by other applicable law.
In addition, under certain circumstances, we propose to allow use of an updated version of a standard if the standard is not prohibited under other applicable law. Where a single standard is updated more than once in a brief period of time and upon review of the standard HHS determines that—to reduce fragmentation and preserve efficacy—only the latest of the updated versions should be used. We will publish subregulatory guidance to that effect.
For content and vocabulary standards at 45 CFR part 162 or 42 CFR 423.160, we propose to allow the use of an updated version of the content or vocabulary standard adopted under this rulemaking, unless the use of the updated version of the standard is prohibited for entities regulated by that part or the program under that section, or prohibited by the Secretary for purposes of these policies or for use in ONC's Health IT Certification Program, or is precluded by other applicable law.
For the content and vocabulary standards proposed by ONC for HHS adoption at 45 CFR 170.213 (USCDI Version 1),
As described in the ONC 21st Century Cures Act proposed rule, under the proposed ONC Standards Version Advancement Process, ONC would allow health IT developers participating in the ONC Health IT certification program to voluntarily use updated versions of adopted standards in their certified Health IT Modules, so long as certain conditions are met. The proposed Standards Version Advancement Process flexibility gives health IT developers the option to avoid unnecessary costs and is expected to help reduce market confusion by enabling certified Health IT Modules to keep pace with standards advancement and market needs. Once a standard has been adopted for use in ONC's Health IT Certification Program through notice and comment rulemaking, ONC would undertake an annual, open and transparent process, including opportunity for public comment, to timely ascertain whether a more recent version of that standard or implementation specification should be approved for developers' voluntary use. ONC expects to use an expanded section
In providing flexibility to the plans and payers that will be required to implement APIs that use the content and vocabulary standards identified in this proposed rule, we also believe it is important to maintain compatibility and avoid a disruption or reduction in data availability to the end user. Entities subject to the proposed regulations seeking to use an updated version of a standard must consider factors such as the impact of differences between standards versions and the potential burden on developers and end users to support transitioning between versions. We expect that these practical considerations to maintain compatibility and avoid disruption will discourage premature use of new versions of a standard.
Therefore, we propose in section III.C.2.b. of this proposed rule that an entity may use an updated version of a required standard so long as use of the updated version does not disrupt an end user's ability to access the data available through the API proposed in section III. of this proposed rule. Entities that would be required to implement an open API under this rulemaking would be free to upgrade to newer versions of the required standards, subject only to those limiting conditions noted here, at any pace they wish. However, they must continue to support connectivity, and make the same data available, for end users using applications that have been built to support only the HHS-adopted version(s) of the API standards.
We welcome public comment on this proposed approach to allow voluntary use of updated versions of these standards.
We are committed to advancing interoperability, putting patients at the center of their health care, and ensuring they have simple and easy access, without special effort, to their health information. With the establishment of the initial Medicare Blue Button® service in 2010, Medicare beneficiaries became able to download their Part A, Part B, and Part D health care claims data through
Medicare Blue Button 2.0 is a new, modernized version of the original Blue Button service. It enables beneficiaries to access their Medicare Parts A, B, and D claims data and share that electronic health information through an Application Program Interface (API) with applications, services, and research programs they select. As discussed in more detail in section II.A. of this proposed rule, API technology allows software from different developers to connect with one another and exchange electronic health information in electronic formats that can be more easily compiled and leveraged by patients and their caregivers. Beneficiaries may also select third-party applications to compile and leverage their electronic health information to help them manage their health and engage in a more fully informed way in their health care.
Medicare Blue Button 2.0 is expected to foster increased competition among technology innovators who serve Medicare patients and their caregivers, such as through finding better ways to use claims data to address their health needs. Patients should have the ability to access their health information, in a format of their choosing, to receive a full picture of their health records. API technology can be an effective way to share data because health information from various sources can be retrieved through these secure interfaces and consolidated by a single tool, such as a third-party application chosen by, in the case of Medicare, the beneficiary or their caregiver.
The Medicare Blue Button 2.0 API is also expected to improve the Medicare beneficiary experience by providing beneficiaries secure access to their claims data in a standardized, computable format. We recognize that data security is of the utmost importance and are dedicated to safeguarding patient health information so that only the beneficiary and their authorized personal representative would have the ability to authorize release of their health information through Medicare Blue Button 2.0 to a third-party software application.
Medicare Blue Button 2.0 will provide beneficiaries with a longitudinal view of their Medicare claims data, which can then be combined with other health information within third party applications. One benefit of making records available via an API is that it enables a beneficiary to pull Medicare health information along with other heath information into a single application not dictated by any specific health plan, provider, or portal. APIs allow health information to move through the health ecosystem with the patient and ensure comprehensive and timely information is accessible even if the patient changes health plans, providers, or both over time, facilitating continuity of care.
We believe there are numerous benefits associated with individuals having simple and easy access to their health care data under a standard that is widely used. Claims and encounter data, used in conjunction with EHR data, can offer a broader and more holistic understanding of an individual's interactions with the health care system than EHR data alone. For example, inconsistent benefit utilization patterns in an individual's claims data, such as a failure to fill a prescription or receive recommended therapies, can indicate that the individual has had difficulty adhering to a treatment regimen and may require less expensive prescription drugs or therapies, additional explanation about the severity of their condition, or other types of assistance. Identifying and
Further, consumers who have immediate electronic access to their health information are empowered to make more informed decisions when discussing their health needs with providers, or when considering changing to a different health plan. In many cases, claims and encounter data can provide a more holistic and comprehensive view of a patient's care history than EHR data alone. Whereas EHR data is frequently locked in closed, disparate health systems, care and treatment information in the form of claims and encounter data is comprehensively combined in a patient's claims and billing history. Currently, not all beneficiaries enrolled in MA plans have immediate electronic access to their claims and encounter data and those who do have it, cannot easily share it with providers or others. The same is true of Medicaid beneficiaries and CHIP enrollees, whether enrolled in FFS or managed care programs, and enrollees in QHPs in FFEs. As industries outside of health care continue to integrate multiple sources of data to understand and predict their consumers' needs, we believe it is important to position MA organizations, Medicaid and CHIP managed care entities, and QHP issuers in FFEs to do the same to encourage competition, innovation, and value. Further, we believe that beneficiaries in Medicaid FFS programs administered by state Medicaid agencies and CHIP enrollees in both FFS and managed care should benefit from similar advances and the benefits of innovation and value.
CMS has programmatic authority over MA organizations, Medicaid programs (both FFS and managed care), CHIP (including FFS and managed care), and QHP issuers in FFEs. This proposed rule seeks to leverage that CMS authority to make claims and encounter data available to patients in these programs along with other plan data (such as provider directory data) as detailed in sections III.C. and IV. of this proposed rule. We propose that regulated entities make this data available in a standardized format and through a specific technological means so that third parties can develop and make available applications that make the data available for patient use in a convenient and timely manner. Our proposal would require compliance with specific regulations regarding interoperability standards adopted by the Secretary in implementing and complying with the proposed requirement to use an API to make this data available. We are proposing to require compliance with 45 CFR 170.215 to require the API technical standards that ONC is proposing for HHS adoption in its 21st Century Cures Act proposed rule (published elsewhere in this issue of the
Ultimately, the goal of this proposal is to require that patient data be made available in a standardized format through an API, so that third parties can develop and offer applications that make the data available in a convenient and timely manner for enrollees and beneficiaries in MA plans, Medicaid and CHIP FFS and managed care delivery systems, and FFEs that are specified in our proposal as detailed below.
The HIPAA Privacy Rule, at 45 CFR 164.524, provides that individuals have a right of access to inspect and obtain a copy of PHI, defined at 45 CFR 160.103, about them that is maintained by a health plan or covered health care provider in a designated record set, defined at 45 CFR 164.501. The right of access also provides individuals with the right to initiate disclosures to third parties.
Software applications using the API proposed in 42 CFR 422.119, 431.60, 438.242(b)(6), 457.730, 457.1233(d)(2), and 45 CFR 156.221 would provide an additional mechanism through which the individuals in that coverage who so choose can exercise the HIPAA right of access to their PHI, by giving them a simple and easy electronic way to request, receive, and share data that they want and need, including with a designated third party. However, as discussed in section II of this proposed rule, due to limitations in current availability of interoperability standards for some types of data and patient's rights to be granted access in the form and manner of their own choosing, the API requirement may not be sufficient to support access to all of the health information subject to the HIPAA right of access because it may not all be transferable through the API.
We are proposing to add new provisions at 42 CFR 422.119, 431.60, 438.242(b)(6), 457.730, 457.1233(d) and 45 CFR 156.221, that would, respectively, require MA organizations, state Medicaid FFS programs, Medicaid managed care plans, CHIP FFS programs, CHIP managed care entities, and QHP issuers in FFEs (excluding issuers of SADPs) to implement, test, and monitor an openly-published API that is accessible to third-party applications and developers. We note that states with CHIPs are not required to operate FFS systems and that some states' CHIPs are exclusively operated by managed care entities. We do not intend to require CHIPs that do not operate a FFS program to establish an API; rather, these states may rely on their contracted plans, referred to throughout this proposed rule as CHIP managed care entities, to set up such a system.
The API would allow enrollees and beneficiaries of MA organizations, Medicaid and CHIP FFS programs, Medicaid managed care plans, CHIP
We are proposing that the API would be required to meet certain interoperability standards, consistent with the API technical standards proposed by ONC for HHS adoption in its proposed rule (published elsewhere in this issue of the
Under our proposal, the scope and volume of the information to be provided or made accessible through the open API would include: Adjudicated claims (including cost); encounters with capitated providers; provider remittances; enrollee cost-sharing; and clinical data, including laboratory results (where available). We propose that these programs and organizations, with the exception of the QHP issuers in FFEs, would also be required to make information regarding provider directories and formularies available through the open API. Sections 1852(c), 1932(a)(5), and 2103(f)(3) of the Act require that MA organizations and Medicaid MCOs, and CHIP managed care entities provide basic information to their enrollees on how to get covered benefits in the plan and to facilitate decision making about plan choice, providers, and benefits. These statutory provisions indicate information enrollees could use to make decisions about their health care. The API proposals at 42 CFR 422.119(a), 438.242(b)(6), and 457.1233(d) support and complement existing implementation of these provisions in a robust and modern way. We believe the health information that would be available through the proposed API would greatly supplement the benefit, provider directory, and, if applicable, formulary information from states and managed care plans by providing important details and context, thus enabling enrollees to make more informed, proactive decisions.
Additionally, we believe that since most of the information required to be provided by these statutory sections of the Act, such as the provider directory, is currently accessible to enrollees and potential enrollees electronically online, making such standardized health information available through the proposed API could allow easy integration for use by more enrollees. Further, the proposal would enable these enrollees to more easily share their information with providers, family, caregivers, and others. As a general matter, providing important details and context to patients gives them more visibility into their treatment record through adjudicated claims, allowing them to be true partners in their health care. This goal is related to the disclosure requirements in sections 1852, 1932 and 2103 of the Act and our proposal furthers each.
We also believe the proposed API allows for the administration of more efficient and effective Medicaid and CHIP programs by taking advantage of commonly used methods of information sharing and data standardization. Consumers routinely perform many daily tasks on their mobile phones—banking, shopping, paying bills, scheduling—using secure applications. We believe that obtaining their health information should be just as easy, convenient, and user-friendly. Our proposal is a step toward that vision for enrollees in MA plans, Medicaid FFS and managed care programs, CHIP FFS programs and managed care entities, and QHPs in FFEs. Finally, our proposal includes a number of parameters and standards for the API and for adopting, implementing, testing, and monitoring the API; the specific pieces of our proposal are addressed in turn in sections III.C.2 of this proposed rule.
This section outlines the components of the open API proposal. Specifically, this section will discuss:
• Authority to require implementation of an open API;
• The API technical standard and content and vocabulary standards;
• Data Required To Be Available Through the Open API & Timeframes for Data Availability;
• Documentation Requirements for APIs;
• Routine Testing and Monitoring of Open APIs;
• Compliance with Existing Privacy and Security Requirements;
• Denial or Discontinuation of Access to the API;
• Enrollee and Beneficiary Resources Regarding Privacy and Security;
• Exceptions or Provisions Specific to Certain Programs or Sub-Programs;
• Applicability and Timing; and
• Request for Information on Information Sharing Between Payers and Providers Through APIs.
We are proposing nearly identical language for the regulations requiring open APIs at 42 CFR 422.119; 431.60, and 457.730 and 45 CFR 156.221 for MA organizations, Medicaid state agencies, state CHIP agencies, and QHPs in FFEs; Medicaid managed care plans would be required at 42 CFR 438.242(b)(6), to comply with the requirement at 42 CFR 431.60, and CHIP managed care entities would be required by 42 CFR 457.1233(d)(2) to comply with the requirement at 42 CFR 457.730. As discussed in detail in this proposed rule, we are proposing similar if not identical requirements for these various entities to establish and maintain an open API, make specified data available through that API, disclose API documentation, provide access to the API, and make resources available to enrollees. We believe that such nearly identical text is appropriate here as the reasons and need for the proposal and the associated requirements are the same across these programs. Except as noted below with regard to specific proposals, we intend to interpret and apply the regulations proposed in this section, III.C. of this proposed rule, similarly and starting with similar text is an important step to communicate that to the applicable entities that would be required to comply.
In paragraph (a) of each of the proposed regulations, we propose that the regulated entity (that is, the MA organization, the State Medicaid or CHIP agency, the Medicaid managed care plan, the CHIP managed care entity or the QHP in an FFE, as applicable) would be required to implement and maintain an open API that permits third-party applications to retrieve, with the approval and at the direction of the individual beneficiary, data specified in paragraph (b) of each regulation through the use of common technologies and without special effort from the beneficiary. By “common technologies and without special effort” by the enrollee, we mean use of common consumer technologies, like smart phones, home computers, laptops or tablets, to request, receive, use and approve transfer of the data that would be available through the open API technology. By “without special effort,” we codify our expectation that third-
We solicit comment on our use of virtually identical language in these regulations and our overall proposal to require implementation and maintenance of an open API.
Our proposal would apply to MA organizations, Medicaid state agencies and managed care plans, state CHIP agencies and managed care entities, and QHP issuers in FFEs. We note that our proposal for Medicaid managed care plans, at 42 CFR 438.242(b)(6), would require MCOs, PIHPs, and PAHPs to comply with the regulation that we are proposing for Medicaid state agencies at 42 CFR 431.60 as if that regulation applied to the Medicaid managed care plan. Similarly, we intend for CHIP managed care entities to comply with the requirements we propose at 42 CFR 457.730 via the regulations proposed at 42 CFR 457.1233(d)(2). We propose to structure the regulations this way to avoid ambiguity and to ensure that this API proposal would result in consistent access to information for Medicaid beneficiaries and CHIP enrollees, regardless of whether they are in a FFS delivery system administered by the state or in a managed care delivery system. CHIP currently adopts the Medicaid requirements at 42 CFR 438.242 in whole. We propose revisions to 42 CFR 457.1233(d)(1) to indicate CHIP's continued adoption of 42 CFR 438.242(a), (b)(1) through (5), (c), (d), and (e), while proposing specific text for CHIP managed care entities to comply with the regulations proposed at 42 CFR 457.1233(d)(2) in lieu of the proposed Medicaid revision, which would add 42 CFR 438.242(b)(6). In our discussion of the specifics of this proposal and how we propose to codify it at 42 CFR 422.119, 431.60, 457.730, and 45 CFR 156.221, we refer only generally to 42 CFR 438.242(b)(6) and 457.1233(d)(2) for this reason.
Sections 1856(b) and 1857(e) of the Act provide CMS with the authority to add standards and requirements for MA organizations that the Secretary finds necessary and appropriate and not inconsistent with Part C of the Medicare statute; section 1852(c) of the Act requires disclosure by MA organizations of specific information about the plan, covered benefits, and the network of providers; section 1852(h) of the Act requires MA organizations to provide their enrollees with timely access to medical records and health information insofar as MA organizations maintain such information. As technology evolves to allow for faster, more efficient methods of information transfer, so do expectations as to what is generally considered “timely.” Currently, consumers across public and private sectors have become increasingly accustomed to accessing a broad range of personal records, such as bank statements, credit scores, and voter registrations, immediately through electronic means and with updates received in near real time. Thus, we believe that in order to align our standards with 21st century demands, we must take steps for MA enrollees to have immediate, electronic access to their health information and plan information. The proposed requirements in this rule are intended to achieve this goal.
We believe that the scope of the information that would be made available through an API under this proposal (described in section III. of this proposed rule) is consistent with the access and disclosure requirements in section 1852 of the Act, and we rely on our authority in sections 1856(b) and 1857(e) of the Act, which provide CMS with the authority to add standards and requirements for MA organizations, to require MA organizations to make specific types of information, at minimum, accessible through an open API and require timeframes for update cycles. Throughout this section III.C. of this proposed rule, we explain how and why the open API proposal is necessary and appropriate for MA organizations and the MA program; the goals and purposes of achieving interoperability for the health care system as a whole are equally applicable to MA organizations and their enrollees; thus, the discussion in section II of this proposed rule serves to provide further explanation as to how an open API proposal is necessary and appropriate in the MA program. Further, having easy access to their claims, encounter, and other health information would also facilitate beneficiaries' ability to detect and report fraud, waste, and abuse—a critical component of an effective program.
To the extent necessary, we also rely on section 1860D-12(b)(3) of the Act to add provisions specific to the Part D benefit offered by certain MA organizations. For MA organizations that offer MA Prescription Drug plans, we are proposing requirements in 42 CFR 422.119(b)(2) regarding electronic health information for Part D coverage. That aspect of our proposal is also supported by the disclosure requirements imposed under section 1860D-4(a) of the Act, which requires Part D claims information, pharmacy directory information, and formulary information to be disclosed to enrollees.
We are proposing new provisions at 42 CFR 431.60(a), 457.730, 438.242(b)(6), and 457.1233(d)(2) that would require states administering Medicaid FFS or CHIP FFS, Medicaid managed care plans, and CHIP managed care entities to implement an open API that permits third-party applications authorized by the beneficiary or enrollee to retrieve certain standardized data. This proposed requirement would provide Medicaid beneficiaries' and CHIP enrollees simple and easy access to their information through common technologies, such as smartphones, tablets, or laptop computers, and without special effort on the part of the user.
For Medicaid, we are proposing these new requirements under the authority in section 1902(a)(4) of the Act, which requires that a state Medicaid plan for medical assistance provide such methods of administration as are found by the Secretary to be necessary for the proper and efficient operation of the plan and section 1902(a)(19) of the Act, which requires that care and services be provided in a manner consistent with simplicity of administration and the best interests of the recipients. For CHIP, we propose these requirements under the authority in section 2101(a) of the Act, which sets forth that the purpose of title XXI is to provide funds to states to provide child health assistance to uninsured, low-income children in an effective and efficient manner that is coordinated with other sources of health benefits coverage. Together these provide us with authority (in conjunction with our
We believe that requiring state Medicaid and CHIP agencies and managed care plans/entities to take steps to make Medicaid beneficiaries' and CHIP enrollees' claims, encounters, and other health information available through interoperable technology will ultimately lead to these enrollees accessing that information in a convenient, timely, and portable way, which is essential for these programs to be effectively and efficiently administered in the best interests of beneficiaries. Further, as noted in this proposed rule, there are independent statutory provisions that require the disclosure and delivery of information to Medicaid beneficiaries and CHIP enrollees; this proposal assists in the implementation of those requirements in a way that is appropriate and necessary in the 21st century. We believe making this information available in this format would result in better health outcomes and patient satisfaction and improve the cost effectiveness of the entire health care system, including Medicaid and CHIP. Having easy access to their claims, encounter, and other health information would also facilitate beneficiaries' ability to detect and report fraud, waste, and abuse—a critical component of an effective program.
As technology has advanced, we have encouraged states, health plans, and providers to adopt various forms of technology to improve the accurate and timely exchange of standardized health care information. This proposal would move Medicaid and CHIP programs in the direction of enabling better information access by Medicaid beneficiaries and CHIP enrollees, which would make them active partners in their health care through the exchange of electronic health information by easily monitoring and sharing their data. By requiring that certain information be available in and through standardized formats and technologies, our proposal moves these programs toward interoperability, which is key for data sharing and access, and ultimately, improved health outcomes. As an additional note, states will be expected to implement the CHIP provisions using CHIP administrative funding, which is limited under section 2105(a)(1)(D)(v) and 2105(c)(2)(A) of the Act to 10 percent of a State's total annual CHIP expenditures.
We propose a new QHP minimum certification standard at 45 CFR 156.221(a) that would require QHP issuers in FFEs, not including SADPs, to implement an open API that permits third-party applications, with the approval and at the direction of the individual enrollee, to retrieve standardized data concerning adjudicated claims (including cost), encounters with capitated providers, and provider remittances, enrollee cost-sharing, and clinical data, including laboratory results (where available). We are also proposing to require that the data be made available to QHP enrollees through common technologies, such as smartphones or tablets, and without special effort from enrollees.
We are proposing these new requirements under our authority in section 1311(e)(1)(B) of the Patient Protection and Affordable Care Act, as amended by the Health Care and Education Reconciliation Act of 2010 (Pub. L. 111-148, enacted March 23, 2010, and Pub. L. 111-152, enacted March 30, 2010, respectively) (collectively referred to as the Affordable Care Act), which affords the Exchanges the discretion to certify QHPs that are in the best interests of qualified individuals and qualified employers. Specifically, section 1311(e) of the Affordable Care Act authorizes Exchanges to certify QHPs that meet the QHP certification standards established by the Secretary, and if the Exchange determines that making available such health plan through such Exchange is in the interests of qualified individuals and qualified employers in the state or states in which such Exchange operates.
We believe there are numerous benefits associated with individuals having access to their health plan data that is built upon widely used standards. The ability to easily obtain, use, and share claims, encounter, and other health data enables enrollees to more effectively and easily use the health care system. For example, by being able to easily access a comprehensive list of their adjudicated claims, the plan enrollee can ensure their providers know what services have already been received, avoid receiving duplicate services; and verify when prescriptions were filled. We believe these types of activities would result in better health outcomes and enrollee satisfaction and improve the cost effectiveness of the entire health care system. Having simple and easy access, without special effort, to their health information, including cost and payment information, also facilitates enrollees' ability to detect and report fraud, waste, and abuse—a critical component of an effective program. Existing and emerging technologies provide a path to make information and resources for health and health care management universal, integrated, equitable, accessible to all, and personally relevant. Therefore, we believe generally certifying only health plans that make enrollees' health information available to them in a convenient, timely, and portable way is in the interests of qualified individuals and qualified employers in the state or states in which an FFE operates. We encourage SBEs to consider whether a similar requirement should be applicable to QHP issuers participating in their Exchange.
We propose to require compliance with proposed 45 CFR 170.215 at 42 CFR 422.119(a) and (c), 431.60(a) and (c) and 457.730(a) and (c), 438.242(b)(6) and 457.1233(d)(2), and 45 CFR 156.221(a) and (c), so that MA organizations, Medicaid and CHIP FFS programs, Medicaid managed care plans, CHIP managed care entities, and QHP issuers in FFEs implement open API technology conformant with the proposed API technical standards (published elsewhere in this issue of the
Further, with the new proposed requirements to implement and maintain an API at 42 CFR 422.119(a), 431.60(a), and 457.730(a), we are proposing corresponding requirements at proposed 42 CFR 422.119(c) for MA
We similarly propose at 45 CFR 156.221(c) that QHP issuers in FFEs must implement API technology conformant with the API technical standards proposed by ONC for HHS adoption at 45 CFR 170.215; for data available through the API, use content and vocabulary standards adopted at 45 CFR part 162 and 42 CFR 423.160, and proposed for adoption at 45 CFR 170.213; and maintain and use the technology in compliance with applicable law, including but not limited to 45 CFR part 162, 42 CFR part 2, and the HIPAA Privacy and Security Rules.
We believe that these proposals would serve to create a health care information ecosystem that allows and encourages the health care market to tailor products and services to better serve and compete for patients, thereby increasing quality, decreasing costs, and empowering patients with information that helps them live better, healthier lives. Additionally, under these proposals, clinicians would be able to review information on their patient's current prescriptions and services received by the enrollee on the enrollee's smartphone. Also, the enrollee could allow clinicians to access such information by sharing data received through the API with the clinician's EHR system—by forwarding the information once the enrollee receives it or by authorizing release of the data through the API directly to the clinician's EHR system.
We also encourage payers to consider using the proposed API infrastructure as a means to exchange PHI for other health care purposes, such as to health care providers for treatment purposes. Sharing interoperable information directly with the enrollee's health care provider's EHR in advance of a patient visit would save time during appointments and ultimately improve the quality of care delivered to patients. Most clinicians and patients have access to the internet, providing many access points for viewing health information over secure connections. We believe that these proposed requirements would significantly improve patients' experiences by providing a mechanism through which they can access their data in a standardized, computable, and digital format in alignment with other public and private health care entities. We also believe that these proposals are designed to empower patients to have simple and easy access to their data in a usable digital format, and therefore, can empower them to decide how their health information is going to be used. However, we remind payers that this proposed regulation regarding the API would not lower or change their obligations as HIPAA covered entities to comply with regulations regarding standard transactions in 45 CFR part 162.
As discussed in section II.A.3. of this proposed rule, we recognize that while we must codify in regulation a specific version of each standard, the need for continually evolving standards development has historically outpaced our ability to amend regulations. To address how standards development can outpace our rulemaking schedule, we offer several proposals. We propose that regulated entities may use an updated version of a standard where required by other applicable law. We also propose that regulated entities may use an updated version of the standard where not prohibited by other applicable law, under certain circumstances. First, we propose to allow the use of an updated version of content or vocabulary standards adopted at 45 CFR part 162 or 42 CFR 423.160, unless the use of the updated version of the standard is prohibited for entities regulated by that part or the program under that section, is prohibited by the Secretary for purposes of these policies, is prohibited for use in ONC's Health IT Certification Program, or is prohibited by other applicable law.
Second, for the content and vocabulary standards proposed by ONC for HHS adoption at 45 CFR 170.213 (USCDI Version 1), as well as for API interoperability standards proposed by ONC for HHS adoption at 45 CFR 170.215 (including HL7 FHIR and other standards discussed above), we propose to allow the use of an updated version, provided such updated version has been approved by the National Coordinator through the Standards Version Advancement Process described in ONC's 21st Century Cures Act proposed rule (published elsewhere in this issue of the
Finally, we propose that use of an updated standard by a payer that is subject to these proposed regulations must not disrupt an end user's ability to access the data available through the API proposed in section III. of this proposed rule using an application that was designed to work with an API that conforms to the API standard proposed under ONC's 21st Century Cures Act proposed rule (published elsewhere in this issue of the
We propose the content that must be accessible for each enrollee of an entity subject to our open API proposal as set out at paragraph (b) of 42 CFR 422.119, 431.60, and 457.730 and 45 CFR 156.221; as noted previously, the regulations for Medicaid managed care plans and CHIP managed care entities cross-reference and incorporate the regulations we propose for Medicaid and CHIP programs. We note that the types of content proposed here would represent the minimum threshold for compliance; at their discretion, MA organizations, state Medicaid and CHIP FFS programs, Medicaid managed care plans, CHIP managed care entities, and QHP issuers in FFEs would have the option to use the API required by this proposed rule to make additional types of health information or plan information available, exceeding these minimum requirements.
We request comment on the data proposed to be made available as detailed in the subsections below, the appropriateness of the proposed timeframes, and suggestions for alternative timeframes that consider the utility to the beneficiary, as well as challenges that the proposed timeframe may create for the entities that would have to comply.
We propose that MA organizations, Medicaid and CHIP FFS programs, Medicaid managed care plans, CHIP managed care entities, and QHP issuers in FFEs, permit third-party applications to retrieve, with the approval of an enrollee, certain specific data: adjudicated claims data, including provider remittances and beneficiary or enrollee cost-sharing data; encounters from capitated providers; and clinical data, including laboratory results (but only if managed by the payer). Adjudicated claims data would include on approved and denied claims; under this proposal, adjudicated claims data includes that for which the plan has made an initial payment decision even when the period during which an enrollee can file an appeal is still in effect, or when the enrollee has filed an appeal and is awaiting a reconsideration decision. We specifically request comments from plans regarding the feasibility of including such claims data, including any possible timing issues. In addition, the open APIs required for these entities must make available formulary information (for MA-PD plans) or information about covered outpatient drugs and preferred drug lists (for state Medicaid and CHIP agencies, Medicaid managed care plans and CHIP managed care entities).
Our proposal includes timeframe requirements for making these various categories of data available through the open API. For MA organizations, proposed 42 CFR 422.119(b)(1)(i), (1)(ii), and (2)(i) would require open API access to all claims activity pertaining to adjudicated claims (including cost) and encounter data for benefits covered by the plan (that is, Medicare Part A and Part B items and services, Part D prescription drugs if covered by the MA plan, and any supplemental benefits) no later than one (1) business day after a claim is adjudicated or the encounter data is received by the MA organization. For clinical data, including laboratory results, MA organizations that manage such data would be required under 42 CFR 422.119(b)(1)(iv) to provide access through the open API to that data no later than one business day after it is received by the MA plan. For Medicaid state agencies and managed care plans, claims data, encounter data, and clinical data, including laboratory results (if available) would be required (specifically at 42 CFR 431.60(b)(1),(2), and (4)) through the API no later than one business day after the claim is processed or the data is received. For State Medicaid agencies in connection with the FFS program, the API would have to include all claims data concerning adjudicated claims and standardized encounter data from providers (other than MCOs, PIHPs or PAHPs) that are paid using capitated payments. The requirement for Medicaid managed care plans to provide encounter data is specified at 42 CFR 438.242(b)(6)(i); encounter data would include any data from subcontractors and providers compensated by the managed care plan on the basis of capitation payments, such as behavioral health organizations, dental management organizations, and pharmacy benefit managers. The API of Medicaid managed care plans would have to include all claims and encounter data would be included regardless if it is adjudicated or generated by the managed care plan itself, subcontractor, or provider compensated on the basis of capitation payments. All data would need to be obtained in a timely manner to comply with these proposed requirements.
For CHIP agencies and managed care entities, claims data, encounter data, and reports of lab test results (if available) would be required (specifically at 42 CFR 457.730(b)(1),(2), and (4)) through the API as soon as possible but no later than one business day. The proposal for CHIP state agencies (regarding FFS programs) and CHIP managed care entities is identical to the proposal for Medicaid State agencies (regarding FFS programs) and Medicaid managed care plans. For QHP issuers in FFEs, our proposed regulation at 45 CFR 156.221(b) would require claims, encounter, and lab data to be available within one business day of adjudication and receipt, respectively.
These proposed timeframes would ensure that data provided through the API would be the most current data available, which may be critical if the data is provided by an enrollee to his or her health care provider to use in making clinical decisions. Under our proposal, the claims and encounter data to be disclosed should include information such as enrollee identifiers, dates of service, payment information (provider remittance if applicable and available), and enrollee cost-sharing. The ability for enrollees—created and facilitated by the API required under our proposal—to access this information electronically would make it easier for them to take it with them as they move from payer to payer or among providers across the care continuum.
Regarding the provision of standardized encounter data through the API within one (1) business day of the receiving the data, we note that this proposal would mean that a payer must rely on capitated providers submitting their encounter data in a timely manner to ensure that patients receive a timely and complete set of data. To the extent providers do not submit in a timely manner, there would be a delay in patients having access to their data. We recommend that MA organizations, Medicaid managed care plans, CHIP managed care entities, and QHP issuers in FFEs that would need this information in order to meet the proposed API requirements should consider whether their contracts with network providers should include timing requirements for the submission of encounter data and claims so that the payer can comply with the API requirements. For Medicaid and CHIP FFS programs, we encourage states to consider other means to ensure that necessary encounter data from providers is also provided on a timely basis.
We note that the data for claims and remittances that would be available through the API is much of the same data that is required for the ASC X12 837, ASC X12 835, and ASC X12 863 standards which are required for certain transactions between certain entities under 45 CFR 162.1102, 162.1602 and 162.1603, as well as the Part D eRx transaction standards that use for conveying prescription and prescription-related information between Part D plans, providers, and pharmacies as specified in 42 CFR 423.160. As most claims are submitted to payers electronically utilizing these industry standard transaction types, we believe this maximizes efficiency and reduces programming burden. As noted previously, our proposed regulation for Medicaid managed care plans at 42 CFR 438.242(b)(6) and for CHIP managed care entities at 42 CFR 457.1233(d)(2) would require MCOs, PIHPs, and PAHPs to comply with the same standard transaction types.
Specifically regarding QHP issuers in FFEs, in 45 CFR 156.221(b)(1)(i) and (ii), we propose to require that QHP issuers participating in an FFE make available through the API standardized data concerning adjudicated claims (including cost) and encounters with capitated providers. Under proposed paragraph (b)(1)(i), QHP issuers in FFEs would be required to make available standardized adjudicated claim, provider remittance, and enrollee cost-sharing data through the API within one (1) business day after the claim is processed. Under proposed paragraph (b)(1)(ii), QHP issuers in FFEs would be required to provide standardized encounter data through the API within one (1) business day of the issuer receiving the data.
We are also considering requiring the encounter data to be available through the API within a certain period after the encounter, within one (1) business day after the encounter data is received. We seek comment on what a reasonable period from the encounter date would be for us to consider as part of future rulemaking. In addition, we solicit comment on our authority to require MA organizations, States (for FFS Medicaid programs and CHIP), Medicaid and CHIP managed care plans, and QHPs in the FFEs to require submission of such data on a particular timeframe.
We are also proposing at 42 CFR 422.119(b)(1)(iii), 431.60(b)(3), 438.242(b)(6)(ii), 457.730(b)(3), and 457.1233(d)(2)(ii) that the required API make available provider directory data, including updates to such data. Our proposal at 45 CFR 156.221 would not require QHP issuers to permit third-party retrieval of provider directory and preferred drug list information because such information is already required to be provided by QHPs in FFEs.
For MA organizations, at proposed 42 CFR 422.119(b)(1)(iii), we propose to specify that MA organizations make specific provider directory information for their network of contracted providers accessible through their APIs: The names of providers; addresses; phone numbers; and specialty. This information is the same information MA organizations are already required to disclose to their enrollees under 42 CFR 422.111(b)(3) and make available online under 42 CFR 422.111(h)(2)(ii). MA organizations would be required to ensure the availability of this information through their APIs for all MA plans. Including this information in an open API allows non- MA third-party applications to consume, aggregate, and display plan data in different contexts, allowing patients to understand and compare plan information in a way that can best serve their individual needs. MA plans would be required to update provider directory information available through the API no later than 30 calendar days after changes to the provider directory are made. In addition, we are adding a new MA contract requirement at 42 CFR 422.504(a)(18) specifying that MA organizations must comply with the requirement for access to health data and plan information under 42 CFR 422.119.
Under proposed 42 CFR 431.60(b)(3) and 457.730(b)(3), state Medicaid and CHIP agencies respectively would be required to make provider directory information available through the API, including updated provider information no later than 30 calendar days after the state receives updated provider information. As noted previously, our proposed regulation for Medicaid managed care plans at 42 CFR 438.242(b)(6) and for CHIP managed care entities at 42 CFR 457.1233(d)(2) would require MCOs, PIHPs, and PAHPs to comply with the same standard, with the addition of specific provider directory information as noted in 42 CFR 438.242(b)(6)(ii) and 457.1233(d)(2)(ii). For Medicaid managed care plans and CHIP managed care entities, the provider directory information available through the API must include all information that is specified in 42 CFR 438.10(h)(1) for disclosure to managed care enrollees. We note that we have proposed that the API be updated with new provider directory information within 30 calendar days from when the updated information is received by the State (or the managed care plan under 42 CFR 438.242(b)(6) and 457.1233(d)(2)) to be consistent with existing Medicaid managed care rules at 42 CFR 438.10(h)(3). We propose that the API implemented by the State Medicaid agency would include the data elements specified for disclosure by Medicaid state agencies in section 1902(a)(83) of the Act; we propose in 42 CFR 438.242(b)(6)(ii) that the API implemented by Medicaid managed care plans would have the data elements specified for disclosure at 42 CFR 438.10(h)(1). For CHIP agencies that operate FFS systems and CHIP managed care entities at 42 CFR 457.730(b)(3) and 457.1233(d)(2)(ii), respectively, we have also proposed 30 calendar days.
We are not proposing a similar requirement for QHP issuers in FFEs. These issuers are already required, under 45 CFR 156.230(c) and implementing guidance, to make provider directory information accessible in a machine-readable format. Because this information is already highly accessible in this format, we do not believe the benefits of making it also available through an open API outweigh the burden for QHP issuers in FFEs. However, we seek comment as to whether this same requirement should apply to QHP issuers, or if such a requirement would be overly burdensome for them.
We request comment on these proposals.
Regarding the provision of clinical data, including laboratory results, we propose at 42 CFR 422.119(b)(1)(iv) that MA organizations make clinical data, such as laboratory test results available through the API if the MA organization manages such data. Because we propose in paragraph (c) that the USCDI standard, proposed by ONC for HHS adoption at 45 CFR 170.213, be used as the content and vocabulary standard for this clinical data as provided in the API, we intend our proposal to mean that the data required under paragraph (b)(1)(iv) be the same as the data that is specified in that content and vocabulary standard. In effect, we are proposing any clinical data included in the USCDI standard, proposed by ONC for HHS adoption at 45 CFR 170.213, be available through the API if such data is managed by the MA organization. We recognize that some MA organizations receive this information regularly or as a part of their contracted arrangements for health services, but that not all MA organizations do. Therefore, this proposed requirement applies to MA organizations, regardless of the type of MA plan offered by the MA organization, but only under circumstances when the MA organization receives and maintains this data as a part of its normal operations. This proposed requirement aligns with existing regulations at 42 CFR 422.118, which require MA organizations to disclose to individual enrollees any medical records or other health or enrollment information the MA organizations maintain with respect to their enrollees. We propose that this data be available in the API no later than 1 business day from its receipt by the MA organization.
Similarly, the proposed regulations for Medicaid and CHIP FFS programs and managed care plans (proposed 42 CFR 431.60(b)(4) and 457.730(b)(4)), require provision of standardized data for clinical data, including laboratory results, through the API, if available, no later than one (1) business day after a claim is adjudicated or the data is received (by the state or the managed care plan/entity). This would ensure that data provided through the API would be the most current data available, which may be critical if the data is being shared by an enrollee with a health care provider who is basing clinical decisions on the data. Like proposed 42 CFR 422.119(c), these Medicaid and CHIP regulations propose compliance with the regulations regarding the USCDI standard, proposed by ONC for HHS adoption at 45 CFR 170.213, as the content and vocabulary standard for the clinical data available through the API; therefore, we are, in
Proposed 45 CFR 156.221(b)(3) requires QHP issuers in FFEs to also make available, with the approval of the enrollee, clinical data, including laboratory results, if the QHP maintains such data.
We recognize not all of the entities subject to this requirement have uniform access to this type of data and seek comment on what barriers exist that would discourage them from obtaining, maintaining, and sharing this data. We request comment on these proposals.
We are also proposing that drug benefit data, including pharmacy directory information and formulary or preferred drug list data, also be available through the API at proposed 42 CFR 422.119(b)(2)(ii) and (iii), 431.60(b)(5), and 457.730(b)(5). As previously discussed, Medicaid managed care plans would be required by 42 CFR 438.242(b)(6) to comply with the requirement at 42 CFR 431.60(b)(5), and CHIP managed care entities would be required by 42 CFR 457.1233(d)(2) to comply with the requirement at 42 CFR 457.730(b)(5).
We propose at 42 CFR 422.119(b)(2)(ii) and (iii) that MA organizations offering MA-PD plans make available pharmacy directory data, including the number, mix, and addresses of pharmacies in the plan network, as well as formulary data including covered Part D drugs and any tiered formulary structure or utilization management procedure which pertains to those drugs. The pharmacy directory information is the same information that MA-PD plans—like all Part D plans—must provide on their websites under 42 CFR 423.128(b)(5) and (d)(2). While prescription drug claims would have to be made available through the API no later than 1 business day of the MA-PD plan's receipt of that information, we are not proposing a specific timeframe for pharmacy directory or formulary information to be available (or updated) through the API. We intend that the requirements in 42 CFR part 423 requiring when and how information related to pharmacy directories be updated will apply to the provision of this information through the API; we solicit comment specifically whether we should address this in the regulation text or otherwise impose a time-frame for this information to be made available through the API.
At proposed 42 CFR 431.60(b)(5), for Medicaid FFS programs, and at 42 CFR 457.730(b)(5) for CHIP FFS programs, states would be required to include and update covered outpatient drug lists (including, where applicable, preferred drug lists) through the API no later than one (1) business day after the effective date of the information or any changes. We are proposing to set this timeframe at one (1) business day because we believe that it is critical for beneficiaries and prescribers to have this information as soon as the information is applicable to coverage or in near real time since this information could improve care and health outcomes. Having timely data is particularly important during urgent or emergency situations. Medicaid managed care plans and CHIP managed care entities would be required to comply with these requirements as well under proposed 42 CFR 438.242(b)(6) and 457.1233(d)(2). We also note that adjudicated claims and encounter data referenced in 42 CFR 431.60(b)(1) and (2), 438.242(b)(6), and 457.730(b)(1) and (2) include claims and encounter data for covered outpatient drugs. To the extent that a state or managed care plan utilizes a pharmacy benefit manager (PBM), we anticipate that, as a practical matter, the state or managed care plan would need to obtain the data from the PBM in a timely manner to comply with these proposed requirements.
We request comment on these proposals.
We are proposing that the specific business and technical documentation necessary to interact with the proposed APIs be made freely and publicly accessible. As discussed in section II.A.1 of this proposed rule, we believe transparency about API technology is needed to ensure that any interested third-party application developer can easily obtain the information needed to develop applications technically compatible with the organization's API. Transparency is also needed so that third-parties can understand how to successfully interact with an organization's API, including by satisfying any requirements the organization may establish for verification of developers' identity and their applications' authenticity, consistent with its security risk analysis and related organizational policies and procedures to ensure it maintains an appropriate level of privacy and security protection for data on its systems.
Specifically, at 42 CFR 422.119(d), 431.60(d), 457.730(d), and 45 CFR 156.221(d), we propose virtually identical text to require publication of complete accompanying documentation regarding the API by posting this documentation directly on the applicable entity's website or via a publicly accessible hyperlink. As previously discussed, Medicaid managed care plans would be required by 42 CFR 438.242(b)(6) to comply with the requirement at 42 CFR 431.60(d), and CHIP managed care entities would be required by 42 CFR 457.1233(d)(2) to comply with the requirement at 42 CFR 457.730(d). In requiring that this documentation is “publicly accessible,” we expect that any person using commonly available technology to browse the internet could access the information without any preconditions or additional steps beyond downloading and using a third-party application to access data through the API. This is not intended to preclude use of links the user would click to review the full text of lengthy documents or access sources of additional information, such as if the technology's supplier prefers to host technical documentation at a centralized location. Rather, we mean “additional steps” to include actions such as: Collecting a fee for access to the documentation; requiring the reader to receive a copy of the material via email; or requiring the user to read promotional material or agree to receive future communications from the organization making the documentation available. We specifically solicit comments on these points.
We propose that the publicly accessible documentation would be required to include, at a minimum, the following information:
• API syntax, function names, required and optional parameters supported and their data types, return variables and their types/structures, exceptions and exception handling methods and their returns.
• The software components and configurations an application must use
• All applicable technical requirements and attributes necessary for an application to be registered with any authorization server(s) deployed in conjunction with the API.
We note that these information requirements are similar to those ONC has proposed for adoption by HHS for developers and users of health IT certified to the API criteria proposed at 45 CFR 170.315 (published elsewhere in this issue of the
At 42 CFR 422.119(c)(2), 431.60(c)(2), 457.730(c)(2), and 45 CFR 156.221(c)(2) for MA organizations, state Medicaid and CHIP FFS programs, and QHP issuers in FFEs, respectively, we are proposing that the API be routinely tested and monitored to ensure it is functioning properly, including assessments to verify that the API is fully and successfully implementing privacy and security features such as but not limited to those minimally required to comply with the HIPAA privacy and security requirements in 45 CFR part 164, 42 CFR parts 2 and 3, and other applicable law protecting privacy and security of individually identifiable health information. Medicaid managed care plans would be required by 42 CFR 438.242(b)(6) to comply with the requirement at 42 CFR 431.60(c), and CHIP managed care entities would be required by 42 CFR 457.1233(d)(2) to comply with the requirement at 42 CFR 457.730(c).
Additionally, we note that while federal laws that regulate MA organizations and MA plans supersede any state law except where noted under section 1856(b)(3) of the Act, some state, local, or tribal laws that pertain to privacy and security of individually identifiable information generally and are not specific to health insurance may also apply to MA organizations and MA plans in the context of our proposal. For the other entities regulated under our proposals in these various programs, we also intend the phrase “other applicable law” to include federal, state, tribal or local laws that apply to the entity.
We propose this requirement to establish and maintain processes to routinely test and monitor the open APIs to ensure they are functioning properly, especially with respect to their privacy and security features. Under our proposal, MA organizations, Medicaid and CHIP FFS programs, Medicaid managed care plans, CHIP managed care entities, and QHP issuers in FFEs would have to implement, properly maintain, update (as appropriate), and routinely test authentication features that will be used to verify the identity of individual enrollees who seek to access their claims and encounter data and other PHI through the API. Similarly, compliance with our proposed requirements would mean that these entities must implement, maintain, update (as appropriate), and routinely test authorization features to ensure an individual enrollee or their personal representative can only access claims and encounter data or other PHI that belongs to that enrollee. As is the case under existing HIPAA requirements, where an enrollee is also a properly designated personal representative of another enrollee, the HIPAA covered entity must provide for appropriate access to the information of the enrollee that has designated the personal representative, just as they would if the personal representative were an enrollee of the same plan.
Similarly, at proposed 45 CFR 156.221(c)(2), QHP issuers in FFEs would be required to routinely test and monitor their API to confirm that it is functioning properly.
We request comment on these proposals.
In the hands of a HIPAA covered entity or its business associate, individually identifiable patient claims, encounter data, and other health information are PHI as defined at 45 CFR 160.103. Ensuring the privacy and security of the claims, encounter, and other health information when it is transmitted through the API is of critical importance. Therefore, we remind MA organizations, state Medicaid and CHIP FFS programs, Medicaid managed care plans, CHIP managed care entities, and QHP issuers in FFEs that mechanisms and practices to release PHI, including but not limited to authorization and authentication protocols and practices must provide protection sufficient to comply with HIPAA privacy and security regulations at 45 CFR part 164 and other law (whether federal, state, tribal or local) that may apply based on the specific circumstances. Under this proposal, the entities subject to these requirements would need to continuously ensure that all authorization and authentication mechanisms provide sufficient protections to enrollee PHI and that they function as intended. We specifically request public comment on whether existing privacy and security standards, including but not limited to those in 45 CFR part 164, are sufficient with respect to these proposals, or whether additional privacy and security standards should be required by CMS as part of this proposal.
As discussed in section II.A of this proposed rule, HIPAA covered entities must comply with patients' requests to receive their data under the HIPAA Right of Access, including having to transmit patient data to a third party. As noted in guidance from OCR, disagreement with the individual about the worthiness of the third party as a recipient of PHI, or even concerns about what the third party might do with the PHI, are not grounds for denying a request.
At 42 CFR 422.119(e), 431.60(e), 438.242(b)(6), 457.730(e), 457.1233(d)(2) and 45 CFR 156.221(e) for MA organizations, state Medicaid and CHIP FFS programs, Medicaid managed care plans, CHIP managed care entities, and QHP issuers in FFEs, we are proposing to specify the circumstances under which these regulated entities, which are all HIPAA-covered entities subject to HIPAA privacy and security requirements, may decline to establish or may terminate a third-party application's connection to the covered entity's API while remaining in compliance with our proposed requirement to offer patients access through open APIs. We intend for this
Specifically, we propose that an MA organization, state Medicaid and CHIP FFS program, Medicaid managed care plan, CHIP managed care entity, or QHP issuer in an FFE, may, in accordance with HIPAA, deny access to the API if the entity reasonably determines that allowing that application to connect or remain connected to the API would present an unacceptable level of risk to the security of PHI on the organization's systems. We further propose that this determination must be based on objective, verifiable criteria that are applied fairly and consistently across all applications through which enrollees seek to access their electronic health information as defined at 45 CFR 171.102, including but not limited to criteria that may rely on automated monitoring and risk mitigation tools.
Where we propose to require access through open APIs to otherwise publicly available information, such as provider directories, the entities subject to our proposal may also deny or terminate an application's connection to the API when it makes a similar determination about risk to its systems. However, depending on how the organization's systems are designed and configured, we recognize that the criteria and tolerable risk levels appropriate to assessing an application for connection to an API for access to publicly available information may differ from those required for API access to non-published PII.
We also anticipate that, where an application's connection has been terminated under these circumstances, it might be feasible in some instances for the organization to allow the application to re-connect to the API if and when the flaw or compromise of the application has been addressed sufficiently that the organization can no longer fairly say the application's API connection continues to pose an unacceptable risk.
We request comment on these proposals.
As discussed in section II.A. of this proposed rule, we are committed to maximizing enrollees' access to and control over their health information. We believe this calls for providing enrollees that would access data under our proposal with essential information about the privacy and security of their information, and what to do if they believe they have been misled or deceived about an application's terms of use or privacy policy.
At 42 CFR 422.119(g), 431.60(f), and 457.730(f), and 45 CFR 156.221(g), we propose to require MA organizations, state Medicaid and CHIP FFS programs, Medicaid managed care plans, CHIP managed care entities, and QHP issuers in FFEs, to make available to their current and former enrollees certain information about: Factors to consider in selecting a health information management application, practical strategies to help them safeguard the privacy and security of their data, and how to submit complaints to OCR or FTC. These proposed obligations are proposed to apply to Medicaid managed care plans and CHIP managed care entities through cross-references proposed in 42 CFR 438.242(b)(6) and 457.1233(d)(2).
The general information about the steps individuals can take to help protect the privacy and security of their health information should not be limited to, but should specifically include and emphasize the importance of understanding the privacy and security practices of any application to which they entrust their data. Information about submitting complaints should include both specific contact information for the OCR and FTC complaints processes and a brief overview, in simple and easy-to-understand language, of: What organizations are HIPAA covered entities, OCR's responsibility to oversee compliance with HIPAA, and FTC's complementary responsibility to oversee unfair and deceptive practices, including by non-covered entities that may offer direct-to-consumer health information management applications.
We propose that this information must be made available on the website of the organization subject to this proposed requirement, and through other appropriate mechanisms through which the organization ordinarily communicates with enrollees. This could include customer portals, online customer service help desks, and other locations, such as any portals through which enrollees and former enrollees might request disclosure of their data to a third-party application through the organization's API. We are also proposing that the entity must make this information available in non-technical, consumer-friendly language.
We anticipate that organizations could meet the requirement to provide information to current and former enrollees in whole or in part using materials designed for consumer audiences that are available on the HHS website (for example, content and materials such as those available at
We are proposing certain exceptions or specific additional provisions as part of this proposed rule for certain QHPs in FFEs and certain types of MA plans, respectively. Under sections 1856, 1857, and 1860D-12(b)(3) of the Act, we proposed at 42 CFR 422.119(b)(2) to include additional requirements that would apply specifically to MA organizations that offer Medicare Advantage-Prescription Drug (MA-PD) plans. The organizations offering these MA-PD plans must comply with MA requirements in 42 CFR part 422 for Part A, Part B and non-drug supplemental benefits; they must comply with Part D requirements in 42 CFR part 423 for the Part D prescription drug benefit. These additional requirements would ensure that enrollees of MA-PD plans can easily access the information they need in order to adhere to their care plans. Including this information in an open API allows non- MA third-party applications to properly use, aggregate, and display plan data in different
Specifically, at 42 CFR 422.119 (b)(2)(i), we propose to require MA organizations make standardized data concerning adjudicated Part D claims, including remittances and enrollee cost-sharing, available through the API to enrollees covered under a MA-PD plan. We propose to require that this information be made available no later than one (1) business day after a claim is adjudicated. This would ensure that data provided through the API would be the most current data available, which may be critical if the data is being used by a provider who is basing clinical decisions on the data. To the extent that an MA organization offering MA-PD plans utilizes a PBM, the MA organization would be required to obtain the data from the PBM in order to comply with these requirements.
Related to QHP issuers, we propose two exceptions to this proposed rule. First, we propose that the requirements proposed in 45 CFR 156.221(a) not apply to issuers of SADPs in the FFEs. In contrast to QHP issuers of medical plans, issuers of SADPs offer enrollees access to a unique and specialized form of medical care. We believe the proposed standards and health IT investment would be overly burdensome for SADP issuers as related to their current enrollment and premium intake and could result in SADP issuers no longer participating in FFEs, which would not be in the best interest of enrollees. Additionally, we believe much of the benefit to enrollees from requiring issuers of QHPs to make patient data more easily available through a standard format depends upon deployment of open API technology that conforms to standards proposed by ONC for HHS adoption at 45 CFR 170.215 (published elsewhere in this issue of the
We also propose to provide an exceptions process through which an FFE may certify health plans that do not provide patient access through an openly-published API, but otherwise meet the requirements for QHP certification. We propose in 45 CFR 156.221(h)(1) that if a plan applying for QHP certification to be offered through an FFE does not provide patient access to their data through an open API, the issuer must include as part of its QHP application a narrative justification outlining the reasons why the plan cannot reasonably satisfy the requirements in proposed 45 CFR 156.221(a),(b), or (c), the impact of non-compliance upon enrollees, the current or proposed means of providing health information to enrollees, and proposed solutions and timeline to achieve API compliance. In 45 CFR 156.221(h)(2), we propose that an FFE may grant an exception to the requirement to provide enrollees access to data through open API technology if the FFE determines that making available such health plan is in the interest of qualified individuals and qualified employers in the state in which the FFE operates. We anticipate that this exception would be provided in limited situations. For example, we would consider providing an exception for small issuers, issuers who are only in the individual or small group market, financially vulnerable issuers, or new entrants to the market who demonstrate that deploying open API technology consistent with the required interoperability standards would pose a significant barrier to the issuer's ability to provide coverage to consumers, and not certifying the issuer's QHP or QHPs would result in consumers having few or no plan options in certain areas. We seek comment on other circumstances in which the FFE should consider providing an exception.
At 42 CFR 422.119(h) and 45 CFR 156.221(i), we are proposing specific provisions regarding applicability and timing for MA organizations and QHP issuers in FFEs that would be subject to our proposal. We are not proposing specific regulation text for 42 CFR 431.60 or 438.242 because we intend to make the regulation text effective on the applicable date discussed below. We expect that state Medicaid and CHIP agencies will be aware of upcoming new regulations and planning for compliance with them when they are effective and applicable, even if the new regulation is not yet codified in the CFR; we similarly expect that such agencies will ensure that their managed care plans/entities will be prepared for compliance. Unlike Medicaid state agencies and managed care plans and state CHIP agencies and managed care entities, MA organizations and QHP issuers in FFEs generally are subject to rules regarding bid and application submissions to CMS in advance of the coverage period; for example, MA organizations must submit bids to CMS by the first Monday in June of the year before coverage starts in order to be awarded an MA contract. In order to ensure that these requirements for MA organizations and QHP issuers in FFEs are enforceable and reflected in the bids and applications these entities submit to us in advance of when the actual requirements must be met, we propose to codify the actual compliance and applicability dates of these requirements. We solicit comment on this approach.
For MA organizations, under 42 CFR 422.119(h), we are proposing that the requirements would be effective beginning January 1, 2020. Under this proposal, the requirements we propose for 42 CFR 422.119 would be applicable for all MA organizations with contracts to offer any MA plan on that date and thereafter. We request feedback about this proposed timing from the industry. In particular, we are interested in information and request comment from MA organizations about their current capability to implement an API consistent with this proposal and the costs associated with compliance by January 1, 2020, versus compliance by a future date.
For Medicaid FFS at 42 CFR 431.60, CHIP agencies that operate FFS systems at 42 CFR 457.730, Medicaid managed care plans at 42 CFR 438.242(b)(6), and CHIP managed care entities at 42 CFR 457.1233(d)(2), we are proposing that the API requirements would be effective beginning July 1, 2020, regardless of when the managed care contract started. Given the expected date of publication of this proposed rule and potential final rule, we believe July 1, 2020, would provide state Medicaid agencies and CHIP agencies that operate FFS systems, Medicaid managed care plans, and CHIP managed care entities sufficient time to implement. We solicit comment on this
For CHIP, we are aware that some states do not provide any benefits on a FFS basis, and we do not intend for those states to implement an API outside their managed care plans. Therefore, we also propose in 42 CFR 457.700(c) that separate CHIP agencies that provide benefits exclusively through managed care entities may meet the requirements of 42 CFR 457.730 by requiring the managed care entities to meet the requirements of 42 CFR 457.1233(d)(2) beginning July 1, 2020.
For QHP issuers in FFEs, we propose in 45 CFR 156.221(i) that these requirements would be applicable for plan years beginning on or after January 1, 2020. We seek comment on the timing of these requirements, and on how long issuers, particularly smaller issuers, anticipate it would take to come into compliance with these requirements.
We believe that these proposals would help to create a health care information ecosystem that allows and encourages the health care market to tailor products and services to compete for patients, thereby increasing quality, decreasing costs, and helping them live better, healthier lives. Additionally, under these proposals, physicians would be able to access information on their patient's current prescriptions and services by reviewing the information with the patient on the patient's personal device or by the patient sharing data with the provider's EHR system, which would save time during appointments and ultimately improve the quality of care delivered to beneficiaries. Most health care professionals and consumers have widespread access to the internet, providing many access points for viewing health care data over secure connections. We believe that these proposed requirements would significantly improve beneficiaries' experiences by providing a secure mechanism through which they can access their data in a standardized, computable format.
These proposals are designed to empower patients by making sure that they have access to health information about themselves in a usable digital format and can make decisions about how, with whom, and for what uses they will share it. By making claims data readily available and portable to the enrollee, these initiatives support efforts to move our health care system away from a FFS payment system that pays for volume and toward a payment system that pays for value and quality by reducing duplication of services, adding efficiency to patient visits to providers; and, facilitating identification of fraud, waste, and abuse. Data interoperability is critical to the success of new payment models and approaches that incentivize high quality, efficient care. All of the health care providers for a patient need to coordinate their care for a value-based system to work, and that requires information to be securely shareable in standardized, computable formats. Moreover, patients need to understand and be actively involved in their care under a value-based framework. We are committed to supporting requirements that focus on these goals, and we believe that these specific proposals in this proposed rule support these efforts.
This proposed rule requires the implementation of open APIs for making accessible data that a third-party could use to create applications for patients to access data in order to coordinate and better participate in their medical treatment. While in some instances, direct provider to health plan transmission of health information may be more appropriate than sharing data through an open API, in other instances a patient may wish to send a provider a copy of their health information via another health care provider's API. In such cases, patients could direct the payer to transmit the health information to a third party application (for example, an application offered by a health care provider to obtain patient claims and encounter data, as well as lab test results (if applicable) on a one-off and as-needed basis. To the extent a HIPAA covered entity uses a third party application to offer patients access to their records, another HIPAA covered entity may be able to obtain an individual's health information from the app for treatment, payment, or certain health care operations, if it could do so in accordance with HIPAA without need of an individual's authorization. (
In the future, we anticipate payers and providers may seek to coordinate care and share information in such a way as to request data on providers' or a plan's patient/insured overlapping population(s) in one transaction. Effective care coordination between plans and providers can inform health care providers about where their patients are receiving care to better understand the totality of their healthcare needs and manage their care. We have heard that being aware of urgent care or emergency department visits allows clinicians to arrange appropriate follow-up, modify treatments, and update records if services are provided (for example, tetanus boosters given with a laceration treated in urgent care). The accompanying proposals in Section X. of this proposed rule, to amend the conditions of participation regarding notification of patient discharge, further support the ability of clinicians to arrange and affirm such appropriate follow-up care. Having a complete record of tests done at specialists' offices can reduce duplicate testing. Having a complete list of clinicians caring for a patient facilitates appropriate notification if treatments are changed or procedures are planned that may impact the other clinicians' treatment plan. We have heard from participants in our accountable care programs and models that organizations taking risk for their patient populations need to have a complete picture of the patients' needs to better budget for appropriate resources. This may be particularly relevant during disasters or public health emergencies when patients are not able to access their normal sources of care and/or health care facilities are overwhelmed due to patient surge.
We believe there are a variety of transmission solutions that may be employed to share data regarding a provider's and plan's overlapping patient populations. For instance, some geographic areas might have regional health information exchanges that could coordinate such transmissions. Elsewhere, direct provider-to-provider and plan-to-plan exchange might be more appropriate. Plans could participate in direct exchange through existing trusted networks, or beneficiary-facing third party
We seek comment for possible consideration in future rulemaking on the feasibility of providers being able to request a download on a shared patient population, and whether such a process could leverage the APIs described in sections II.A.3. and III.C. of this proposed rule. We seek comment on requirements for patient notice and consent, and applicable legal and regulatory requirements, and whether or how this data transfer could be cumulative over time and between various providers. We seek input on the utility to providers of obtaining all of their patients' utilization history in a timely and comprehensive fashion. We also seek input on potential unintended consequences that could result from allowing a provider to access or download information about a shared patient population from payers through an open API. Finally, we seek comment on the associated burden on plans to exchange this data, as well as the identification other potential statutory or regulatory barriers to exchanging this data.
The proposals described in section III of this proposed rule primarily focus on patient access to their data through a standardized, transparent API; however, we have also proposed that entities subject to these proposals make available certain plan-level data through the API. In this section, we provide additional context for the proposal related to making provider directory information available through the API, including ways in which this proposal may differ from our other proposals related to accessibility of patient data.
Provider directories make key information about health care professionals and organizations available to help consumers identify a provider when they enroll in an insurance plan or as new health needs arise. For example, such information might include hours of operation, languages spoken, specialty/services, availability for new patients. Provider directories also function as a resource used by the provider community to discover contact information of other providers to facilitate referrals, transitions of care, and care coordination for enrollees.
The current applicable regulations for MA plans (42 CFR 422.111) and Medicaid and CHIP managed care plans (42 CFR 438.10(e)(2)(vi) and (h) and 457.1207, respectively) require that provider directories be made available to enrollees and potential enrollees in hard copy and on the plan's website. Section 1902(a)(83) of the Act requires state Medicaid agencies to publish a directory of certain physicians on the public website of the State agency. A regulation for QHPs in FFEs (45 CFR 156.230(b)) requires public access to the QHP's provider directory in addition to distribution and access for enrollees. In addition to directing that this information be accessible, the current regulations also address the content of such directories and the format and manner in which MA plans, Medicaid managed care plans, CHIP managed care entities, and QHP issuers in FFEs make the information available.
Making this required provider directory information available to enrollees and prospective enrollees through an API could support development of applications (whether standalone or integrated with providers' EHR technology) that would pull in current information about available providers to meet enrollees' current needs. For instance, as part of a referral lookup use case, API access to a provider directory could allow for a referring provider's health IT to enable either the enrollee or the provider to easily identify up-to-date contact information obtained from the directory through an API, and securely send the receiving health care provider the patient information needed to provide safe, high-quality care sensitive to the patient's preferences. Broad availability of provider directory data through interoperable API technology would also allow for innovation in applications or other services that help enrollees and prospective enrollees to more easily compare provider networks while they are considering their options for changing health plans. Finally, a consistent, FHIR-based API-driven approach to making provider directory data accessible could reduce provider burden by enabling payers/plans to share more widely basic information about the providers in their networks, such as provider type, specialty, contact information, and whether or not they are accepting new patients.
In sections II.A.3. and III.C. of this proposed rule, we propose to require MA organizations, state Medicaid and CHIP FFS programs, Medicaid managed care plans, and CHIP managed care entities to make standardized information about their provider networks available through API technology, so that third party software could access and publish that information. Such availability would be for current enrollees, prospective enrollees and possibly the general public to the extent existing regulations require that information to be disclosed beyond current enrollees. We propose to require that the API technology conform to the API standards proposed by ONC for HHS adoption at 45 CFR 170.215 (published elsewhere in this issue of the
We note that, since the provider directory information we are proposing to require be available through the API is already available and accessible to enrollees without cost to them, this information should be as accessible through the API as it is required to be when posted on the organization's websites. Therefore, the security protocols proposed at 45 CFR 170.215 that are specific to authenticating users and confirming individuals' authorization or request to disclose their personal information to a specific application would not apply to public access to provider directory information through APIs. While we are aware the organization will nevertheless need to take appropriate steps to mitigate the potential security risks of allowing any application to connect to the API through which it offers provider directory access, we emphasize that these steps should be appropriate to the level of risk associated with the specific use case of accessing otherwise public information through API technology. Those wishing to access this data should not be unduly burdened by security protocols that are not necessary to provide the appropriate degree of protection for the organization's systems and data.
As referenced in sections II. and III. of this proposed rule, we intend to develop additional guidance, incorporating feedback from industry that provides implementation best practices relevant to FHIR-conformant open APIs to help organizations subject to the requirements proposed in this rulemaking. To that end, we solicit
We are proposing a new requirement for Medicare Advantage (MA) plans, Medicaid managed care plans, CHIP managed care entities, and QHPs in the FFEs to require these plans to maintain a process to coordinate care between plans by exchanging, at a minimum, the USCDI at enrollee request at the specific times specified in the proposed regulation text. Understanding that this information could already be available for exchange between plans, this proposal is specifically requiring this information sharing not only occur when initiated by an enrollee request, but that the information requested, in the form of the USCDI data set, would then be incorporated into the recipient plan's systems. The USCDI (Version 1) data set would have to be sent to another plan that covers the enrollee or a recipient identified by the enrollee at any time during coverage or up to 5 years after coverage ends, and the plan would have to receive the USCDI (version 1) data set from any health plan that covered the enrollee within the preceding 5 years. Under our proposal we are supporting patient directed coordination of care and each of the plans subject to the requirement would, upon an enrollee's request: (1) Accept the data set from another plan that had covered the enrollee within the previous 5 years; (2) send the data set at any time during an enrollee's enrollment and up to 5 years later, to another plan that currently covers the enrollee; and (3) send the data set at any time during enrollment or up to 5 years after enrollment has ended to a recipient identified by the enrollee.
As we discussed in section III.C.2. of this proposed rule, this proposal is based on our authority under sections 1856(b) and 1857(e) of the Act to adopt standards and contract terms for MA plans; section 1902(a)(4) of the Act to adopt methods of administration for state Medicaid plans, including requirements for Medicaid managed care plans (MCOs, PIHPs, and PAHPs); section 2101(a) of the Act for CHIP managed care entities (MCOs, PIHPs, and PAHPs); and section 1311(e)(1)(B) of the ACA for QHP issuers in an FFE (not including SADP issuers). We believe that our proposal will help to reduce provider burden and improve patient access to their health information through coordination of care between health plans. We also note that the CHIP regulations incorporate and apply, through an existing cross-reference at 42 CFR 457.1216, the Medicaid managed care plan requirements codified at 42 CFR 438.62(b)(1)(vi). Therefore, the proposal for Medicaid managed care plans described above will also apply to CHIP managed care entities without new regulation text in part 457. We are proposing that this new requirement would be effective starting January 1, 2020 for MA plans, Medicaid managed care plans, CHIP managed care entities, and QHP issuers in FFEs. Among other topics related to this proposal, we solicit comments on this proposed effective date.
We propose to codify this new requirement at 42 CFR 422.119(f)(1) for MA organizations; at 42 CFR 438.62(b)(1)(vi) for Medicaid managed care plans (and by extension under existing rules in part 457, to CHIP managed care entities); and at 45 CFR 156.221(c) for QHPs in FFEs. This proposed new requirement is virtually identical for MA plans, Medicaid managed care plans, CHIP managed care entities, and QHP issuers in FFEs, with modifications in the proposal necessary for specific plans types to account for the program needs of the MA program, Medicaid and CHIP managed care programs, and QHP program. Our proposed regulation text references the content standard adopted at 45 CFR 170.213, which ONC is proposing as the USCDI Version 1 data set (published elsewhere in this issue of the
Leveraging interoperability to facilitate care coordination among plans can, with thoughtful execution, significantly reduce unnecessary care, as well as ensure that health care providers are able to spend their time providing care rather than performing unnecessary administrative tasks. We believe that use of the USCDI to exchange information furthers care coordination. For instance, effective information exchange between plans could improve care coordination by reducing the need for health care providers to write unneeded letters of medical necessity; by reducing instances of inappropriate step therapy; and by reducing repeated utilization reviews, risk screenings, and assessments. It can also streamline prior authorization processes and reduce instances where an enrollee's health care provider needs to intervene personally with the enrollee's MA plan, Medicaid managed care plan, CHIP managed care entity, or QHP in the FFE to ensure his or her patient received the necessary treatment. This addresses concerns stakeholders have previously raised with CMS and ONC regarding such administrative burdens, as the USCDI standard contains many of the data points required to more effectively coordinate care.
In addition to the benefits for care coordination at the plan level and reduced provider burden, we note that once the combined health information, specified by the USCDI standard, from a prior plan is available to the patient's current plan, the enrollee would also have access to multiple years of their health information through the proposed patient access API discussed in section III of this proposed rule. The USCDI (Version 1) data set includes laboratory results and tests, medications, health concerns, assessment and plan of treatment, care teams, clinical notes, and other data points essential for care coordination. This would provide the patient with a more comprehensive history of their medical care, helping them to make better informed health care decisions. We seek comments on how plans might combine records and address error reconciliation or other factors in establishing a more longitudinal record for each patient.
We propose to allow multiple methods for electronic exchange of the information, including use of the APIs proposed in section III. of this proposed rule, to allow for patient-mediated exchange of payer information or direct payer-to-payer communication, subject to HIPAA requirements, 42 CFR part 2, and other applicable laws. We considered requiring the use of the FHIR-based API discussed in section III. of this proposed rule for the information exchange; however, we understand that some geographic areas might have a regional health information exchange that could coordinate such transitions for the MA plans, Medicaid managed care plans, CHIP managed care entities, and QHPs in the FFEs that are subject to this proposal. We seek comment on whether it would be beneficial to interoperability and patient care coordination for us to require the use of the FHIR-based API discussed in section III. of this proposed rule, and whether this should be the only mechanism allowed for this exchange, or whether
We also propose that a patient should be able to request his or her information from their prior plan up to 5 years after dis-enrollment, which is considerably less than existing data retention policies for some of the plans.
Research indicates that the completeness of a patient record and the availability of up-to-date and relevant health information at the point of care can have a significant impact on patient outcomes.
We propose that the plans subject to this new requirement would be required to exchange, at a minimum, the USCDI Version 1 data set. On behalf of HHS, ONC has proposed to adopt the USCDI as a standard (published elsewhere in this issue of the
Many key attributes of the USCDI make it suitable for the purpose outlined in our proposal. The USCDI includes data classes that can be supported by commonly used standards, including the Health Level Seven (HL7®) Consolidated Clinical Data Architecture (C-CDA) Version 2.1 and the Fast Healthcare Interoperability Resources (FHIR®) standards for essential patient health information like vital signs, lab results, medications and medication allergies. The USCDI establishes a minimum set of data elements that would be required to be interoperable nationwide and is designed to be expanded in an iterative and predictable way over time. The USCDI, at a minimum, transferred for each enrollee moving among the plans subject to our proposal would greatly improve each plan's coordination of care efforts and spotlight areas of urgent need. Having this information would allow the new MA plan, Medicaid managed care plan, CHIP managed care entity or a QHP in the FFE to evaluate and review an enrollee's utilization history in a timely and comprehensive fashion and thus assist each enrollee to transition to the new plan with minimal disruption to care. By being able to perform timely outreach to enrollees based on past and current utilization, these plans could take steps to prevent unnecessary emergency room visits and lapses in medication and ongoing care; further, they could proactively address any network deficiencies that may impact the enrollee. We believe that having an enrollee's utilization history in a timely and comprehensive fashion would facilitate outreach and coordination efforts in ways heretofore unavailable on a broad basis. In all, this ability would mean that these plans could help new enrollees transition to new coverage rules and a new network with minimal disruptions to care.
While our proposal is to require, at a minimum, exchange of the USCDI Version 1 data set, we reiterate that we do not propose to specify the means of exchanging this data at this time. While we anticipate that plans may opt to use APIs (such as those described in section III of this proposed rule) as the means to exchange this data, we intend to not be overly prescriptive as to how USCDI data set information for applicable enrollees is exchanged as we expect there are a variety of transmission solutions that may be employed. For instance, some geographic areas might have a regional health information exchange that could coordinate such transitions for the MA plans, Medicaid managed care plans, CHIP managed care entities, and QHPs in the FFEs that are subject to this proposal. Elsewhere, direct plan-to-plan exchange might be more appropriate, or beneficiary-facing third party applications could be used by MA plans, Medicaid managed care plans, CHIP managed care entities, and QHPs in the FFEs to meet this proposed requirement. We also expect there may be instances where these plans may leverage their connections to Health Information Exchanges to engage in the information exchanges necessary to comply with this proposed rule. We expect enrolled beneficiaries to have constant access to requesting an exchange of data as our proposal would require exchange of the USCDI data set whenever an enrollee makes such a request, which may occur at times other than enrollment or disenrollment. We request comments on other means that the applicable plans may prefer to use for meeting this requirement and whether CMS might be able to leverage its program authority to facilitate the data exchanges contemplated by this proposal. We acknowledge that in some cases plans subject to this proposed requirement may be exchanging patient health information with other plans that are not similarly required to exchange
We believe that this proposed requirement would also support dual eligible individuals who are concurrently enrolled in MA plans and Medicaid managed care plans. Under our proposal, both of the dual eligible individual's plans would be subject to the requirement to exchange that individual's data in the USCDI Version 1, which should improve the ability of both plans to coordinate care based on that data. For example, when an enrollee is initially eligible for only one program (that is, only for Medicare and enrolled in a MA plan, or only for Medicaid and enrolled in a Medicaid MCO) and then becomes dually eligible for a second program, the sharing of data between the existing plan and the new plan reduces the burden on the new plan, on the enrollee, and on health care providers in the new plan regarding collecting information about prior utilization or health information. Rather than completing a lengthy health assessment, the enrollee in this example would benefit from having similar (or possibly the same) information transferred directly between the MA plan and the Medicaid managed care plan under our proposal. We seek comment on how plans should coordinate care and exchange information in those situations. We also seek comment on the associated burden on plans to exchange the USCDI data set under our proposal. In addition, we are interested in comments about potential legal barriers to exchanging the USCDI data set as would be required under our proposal; for example, are there federal, state, local and tribal laws governing privacy for specific use cases (such as in the care of minors or for certain behavioral health treatments) that raise additional considerations we should address in this regulation or guidance.
We believe that activities related to this proposal may qualify as a quality improvement activity (QIA) meeting the criteria described in section 2718(a)(2) of the PHSA for purposes of the Medical Loss Ratio (MLR) requirements for QHP issuers in an FFE (excluding SADP issuers),
We are proposing to require MA plans, Medicaid managed care plans, CHIP managed care entities, and QHPs in the FFEs (excluding SADP issuers) to participate in trust networks in order to improve interoperability in these programs. We would codify this requirement in, respectively, 42 CFR 422.119(f)(2), 438.242(b)(5), and 457.1233(d) (which cross-references the requirements in 42 CFR 438.242(b)(5)) and 45 CFR 156.221. In general, payers and patients' ability to communicate between themselves and with health care providers could considerably improve patient access to data, reduce provider burden, and reduce redundant and unnecessary procedures. Trusted exchange networks allow for broader interoperability beyond one health system or point to point connections among payers, patients, and providers. Such networks establish rules of the road for interoperability, and with maturing technology, such networks are scaling interoperability and gathering momentum with participants, including several federal agencies, EHR vendors, retail pharmacy chains, large provider associations, and others.
The importance of a trusted exchange framework to such interoperability is reflected in section 4003(b) of the Cures Act, as discussed in more detail in section I.D. of this proposed rule. A trusted exchange framework allows for the secure exchange of electronic health information with, and use of electronic health information from, other health IT without special effort on the part of the user. Widespread payer participation in such a framework might allow for more complete access and exchange of all electronically accessible health information for authorized use under applicable state or federal law, which we believe would lead to better use of such data. While we cannot require widespread payer participation in trust networks, we are proposing here to use our program authority in the MA program, Medicaid managed care program, CHIP managed care program, and QHP certification program for the FFEs to increase participation in trust networks and to bring the benefits of such participation to those programs.
We are proposing to require, effective beginning January 1, 2020, that MA plans, Medicaid managed care plans, CHIP managed care entities and QHPs in the FFEs (excluding not stand alone SADPs) participate in a trusted exchange network. This proposal is based on our authority under: Sections 1856(b) and 1857(e) of the Act to adopt standards and contract terms for MA plans; section 1902(a)(4) of the Act to adopt methods of administration for the administration state Medicaid plans, including requirements for Medicaid Managed Care Plans (MCOs, PIHPs, and PAHPs); section 2101(a) for CHIP managed care entities (MCOs, PIHPs, and PAHPS); and section 3001(c)(9)(F)(iii) of the Public Health Service Act and section 1311(e)(1)(B) of the Affordable Care Act for QHP issuers in an FFE. Under our proposal, participation would be required in a trusted exchange framework that meets the following criteria:
(1) The trusted exchange network must be able to exchange PHI, defined in 45 CFR 160.103, in compliance with all applicable state and federal laws across jurisdictions.
(2) The trusted exchange network must be capable of connecting both inpatient EHRs and ambulatory EHRs.
(3) The trusted exchange network must support secure messaging or electronic querying by and between patients, providers and payers.
We propose to codify these requirements for these plans at 42 CFR 422.119(f)(2) for MA organizations, 438.242(b)(5) for Medicaid managed care plans, 457.1233(d)(2) for CHIP managed care entities, and 45 CFR 156.221(d) for QHPs in the FFEs.
On January 5, 2018, ONC released the draft Trusted Exchange Framework for public comment. Commenters to the draft framework, particularly payers providing comments, requested that existing trust networks operating successfully be leveraged in further advancing interoperability; thus, we are considering proposing in the future an approach to payer to payer and payer to provider interoperability that leverages existing trust networks to support care coordination and improve patient access to their data. We request comments on this approach and how it might be aligned in the future with section 4003(b) of the Cures Act. We also request comments on the effective date we have proposed for this requirement and what benefits and challenges the plans (MA organization, Medicare managed care plans, CHIP managed care entities and QHPs in the FFE) may face meeting this requirement for additional consideration in future rulemaking.
We believe that activities related to this proposal may qualify as a QIA meeting the criteria described in section 2718(a)(2) of the PHSA for purposes of the MLR requirements for QHP issuers in an FFE (excluding SADP issuers),
The Medicare and Medicaid programs were originally created as distinct programs with different purposes. The programs have different rules for eligibility, covered benefits, and payment, and the programs have operated as separate and distinct systems despite a growing number of people who depend on both programs for their health care. There is an increasing need to align these programs—and the data and systems that support them—to improve care delivery and the beneficiary experience for dually eligible beneficiaries, while reducing administrative burden for providers, health plans, and states. The interoperability of state and CMS eligibility systems is a critical part of modernizing the programs and improving beneficiary and provider experiences. Improving the accuracy of data on dual eligibility status by increasing the frequency of federal-state data exchanges is a strong first step in improving how these systems work together.
States and CMS routinely exchange data on who is enrolled in Medicare, and which parties are liable for paying that beneficiary's Parts A and B premiums. These data exchanges support state, CMS, and SSA premium accounting, collections, and enrollment functions. Section 1843 of the Act permits states to enter into an agreement with the Secretary to facilitate state “buy-in,” that is, payment of Medicare premiums, in this case Part B premiums, on behalf of certain individuals. For those beneficiaries covered under the agreement, the state pays the beneficiary's monthly Part B premium. Section 1818(g) of the Act establishes the option for states to amend their buy-in agreement to include enrollment and payment of the Part A premium for certain specified individuals. All states and the District of Columbia have a Part B buy-in agreement; 36 states and the District of Columbia have a Part A buy-in agreement.
To effectuate the state payment of Medicare Part A or Part B premiums, a state submits data on a buy-in file to CMS via an electronic file transfer (EFT) exchange setup. The state's input file includes a record for each Medicare beneficiary for whom the state is adding or deleting coverage, or changing buy-in status. In response, CMS returns an updated transaction record that provides data identifying, for each transaction on the state file, whether CMS accepted, modified, or rejected it, as well a Part A or Part B billing record showing the state's premium responsibility. In addition, the CMS file may “push” new updates obtained from SSA to the state, for example, changes to the Medicare Beneficiary Identifier number or a change of address.
We have issued regulations for certain details of the state buy-in processes. For Medicare Part A, 42 CFR 407.40 describes the option for states to amend the buy-in agreement to cover Part A premiums for Qualified Medicare Beneficiaries (QMBs). For Medicare Part B, 42 CFR 406.26 codifies the process for modifying the buy-in agreement to identify the eligibility groups covered. CMS subregulatory guidance, specifically Chapter 3 of the State Buy-in Manual,
While many states submit and receive buy-in files daily, some continue to only do so on a monthly basis. We have become increasingly concerned about the limitations of monthly buy-in data exchanges with states. The relatively long lag in updating buy-in data means that the state is not able to terminate or activate buy-in coverage sooner, so the state or beneficiary may be paying premiums for longer than appropriate. In most cases, funds must be recouped and redistributed—a burdensome administrative process involving debits and payments between the beneficiary, state, CMS, and SSA. Additionally, transaction errors do occur in the current data exchange processes. In a monthly exchange, it can take multiple months to correct and resubmit an improperly processed transaction, exacerbating the delays in appropriately assigning premium liability, leading to larger mispayment, recoupment, and redistribution of premiums.
Exchanging the buy-in data with greater frequency supports more timely access to coverage. All states' systems already have the capacity to exchange buy-in data. We acknowledge that states who do not already exchange data daily will need an initial, one-time systems change to do so. However, moving to a daily data exchange would result in a net reduction of burden for states, and further, reduce administrative complexity for beneficiaries and providers. More frequent submission of updates to individuals' buy-in status positively impacts all involved. Based on our experience with the states currently exchanging buy-in data daily, we have found:
• States can terminate buy-in coverage sooner and lower the risk of paying Part A or Part B premiums for individuals once they no longer qualify. Enrollees for whom the buy-in is ending have less risk of a retroactive deduction from their Social Security check due to delayed Part B buy-in terminations (while 42 CFR 407.48(c) limits retroactive recoupments to a maximum of 2 months, an unexpected deduction of up to $268 [2 months of Part B premiums in 2018] is significant for those with incomes low enough to be dually eligible);
• States can detect and fix errors sooner, limiting the impact of such errors;
• State staff can spread the workload of resolving rejected records across the whole month rather than a spike when they receive the monthly CMS response file;
• States can effectuate an earlier shift to Medicare as primary payer for many health care services, for those already covered by Medicaid;
• Beneficiaries newly eligible for buy-in who had been paying premiums themselves can stop having the Part B
• Beneficiaries newly eligible for buy-in who could not afford Medicare premiums can access Medicare Parts A and B services and providers can be assured of coverage sooner.
While there exist opportunities to modernize the platform for buy-in data exchange, we believe that an important first step is to promote the exchange of the most current available data. Section 1843(f) of the Act specifies that Part B buy-in agreements shall contain such provisions as will facilitate the financial transactions of the State and the carrier with respect to deductions, coinsurance, and otherwise, and as will lead to economy and efficiency of operation. Further, section 1818(g)(2)(A) of the Act on Part A buy-in identifies this section 1843(f) requirement as applicable to Part A buy-in. While the regulations governing buy-in agreements (see 42 CFR 406.26 and 407.40) are silent on the frequency of buy-in data exchanges, current guidance articulates that the required buy-in data may be submitted daily, weekly, or monthly. We are proposing to establish frequency requirements in the regulations at 42 CFR 406.26(a)(1) and 407.40(c) to require all states to participate in daily exchange of buy-in data to CMS, with “daily” meaning every business day, but that if no new transactions are available to transmit, data would not need to be submitted on a given business day. We believe these requirements will improve the economy and efficiency of operation of the “buy-in” process. We propose that states would be required to begin participating in daily exchange of buy-in data with CMS by April 1, 2022. We believe this effective date will allow states to phase in any necessary operational changes or bundle this required change with any new systems implementation. There are 19 states that we anticipate will need to make a system change to send buy-in data to CMS daily, and 22 states that we anticipate will need to make a system change to receive buy-in data from CMS daily. We estimate the one-time cost to be a little less than $80,000 per state, per change. So a state that needs to make systems updates to both send buy-in data daily, and receive buy-in data daily would have a one-time cost of just under $160,000. We seek comment on these proposals.
States submit data on files at least monthly to CMS to identify all dually eligible individuals, including full-benefit and partial-benefit dually eligible beneficiaries (that is, those who get Medicaid help with Medicare premiums, and often for cost-sharing). The file is called the “MMA file,” but is occasionally referred to as the “State Phasedown file.” The MMA file was originally developed to meet the need to timely identify dually eligible beneficiaries for the then-new Medicare Part D prescription drug benefit. The Medicare Modernization Act (MMA) established that beginning January 1, 2006, Medicare would be primarily responsible for prescription drug coverage for full-benefit dually eligible individuals; established auto-enrollment of full-benefit dually eligible beneficiaries into Medicare prescription drug plans (with regulations further establishing facilitated enrollment into prescription drug plans for partial-benefit dually eligible beneficiaries), provided that dually eligible beneficiaries are treated as eligible for the Medicare Part D Low Income Subsidy (LIS), sometimes called Extra Help; defined phased down state contributions to partly finance Part D costs for dually eligible beneficiaries; and required risk-adjusting capitation payments for low-income subsidy (which include dually eligible) enrollees of Part D plans. To support these new requirements, we issued 42 CFR 423.910, establishing monthly reporting by states, in which states would submit, at least monthly, a data file identifying dually eligible individuals in their state. Over time, we used these files' data on dual eligibility status to support Part C capitation risk-adjustment, and most recently, to feed dual eligibility status to Part A and B eligibility and claims processing systems so providers, suppliers, and beneficiaries have accurate information on beneficiary cost-sharing obligations.
It is required at 42 CFR 423.910 that states to submit at least one MMA file each month. However, states have the option to submit multiple MMA files throughout the month (up to one per day). Most states submit MMA data files at least weekly; however, only 13 states submit MMA data files daily. As CMS now leverages MMA data on dual eligibility status into systems supporting all four parts of the Medicare program, it is becoming even more essential that dual eligibility status is accurate and up-to-date. Dual eligibility status can change at any time in a month. Waiting up to a month for status updates can negatively impact access to the correct level of benefit at the correct level of payment. Based on our experience with states that exchange data daily, more frequent MMA file submissions benefit states, beneficiaries, and providers, in a number of ways including:
• Enabling an earlier transition to Medicare coverage for prescription drugs, which reduces the number of claims the state pays erroneously and has to recoup from pharmacists (that then have the burden of reaching out to reconcile with the new Part D plan);
• Effectuating an earlier shift to Medicare as primary payer for many health care services;
• Aiding timely error identification and resolution, mitigating the payment and other implications of the error;
• Supporting states that promote enrollment in integrated care by expediting the enrollment into Medicare, since beneficiaries must have Medicare Parts A and B, as well as Medicaid to be eligible for integrated products such as Dual-eligible Special Needs Plans, Medicare-Medicaid Plans, and the Programs for All-inclusive Care for the Elderly (PACE);
• Supporting beneficiaries to obtain access to Medicare Part D benefits and related subsidies sooner, as dual eligibility status on the MMA file prompts CMS to deem individuals automatically eligible for the Medicare Part D LIS and make changes to LIS status (for example, reducing copayments to $0 when data indicate a move to a nursing facility or use of home and community based long term care services) and auto-enroll them into Medicare prescription drug coverage back to the start of dual eligibility status; and,
• Promoting protections for QMBs by improving the accuracy of data for providers and QMBs on zero cost-sharing liability for services under Medicare Parts A and B.
As noted, current regulation requires that the MMA files be submitted at least monthly. We have implemented “work-arounds” for lags in dual eligibility status for Part D, including the “Best Available Evidence” policy (see 42 CFR 423.800(d)), as well as the Limited Income Newly Eligible Transition demonstration, which provides short term drug coverage for dually eligible beneficiaries with no Part D plan enrollment in a given month (see Medicare Prescription Drug Benefit Manual, Chapter 3, Section 40.1.4).
Ensuring information on dual eligibility status is accurate and up-to-date by increasing the frequency of federal-state data exchange is an important step in the path to interoperability. As a result, we are proposing to update the frequency requirements in 42 CFR 423.910(d) to require that starting April 1, 2022, all states submit the required MMA file data to CMS daily, and to make conforming edits to 42 CFR 423.910(b)(1). Daily would mean every business day, but that if no new transactions are available to transmit, data would not need to be submitted on a given business day. We propose that states will be required to begin submitting these data daily to CMS by April 1, 2022, because we believe this effective date will allow states to phase in any necessary operational changes or bundle this required change with any new systems implementation. There are 37 states and the District of Columbia that we anticipate will need to make a system change to send MMA data to CMS daily. We estimate the one-time cost for a state to be a little less than $80,000 for this MMA data systems change. For a detailed discussion of the costs associated with these requirements we refer readers to section XVI. of this proposed rule. We seek comment on these proposals.
In addition to the proposals recommended above, we seek public comment for consideration in future rulemaking on how we can achieve greater interoperability of federal-state data for dually eligible beneficiaries, including in the areas of program integrity and care coordination, coordination of benefits and crossover claims, beneficiary eligibility and enrollment, and their underlying data infrastructure. Specifically, we seek comment on:
• Whether existing regulations, as well as those proposed here, sufficiently support interoperability among those serving dually eligible beneficiaries, and if not, what additional steps would advance interoperability.
• How to enhance the interoperability of existing CMS processes to share Medicare data with states for care coordination and program integrity.
• How to improve the CMS and state data infrastructure to support interoperability (for example, more frequent data exchanges, common data environment, etc.).
• For eligibility, how interoperability can provide timely, integrated eligibility and enrollment status across Medicare, Medicaid, and related agencies (for example, SSA), and reduce the need for persons to provide, and states to collect/process, the same demographic information (for example, address, income).
• For provider enrollment in both Medicaid and Medicare, how interoperability can streamline provider enrollment and reduce provider and state burden to increase systems accuracy and beneficiary utilization of provider enrollment data (for example, disability competence, hours of service, types of insurance accepted, etc.).
• For coordination of benefits, including crossover claims, the underlying changes that would need to be made to support interoperability (for example, coding, file formats, provider/beneficiary identifier, and encounter versus FFS data).
Please include specific examples when possible while avoiding the transmission of protected information. Please also include a point of contact who can provide additional information upon request.
The nature and extent of information blocking has come into focus in recent years. In 2015, at the request of the Congress, ONC submitted a Report on Health Information Blocking
Based on these economic realities and first-hand experience working with the health IT industry and stakeholders, ONC concluded in the Information Blocking Congressional Report that information blocking is a serious problem and recommended that the Congress prohibit information blocking and provide penalties and enforcement mechanisms to deter these harmful practices.
MACRA became law in the same month that the Information Blocking Congressional Report was published. Section 106(b)(2)(A) of MACRA amended section 1848(o)(2)(A)(ii) of the Act to require that an eligible professional must demonstrate that he or she has not knowingly and willfully taken action (such as to disable functionality) to limit or restrict the compatibility or interoperability of certified EHR technology, as part of being a meaningful EHR user. Section 106(b)(2)(B) of MACRA made corresponding amendments to section 1886(n)(3)(A)(ii) of the Act for eligible hospitals and, by extension, under section 1814(l)(3) of the Act for CAHs. Sections 106(b)(2)(A) and (B) of MACRA provide that the manner of this demonstration is to be through a process specified by the Secretary, such as the use of an attestation. To implement these provisions, as discussed further below, we established and codified attestation requirements to support the prevention of information blocking, which consist of three statements containing specific representations about a health care provider's implementation and use of CEHRT. To review our discussion of these requirements, we refer readers to the CY 2017 Quality Payment Program final rule (81 FR 77028 through 77035).
Recent empirical and economic research further underscores the complexity of the information blocking problem and its harmful effects. In a national survey of health information organizations, half of respondents reported that EHR developers routinely engage in information blocking, and a quarter of respondents reported that hospitals and health systems routinely do so.
In December 2016, section 4004 of the Cures Act added section 3022 of the PHSA (the “PHSA information blocking provision”), which defines conduct by health care providers, health IT developers, and health information exchanges and networks, that constitutes information blocking. The PHSA information blocking provision was enacted in response to ongoing concerns that some individuals and entities are engaging in practices that unreasonably limit the availability and use of electronic health information for authorized and permitted purposes (see the definition of electronic health information proposed by ONC for HHS adoption at 45 CFR 171.102 (published elsewhere in this issue of the
The information blocking provision added to PHSA defines and creates possible penalties and disincentives for information blocking in broad terms, working to deter the entire spectrum of practices likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information. The PHSA information blocking provision applies to health care providers, health IT developers, exchanges, and networks. The information blocking provision added to PHSA by the Cures Act also provides that the “Secretary, through rulemaking, shall identify reasonable and necessary activities that do not constitute information blocking for purposes of the definition at section 3022(a)(1) of the PHSA.” ONC has taken the lead on this rulemaking effort, and in addition to the attestation discussed in this section, all health care providers would also be subject to the separate information blocking regulations proposed by ONC for HHS adoption at 45 CFR part 171 (published elsewhere in this issue of the
We propose to publicly report certain information about eligible clinicians' attestations under the QPP on Physician Compare and eligible hospitals' and CAHs' attestations under the Medicare FFS Promoting Interoperability Program (previously known as the Medicare EHR Incentive Program) on a CMS website. As discussed below, although we have already implemented what is required by sections 106(b)(2)(A) and (B) of MACRA through the attestation requirements we have established in prior rulemaking (81 FR 77028 through 77035), we believe publishing information on which eligible clinicians, eligible hospitals, and CAHs have negatively attested that they have not knowingly and willfully taken action to limit or restrict the compatibility or interoperability of certified EHR technology would serve to discourage knowing and willful behavior that limits interoperability and prevents the sharing of information discussed in both MACRA and the Cures Act.
Physician Compare (
As discussed in the CY 2018 Quality Payment Program final rule (82 FR 53820), Physician Compare has continued to pursue a phased approach to public reporting under MACRA in accordance with section 1848(q)(9) of the Act. Specifically, subparagraphs (A) and (D) of section 1848(q)(9) of the Act facilitate the continuation of the phased approach to public reporting by requiring the Secretary to make available on the Physician Compare website, in an easily understandable format, individual MIPS eligible clinician and group performance information, including: The MIPS eligible clinician's final score; the MIPS eligible clinician's performance under each MIPS performance category (quality, cost, improvement activities, and Promoting Interoperability); names of eligible clinicians in Advanced APMs and, to the extent feasible, the names of such Advanced APMs and the performance of such models; and, aggregate information on the MIPS, posted periodically, including the range of final scores for all MIPS eligible clinicians and the range of the performance of all MIPS eligible clinicians for each performance category.
In the CY 2018 Quality Payment Program final rule (82 FR 53827), we finalized a policy to include an indicator on Physician Compare, as technically feasible, for any eligible clinician or group who successfully meets the Promoting Interoperability performance category. We also finalized a policy to include, as technically feasible, additional information on Physician Compare, either on the profile pages or in the downloadable database, including, but not limited to objectives, activities, or measures specified in the CY 2018 Quality Payment Program final rule (82 FR 53827; see 82 FR 53663 through 53688) with respect to the Promoting Interoperability performance category.
Generally, all data available for public reporting on Physician Compare must meet our established public reporting standards under 42 CFR 414.1395(b). In addition, for each program year, CMS provides a 30-day preview period for any clinician or group with QPP data being publicly reported on Physician Compare under 42 CFR 414.1395(d). All data available for public reporting—
Building upon the continuation of our phased approach to public reporting and understanding the importance of preventing information blocking, promoting interoperability and the sharing of information, we propose to make certain data about the attestation statements on the prevention of information blocking referenced earlier in section VIII.A. of this proposed rule available for public reporting on Physician Compare, drawing upon our authority under section 10331(a)(2) of Affordable Care Act, which requires us to make publicly available on Physician Compare information on physician performance that provides comparable information for the public on quality and patient experience measures. Section 10331(a)(2) of the Affordable Care Act provides that to the extent scientifically sound measures that are developed consistent with the requirements of section 10331 of the Affordable Care Act are available, such information shall include, to the extent practicable, an assessment of the coordination of care and other information as determined appropriate by the Secretary. We believe section 10331(a)(2) of the Affordable Care Act provides the statutory authority to publicly report certain data about the prevention of information blocking attestation statements as an assessment of care coordination and as other information determined appropriate by the Secretary. Furthermore, the prevention of information blocking attestation statements are required for a clinician to earn a Promoting Interoperability performance category score, which is then incorporated into the final score for MIPS, and we are required to publicly report both of these scores under section 1848(q)(9)(A) of the Act. Publicly posting this information as an indicator is consistent with our finalized policy to publicly report, either on the profile pages or in the downloadable database, other aspects of the Promoting Interoperability performance category, such as objectives, activities, or measures specified in the CY 2018 Quality Payment Program final rule.
There are three prevention of information blocking attestation statements under 42 CFR 414.1375(b)(3)(ii)(A) through (C) to which eligible clinicians reporting on the Promoting Interoperability performance category of MIPS must attest. To report successfully on the Promoting Interoperability performance category, in addition to satisfying other requirements, an eligible clinician must submit an attestation response of “yes” for each of these statements. For more information about these statements, we refer readers to the preamble discussion in the CY 2017 Quality Payment Program final rule (81 FR 77028 through 81 FR 77035).
We believe it would benefit the public to know if eligible clinicians have attested negatively to the statements under 42 CFR 414.1375(b)(3)(ii) as this may assist the patient in selecting a clinician or group who collaborates with other clinicians, groups, or other types of health care providers by sharing information electronically, and does not withhold information that may result in better care. Therefore, we are proposing to include an indicator on Physician Compare for the eligible clinicians and groups that submit a “no” response to any of the three statements under 42 CFR 414.1375(b)(3)(ii)(A) through (C). In the event that these statements are left blank, that is, a “yes” or a “no” response is not submitted, the attestations would be considered incomplete, and we would not include an indicator on Physician Compare. We also propose to post this indicator on Physician Compare, either on the profile pages or the downloadable database, as feasible and appropriate, starting with the 2019 performance period data available for public reporting starting in late 2020.
Under 42 CFR 414.1395(b), these data must meet our established public reporting standards, including that to be included on the public facing profile pages, the data must resonate with website users, as determined by CMS. In previous testing with patients and caregivers, we have learned that effective use of CEHRT is important to them when making informed health care decisions. To determine how to best display and meaningfully communicate the indicator on the Physician Compare website, the exact wording and, if applicable, profile page indicator would be determined after user testing and shared with stakeholders through the Physician Compare Initiative page, listservs, webinars, and other available communication channels. We note this proposal is contingent upon the availability of and technical feasibility to use these data for public reporting. We request comment on this proposal.
Section 1886(n)(4)(B) of the Act requires the Secretary to post in an easily understandable format a list of the names and other relevant data, as determined appropriate by the Secretary, of eligible hospitals and CAHs who are meaningful EHR users under the Medicare FFS program, on a CMS website. In addition, that section requires the Secretary to ensure that an eligible hospital or CAH has the opportunity to review the other relevant data that are to be made public with respect to the eligible hospital or CAH prior to such data being made public. We believe certain information related to the prevention of information blocking attestation statements under 42 CFR 495.40(b)(2)(i)(I)(
We believe it would be relevant to the public to know if eligible hospitals and CAHs have attested negatively to the statements under 42 CFR 495.40(b)(2)(i)(I)(1) through (3) as it could indicate that they are knowingly and unreasonably interfering with the exchange or use of electronic health information in ways that limit its availability and use to improve health care. As we stated in the CY 2017 Quality Payment Program final rule, we believe that addressing issues related to information blocking would require additional and more comprehensive measures (81 FR 77029). In addition, publicly posting this information would reinforce our commitment to focus on increased interoperability and the appropriate exchange of health information. We propose to post information on a CMS website available to the public indicating that an eligible hospital or CAH attesting under the Medicare FFS Promoting
Congress required the Secretary to create a provider digital contact information index in section 4003 of the Cures Act. This index must include all individual health care providers and health care facilities, or practices, in order to facilitate a comprehensive and open exchange of patient health information. Congress gave the Secretary the authority to use an existing index or to facilitate the creation of a new index. In comments received on the FY 2019 IPPS proposed rule RFI, there was strong support for a single, public directory of provider digital contact information. Commenters noted that digital communication could improve interoperability by facilitating efficient exchange of patient records, eliminating the burden of working with scanned paper documents, and ultimately enhancing care coordination.
To ensure the index is accessible to all clinicians and facilities, we have updated the NPPES
Health care providers are required to communicate to the NPPES any information that has changed within 30 days of the change (45 CFR 162.410(a)(4)). CMS reviews NPPES to ensure a provider has a valid NPI as part of the Medicare enrollment process, as well as the revalidation process, which occurs every 3 to 5 years depending on the provider or supplier type.
Information in NPPES is publicly accessible via both an online search option and a downloadable database option. As a result, adding digital contact information to this existing index is an efficient and effective way to meet the Congressional requirement to establish a digital contact information index and to promote the sharing of information.
As of June 2018, NPPES has been updated to include the capability to capture one or more pieces of digital contact information that can be used to facilitate secure sharing of health information. For instance, providers can submit a Direct address, which functions similar to a regular email address, but includes additional security measures to ensure that messages are only accessible to the intended recipient in order to keep the information confidential and secure. “Direct” is a technical standard for exchanging health information. Direct addresses are available from a variety of sources, including EHR vendors, State Health Information Exchange entities, regional and local Health Information Exchange entities, as well as private service providers offering Direct exchange capabilities called Health Information Service Providers (HISPs) (
In addition, NPPES can now maintain information about the type of contact information providers and organizations are associated with, along with the preferred uses for each address. Each provider in NPPES can maintain their own unique information or associate themselves with information shared among a group of providers. Finally, NPPES has also added a public API which can be used to obtain contact information stored in the database. Although NPPES is now better equipped to maintain provider digital contact information, many providers have not submitted this information. In the 2015 final rule, “Medicare and Medicaid Programs; Electronic Health Record Incentive Program-Stage 3 and Modifications to Meaningful Use in 2015 Through 2017” (80 FR 62901), we finalized a policy to collect information in NPPES about the electronic addresses of participants in the EHR Incentive Program (specifically, a Direct address and/or other “electronic service information” as available). However, this policy was not fully implemented at the time, in part due to the limitations of the NPPES system which have since been addressed. As a result, many providers have not yet added their digital contact information to NPPES and digital contact information is frequently out of date.
In light of these updates to the NPPES system, all individual health care providers and facilities can take immediate action to update their NPPES record online to add digital contact information. This simple step will significantly improve interoperability by making valuable contact information easily accessible. For those providers who continue to rely on the use of cumbersome, fax-based modes of sharing information, we hope that greater availability of digital contact information will help to reduce barriers to electronic communication with a wider set of providers with whom they share patients. Ubiquitous, public availability of digital contact information for all providers is a crucial step towards eliminating the use of fax machines for the exchange of health information. We urge all providers to take advantage of this resource to implement Congress' requirement that
Entities seeking to engage in electronic health information exchange need accurate information about the electronic addresses (for example, Direct address, FHIR server URL, query endpoint, or other digital contact information) of potential exchange partners. A common directory of the electronic addresses of health care providers and organizations could enhance interoperability and information exchange by providing a resource where users can obtain information about how to securely transmit electronic health information to a provider.
We propose to increase the number of providers with valid and current digital contact information available through NPPES by publicly reporting the names and NPIs of those providers who do not have digital contact information included in the NPPES system. We propose to begin this public reporting in the second half of 2020, to allow individuals and facilities time to review their records in NPPES and update the system with appropriate digital contact information. We are also requesting comment from stakeholders on the most appropriate way to pursue this public reporting initiative, including where these names should be posted, with what frequency, and any other information stakeholders believe would be helpful.
We believe this information is extremely valuable to facilitate interoperability, and we appreciate Congress' leadership in requiring the establishment of this directory. We are interested in stakeholder comment on additional possible enforcement authorities to ensure that individuals and facilities make their digital contact information publicly available through NPPES. For example, should Medicare reporting programs, such as MIPS, require eligible clinicians to update their NPPES data with their digital contact information? Should CMS require this information to be included as part of the Medicare enrollment and revalidation process? How can CMS work with states to promote adding information to the directory through state Medicaid programs and CHIP? Should CMS require providers to submit digital contact information as part of program integrity processes related to prior authorization and submission of medical record documentation? We will review comments for possible consideration in future rulemaking on these questions.
As noted earlier in this proposed rule, CMS appreciates the pathways Congress has created for action on interoperability and has been working diligently with ONC to implement them. In order to ensure broad stakeholder input to inform our proposals, we published a Request for Information (RFI) on interoperability in several recently published proposed rules, including the FY 2019 IPPS proposed rule (83 FR 20550). Specifically, we published the RFI entitled, “Promoting Interoperability and Electronic Healthcare Information Exchange Through Possible Revisions to the CMS Patient Health and Safety Requirements for Hospitals and Other Medicare- and Medicaid-Participating Providers and Suppliers.” We requested stakeholders' input on how we could use the CMS health and safety standards that are required for providers and suppliers participating in the Medicare and Medicaid programs (that is, the Conditions of Participation (CoPs), Conditions for Coverage (CfCs), and Requirements for Participation (RfPs) for long term care facilities) to further advance electronic exchange of information that supports safe, effective transitions of care between hospitals and community providers. Specifically, we asked for comment on revisions to the current CMS CoPs for hospitals such as: Requiring that hospitals transferring medically necessary information to another facility upon a patient transfer or discharge do so electronically; requiring that hospitals electronically send required discharge information to a community provider via electronic means if possible and if a community provider can be identified; and, requiring that hospitals make certain information available to patients or a specified third-party application (for example, required discharge instructions) via electronic means if requested.
The RFI discussed several steps we have taken in recent years to update and modernize the CoPs and other health and safety standards to reflect current best practices for clinical care, especially in the area of care coordination and discharge planning. On November 3, 2015, we published a proposed rule, “Medicare and Medicaid Programs; Revisions to Requirements for Discharge Planning for Hospitals, Critical Access Hospitals, and Home Health Agencies” (80 FR 68126), to implement the discharge planning requirements of the IMPACT Act and to revise the discharge planning CoP requirements that hospitals (including short-term acute care hospitals, LTCHs, rehabilitation hospitals, psychiatric hospitals, children's hospitals, and cancer hospitals), CAHs, and HHAs must meet in order to participate in the Medicare and Medicaid programs. The final rule in response to public comment on our proposed new requirements for discharge planning for hospitals, CAHs, and HHAs is under development while we review and respond to public comments (our deadline to finalize this rule is November 3, 2019). Several of the proposed requirements from the 2015 Discharge Planning proposed rule directly addressed the issue of communication between providers and between providers and patients, as well as the issue of interoperability:
• Hospitals and CAHs would be required to transfer certain necessary medical information and a copy of the discharge instructions and discharge summary to the patient's practitioner, if the practitioner is known and has been clearly identified;
• Hospitals and CAHs would be required to send certain necessary medical information to the receiving facility/PAC providers, at the time of discharge; and,
• Hospitals, CAHs, and HHAs would need to comply with the IMPACT Act requirements that would require hospitals, CAHs, and certain PAC providers to use data on quality measures and data on resource use measures to assist patients during the discharge planning process, while taking into account the patient's goals of care and treatment preferences.
We also published the “Medicare and Medicaid Programs; Hospital and Critical Access Hospital Changes to Promote Innovation, Flexibility and Improvement in Patient Care” proposed rule (81 FR 39448) on June 16, 2016, which is under development while we review and respond to public comments (our deadline to finalize this rule is June 15, 2019). In that rule, we proposed updating a number of CoP requirements that hospitals and CAHs would have to meet to participate in the Medicare and Medicaid programs. One of the proposed hospital CoP revisions directly addressed the issues of communication between providers and patients, patient access to their medical records, and interoperability. We proposed that patients have the right to access their medical records, including current medical records, upon an oral or written request, in the form and format requested by such patients, if the information is readily producible in
In response to the recent RFI in the FY 2019 IPPS proposed rule, many stakeholders supported our goals of increasing interoperability and acknowledged the important role that hospital settings play in supporting care coordination. Stakeholders agreed that use of electronic technology was an important factor in ensuring safe transitions. At the same time, many stakeholders expressed concerns about implementing policy changes within the CoPs, which may increase the compliance burden on hospitals.
Given responses to the recent RFI, as well as previous rulemaking activities, we are seeking to further expand CMS requirements for interoperability within the hospital and CAH CoPs as part of this proposed rulemaking by focusing on electronic patient event notifications. In addition, we are committed to taking further steps to ensure that facilities that are electronically capturing information are electronically exchanging that information with providers who have the capacity to accept it. We expect that this will be required through rulemaking at a future point in time, with one option being alignment with the TEFCA described in section 4003 of the Cures Act. We will also continue to consider the RFI responses as we pursue this goal in future rulemaking.
Infrastructure supporting the exchange of electronic health information across settings has matured substantially in recent years. Research studies have increasingly found that health information exchange interventions can effect positive outcomes in health care quality and public health, in addition to more longstanding findings around reductions in utilization and costs. A recent review of how health information exchange interventions can improve cost and quality outcomes identified a growing body of high-quality studies showing that these interventions are associated with beneficial results.
Electronic patient event notifications from hospitals, or clinical event notifications, are one type of health information exchange intervention that has been increasingly recognized as an effective and scalable tool for improving care coordination across settings, especially for patients at discharge. This approach has been identified with a reduction in readmissions following implementation.
Patient event notifications are automated, electronic communications from the discharging provider to another facility, or to another community provider as identified by the patient, which alerts the receiving provider that the patient has received care at a different setting. Depending on the implementation, information included with these notifications can range from conveying the patient's name, other basic demographic information, and the sending institution to a richer set of clinical data on the patient. Regardless of the information included, these notifications can help ensure that a receiving provider is aware that the patient has received care elsewhere. The notification triggers a receiving provider to reach out to the patient and deliver appropriate follow-up care in a timely manner. By notifying the physician, care manager, or care management team, the notification can help to improve post-discharge transitions and reduce the likelihood that a patient would face complications from inadequate follow-up care.
In addition to their effectiveness in supporting care coordination, virtually all EHR systems generate the basic messages commonly used to support electronic patient event notifications. These notifications are based on admission, discharge, and transfer (ADT) messages, a standard message used within an EHR as the vehicle for communicating information about key changes in a patient's status as they are tracked by the system (more information about the current standard supporting these messages is available at
ADT messages provide each patient's personal or demographic information (such as the patient's name, insurance, next of kin, and attending physician), when that information has been updated, and also indicate when an ADT status has changed. To create an electronic patient event notification, a system can use the change in ADT status to trigger a message to a receiving provider or to a health information exchange system that can then route the message to the appropriate provider. In addition to the basic demographic information contained in the ADT message, some patient event notification implementations attach more detailed information to the message regarding the patient's clinical status and care received from the sending provider.
We propose to revise the CoPs for Medicare- and Medicaid-participating hospitals at 42 CFR 482.24 by adding a new standard at paragraph (d), “Electronic Notifications,” that would require hospitals to send electronic patient event notifications of a patient's admission, discharge, and/or transfer to another health care facility or to another community provider. As noted in the
For a hospital that currently possesses an EHR system with the capacity to generate the basic patient personal or demographic information for electronic patient event (ADT) notifications, compliance with this proposed standard within the Medical records services CoP (42 CFR 482.24) would be determined by the hospital demonstrating that its system: (1) Is fully operational and that it operates in accordance with all State and Federal statutes and regulations regarding the exchange of patient health information; (2) utilizes the content exchange standard incorporated by reference at 45 CFR 170.299(f)(2); (3) sends notifications that must include the minimum patient health information (which must be patient name, treating practitioner name, sending institution name, and, if not prohibited by other applicable law, patient diagnosis); and (4) sends notifications directly, or through an intermediary that facilitates exchange of health information, and at the time of the patient's admission to the hospital and either immediately prior to or at the time of the patient's discharge and/or transfer from the hospital. We recognize that some existing ADT messages might not include diagnosis and therefore seek comment on the technical feasibility of including this information as well as the challenges in appropriately segmenting this information in instances where the diagnosis may not be permitted for disclosure under other applicable laws.
We propose to limit this requirement to only those hospitals which currently possess EHR systems with the technical capacity to generate information for electronic patient event notifications as discussed below, recognizing that not all Medicare- and Medicaid-participating hospitals have been eligible for past programs promoting adoption of EHR systems. Our goal with this proposed requirement is to ensure that hospital EHR systems have a basic capacity to generate messages that can be utilized for notifications by a wide range of receiving providers, enabled by common standards. We believe that a system that utilizes the ADT messaging standard, which is widely used as the basis for implementing these notifications and other similar use cases, would meet this goal by supporting the availability of information that can be used to generate information for patient event notifications. Specifically, we propose that the system utilize the ADT Messaging standard incorporated by reference at 45 CFR 170.299(f)(2).
While there is no criterion under the ONC Health IT Certification Program which certifies health IT to create and send electronic patient event notifications, this standard is referenced by other certification criteria under the program. Specifically, this standard supports certification criteria related to transferring information to immunization registries, as well as transmission of laboratory results to public health agencies as described at 45 CFR 170.315(f) under the 2015 Edition certification criteria, and at 45 CFR 170.314(f) under the 2014 Edition. Thus, we expect systems that include Health IT Modules certified to meet criteria which reference this standard will possess the basic capacity to generate information for notification messages. We further note that adopting certified health IT that meets these criteria has been required for any hospital seeking to qualify for the Promoting Interoperability Programs (formerly the EHR Incentive Programs).
We recognize that there is currently significant variation in how hospitals have utilized the ADT messages to support implementation of patient event notifications. We also recognize that many hospitals, which have already implemented notifications, may be delivering additional information beyond the basic information included in the ADT message (both automatically when a patient's status changes and then upon request from receiving providers) to receiving practitioners, patient care team members, and post-acute care services providers and suppliers with whom they have established patient care relationships and agreements for patient health information exchange as allowed by law. We believe consensus standards for ADT-based notifications may become more widely adopted in the future (we refer readers to ONC's ISA
We further propose that the hospital would need to demonstrate that the system's notification capacity is fully operational, that it operates in accordance with all state and federal statutes and regulations regarding the exchange of patient health information. We intend for these notifications to be required, at minimum, for inpatients admitted to, and discharged and/or transferred from the hospital. However, we also note that patient event notifications are an effective tool for coordinating care across a wider set of patients that may be cared for by a hospital. For instance, a patient event notification could ensure a primary care physician is aware that their patient has received care at the emergency room, and initiate outreach to the patient to ensure that appropriate follow-up for the emergency visit is pursued. While we encourage hospitals to extend the coverage of their notification systems to serve additional patients, outside of those admitted and seen as inpatients, we also seek comment on whether we should identify a broader set of patients to whom this requirement would apply, and if so, how we should implement such a requirement in a way that minimizes administrative burden on hospitals.
Additionally, we are proposing that the hospital must demonstrate that its system sends notifications that must include the minimum patient health information (which must be patient name, treating practitioner name, sending institution name, and, if not prohibited by other applicable law, patient diagnosis). The hospital would also need to demonstrate that the system sends notifications directly, or through an intermediary that facilitates exchange of health information, and at the time of the patient's admission to the hospital, to licensed and qualified practitioners, other patient care team members, and
Through these provisions, we are seeking to allow for different ways that a hospital might identify those practitioners, other patient care team members, and PAC services providers and suppliers that are most relevant to both the pre-admission and post-discharge care of a patient. We are proposing that hospitals should send notifications to those practitioners or providers that have an established care relationship with the patient relevant to his or her care. We recognize that hospitals and their partners may identify appropriate recipients through various methods. For instance, hospitals might identify appropriate practitioners by requesting this information from patients or caregivers upon arrival, or by obtaining information about care team members from the patient's record. We expect hospitals might develop or optimize processes to capture information about established care relationships directly, or work with an intermediary that maintains information about care relationships. In other cases, hospitals may, directly or through an intermediary, identify appropriate notification recipients through the analysis of care patterns or other attribution methods that seek to determine the provider most likely to be able to effectively coordinate care post-discharge for a specific patient. The hospital or intermediary might also develop processes to allow a provider to specifically request notifications for a given patient for whom they are responsible for care coordination as confirmed through conversations with the patient.
Additionally, we would expect hospitals, psychiatric hospitals, and CAHs to comply with the Health Insurance Portability and Accountability Act (HIPAA) privacy rules set out at 45 CFR parts 160 and 164 when these proposed CoP requirements for patient event notifications are finalized. As required at 42 CFR 482.11 for hospitals and psychiatric hospitals and at 42 CFR 485.608 for CAHs, these providers must comply with all pertinent currently existing federal laws, including the HIPAA Privacy Rule. The patient event notifications and other exchanges of patient information would be permitted as disclosures for treatment purposes under 45 CFR part 164.
We also recognize that factors outside of the hospital's control may determine whether or not a notification is successfully received and utilized by a practitioner. Accordingly, we have proposed that a hospital would only need to send notifications to those practitioners for whom the hospital has reasonable certainty of receipt. While we expect hospitals will, to the best of their ability, seek to ensure that notification recipients are able to receive notifications (for instance, by obtaining a recipient's Direct address), we understand that technical issues beyond the hospital's control may prevent successful receipt and use of a notification.
Finally, we note that hospitals have an existing responsibility under the CoPs at 42 CFR 482.43(d) to “transfer or refer patients, along with necessary medical information, to appropriate facilities, agencies, or outpatient services, as needed, for follow-up or ancillary care.” We wish to emphasize that our proposal regarding patient event notifications would be separate from the requirement regarding necessary medical information at 42 CFR 482.43(d). We recognize that processes to implement this proposal, if finalized, may intersect with the hospital's discharge planning process. We note that nothing in this proposal would affect the hospital's responsibilities under 42 CFR 482.43(d). However, if this proposal is finalized, hospitals may wish to consider ways to fulfill these requirements in ways that reduce redundancy while still remaining compliant with existing requirements. For instance, where appropriate and allowed by law, hospitals may seek to include required necessary medical information within the same message as a patient event notification.
As previously stated, we are committed to continuing to identify further steps we can take to ensure that facilities that are electronically capturing information are exchanging that information electronically with providers that have the capacity to accept it. We expect that this will be required through rulemaking at a future point in time with one option being alignment with the TEFCA described in the Cures Act.
Medicare- and Medicaid-participating psychiatric hospitals must comply with all of the hospital CoPs at 42 CFR 482.1 through 482.23 and at 42 CFR 482.25 through 482.57. They also must adhere to special provisions regarding medical records at 42 CFR 482.61 and staffing requirements at 42 CFR 482.62. Since the medical records requirements are different for psychiatric hospitals, and since these hospitals do not have to comply with our regulations at 42 CFR 482.24, we are proposing a new electronic notification standard at 42 CFR 482.61(f) within the special provisions for psychiatric hospitals in this section.
Similar to our proposal for hospitals at 42 CFR 482.24(d), we are proposing a new standard at 42 CFR 482.61(f), “Electronic Notifications,” that would require psychiatric hospitals to send electronic patient event notifications of a patient's admission, discharge, and/or transfer to another health care facility or to another community provider.
As we have proposed for hospitals, we propose to limit this requirement to only those psychiatric hospitals which currently possess EHR systems with the technical capacity to generate information for electronic patient event notifications, defined as systems that utilize the content exchange standard incorporated by reference at 45 CFR 170.299(f)(2). We propose that for a psychiatric hospital that currently possesses an EHR system with the capacity to generate the basic patient personal or demographic information for electronic patient event (ADT) notifications, compliance with this proposed standard within the Special medical records requirements for psychiatric hospitals CoP (42 CFR 482.61) would be determined by the hospital demonstrating that its system: (1) Is fully operational and that it operates in accordance with all State and Federal statutes and regulations regarding the exchange of patient health
Additionally, we are proposing that the hospital would need to demonstrate that the system sends notifications directly, or through an intermediary that facilitates exchange of health information, and at the time of the patient's admission to the hospital, to licensed and qualified practitioners, other patient care team members, and PAC services providers and suppliers that: (1) Receive the notification for treatment, care coordination, or quality improvement purposes; (2) have an established care relationship with the patient relevant to his or her care; and (3) for whom the hospital has a reasonable certainty of receipt of notifications. Similarly, we are also proposing that the hospital would need to demonstrate the transmission of these notifications either directly, or through an intermediary that facilitates the exchange of health information, and either immediately prior to or at the time of the patient's discharge or transfer from the hospital, to licensed and qualified practitioners, other patient care team members, and PAC services providers and suppliers that: (1) Receive the notification for treatment, care coordination, or quality improvement purposes; (2) have an established care relationship with the patient relevant to his or her care; and (3) for whom the hospital has a reasonable certainty of receipt of notifications.
We refer readers to the extended discussion of these proposals in sections X.A. and B. of this proposed rule. We seek comment on these proposals.
We believe implementation of patient event notifications are also important for CAHs to support improved care coordination from these facilities to other providers in their communities. Therefore, similar to our proposals for the hospital and psychiatric hospital medical records requirements as discussed in the preceding sections, we would revise 42 CFR 485.638, by adding a new standard to the CAH Clinical records CoP at paragraph (d), “Electronic Notifications.” This proposed standard would require CAHs to send electronic patient event notifications of a patient's admission, discharge, and/or transfer to another health care facility or to another community provider.
We propose to limit this requirement to only those CAHs which currently possess EHR systems with the technical capacity to generate information for electronic patient event notifications, defined as systems that utilize the content exchange standard incorporated by reference at 45 CFR 170.299(f)(2). We propose that for a CAH that currently possesses an EHR system with the capacity to generate the basic patient personal or demographic information for electronic patient event (ADT) notifications, compliance with this proposed standard within the Clinical records services CoP (42 CFR 485.638) would be determined by the CAH demonstrating that its system: (1) Is fully operational and that it operates in accordance with all State and Federal statutes and regulations regarding the exchange of patient health information; (2) utilizes the content exchange standard incorporated by reference at 45 CFR 170.299(f)(2); (3) sends notifications that must include the minimum patient health information (which must be patient name, treating practitioner name, sending institution name, and, if not prohibited by other applicable law, patient diagnosis); and (4) sends notifications directly, or through an intermediary that facilitates exchange of health information, and at the time of the patient's admission to the CAH and either immediately prior to or at the time of the patient's discharge and/or transfer from the CAH. Please note that we are requesting comment on this policy as part of the hospital proposal above in section X.B. of this proposed rule. Please see additional discussion in the proposal for hospitals above.
Additionally, we are proposing that the CAH would need to demonstrate that the system sends notifications directly, or through an intermediary that facilitates exchange of health information, and at the time of the patient's admission to the CAH, to licensed and qualified practitioners, other patient care team members, and PAC services providers and suppliers that: (1) Receive the notification for treatment, care coordination, or quality improvement purposes; (2) have an established care relationship with the patient relevant to his or her care; and (3) for whom the CAH has a reasonable certainty of receipt of notifications. Similarly, we are also proposing that the CAH would need to demonstrate the transmission of these notifications either directly, or through an intermediary that facilitates the exchange of health information, and either immediately prior to or at the time of the patient's discharge or transfer from the CAH, to licensed and qualified practitioners, other patient care team members, and PAC services providers and suppliers that: (1) Receive the notification for treatment, care coordination, or quality improvement purposes; (2) have an established care relationship with the patient relevant to his or her care; and (3) for whom the CAH has a reasonable certainty of receipt of notifications.
We request comments on all of these proposals. We are especially interested in stakeholder feedback about how these proposals should be operationalized. Additionally, we seek comment on how CMS should implement these proposals as part of survey and certification guidance in a manner that minimizes compliance burden on hospitals, psychiatric hospitals, and CAHs while ensuring adherence with the standards. We are also interested in stakeholder input about a reasonable timeframe for implementation of these proposals for hospitals, psychiatric hospitals, and CAHs, respectively.
Transitions across care settings have been characterized as common, complicated, costly, and potentially hazardous for individuals with complex health needs. Yet despite the need for functionality to support better care coordination, discharge planning, and timely transfer of essential health information, interoperability by certain health care providers such as long term and PAC, behavioral health, and home and community-based services continues to lag behind acute care providers. Research from the Assistant Secretary for Planning and Evaluation (ASPE) and CMS, showed that in 2014, 44 percent of patients discharged from an acute care hospitalization received post-acute services, such as an admission to a SNFs, an IRF or a LTCH, or received HHA services. Specifically, of the 1,260,958 patients that received
In patients with the Acute-SNF-HHA pattern, almost 20 percent (19.9 percent) returned to the acute care hospital within 30 days of discharge from the HHA. Hospital patients discharged to LTCHs and IRFs were also likely to use multiple types of PAC services and a substantial share of these cases were readmitted within 30 days of discharge, ranging from 15.9 percent (LTCH-to-IRF cases) to 42.8 percent (LTCH to SNF cases).”
Poor patient outcomes, resulting from poor communication and lack of information, have been found to contribute to hospital readmissions, emergency department (ED) visits, and adverse outcomes. A well-documented contributor to this problem is incomplete and missing information for patients with frequent transitions across care settings. While interoperable, bidirectional exchange of essential health information can improve these transitions, many long-term and PAC, behavioral health, and home and community-based service providers have not adopted health IT at the same rate as acute care hospitals. One major contributing factor to this difference in adoption rates can be attributed to the fact that PAC providers were not eligible for the Medicare and Medicaid EHR Incentive Programs (now known as the Promoting Interoperability Programs), which slowed adoption of EHRs and other forms of interoperable health IT for these providers.
National data on EHR adoption and interoperability by these providers is limited. For PAC facilities that do possess EHRs, vendor adoption of interoperable functionality has been slow and uneven. A national survey of SNFs found that 64 percent of facilities used an EHR in 2016, 29 percent of SNFs could send or receive health information, but only 7 percent could send, find, receive, and integrate such information.
We are soliciting comment on several potential strategies for advancing interoperability across care settings to inform future rulemaking activity in this area.
As discussed above, health IT adoption has lagged in care settings that were not part of the EHR Incentive Programs. We are seeking input on how HHS can more broadly incentivize the adoption of interoperable health IT systems and use of interoperable data across settings such as long-term and PAC, behavioral health, and those settings serving individuals who are dually eligible for Medicare and Medicaid and/or receiving home and community-based services. We invite comment on specific policy strategies HHS could adopt to deliver financial support for technology adoption and use in these settings.
We also recognize that an ongoing challenge to advancing and incentivizing interoperability is the lack of agreed-upon measure concepts with which to gauge how well providers are routinely and effectively engaging in exchange of information across settings. To date, the measurement of interoperability has largely focused on the use of certified technology and the percentage of information exchanged. Expanding the scope of interoperability measurement beyond settings that were eligible for the EHR Incentive Programs is critical as efforts are being made to enable health IT and exchange capabilities across a broader range of care settings. In light of the interest by the stakeholder community to enable interoperability across all providers, HHS is seeking public comment on measure concepts that assess interoperability, including measure concepts that address PAC, behavioral health, home and community-based services, and other provider settings.
A National Quality Forum report on
As part of its work under the IMPACT Act, which requires, in part, that certain patient assessment data be standardized and interoperable to allow for exchange of the data among PAC providers and other providers, CMS has defined certain standardized patient assessment data elements
To enable the bidirectional exchange of this health information, we are seeking public comment on whether hospitals and physicians should adopt the capability to collect and electronically exchange a subset of the same PAC standardized patient assessment data elements (for example, functional status, pressure ulcers/injuries) in their EHRs. As these health care providers have generally been eligible for the EHR Incentive Programs (now known as Promoting Interoperability Programs), many of them would have adopted certified EHR technology and health IT systems, which are required to capture and exchange certain data elements under the ONC Health IT certification program. The set of data which systems must include under the certification program is set to expand in coming years under the USCDI Version 1 ONC has proposed for HHS adoption at 45 CFR 170.213, which would establish a minimum set of data classes that would be required to be interoperable nationwide (see the ONC proposed rule published elsewhere in this issue of the
We are seeking comment on whether to move toward the adoption of PAC standardized data elements through the expansion of the USCDI process. We are interested in whether the standardized patient assessment data elements that are implemented in CMS PAC assessment instruments in satisfaction of the IMPACT Act would be appropriate. If the full set of such standardized patient assessment data elements is not appropriate, we are seeking comment on whether a subset of these standardized items would be appropriate, and input on which data elements should be prioritized as part of a subset. We are also seeking information on what implementation timeline would be most appropriate for requiring adoption of these data elements in provider and hospital systems under the ONC Health IT Certification Program. We are also seeking comment on the administrative, development, and implementation burden that may be associated with adopting these data elements.
CMS plans to utilize Center for Medicare and Medicaid Innovation (“Innovation Center”) authority under section 1115A of the Act to test ways to promote interoperability across the health care spectrum. Section 1115A of the Act authorizes the Innovation Center to test innovative payment and service delivery models expected to reduce program expenditures, while preserving or enhancing the quality of care furnished to Medicare and Medicaid beneficiaries and CHIP enrollees. Interoperability and health data sharing are critical to the success of new payment and service delivery models that incentivize high quality, efficient care.
Innovation Center models can include multiple types of health care providers and other entities such as physician group practices, hospitals, PAC facilities, community-based organizations providing community-based long-term care services and supports or non-medical services, and dialysis centers. These types of health care providers furnish care to patients in different care settings, have different health IT systems, and have varied levels of experience with, and access to, EHR technology. The historically disparate and inadequate use of health IT among these providers and other entities has posed challenges to interoperability. Additionally, many of these types of health care providers are not eligible for the Promoting Interoperability Programs (previously known as the Medicare and Medicaid EHR Incentive Programs) and the associated financial incentives for EHR adoption and meaningful use.
We believe Innovation Center models (
Examples of how we may focus on interoperability related-issues in future model development may include: Models that incorporate piloting emerging standards; models leveraging non-traditional data in model design (for example, data from schools, data regarding housing and data on food insecurity); and models leveraging technology-enabled patient engagement platforms. The Innovation Center has incorporated non-clinical data in prior models, but anticipates addressing additional uses and types of non-clinical data in future models.
We are now requesting public comment on the following general principles around interoperability within Innovation Center models for integration into new models, through provisions in model participation agreements or other governing documents. In applying these general principles, we intend to be sensitive to the details of individual model design, and the characteristics and capacities of the participants in each specific model.
The MyHealthEData and Medicare Blue Button 2.0 initiatives aim to empower patients by ensuring that they have access to their health care data and can decide how their data is going to be used, all while keeping their data safe and secure. Certain Innovation Center models already require that participants with direct patient interactions provide their patients with electronic access to their health information within 24 hours of any encounter. New Innovation Center models may also require that providers and other health care entities with direct patient interactions provide patients access to their own electronic health information and, upon the patient's authorization, to third party developers via APIs.
Innovation Center model participants may, where appropriate, be required to participate in a trusted exchange network that meets the following criteria:
• The trusted exchange network must be able to exchange PHI in compliance with all applicable state and federal laws across jurisdictions.
• The trusted exchange network must connect both inpatient EHRs and ambulatory EHRs.
• The trusted exchange network must support secure messaging or electronic querying by and between patients, providers and payers.
Additionally, model participants may be required to participate in electronic alerting via one of the standards described in the ISA, II-A: Admission, Discharge, and Transfer published and updated by ONC.
Emerging health data standards present new opportunities to exchange more types of health care data between health care providers. Innovation Center model participants, along with their health IT vendors, may pilot new FHIR standards and advance adoption of new data classes in USCDI (for example, psychosocial data) to improve interoperability for care management, quality reporting or other priority use cases. As part of the design and testing of innovative payment and service delivery models, the Innovation Center anticipates taking on a leadership role in developing new or less mature FHIR and supporting more innovative interventions undertaken by states, whenever possible.
The Innovation Center seeks public comment on the principles for promoting interoperability in innovative payment and service delivery models described above. Additionally, the Innovation Center is requesting public comment on other ways in which the Innovation Center may further promote interoperability among model participants and other health care providers as part of the design and testing of innovative payment and service delivery models.
Through stakeholder feedback such as roundtables, stakeholder meetings, and rulemaking, we have received considerable feedback that the lack of a UPI inhibits interoperability efforts because, without a unique identifier for each patient, the safe and secure electronic exchange of health information is constrained as it is difficult to ensure that the relevant records are all for the same patient. HIPAA required the adoption of a “unique individual identifier for healthcare purposes,” commonly referred to as a UPI. At the time HIPAA was enacted, HHS began to consider what information would be needed to develop a rule to adopt a UPI standard. An initial Notice of Intent to issue a proposed rule on requirements for a unique health identifier for individuals was published in the November 2, 1998
Appreciating the significant privacy and security concerns raised by stakeholders regarding implementing a UPI, Congress included language in the Omnibus Consolidated and Emergency Supplemental Appropriations Act of 1999 (Pub. L. 105-277, enacted October 21, 1998) and in each subsequent Appropriations bill, stating none of the funds made available in this Act may be used to promulgate or adopt any final standard under section 1173(b) of the Act (42 U.S.C. 1320d-2(b)) providing for, or providing for the assignment of, a unique health identifier for an individual (except in an individual's capacity as an employer or a health care provider), until legislation is enacted specifically approving the standard. This language has effectively prohibited HHS from engaging in rulemaking to adopt a UPI standard. Consequently, the Secretary withdrew the Notice of Intent to pursue rulemaking on this issue on August 9, 2000 (
Although the appropriations language regarding the UPI standard has remained unchanged, in the report accompanying the 2017 appropriations bill, Congress additionally stated, although the Committee continues to carry a prohibition against HHS using funds to promulgate or adopt any final standard providing for the assignment of a unique health identifier for an individual until such activity is authorized, the Committee notes that this limitation does not prohibit HHS from examining the issues around patient matching. Accordingly, the Committee encouraged the Secretary, acting through ONC and CMS, to provide technical assistance to private-sector led initiatives to develop a coordinated national strategy that will
In conjunction with ONC, we are posing a request for information regarding how CMS could leverage our program authority to improve patient identification to facilitate improved patient safety, enable better care coordination, and advance interoperability. Inaccurate patient matching can lead to adverse events, compromised safety and privacy, inappropriate and unnecessary care, increased health care costs, and poor oversight of fraud and abuse. We consider this a quality of care and patient safety issue and seek stakeholder input on ways we can incent improvements.
In section 4007 of the 21st Century Cures Act, the Government Accountability Office (GAO) was directed to conduct a study to determine whether ONC and other stakeholders could improve patient matching through various mechanisms, to survey ongoing efforts related to the policies and activities and the effectiveness of such efforts occurring in the private sector, and to evaluate current methods used in certified EHRs for patient matching. The GAO was also tasked with submitting to Congress a report concerning the findings of the study. This report was released in January 2019.
In section I of this proposed rule, we discuss further how patient identification and matching pose challenges to interoperability. We look forward to working with ONC as we review the responses to this RFI in concert with the GAO report to help inform potential appropriate methods to scale best practices and leverage program authority to improve patient matching.
We are soliciting comment on potential strategies to address patient matching. Many stakeholders commenting on the interoperability RFIs included in the various 2019 proposed payment rules, including the FY 2019 IPPS proposed rule (83 FR 20550), indicated that patient matching is a “core functionality” of patient identification and necessary to ensure care coordination and the best patient outcomes. Commenters also noted that a consistently used matching strategy could accomplish the original goals of a UPI with a diminished risk to individual privacy and health information security. We solicit comment on how and in what way patient matching does or does not present the same security and privacy risks as a UPI.
We understand the significant health information privacy and security concerns raised around the development of a UPI standard and the current prohibition against using HHS funds to adopt a UPI standard. Recognizing Congress' statement regarding patient matching and stakeholder comments stating that a patient matching solution would accomplish the goals of a UPI, we seek comment on ways for us to continue to facilitate private sector work on a workable and scalable patient matching strategy so that the lack of a specific UPI does not impede the free flow of information for future consideration.
We are also seeking comment on how we may leverage our program authority to provide support to those working to improve patient matching. We specifically seek input on the following questions and the potential authority for the requirement:
1. Should CMS require Medicare FFS, MA Plans, Medicaid FFS, Medicaid managed care plans (MCOs, PIHPs, and PAHPs), CHIP FFS, CHIP managed care entities, and QHP issuers in FFEs (not including SADP issuers), use a patient matching algorithm with a proven success rate of a certain percentage where the algorithm and real world processes associated with the algorithm used are validated by HHS or a 3rd party?
2. Should CMS require Medicare FFS, the MA Plans, Medicaid FFS, Medicaid managed care plans, CHIP FFS, CHIP managed care entities, and QHP issuers in FFEs to use a particular patient matching software solution with a proven success rate of a certain percentage validated by HHS or a 3rd party?
3. Should CMS expand the recent Medicare ID card efforts by requiring a CMS-wide identifier which is used for all beneficiaries and enrollees in health care programs under CMS administration and authority, specifically by requiring any or all of the following:
• That MA organizations, Part D prescription drug plan sponsors, entities offering cost plans under section 1876 of the Act, and other Medicare health plans use the Medicare ID in their plan administration.
• That State Medicaid and CHIP agencies in their FFS or managed care programs use the Medicare ID for dual eligible individuals when feasible.
• That QHP issuers in FFEs use the Medicare ID for their enrollees in the administration of their plans.
4. Should CMS advance more standardized data elements across all appropriate programs for matching purposes, perhaps leveraging the USCDI proposed by ONC for HHS adoption at 45 CFR 170.213.
5. Should CMS complement CMS data and plan data in Medicaid managed care plans (MCOs, PIHPs, and PAHPs), CHIP managed care entities, MA Plans, and QHP issuers in an FFE (not including SADP issuers) with one or more verifying data sources for identity proofing? What potential data source should be considered? What are possible restrictions or limitations to accessing such information?
6. Should CMS support connecting EHRs to other complementary verifying data sources for identity proofing? What potential data source should be considered? What are possible restrictions or limitations to accessing such information?
7. To what extent should patient-generated data complement the patient-matching efforts?
Under the Paperwork Reduction Act of 1995, we are required to provide 60-day notice in the
• The need for the information collection and its usefulness in carrying out the proper functions of our agency.
• The accuracy of our estimate of the information collection burden.
• The quality, utility, and clarity of the information to be collected.
• Recommendations to minimize the information collection burden on the affected public, including automated collection techniques.
We are soliciting public comment on each of these issues for the following sections of this document that contain information collection requirements (ICRs):
Health plans should have the ability to exchange data instantly with other payers for care and payment coordination or transitions, and with providers to facilitate more efficient care. Health plans are in a unique position to provide enrollees a complete picture of their claims and encounter data, allowing patients to piece together their own information that might otherwise be lost in disparate systems. To advance our commitment to interoperability, we are proposing new requirements to implement APIs for MA organizations at 42 CFR 422.119, Medicaid FFS at 42 CFR 431.60, CHIP FFS at 42 CFR 457.730, Medicaid managed care at 42 CFR 438.242, CHIP managed care at 42 CFR 457.1233(d), and QHP issuers in FFEs, excluding SADPs at 45 CFR 156.221. These openly published APIs will permit third-party applications to retrieve standardized data for adjudicated claims, encounters with capitated and subcapitated providers, provider remittances, beneficiary cost-sharing, reports of lab test results (depending on whether the plan manages such data), provider directories, and, as applicable, preferred drug lists. We believe that these proposals are designed to empower patients by making sure that they can access their healthcare data, through the use of common technologies, without special effort and in an easily usable digital format. We also expect our API proposals to enable the enrollees in the plans that are subject to our proposal to share their healthcare data. By making claims data readily available and portable to the patient, these initiatives support moving our healthcare system away from a FFS payment system that pays for volume and toward a payment system that pays for value and quality by reducing duplication of services; adding efficiency to provider visits; and, facilitating identification of fraud, waste, and abuse.
To derive average costs, we used data from the U.S. Bureau of Labor Statistics' May 2017 National Occupational Employment and Wage Estimates for Direct Health and Medical Insurance Carriers (NAICS 524114) (
As indicated, we are adjusting our employee hourly wage estimates by a factor of 100 percent. This is necessarily a rough adjustment, both because fringe benefits and overhead costs vary significantly from employer to employer, and because methods of estimating these costs vary widely from study to study. Nonetheless, there is no practical alternative and we believe that doubling the hourly wage to estimate total cost is a reasonable accurate estimation method.
States submit data on files at least monthly to CMS to identify all dually eligible individuals, including full-benefit and partial-benefit dually eligible beneficiaries (that is, those who get Medicaid help with Medicare premiums, and often for cost-sharing). The file is called the MMA file, but is occasionally referred to as the “State Phasedown file.” Section 423.910(d) requires states to submit at least one MMA file each month. However, states have the option to submit multiple MMA files throughout the month (up to one per day). Most states submit at least weekly. This information collection activity is currently approved under OMB control number 0938-0958.
Ensuring information on dual eligibility status is accurate and up-to-date by increasing the frequency of federal-state data exchange is an important step toward interoperability. As a result, we are proposing to update the frequency requirements in 42 CFR 423.910(d) to require that starting April 1, 2022, all states submit the required MMA file data to CMS daily, and to make conforming edits to 42 CFR 423.910(b)(1). Daily would mean every business day, but that if no new transactions are available to transmit, data would not need to be submitted on a given business day. We estimate it would take a computer systems analyst about 6 months (approximately 960 hours) to complete the systems updates necessary to process and submit the MMA data daily. As only 13 states currently submit MMA data daily, we estimate a one-time burden for 37 states and the District of Columbia complying with submission of daily MMA data at 3,034,406 (38 states (and DC) × 960 hours × 83.18 per hour for a computer system analyst). We will be revising the information collection request currently approved under 0938-0958 to include the requirements discussed in this section.
To promote our commitment to interoperability, we are proposing new requirements for APIs for MA organizations at 42 CFR 422.119, Medicaid FFS at 42 CFR 431.60, CHIP FFS at 42 CFR 457.730, Medicaid managed care at 42 CFR 438.242, CHIP managed care at 42 CFR 457.1233(d), and QHP issuers in FFEs at 45 CFR
In the initial design phase, we believe tasks would include: Determining available resources (personnel, hardware, cloud space, etc.); assessing whether to use in-house resources to facilitate an API connection or contract the work to a third party; convening a team to scope, build, test, and maintain the API; performing a data availability scan to determine any gaps between internal data models and the data required for the necessary FHIR resources; and, mitigating any gaps discovered in the available data.
During the development and testing phase, we believe plans and states would need to conduct the following: Map existing data to FHIR, which would constitute the bulk of the work required for implementation; allocate hardware for the necessary environments (development, testing, production); build a new FHIR server or leverage existing FHIR servers; determine the frequency and method by which internal data is populated on the FHIR server; build connections between the databases and FHIR server; perform capability and security testing; and vetting third-party applications.
After the completion of the API development, we believe that plans and states would need to conduct the following on an annual basis: Allocate resources to maintain the FHIR server, and perform capability and security testing.
The burden estimate related to the new requirements for APIs reflects the time and effort needed to collect the information described above and disclose this information. We estimate an initial set one-time costs associated with the implementing the API requirements. We presume that it will take administrators and network architects 1440 hours (at 92.70 an hour), security engineers 960 hours (at 101.32 an hour), computer and information analysts 480 hours (at 83.96 an hour), operations research analysts 960 hours (at 74.66 an hour), software developers 960 hours (at 91.14 an hour), computer and information systems managers 720 hours (at 142.20 an hour), general and operations managers 720 hours (at 145.02 an hour), designers 960 hours (at 58.64 an hour), technical writers 240 hours (at 65.36 an hour), and computer systems analysts 960 hours (at 83.18 an hour). We estimate a one-time burden assessment of 8,400 (1440hrs + 960hrs + 480hrs + 960hrs + 960hrs + 720hrs + 720hrs + 960hrs + 240hrs + 960hrs) hours per organization or state and a total of 3,898,000 (8,400hrs × 345 organizations) hours across all organizations or states. The one-time cost to implement API requirements is 789,356.00 per organization or state per implementation and 275,432,820 across all organizations or states to complete the task described above.
Once the API is established, we believe that there would be an annual cost for performing necessary capability and security testing, performing necessary upgrades and vetting of third-party applications. We presume that it would take administrators and network architects 180 hours (at 92.70 an hour), network and computer systems administrators 420 hours (at 87.28 an hour), security engineers 240 hours (at 101.32 an hour), computer and information analysts 60 hours (at 83.96 an hour), operations research analysts 120 hours (at 74.66 an hour), software developers 240 hours (at 91.14 an hour), computer and information systems managers 90 hours (at 142.20 an hour), general and operations managers 90 hours (at 145.02 an hour), designers 120 hours (at 58.64 an hour), technical writers 30 hours (at 65.36 an hour), and computer systems analysts 120 hours (at 83.96 an hour). We estimate the total annual burden to be 1,710 hours (180hrs + 420hrs + 60hrs + 120hrs + 240hrs + 90hrs + 120hrs + 30hrs + 120hrs) per organization or state, and 589,950 hours (1,710hrs × 345 organizations) across all organizations and states. Thus, the total annual cost to maintain the API requirements is 158,359.80 per organization or state and 54,634,131 across all organizations and states.
If you comment on these information collections, that is, reporting, recordkeeping or third-party disclosure requirements, please submit your comments electronically as specified in the
Comments must be received on/by May 3, 2019.
While the requirements under 42 CFR 482.24(d), 482.61(f) and 485.638 are subject to the PRA, we believe the burden associated with those requirements is exempt from the PRA in accordance with 5 CFR 1320.3(b)(2). We believe that the time, effort, and financial resources necessary to comply with these requirements would be incurred by persons during the normal course of their activities, and therefore, should be considered usual and customary business practices.
We are proposing to further expand CMS requirements for interoperability within the hospital, psychiatric hospital, and CAH CoPs by focusing on electronic patient event notifications.
These notifications are based on “admission, discharge, and transfer” (ADT) messages, a standard message used within an EHR as the vehicle for communicating information about key changes in a patient's status as they are tracked by the system (more information about the current standard supporting these messages is available at
We note that hospitals have an existing responsibility under the CoPs at 42 CFR 482.43(d) to transfer or refer patients, along with necessary medical information, to appropriate facilities, agencies, or outpatient services, as needed, for follow-up or ancillary care. We wish to emphasize that the proposal in this proposed rule around patient event notifications is independent of the requirement regarding necessary medical information at 42 CFR 482.43(d). As these processes are already required, and as many EHR systems already have an electronic notification system in place, we do not anticipate a significant increase in burden on hospitals, psychiatric hospitals, and CAHs with the adoption of this proposal. However, we recognize that processes to implement this proposal, if finalized, might intersect with the hospital's discharge planning process. We note that nothing in this proposal would affect the hospital's responsibilities under 42 CFR 482.43(d). However, if this proposal is finalized, hospitals might wish to consider ways to fulfill these requirements in ways that reduce redundancy while still fully meeting the provisions of each. For instance, where appropriate, hospitals might seek to include required necessary medical information within the same message as a patient event notification.
Because of the large number of public comments we normally receive on
As described in detail in section III. of this proposed rule, the changes to 42 CFR parts 422, 431, 438, 457 and 45 CFR part 156 are part of the agency's broader efforts to empower patients by ensuring that they have full access to their own health care data, through common technologies and without special effort, while keeping that information safe and secure. Interoperability and the capability for health information systems and software applications to communicate, exchange, and interpret data in a usable and readable format, such as pdf or text, is vital, but allowing access to health care data through pdf and text format also limits the utility and sharing of the data. Moving to a system in which patients have access of their health care data will help empower them to make informed decisions about their health care, as well as share their data with providers who can assist these patients with their health care. Our proposals here are designed to move the Medicare, MA, Medicaid, CHIP and QHP programs further to that ultimate goal of empowering their enrollees. As technology has advanced, we have encouraged states, health plans, and providers to adopt various forms of technology to improve the accurate and timely exchange of standardized health care information; these proposals would enable beneficiaries and enrollees to be active partners in the exchange of electronic health care data by easily monitoring or sharing their data.
States and CMS routinely exchange data on who is enrolled in Medicare, and which parties are liable for paying that beneficiary's Parts A and B premiums. These “buy-in” data exchanges support state, CMS, and SSA premium accounting, collections, and enrollment functions. We have become increasingly concerned about the limitations of monthly buy-in data exchanges with states. The relatively long lag in updating buy-in data means that the state is not able to terminate or activate buy-in coverage sooner, so the state or beneficiary may be paying premiums for longer than appropriate. We note that once the data catch up, states and CMS reconcile the premiums by recouping and re-billing, so premiums collected are ultimately accurate, but only with—an administratively burdensome process involving debits and payments between the beneficiary, state, CMS, SSA, and potentially providers. Daily buy-in data exchange would reduce this administrative burden. As described in detail in section VII. of this proposed rule, the changes to 42 CFR parts 406, 407, and 423 establish frequency requirements that necessitate all states to participate in daily exchange of buy-in data, and updates frequency requirements to require all states to participate in daily exchange of MMA file data, with CMS by April 1, 2022.
States submit data on files at least monthly to CMS to identify all dually eligible individuals, including full-benefit and partial-benefit dually eligible beneficiaries (that is, those who get Medicaid help with Medicare premiums, and often for cost-sharing). The MMA file was originally developed to meet the need to timely identify dually eligible beneficiaries for the then-
We have examined the impacts of this proposed rule as required by Executive Order 12866 on Regulatory Planning and Review (September 30, 1993), Executive Order 13563 on Improving Regulation and Regulatory Review (January 18, 2011), the Regulatory Flexibility Act (RFA) (September 19, 1980, Pub. L. 96-354), section 1102(b) of the Social Security Act, section 202 of the Unfunded Mandates Reform Act of 1995 (March 22, 1995; Pub. L. 104-4), Executive Order 13132 on Federalism (August 4, 1999), the Congressional Review Act (5 U.S.C. 804(2)), and Executive Order 13771 on Reducing Regulation and Controlling Regulatory Costs (January 30, 2017).
Executive Orders 12866 and 13563 direct agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). Section 3(f) of Executive Order 12866 defines a “significant regulatory action” as an action that is likely to result in a rule: (1) Having an annual effect on the economy of $100 million or more in any 1 year, or adversely and materially affecting a sector of the economy, productivity, competition, jobs, the environment, public health or safety, or state, local or tribal governments or communities (also referred to as “economically significant”); (2) creating a serious inconsistency or otherwise interfering with an action taken or planned by another agency; (3) materially altering the budgetary impacts of entitlement grants, user fees, or loan programs or the rights and obligations of recipients thereof; or (4) raising novel legal or policy issues arising out of legal mandates, the President's priorities, or the principles set forth in the Executive Order.
A regulatory impact analysis (RIA) must be prepared for major rules with economically significant effects ($100 million or more in any 1 year). We estimate that this rulemaking is “economically significant” as measured by the $100 million threshold, and hence also a major rule under the Congressional Review Act. Accordingly, we have prepared an RIA that to the best of our ability presents the costs and benefits of the rulemaking. Table 3 summarizes the estimated costs presented in the Collection of Information section of this proposed rule. We note that estimates below do not account for enrollment growth or higher costs associated with medical care. This is because the cost of requirements to implement patient access through APIs and for states to comply with data exchange requirements are not impacted by enrollment growth or higher costs associated with medical care. Per OMB guidelines, the projected estimates for future years do not take into account ordinary inflation.
For purposes of clarification we use the metric of “costs per enrollee.” The “costs per enrollee” whether for Medicaid or Medicare, does not refer to actual costs paid by the enrollee but rather is a metric, it is the quotient of total program expenditures divided by total enrollees. The cost per enrollee metric facilitates comparison of costs. Since program expenditures for both Medicaid and MA are typically
The total first year (implementation) cost per enrollee is $1.63 ($276.1 million cost (Table 3) divided by 169 million enrollees); maintenance cost per enrollee in the following years are 34 cents ($56.9 million total cost (Table 3) divided by 169 million enrollees). The assertion that $1.63 and $0.34 is negligible compared to the $12,000-$14,000 cost per enrollee for the MA program or the several thousand-dollar cost per enrollee for the Medicaid program has intuitive appeal. However, these are very rough preliminary estimates. In the remainder of this RIA, we provide, subject to the limitations noted, more detailed impact by program.
Data Sources for Cost by Program: To obtain allocation of cost by program we used the CMS public use files for MLR data, for 2016.
Thus, these MLR data sets omit organizations that only have Medicare or Medicaid. The data from the CMS MLR files also omits: (1) The CHIP program; and (2) Medicaid State Agencies. We now discuss these omissions to assess the accuracy of using these MLR files.
Finally, as noted in the section “Preliminary Estimates”, independent of these omissions, the average cost per enrollee is capped at $1.63 and $0.34 in first and follow up years.
Among issuers with products in both Commercial and MA or Commercial and Medicaid, the 2016 CMS MLR files show $370 billion reported in premium for commercial plans, $157 billion reported for MA, and $113 billion reported for Medicaid. Consequently, the proportion of interoperability cost for each of the programs is 57.81 percent (370/(370+157+113)), 24.53 percent (157/(370+157+113)), and 17.66 percent (113/(370+157+113)) for Commercial, MA, and Medicaid respectively.
Using these proportions, Table 4 breaks out the top row in Table 3, the total cost by year of implementing and maintaining the API, by program.
To the extent that issuers increase premiums for plans in the FFE, there would be Federal premium tax credit (PTC) impacts. However, the PTC formula is highly individual-specific, that is, it is the result of the relationship between the premium of the second lowest-cost silver plan applicable to a specific consumer in a specific month, the cost of the actual plan purchased by that consumer for that month, and that consumer's income. Consequently, it would not be possible to estimate the magnitude of the PTC impact with a reliable degree of accuracy, since we cannot predict: (1) What proportion of costs would be passed on to enrollees as increased premiums; (2) to what extent commercial issuers may recoup investment costs through raising premiums on the second-lowest cost silver plans or on other plans; and (3) whether or in what ways such premium increases may impact the PTC calculation or eligibility with respect to various consumers,
To deal with this uncertainty, we list the possible Federal PTC impacts as a qualitative impact. Most importantly, we assume the unlikely worst case scenario that all cost is passed on as premium to the enrollee without subsidization; we then show that the net impact per enrollee per month is extremely small (see Table 7).
For Medicaid Managed Care entities, we assume an MCO, PIHP, and PAHP cost for implementing the open API provisions would be built into the capitation rates and matched at the State's medical assistance match rate. For purposes of these estimates we use the weighted FMAP, 58.44.
Table 5 uses these proportions to estimate the impact of the API on the Federal Government. For example, the $28.4 million cost to the Federal government for Medicaid/CHIP for 2020, the implementation year of the API, is obtained by multiplying the State Agency Medical Assistance average match rate to Medicaid Managed Care Plans, 58.44%, by the $48.6 million total cost to Medicaid for 2020 listed in Table 4.
By taking the difference between the respective cells in Tables 4 and 5 we obtain the remaining costs for the API. To this amount must be added the coordination cost for the dual eligibles (row 2 of Table 3). For example, Medicaid/CHIP has a remaining cost of $20.3 million ($48.6 million total cost for 2020 (Table 4)−$28.4 million matched by Medicaid State Agencies (Table 5) + $0.7 million total cost for coordination of dual eligibles (Table 3) * 17.66 percent (proportion of total costs incurred by Medicaid/CHIP (Table 4)). (There are minor differences due to
The further discussion of bearing these costs, is clarified, if we reformulate the costs in terms of costs per enrollee. To do this we use enrollments by program. For commercial enrollment we use the 2016 MLR data, for MA enrollment we use the August 2018 data, and for Medicaid and CHIP we use September 2018 data. These enrollment numbers are 76, 66,
Using Table 7 we can assess the approximate impact of the remaining cost.
Table 8 summarizes these methods of bearing the remaining costs.
The RFA, as amended, requires agencies to analyze options for regulatory relief of small businesses, if a rule has a significant impact on a substantial number of small entities. For purposes of the RFA, small entities include small businesses, nonprofit organizations, and small governmental jurisdictions.
This proposed rule affects (1) Commercial Issuers (2) MA plans, including those that are also Part D sponsors of MA-PD plans, as well as (3) Medicaid MCOs with a minimum threshold for small business size of $38.5 million (
Assessment of impact is complicated by the fact that costs have been aggregated at the Parent Organization level. A typical Parent Organization might have products with the commercial, MA, or Medicaid/CHIP programs. We have no way of directly assessing the size of Parent Organizations. Therefore, as a proxy, we analyze each program separately.
(1) The revenue requirements for providing Medicare Part A and Part B benefits with actuarially equivalent cost sharing (this is the “basic benefit bid”);
(2) The revenue requirements for providing supplemental benefits; and
(3) A Part D bid consistent with Part D regulations in 42 CFR part 423.
MAOs are made aware of the benchmark through the annual CMS publication, “Medicare Advantage Capitation Rates and Medicare Advantage and Part D Payment Policies and Final Call Letter,” which, consistent with section 1853 of the Act, is released prior to MAO submission of bids. Therefore, the bids of most MAOs are below the benchmark and consequently most MAOs receive from the Trust Fund a total expenditure equaling payment for the bid plus the rebate.
Because of these proposed API provisions, MAOs would be raising the June-submitted bid amount to reflect additional costs. While the Trust Fund pays these bid amounts in full, the rebate goes down: That is, since the bid amount goes up, the rebate, equaling the difference between the benchmark and bid, decreases and results in less rebate payment to the MAO. The MAO has several options of dealing with these increased bid costs and reduced rebates: The MAO might decide to: (1) Temporarily absorb the loss by reducing its profit margin (so as to reduce the bid amount and thereby increase the rebates); (2) reduce additional benefits paid to the enrollee from the rebates; or (3) raise enrollee premiums so as to compensate for the reduction of enrollee premium that would have happened if the bid had not been increased (note: For marketing purposes, many plans operate at zero premium, and we do not consider this a likely possibility). In this RIA we have referred to options (2) and (3) reduction of additional benefits and raising of enrollee premiums as “passing the costs to the enrollee” the intent being that the “effect” of reduced rebates is less additional benefits or higher enrollee premiums than would have happened had the cost of the provisions of this proposed rule not been included in the bid.
There are various types of Medicare health plans, including MA HMOs, POS plans, and PPOs; Demonstration plans; Cost Plans; Prescription Drug Plans (PDP); and Programs of All-Inclusive Care for the Elderly (PACE) organizations. This proposed rule affects MA HMOs, MA POS plans, and MA PPOs but does not affect Cost Plans, Prescription Drug Plans nor PACE organizations.
There are a variety of ways to assess whether MAOs meet the $38.5 million threshold for small businesses. The assessment can be done by examining net worth, net income, cash flow from operations and projected claims as indicated in their bids. Using projected monetary requirements and projected enrollment for 2018 from submitted bids, 32 percent of the MAOs fell below the $38.5 million threshold for small businesses. Additionally, an analysis of 2016 data, the most recent year for which we have actual data on MAO net worth, shows that 33 percent of all MAOs fall below the minimum threshold for small businesses.
If a proposed rule has a substantial impact on a substantial number of small entities, the proposed rule must discuss steps taken, including alternatives, to minimize burden on small entities. While a significant number (more than 5 percent) of not-for-profit organizations and small businesses are affected by this final rule, the impact is not significant. To assess impact, we use the data in Table 3 of this section which shows that the total raw (not discounted) net effect of this final rule over 5 years is 500 million dollars.
We conclude, that although a significant number of small plans in all programs are affected by this rule, this impact is not significant.
Besides the fact that the impact is not significant, we are not concerned that small plans will have a burden in implementing these requirements since as indicated above, without considering any rebates or Federal matching funds, the cost of this provision is $1.63 per enrollee per year in the first implementation year, and $0.34 in the following years for maintenance, these per enrollee costs are negligible when compared to the typical costs per enrollee (several thousand dollars).
Consequently, the Secretary has determined that this proposed rule will not have a significant economic impact on a substantial number of small entities and the requirements of the RFA have been met. Please see our detailed analysis of apportionment of costs per program and plan in Tables 4 through 8 and section XVI.H. of this proposed rule for further details.
In addition, section 1102(b) of the Act requires CMS to prepare an RIA if a rule may have a significant impact on the operations of a substantial number of small rural hospitals. This analysis must conform to the provisions of section 603 of the RFA. For purposes of section 1102(b) of the Act, we define a small rural hospital as a hospital that is located outside a Metropolitan Statistical Area and has fewer than 100 beds. We are not preparing an analysis for section 1102(b) of the Act because we have determined, and the Secretary certifies, that this proposed rule would not have a significant impact on the operations of a substantial number of small rural hospitals.
Section 202 of the Unfunded Mandates Reform Act of 1995 (UMRA) (Pub. L. 104-04, enacted March 22, 1995) also requires that agencies assess anticipated costs and benefits before issuing any rule whose mandates require spending in any 1 year of $100 million in 1995 dollars, updated annually for inflation. In 2018, that is approximately $150 million. The apportionment of total cost between the MA, Medicaid, Commercial and Chip programs is detailed in both section XVI.B. (Tables 4 through 8) and section XVI.H of this RIA showing that costs for both enrollees and the states are small. Executive Order 13132 establishes certain requirements that an agency must meet when it promulgates a proposed rule (and subsequent final rule) that imposes substantial direct requirement costs on state and local governments, preempts state law, or otherwise has Federalism implications. This rule will not have a substantial direct effect on state or local governments, preempt state law, or otherwise have a Federalism implication. Therefore, the requirements of Executive Order 13132 are not applicable.
If regulations impose administrative costs, such as the time needed to read and interpret this proposed rule, we should estimate the cost associated with regulatory review. There are currently 288 organizations and 56 states and territories. We assume each organization will have one designated staff member who will read the entire rule.
Using the wage information from the BLS for medical and health service managers (Code 11-9111), we estimate that the cost of reviewing this rule is $139.14 per hour, including overhead and fringe benefits (
To promote our commitment to interoperability, we are proposing new requirements in section III. of this proposed rule for MA organizations at 42 CFR 422.119, Medicaid FFS at 42 CFR 431.60, Medicaid managed care at 42 CFR 438.242, CHIP FFS at 42 CFR 457.730, CHIP managed care at 42 CFR 457.1233, and QHP issuers, excluding SADP issuers, that offer plans through the FFE at 45 CFR 156.221 to implement open APIs for making certain data available to enrollees and the public. These openly published APIs will permit third-party applications to retrieve standardized data for adjudicated claims, encounters with capitated and subcapitated providers, provider remittances, beneficiary cost-sharing, reports of lab test results, provider directories, and preferred drug lists. We believe that these proposals are designed to empower patients by mandating that entities subject to our API proposal take steps—by implementing the API—to enable
To estimate the number of impacted issuers, we reviewed parent organizations of health plans across MA, Medicaid MCOs, and QHPs in FFEs to remove organizations that would not be subject to our proposal, such as SADPs; transportation plans and brokers such as non-emergency medical transportation (NEMTs) brokers; PACE; visiting nurse and home health care organizations; senior organizations such as Area Agencies on Aging; and other organizations such as community action programs. After removing these organizations, we then reviewed the remaining names of parent organizations and health plans in the National Association of Insurance Commissioners (NAIC) Consumer Information Support (CIS) system to determine the legal name of the entity and whether the entity was registered with the NAIC. We also used the 2018 NAIC Listing of Companies to determine whether various health plans had associated parent organizations using the NAIC's Group coding and numbering system. If the health plan or parent organization did not appear in the NAIC CIS or in the 2018 NAIC Listing of Companies, we then reviewed the name of the entity in the Securities and Exchange online Edgar system to locate the entity's Form 10-K filing, which includes an Exhibit (Exhibit 21) that requires the entity to list its subsidiaries. If the health plan or organization did not appear in these online systems or listings, an online internet search using Google search engine was conducted. After review, we have determined that 288 issuers and 56 states, territories, and U.S. commonwealths, which operate FFS programs, will be subject to the API provisions for Medicare, Medicaid, and the Commercial market. To this we add the one state that operates its CHIP and Medicaid separately. Thus, we have a total of 345 parent entities (288+56+1). We note that although 42 states have some lower-income children in an expansion of Medicaid, and some higher-income children or pregnant women in a separate CHIP, all but one of these programs are operated out of the same agency. Although the CHIP programs may be distinct, we believe they will use the same infrastructure built for Medicaid. Thus, the addition of 1 parent entity for CHIP is reasonable and plausible.
As noted in section XIII.C.3. of this proposed rule, to implement the new requirements for APIs, we estimate that organizations and states would conduct three major work phases: Initial design; development and testing; and long-term support and maintenance. (For a detailed description of these phases, see section XIII.C.3. of this proposed rule.)
As part of our research into the regulatory impact, we reviewed a sample of health plan organizations offering MA plans to determine whether any currently offer patient portal functionality with the MA plan. If yes, we reviewed whether they offered the opportunity to connect to Medicare's Blue Button 2.0. Health plan organizations offering MA plans were identified from June 2018 data and statistics compiled at
We also cross-referenced health plan organizations offering MA plans with health plan organizations that offer plans in the Federal Employee Health Benefit (FEHB) program because a percentage of those organizations offer plans with patient portal access and Blue Button functionality. The FEHB, administered by the Office of Personnel Management (OPM), reported in 2014 that 90 percent of its participating plans offered enrollees access to a personal health record on the organization's website. In addition, OPM reported that over half of the FEHB participating plans expected to offer Blue Button functionality by January 1, 2016. We sought to learn whether there was any overlap between these two lists of organizations to gauge whether additional organizations may already have the capability to offer either patient portals or Blue Button, albeit in a different business arm, as having internal capability may assuage some of the cost of building out a new API to support patient access to claims data. While we found significant overlap between UnitedHealthcare and the Blue Cross Blue Shield Affiliates, we also were able to identify other organizations that offer both MA plans and plans included in the FEHB. While not definitive, this data allows us to draw the conclusion that a number of health plan organizations have the technology in place to offer patient portals to MA enrollees and, further, also have the ability to offer MA enrollees Blue Button functionality.
As detailed in the Collection of Information section of this proposed rule and summarized in Table 3, given the current state of interoperability, we estimate the burden related to the new requirements for APIs to have an initial set one-time costs of $798,356 per implementation or an aggregate cost of $275,432,820 ($798,356 × 345 parent entities). For a detailed discussion of the one-time costs associated with implementing the API requirements we refer readers to section XIII.C.3. of this proposed rule. Once the API is established we believe that there will be an annual cost for performing necessary capability and security testing, performing necessary upgrades and vetting of third party applications. We estimate the burden related to the requirements for APIs to have an annual cost of $158,406 per implementation or an aggregate cost of $54,650,070 (345 parent entities × $158,406). For a detailed discussion of the annual costs associated with implementing the API requirements, we refer readers to section XIII.C.3. of this proposed rule.
We are committed to fulfilling our role in promoting interoperability, putting patients first and ensuring they have access to their health care data. We recognize that there are significant opportunities to modernize access to patient data and its ability to share across the health ecosystem. We realize the importance of interoperability and the capability for health information systems and software applications to communicate, exchange, and interpret data in a usable and readable format. Although allowing access to healthcare data through pdf and text format is vital,
We note that the federal government has spent over $35 billion under the EHR Incentive Programs
Health plans should have the ability to exchange data instantly with other payers for care coordination or transitions, and with providers to facilitate more efficient care. Health plans are in a unique position to provide enrollees a complete picture of their claims and encounter data, allowing patients to piece together their own information that might otherwise be lost in disparate systems. We are committed to solving the issue of interoperability and achieving complete patient access in the U.S. health care system and are taking an active approach using all available policy levers and authorities available to move all participants in the health care market toward interoperability and the secure exchange of health care data. The modern internet app economy thrives on an open API software environment. Part of the health care API evolution is incorporating many of the current protocols from leading standards development organizations with the newer Fast Healthcare Interoperability Resources (FHIR) web developer-friendly way of representing clinical data.
We routinely exchange data with states on who is enrolled in Medicare, and which parties are liable for paying that beneficiary's Part A and B premiums. These buy-in data exchanges support state, CMS, and SSA premium accounting, collections, and enrollment functions. CMS subregulatory guidance, specifically Chapter 3 of the State Buy-in Manual, specifies that states should exchange buy-in data with CMS at least monthly, but provides the option for states to exchange buy-in data with CMS daily or weekly. Likewise, states can choose to receive the CMS response data on a file daily or monthly. Currently, 31 states and the District of Columbia now submit buy-in data to CMS, daily and 28 states and the District of Columbia receive buy-in response files from CMS daily.
We are proposing to establish the frequency requirements in the regulation itself to require all states to participate in daily exchange of buy-in data to CMS, with “daily” meaning every business day, but that if no new transactions are available to transmit, data would not need to be submitted on a given business day. We propose that states would be required to begin participating in daily exchange of buy-in data with CMS by April 1, 2022.
We estimate the cost for states to comply with these new requirements to be one-time costs associated with state systems updates, totaling $3,273,965 across impacted states and over the 3-year implementation period. We first identified those states already exchanging data daily, and then determined there are 19 states that we anticipate will need to make a systems change to send buy-in data to CMS daily, and 22 states that we anticipate will need to make a systems change to receive buy-in data from CMS daily. We then estimated that each change would involve 960 hours of computer analyst time at $83.18 per hour, for a one-time cost to be a little less than $80,000 per state, per change. So, a state that needs to make systems updates to both send buy-in data daily, and receive buy-in data daily would have a one-time cost of just under $160,000. We did not estimate any savings related to exchanging buy-in data with greater frequency, as data lags only delay when states are billed for premium costs; delays do not impact the effective date and total costs. While we did not estimate premium savings (since premium collection is ultimately correct), we anticipate that states may experience longer term reduction in administrative burden of making those corrections.
States submit data on MMA files at least monthly to CMS to identify all dually eligible individuals, including full-benefit and partial-benefit dually eligible beneficiaries (that is, those who get Medicaid help with Medicare premiums, and often cost-sharing). While 42 CFR 423.910(d) requires states to submit at least one MMA file each month, states have the option to submit multiple MMA files throughout the month (up to one per day). As CMS now utilizes MMA data on dual eligibility status in systems supporting all four parts of the Medicare program, it is becoming even more essential that dual eligibility status is accurate and up-to-date.
We are proposing to update the frequency requirements in 42 CFR 423.910(d) to require that starting April 1, 2022, all states submit the required MMA file data to CMS daily, and to make conforming edits to 42 CFR 423.910(b)(1). Daily would mean every business day, but that if no new transactions are available to transmit, data would not need to be submitted on a given business day. We estimate the cost for states to comply with these new requirements to be a one-time cost associated with state systems updates, totaling $3,034,406 across impacted states, and across the 3 years which states have to implement the requirement. There are 37 states and the District of Columbia that we anticipate will need to make a systems change to send MMA data to CMS daily. We estimate the one-time cost for a state to be a little less than $80,000 for this MMA data systems change. For a detailed discussion of the costs associated with these requirements we refer readers to section XIII.C. of this proposed rule. We did not estimate any savings related to submitting MMA files daily, as data lags only delay when data are sent; delays do not impact the
If these proposals are finalized as proposed, we anticipate that states would have approximately 3 years to implement daily exchange of buy-in and MMA data. For each state there would be a one-time cost to make needed systems changes, and thereafter, no new on-going costs. States will have the ability to choose, in consultation with CMS, when in the 3-year implementation period they want to make this change, with numerous factors impacting in which year they would do so. For the purposes of this impact analysis, we estimated an even distribution beginning in May 2019 and ending in April 2022. The total cost impact over the 3-year implementation period for this provision is $6,308,371 ($3,273,965 + $3,034,406), comprising $0.7 million in FY 2019, $2.2 million in FY 2020, $2.2 million in FY 2021, and $1.2 million in FY 2022. Since the proposed effective date is April 1, 2022, we estimate no costs for FY 2023.
We are seeking to further expand CMS requirements for interoperability within the hospital and CAH CoPs by focusing on electronic patient event notifications. We are proposing new requirements in section X. of this proposed rule for hospitals at 42 CFR 482.24(d)), for psychiatric hospitals at 42 CFR 482.61(f), and for CAHs at 42 CFR 485.638. Specifically, for hospitals, psychiatric hospitals and CAHs, we are proposing similar requirements to revise the CoPs for Medicare- and Medicaid-participating hospitals, psychiatric hospitals, and CAHs by adding a new standard, “Electronic Notifications,” that would require hospitals, psychiatric hospitals, and CAHs to make electronic patient event notifications available to another healthcare facility or to another community provider. We propose to limit this requirement to only those hospitals, psychiatric hospitals, and CAHs which currently possess EHR systems with the technical capacity to generate information for electronic patient event notifications, recognizing that not all Medicare- and Medicaid-participating hospitals have been eligible for past programs promoting adoption of EHR systems. We propose that these notifications would need to be sent at admission and either immediately prior to or at the time of the patient's discharge or transfer to licensed and qualified practitioners, other patient care team members, and PAC services providers and suppliers that: (1) Receive the notification for treatment, care coordination, or quality improvement purposes; (2) have an established care relationship with the patient relevant to his or her care; and (3) for whom the hospital, psychiatric hospital, or CAH has a reasonable certainty of receipt of notifications. As we noted, infrastructure supporting the exchange of electronic health information across settings has matured substantially in recent years. Research studies have increasingly found that health information exchange interventions can effectuate positive outcomes in health care quality and public health outcomes, in addition to more longstanding findings around reductions in utilization and costs. Electronic patient event notifications from hospitals, or clinical event notifications, are one type of health information exchange intervention that has been increasingly recognized as an effective and scalable tool for improving care coordination across settings, especially for patients at discharge. This approach has been identified with a reduction in readmissions following implementation.
These notifications are automated, electronic communications from the provider to another facility or another community provider identified by the patient. These automated communications alert the receiving provider that the patient has received care at a different setting. Information included with these notifications can range from simply conveying the patient's name, basic demographic information, and the sending institution, to a richer set of clinical data depending upon the level of technical implementation. However, regardless of the information included these alerts can help ensure that a receiving provider is aware that the patient has received care elsewhere. The notification triggers a receiving provider to reach out to the patient to deliver appropriate follow-up care in a timely manner. By providing timely notifications, the alert may improve post-discharge transitions and reduce the likelihood of complications resulting from inadequate follow-up care.
Virtually all EHR systems generate the basic messages commonly used to support electronic patient event notifications. We believe that care coordination can have a significant positive impact on the quality of life, consumer experience, and health outcomes for patients. However, we acknowledge that though such activities can have positive impact, they will likely generate some costs. We believe it is difficult to quantify the impact of this proposed change because EHR implementation across care settings varies in maturity rates, leading to potential variance in cost and impact across such settings. We believe that this proposal would impose minimal additional costs on hospitals. The cost of implementing these proposed changes would largely be limited to the one-time cost related initial implementation of the notification system, and to the revision of a policies and procedures as they relate to discharge planning. There also may be some minimal cost associated with communicating these changes to affected staff. However, we believe that these costs would be offset by the benefits derived from positive outcomes in health care quality and public health outcomes. Therefore, while this proposal would impose a minimal burden on hospitals, we believe that, in sum, the changes proposed would greatly benefit patients overall.
In addition to those proposed policy changes discussed previously that we are able to model, we are proposing to make various other changes in this proposed rule. Generally, we have limited or no specific data available with which to estimate the impacts of these proposed changes. Our estimates of the likely impacts associated with these other proposed changes are discussed in this section.
In section V. of this proposed rule, we are proposing a new requirement for MA plans, Medicaid managed care plans, CHIP managed care entities, and QHP issuers in FFEs to require these plans to maintain a process to exchange, at a minimum, the USCDI data set upon an enrollee's request. Under our proposal, each of these plans subject to the requirement would, upon an enrollee's request: (1) Accept the data set from another plan that had covered the enrollee within the previous 5 years; (2) send the data set at any time during an enrollee's enrollment and up to 5 years later, to another plan that currently covers the enrollee; and (3) send the data set at any time during enrollment or up to 5 years after
Such transactions would be made in compliance with applicable laws.
We believe that sending and receiving this minimum data would help both plan enrollees and health care providers in coordinating care and reducing administrative burden. We believe that this entails utilizing all tools available to us to ensure that plans provide coordinated high-quality care in an efficient and cost-effective way that protects program integrity.
We believe that this proposal would impose minimal additional costs on plans. We note that we do not specify a transport standard in the proposal and anticipate that plans may opt to use APIs, such as the API that this proposed rule would also require. We also anticipate that plans may choose to utilize a regional health information exchange. We believe it is difficult to quantify the impact of this proposed change because plans will likely implement different transport methods, and we cannot predict the selected method plans will choose.
In section VI. of this proposed rule, we are proposing to require MA plans, Medicaid managed care plans, CHIP managed care entities and QHP issuers in FFEs to participate in trust networks in order to improve interoperability in these programs. We believe that payers and patients' ability to communicate between themselves and with health care providers could considerably improve patient access to data, reduce provider burden, and reduce redundant and unnecessary procedures. A trusted exchange framework allows for the secure exchange of electronic health information with, and use of electronic health information from, other health IT without special effort on the part of the user. Widespread payer participation in such a framework might also allow for more complete access, exchange, and use of all electronically accessible health information for authorized use under applicable state or federal law. Under our proposal, participation would be required in a trusted exchange framework that meets the following criteria:
• The trusted exchange network must be able to exchange PHI, defined in 45 CFR 160.103, in compliance with all applicable state and federal laws across jurisdictions.
• The trusted exchange network must connect both inpatient EHRs and ambulatory EHRs.
• The trusted exchange network must support secure messaging or electronic querying by and between patients, providers and payers.
We believe that this proposal would impose minimal additional costs on plans.
This proposed rule contains a range of proposed and potential future policies. It provides descriptions of the statutory provisions that are addressed, identifies the proposed policies, and presents rationales for our decisions and, where relevant, alternatives that were considered. We carefully considered the alternatives to this proposed rule but concluded that none would adequately and immediately begin to address the critical issue of the lack of patient access and interoperability, or exchange of health care data within the health care system.
The critical policy decision was how broadly or narrowly to classify the standards required to implement interoperability. Overly prescriptive standards may stifle innovation and, in turn, increase costs. On the other side, broad language surrounding standards risked leaving too much open to interpretation and continuing the uncertainty about which standards would be the most practical and cost-effective to implement. We determined it was most appropriate to propose a technical and standards framework that strikes a balance between these two ends of the spectrum, and to establish that we expect the standards framework to expand and mature as interoperability increases.
A second decision was how broadly or narrowly to apply the proposed policies and requirements. For example, alternatives to requiring health plans to provide claims data to patients via an open API could have been altered in a number of ways, such as requiring more or less information to be provided to patients or, simultaneously, to require additional information beyond that already accessible through existing APIs be provided to patients by providers. Ultimately, we opted to continue to consider most matters pertaining to providers in separate RFIs, such as that in the FY 2019 IPPS proposed rule seeking information about program participation conditions and requirements, and to maintain the policies proposed in this rule as policies that will further enhance and secure the foundation of future interoperability, including through inclusion of payers, through care coordination, and through matters of security and identity confirmation.
As we recognize that advancing interoperability is no small or simple matter, we continue to explore alternatives and potential other policies. We have requested comment for consideration in future rulemaking or subregulatory guidance on a number of alternatives related to whether additional policies or requirements, beyond those proposed herein, should be imposed to promote interoperability. For example, the Innovation Center is seeking comment on general principles around promoting interoperability within Innovation Center models for integration into new models as part of the design and testing of innovative payment and service delivery models. Additionally, we are seeking comment on how we may leverage our program authority to provide support to those working on improving patient matching. For example, we are requesting comment on whether CMS should require, in Medicare FFS, the MA program, Medicaid FFS, CHIP FFS, Medicaid managed care programs, CHIP managed care entities, and the FFEs, use of a particular patient matching software solution with a proven success rate of a certain percentage validated by HHS or a 3rd party. We also continue to consider feedback received from RFIs issued in various rules over the course of the past year and to incorporate those suggestions into our strategy.
In accordance with OMB Circular A- 4, Table 9 depicts an accounting statement summarizing the assessment of the benefits, costs, and transfers associated with this regulatory action.
The preceding discussion was an actual cost impact (not a transfer) since goods and computer services are being paid for. Plans have the option of transferring their expenses to enrollees. In practice, because of market competitive forces a plan may decide to operate at a (partial) loss and not transfer the entire cost. It is important to estimate the maximum the transfer could be. Some costs are transferred to the States (for Medicaid and CHIP) and ultimately to the federal government (for Medicare, Medicaid, and CHIP), mitigating the amount transferred to enrollees. One approach to estimate impact on enrollees was made in section XVI.B. of this RIA. However, this analysis did not take into account transfers.
We now re-estimate the potential full transfer. As noted in section Tables 4 through 8 of XVI.B. of this RIA, we have in 2021 through 2024 under a dollar increase in premium as the worst case scenario, and we used actual costs per year. In this alternate analysis we use actual amounts for each of 2021 through 2024 with the initial 1-year cost amortized over 5 years. In other words, we assume a cost of $110 (275.4/5 + 54.7)
We point out that this premium increase should be counterbalanced by projected savings arising from the provisions in this proposed rule. More specifically, we expect the availability of portable electronic transfer of medical data proposed by this rule to increase prevention of future medical illnesses due to better data accessibility. The savings from avoiding one illness or one cheaper procedure would offset the under one-dollar impact. However, we have no way, at this point, of estimating this aspect of the future savings of the rule.
We present two estimates. First, we estimate using the enrollment figures used in Table 7 of this RIA. Table 7 shows that we have 169 million (76+73+20) in programs that will be spending about $110 million per year. Ignoring Federal subsidies, and assuming that all costs will be passed on to enrollees (which is contrary to our experience), the 169 million enrollees would each incur an extra 65 cents (110/169) a year to achieve the $110 million goal. We next estimate using premium versus enrollment as was done in section XVI.B. of this RIA.
Prior to discussing potential transfers to enrollees, we discuss how this proposed rule may affect commercial enrollees not in the MA, Medicaid, CHIP, or FFE programs. Technically, plans are only required to provide interoperability for enrollees in the MA, Medicaid, CHIP, and FFE programs. However, it is both possible and likely, that a Parent Organization providing interoperability for its FFE and other program enrollees as required, may choose to offer this to commercial enrollees. Consequently, it is possible that to cover the cost of offering interoperability to commercial enrollees outside the MA, Medicaid, CHIP and FFE programs, the Parent Organizations, raise premiums to both their commercial enrollees as well as the MA, Medicaid, CHIP or FFE enrollees. Thus it is possible (and we argue likely) that this proposed rule will affect commercial enrollees even though there is no requirement to provide them interoperability. Therefore, we believe we are obligated in this RIA to calculate the cost impact per enrollee should the Parent Organizations offer interoperability (and should they pass on the cost of interoperability in terms of commercial premium). The rest of the discussion below explores this possibility.
Suppose the MLR threshold is 85 percent (in practice it can vary by state market), but the issuer's MLR is below the threshold at 75 percent. Then the issuer would have to return the 10 percent as a rebate. If the interoperability costs for an issuer are on average 6 percent of premium and the issuer treats these expenses as QIA, the issuer will now have to rebate only 4 percent instead of 10 percent (that is, the issuer's MLR would be 81 percent rather than 75 percent). Similarly, if both the applicable threshold and issuer MLR are 85 percent, then the issuer would not owe a rebate.
There are two effects of recognizing these costs as QIA: (1) For issuers below the applicable MLR threshold, the rebate from issuers to policyholders would go down by some amount between $0 and the interoperability cost; and (2) for issuers at or above the MLR standards, the premium transfers from enrollees to issuers will go up by some amount between $0 and the interoperability cost.
To estimate these amounts, we used the public use 2016 MLR files on the CMS website that were used for Tables 4 through 7 of this RIA. The total 2016 premium revenue on the commercial side was approximately $370 billion. Of the $370 billion, the total 2016 premium revenue of issuers that were below the commercial MLR standard (80 or 85 percent, depending on the market) was approximately $19.4 billion and that subset of issuers paid a total of $455 million in rebates.
As mentioned earlier, to proceed further we use the estimates of the interoperability costs which are $110 million per year. This cost is for all parent organizations with each parent organization possibly dealing with up to four lines of business subject to MLR requirements: MA (including Part D sponsors); Medicaid; CHIP; and Commercial. Thus, of the $110 million level annual cost of interoperability, we estimate $64 million (57.81 percent commercial proportion x $110 million level annual interoperability cost) to be the cost for the commercial market.
In estimating the transfers to policyholders in the commercial market, we must distinguish between the $19.4 billion of premium revenues of issuers whose MLR was below the applicable threshold and the $350.6 billion of premium revenues ($370 billion total revenue−$19.4 billion) of issuers whose MLR was at or above the applicable threshold. We can now calculate the estimated aggregate transfer in the commercial market from the policyholders to the issuers whether through premium or rebates as follows:
• Interoperability cost = 0.017 percent of revenue premium ($64 million cost/$370 billion total revenue).
• Reduced MLR rebates = $3.3 million (0.017 percent × $19.4 billion premium from issuers below the applicable MLR threshold).
• Increased premiums = Up to $60.0 million (0.017 percent × ($370 billion total revenue−$19.4 billion premium from issuers below the applicable MLR threshold)).
• Total transfer from enrollees = Up to $63.3 million ($60.0 million increased premium + $3.3 million reduced rebate).
• Transfer per enrollee = 83 cents ($63.3 million/76 million commercial enrollee).
We note that the 83 cents (under a dollar per enrollee) is consistent with the results obtained in Tables 4 through 8 (with exact raw amounts by year without amortization of a large first year expense). These calculations are summarized in Table 10.
These calculations are summarized in Table 10.
Executive Order 13771, titled Reducing Regulation and Controlling Regulatory Costs, was issued on January 30, 2017 and requires that the costs associated with significant new regulations “shall, to the extent permitted by law, be offset by the elimination of existing costs associated with at least two prior regulations.” This proposed rule is considered an E.O. 13771 regulatory action. We estimate that this rule generates $56.7 million in annualized costs, discounted at 7 percent relative to year 2016, over an infinite time horizon. Details on the estimated costs of this proposed rule can be found in the preceding analysis.
The analysis above, together with the preceding preamble, provides an RIA.
In accordance with the provisions of Executive Order 12866, this regulation was reviewed by the Office of Management and Budget.
Health facilities, Diseases, Medicare.
Medicare.
Administrative practice and procedure, Health facilities, Health maintenance organizations (HMO), Medicare, Penalties, Privacy, Reporting and recordkeeping requirements.
Administrative practice and procedure, Emergency medical services, Health facilities, Health maintenance organizations (HMO), Medicare, Penalties, Privacy, Reporting and recordkeeping requirements.
Grant programs—health, Health facilities, Medicaid, Privacy, Reporting and recordkeeping requirements.
Grant programs—health, Medicaid, Reporting and recordkeeping requirements.
Administrative practice and procedure, Grant programs—health, Health insurance, Reporting and recordkeeping requirements.
Grant programs—health, Hospitals, Medicaid, Medicare, Reporting and recordkeeping requirements.
Grant programs—health, Health facilities, Medicaid, Privacy, Reporting and recordkeeping requirements.
Administrative practice and procedure, Advertising, Advisory committees, Brokers, Conflict of interests, Consumer protection, Grant programs—health, Grants administration, Health care, Health insurance, Health maintenance organization (HMO), Health records, Hospitals, Indians, Individuals with disabilities, Loan programs—health, Medicaid, Organization and functions (Government agencies), Public assistance programs, Reporting and recordkeeping requirements, State and local governments, Sunshine Act, Technical assistance, Women, Youth.
For the reasons set forth in the preamble, the Centers for Medicare & Medicaid Services (CMS) proposes to amend 42 CFR chapter IV and the Office of the Secretary (HHS) proposes to further amend 45 CFR subtitle A, subchapter B (as proposed to be amended in ONC's proposed rule “21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program” published elsewhere in this issue of this
42 U.S.C 1302 and 1395hh.
(a) * * *
(1) * * *
(i) Any State that has a buy-in agreement in effect must participate in
(ii) [Reserved]
42 U.S.C 1302 and 1395hh.
(c) * * *
(4) Any State that has a buy-in agreement in effect must participate in daily exchanges of enrollment data with CMS.
42 U.S.C 1395w26 and 1395w-27.
(a)
(b)
(i) Standardized data concerning adjudicated claims, including claims data for payment decisions that may be appealed, were appealed, or are in the process of appeal, and provider remittances and enrollee cost-sharing pertaining to such claims, no later than one (1) business day after a claim is processed;
(ii) Standardized encounter data, no later than one (1) business day after data concerning the encounter is received by the MA organization;
(iii) Provider directory data on the MA organization's network of contracted providers, including names, addresses, phone numbers, and specialties, updated no later than 30 business days after changes are made to the provider directory; and
(iv) Clinical data, including laboratory results, if the MA organization manages any such data, no later than one (1) business day after the data is received by the MA organization.
(2) In addition to the information specified in paragraph (b)(1) of this section, an MA organization that offers an MA-PD plan must make the following information accessible to its enrollees through the API described in paragraph (a) of this section:
(i) Standardized data concerning adjudicated claims for covered Part D drugs, including remittances and enrollee cost-sharing, no later than 1 business day after a claim is adjudicated;
(ii) Pharmacy directory data, including the number, mix, and addresses of network pharmacies; and
(iii) Formulary data that includes covered Part D drugs, and any tiered formulary structure or utilization management procedure which pertains to those drugs.
(c)
(1) Must implement, maintain, and use API technology conformant with 45 CFR 170.215;
(2) Must conduct routine testing and monitoring to ensure the API functions properly, including assessments to verify that the API is fully and successfully implementing privacy and security features such as, but not limited to, those minimally required to comply with HIPAA privacy and security requirements in 45 CFR part 164, 42 CFR parts 2 and 3, and other applicable law protecting the privacy and security of individually identifiable data;
(3) Must comply with the following regulations regarding content and vocabulary standards for data available through the API, where applicable to the data type or data element, unless alternate standards are required by other applicable law:
(i) Content and vocabulary standards at 45 CFR 170.213 where such standards are the only available standards for the data type or element;
(ii) Content and vocabulary standards at 45 CFR part 162 and 42 CFR 423.160 where required by law or where such standards are the only available standards for the data type or element; or
(iii) The content and vocabulary standards in either paragraph (c)(3) (i) or (ii) of this section as determined appropriate for the data type or element, where a specific data type or element may be encoded or formatted using content and vocabulary standards in either paragraph (c)(3)(i) or (ii) of this section.
(4) May use an updated version of any standard or all standards required under paragraph (c)(1) or (3) of this section, where:
(i) Use of the updated version of the standard is required by other applicable law, or
(ii) Use of the updated version of the standard is not prohibited under other applicable law, provided that:
(A) For content and vocabulary standards other than those at 45 CFR 170.213, the Secretary has not prohibited use of the updated version of a standard for purposes of this section or 45 CFR part 170;
(B) For standards at 45 CFR 170.213 and 45 CFR 170.215, the National Coordinator has approved the updated version for use in the ONC Health IT Certification Program; and
(C) Where use of the updated version of a standard does not disrupt an end user's ability to access the data described in paragraph (b) of this section through the API described in paragraph (a) of this section.
(d)
(1) API syntax, function names, required and optional parameters supported and their data types, return variables and their types/structures, exceptions and exception handling methods and their returns;
(2) The software components and configurations an application must use in order to successfully interact with the API and process its response(s); and
(3) All applicable technical requirements and attributes necessary for an application to be registered with any authorization server(s) deployed in conjunction with the API.
(e)
(1) Reasonably determines that allowing an application to connect or remain connected to the API would present an unacceptable level of risk to the security of protected health information on the MA organization's systems; and
(2) Makes this determination using objective, verifiable criteria that are applied fairly and consistently across all applications and developers through which enrollees seek to access their electronic health information, as defined at 45 CFR 171.102, including but not limited to criteria that may rely on automated monitoring and risk mitigation tools.
(f)
(i) Receive such data from any other health care plan that has provided coverage to the enrollee within the preceding 5 years;
(ii) At any time an enrollee is currently enrolled in the MA plan and up to 5 years after disenrollment, send such data to any other health care plan that currently covers the enrollee; and
(iii) At any time the enrollee is currently enrolled in the MA plan and up to 5 years after disenrollment, send such data to a recipient designated by the enrollee.
(2) MA organizations must participate in a trusted exchange network which:
(i) Is capable of exchanging protected health information, defined at 45 CFR 160.103, in compliance with all applicable State and Federal laws across jurisdictions;
(ii) Is capable of connecting to inpatient electronic health records and ambulatory electronic health records; and
(iii) Supports secure messaging or electronic querying by and between providers, payers and patients.
(g)
(1) General information on steps the individual may consider taking to help protect the privacy and security of their health information, including factors to consider in selecting an application, and understanding the security and privacy practices of any application to which they will entrust their health information; and
(2) An overview of which types of organizations or individuals are and are not likely to be HIPAA covered entities, the oversight responsibilities of OCR and FTC, and how to submit a complaint to:
(i) The HHS Office for Civil Rights; and
(ii) The Federal Trade Commission (FTC).
(h)
(a) * * *
(18) To comply with the requirements for access to health data and plan information under § 422.119.
42 U.S.C. 1302, 1306, 1395w-101 through 1395w-152, and 1395hh.
The addition reads as follows:
(d)
(2)(i) For the period prior to April 1, 2022, States must submit the file at least monthly and may submit updates to that file on a more frequent basis.
(ii) For the period beginning April 1, 2022, States must submit the file at least monthly and must submit updates to that file on a daily basis.
42 U.S.C. 1302.
(a)
(b)
(1) Standardized data concerning adjudicated claims, including claims data for payment decisions that may be appealed, were appealed, or are in the process of appeal, and provider remittances and beneficiary cost-sharing pertaining to such claims, no later than one (1) business day after a claim is processed;
(2) Standardized encounter data through the API within one (1) business day of receiving the data from providers, other than MCOs, PIHPs, and PAHPs, compensated on the basis of capitation payments;
(3) Provider directory information specified in section 1902(a)(83) of the Act, no later than 30 calendar days after the State receives provider directory information or updates to provider directory information;
(4) Clinical data, including laboratory results, if the State manages any such data, no later than one (1) business day after the data is received by the State; and
(5) Information about covered outpatient drugs and updates to such information, including, where applicable, preferred drug list information, no later than one (1) business day after the effective date of any such information or updates to such information.
(c)
(1) Must implement, maintain, and use API technology conformant with 45 CFR 170.215;
(2) Must conduct routine testing and monitoring to ensure the API functions properly, including assessments to
(3) Must comply with the following regulations regarding content and vocabulary standards for data available through the API, where applicable to the data type or data element, unless alternate standards are required by other applicable law:
(i) Content and vocabulary standards at 45 CFR 170.213 where such standards are the only available standards for the data type or element;
(ii) Content and vocabulary standards at 45 CFR part 162 and 42 CFR 423.160 where required by law, or where such standards are the only available standards for the data type or element; or
(iii) The content and vocabulary standards in either paragraphs (c)(3)(i) or (ii) of this section, as determined appropriate for the data type or element, where a specific data type or element may be encoded or formatted using content and vocabulary standards in either paragraph (c)(3)(i) or (ii) of this section.
(4) May use an updated version of any standard or all standards required under paragraph (c)(1) or (3) of this section, where:
(i) Use of the updated version of the standard is required by other applicable law, or
(ii) Use of the updated version of the standard is not prohibited under other applicable law, provided that:
(A) For content and vocabulary standards other than those at 45 CFR 170.213, the Secretary has not prohibited use of the updated version of a standard for purposes of this section or 45 CFR part 170;
(B) For standards at 45 CFR 170.213 and 45 CFR 170.215, the National Coordinator has approved the updated version for use in the ONC Health IT Certification Program; and
(C) Where use of the updated version of a standard does not disrupt an end user's ability to access the data described in paragraph (b) of this section through the API described in paragraph (a) of this section.
(d)
(1) API syntax, function names, required and optional parameters supported and their data types, return variables and their types/structures, exceptions and exception handling methods and their returns;
(2) The software components and configurations an application must use in order to successfully interact with the API and process its response(s); and
(3) All applicable technical requirements and attributes necessary for an application to be registered with any authorization server(s) deployed in conjunction with the API.
(e)
(1) Reasonably determines that allowing an application to connect or remain connected to the API would present an unacceptable level of risk to the security of protected health information on the State's systems; and
(2) Makes this determination using objective, verifiable criteria that are applied fairly and consistently across all applications and developers through which beneficiaries seek to access their electronic health information as defined at 45 CFR 171.102, including but not limited to criteria that may rely on automated monitoring and risk mitigation tools.
(f)
(1) General information on steps the individual may consider taking to help protect the privacy and security of their health information, including factors to consider in selecting an application, and understanding the security and privacy practices of any application to which they will entrust their health information; and
(2) An overview of which types of organizations or individuals are and are not likely to be HIPAA covered entities, the oversight responsibilities of OCR and FTC, and how to submit a complaint to:
(i) The HHS Office for Civil Rights; and
(ii) The Federal Trade Commission (FTC).
(g)
42 U.S.C. 1302.
(b) * * *
(1) * * *
(vi) A process for the electronic exchange of, at a minimum, the data classes and elements included in the regulations regarding the content standard at 45 CFR 170.213. Information received by the MCO, PIHP, or PAHP must be incorporated into the MCO's, PIHP's, or PAHP's records about the enrollee. At the request of an enrollee, the MCO, PIHP, or PAHP must:
(A) Accept such data from any other health care plan that has provided coverage to the enrollee within the preceding 5 years;
(B) At any time the enrollee is currently enrolled in the MCO, PIHP, or PAHP and up to 5 years after disenrollment, send such data to any other health care plan that currently covers the enrollee; and
(C) At any time the enrollee is currently enrolled in the MCO, PIHP, or PAHP and up to 5 years after disenrollment, send such data to any other recipient designated by the enrollee.
(b) * * *
(5) Participate in a trusted exchange network which:
(i) Is capable of exchanging protected health information as defined in 45 CFR 160.103, in compliance with all applicable State and Federal laws from all relevant jurisdictions;
(ii) Is capable of connecting to inpatient electronic health records and ambulatory electronic health records, and;
(iii) Supports secure messaging or electronic querying by and between providers, payers and patients.
(6) Implement an Application Programming Interface (API) as specified in § 431.60 of this chapter as if such requirements applied directly to the MCO, PIHP, or PAHP and
(i) Include all standardized encounter data, including encounter data from any network providers the MCO, PIHP, or PAHP is compensating on the basis of capitation payments and adjudicated claims and encounter data from any subcontractors; and
(ii) Provider directory information required in § 431.60(b)(3) of this chapter, which must include all information required in § 438.10(h)(1).
42 U.S.C. 1302.
The addition and revision reads as follows:
(a) * * *
(1) Section 2101(a) of the Act, which sets forth that the purpose of title XXI is to provide funds to States to provide child health assistance to uninsured, low-income children in an effective and efficient manner that is coordinated with other sources of health benefits coverage;
(c)
(a)
(b)
(1) Standardized data concerning adjudicated claims, including claims data for payment decisions that may be appealed, were appealed, or are in the process of appeal, and provider remittances and beneficiary cost-sharing pertaining to such claims, no later than one (1) business day after a claim is processed;
(2) Standardized encounter data through the API within one (1) business day of receiving the data from providers, other than MCOs, PIHPs, or PAHPs, compensated on the basis of capitation payments;
(3) Provider directory information, including updated provider information no later than 30 calendar days after the State receives updated provider information;
(4) Clinical data, including laboratory results, if a State manages any such data, no later than one (1) business day after the data is received by the State; and
(5) Information, about covered outpatient drugs and updates to such information, including, where applicable, preferred drug list information, no later than one (1) business day after the effective date of the information or updates to such information.
(c)
(1) Must implement, maintain, and use API technology conformant with 45 CFR 170.215;
(2) Must conduct routine testing and monitoring to ensure the API functions properly, including assessments to verify that the API technology is fully and successfully implementing privacy and security features such as, but not limited to, those minimally required to comply with HIPAA privacy and security requirements in 45 CFR part 164, 42 CFR parts 2 and 3, and other applicable law protecting the privacy and security of individually identifiable data;
(3) Must comply with the following regulations regarding content and vocabulary standards for data available through the API, where applicable to the data type or data element, unless alternate standards are required by other applicable law:
(i) Content and vocabulary standards at 45 CFR 170.213 where such standards are the only available standards for the data type or element;
(ii) Content and vocabulary standards at 45 CFR part 162 and 42 CFR 423.160 where required by law, or where such standards are the only available standards for the data type or element; or
(iii) The content and vocabulary standards in either paragraphs (c)(3)(i) or (ii) of this section, as determined appropriate for the data type or element, where a specific data type or element may be encoded or formatted using content and vocabulary standards in either paragraphs (c)(3)(i) or (ii) of this section.
(4) May use an updated version of any standard or all standards required under paragraphs (c)(1) or (3) of this section, where:
(i) Use of the updated version of the standard is required by other applicable law, or
(ii) Use of the updated version of the standard is not prohibited under other applicable law, provided that:
(A) For content and vocabulary standards other than those at 45 CFR 170.213, the Secretary has not prohibited use of the updated version of a standard for purposes of this section or 45 CFR part 170;
(B) For standards at 45 CFR 170.213 and 45 CFR 170.215, the National Coordinator has approved the updated version for use in the ONC Health IT Certification Program; and
(C) Where use of the updated version of a standard does not disrupt an end user's ability to access the data described in paragraph (b) of this section through the API described in paragraph (a) of this section.
(d)
(1) API syntax, function names, required and optional parameters supported and their data types, return variables and their types/structures, exceptions and exception handling methods and their returns;
(2) The software components and configurations that an application must use in order to successfully interact with the API and process its response(s); and
(3) All applicable technical requirements and attributes necessary for an application to be registered with any authorization server(s) deployed in conjunction with the API.
(e)
(1) Reasonably determines that allowing an application to connect or remain connected to the API would present an unacceptable level of risk to the security of protected health information on the State's systems; and
(2) Makes this determination using objective, verifiable criteria that are applied fairly and consistently across all applications and developers through which beneficiaries seek to access their electronic health information as defined at 45 CFR 171.102, including but not limited to criteria that may rely on automated monitoring and risk mitigation tools.
(f)
(1) General information on steps the individual may consider taking to help protect the privacy and security of their health information, including factors to consider in selecting an application, and understanding the security and privacy practices of any application to which they will entrust their health information; and
(2) An overview of which types of organizations or individuals are and are not likely to be HIPAA covered entities, the oversight responsibilities of OCR and FTC, and how to submit a complaint to:
(i) The HHS Office for Civil Rights; and
(ii) The Federal Trade Commission (FTC).
(g)
(d)
(2) Each MCO, PIHP, and PAHP must implement an Application Programming Interface (API) as specified in § 457.730 as if such requirements applied directly to the MCO, PIHP, or PAHP, and
(i) Include all standardized encounter data, including encounter data from any network providers the MCO, PIHP, or PAHP is compensating on the basis of capitation payments and adjudicated claims and encounter data from any subcontractors; and
(ii) Provider directory information required in § 457.730(b)(3), which must include all information required in § 438.10(h)(1) of this chapter.
42 U.S.C. 1302, 1395hh, and 1395rr, unless otherwise noted.
(d)
(1) The system's notification capacity is fully operational and that it operates in accordance with all State and Federal statutes and regulations regarding the exchange of patient health information;
(2) The system complies with the regulations regarding the content exchange standard at 45 CFR 170.205(a)(4)(i);
(3) The system sends notifications that must include the minimum patient health information (which must be patient name, treating practitioner name, sending institution name, and, if not prohibited by other applicable law, patient diagnosis);
(4) At the time of the patient's admission to the hospital, the system sends notifications directly or through an intermediary that facilitates exchange of health information, to licensed and qualified practitioners, other patient care team members, and post-acute care services providers and suppliers:
(i) That receive the notification for treatment, care coordination, or quality improvement purposes;
(ii) That have an established care relationship with the patient relevant to his or her care; and
(iii) For whom the hospital has a reasonable certainty of receipt of notifications; and
(4) Either immediately prior to or at the time of the patient's discharge or transfer from the hospital, the system sends notifications directly or through an intermediary that facilitates exchange of health information, to licensed and qualified practitioners, other patient care team members, and post-acute care services providers and suppliers:
(i) That receive the notification for treatment, care coordination, or quality improvement purposes;
(ii) That have an established care relationship with the patient relevant to his or her care; and
(iii) For whom the hospital has a reasonable certainty of receipt of notifications.
(f)
(1) The system's notification capacity is fully operational and that it operates in accordance with all State and Federal statutes and regulations regarding the exchange of patient health information;
(2) The system complies with the regulations regarding the content exchange standard at 45 CFR 170.205(a)(4)(i);
(3) The system sends notifications that must include the minimum patient health information (which must be patient name, treating practitioner name, sending institution name, and, if not prohibited by other applicable law, patient diagnosis);
(4) At the time of the patient's admission to the hospital, the system sends notifications directly, or through an intermediary that facilitates exchange of health information, to licensed and qualified practitioners, other patient care team members, and post-acute care services providers and suppliers:
(i) That receive the notification for treatment, care coordination, or quality improvement purposes;
(ii) That have an established care relationship with the patient relevant to his or her care; and
(iii) For whom the hospital has a reasonable certainty of receipt of notifications; and
(5) Either immediately prior to or at the time of the patient's discharge or transfer from the hospital, the system sends notifications directly or through an intermediary that facilitates exchange
(i) That receive the notification for treatment, care coordination, or quality improvement purposes;
(ii) That have an established care relationship with the patient relevant to his or her care; and
(iii) For whom the hospital has a reasonable certainty of receipt of notifications.
42 U.S.C. 1302 and 1395hh.
(d)
(1) The system's notification capacity is fully operational and that it operates in accordance with all State and Federal statutes and regulations regarding the exchange of patient health information;
(2) The system complies with the regulations regarding the content exchange standard at 45 CFR 170.205(a)(4)(i);
(3) The system sends notifications that must include the minimum patient health information (which must be patient name, treating practitioner name, sending institution name, and, if not prohibited by other applicable law, patient diagnosis);
(4) At the time of the patient's admission to the CAH, the system sends notifications directly or through an intermediary that facilitates exchange of health information, to licensed and qualified practitioners, other patient care team members, and post-acute care services providers and suppliers:
(i) That receive the notification for treatment, care coordination, or quality improvement purposes;
(ii) That have an established care relationship with the patient relevant to his or her care; and
(iii) For whom the CAH has a reasonable certainty of receipt of notifications; and
(5) Either immediately prior to or at the time of the patient's discharge or transfer from the CAH, the system sends notifications directly or through an intermediary that facilitates exchange of health information, to licensed and qualified practitioners, other patient care team members, and post-acute care services providers and suppliers:
(i) That receive the notification for treatment, care coordination, or quality improvement purposes;
(ii) That have an established care relationship with the patient relevant to his or her care; and
(iii) For whom the CAH has a reasonable certainty of receipt of notifications.
42 U.S.C. 18021-18024, 18031-18032, 18041-18042, 18044, 18054, 18061, 18063, 18071, 18082, 26 U.S.C. 36B, and 31 U.S.C. 9701.
(a)
(b)
(i) Standardized data concerning adjudicated claims, including claims data for payment decisions that may be appealed, were appealed, or are in the process of appeal, and provider remittances and enrollee cost-sharing pertaining to such claims, no later than one (1) business day after a claim is processed;
(ii) Standardized encounter data, no later than one (1) business day after data concerning the encounter is received by the QHP issuer; and
(iii) Clinical data, including laboratory results, if the QHP issuer maintains such data, no later than one (1) business day after data is received by the issuer.
(c)
(1) Must implement, maintain, and use API technology conformant 45 CFR 170.215;
(2) Must conduct routine testing and monitoring to ensure the API functions properly, including assessments to verify the API is fully and successfully implementing privacy and security features such as, but not limited to, those minimally required to comply with HIPAA privacy and security requirements in 45 CFR part 164, 42 CFR parts 2 and 3, and other applicable law protecting privacy and security of individually identifiable data;
(3) Must comply with the following regulations regarding the content and vocabulary standards for data available through the API where applicable to the data type or data element, unless alternate standards are required by other applicable law:
(i) Content and vocabulary standards at 45 CFR 170.213 where such are the only available standards for the data type or element;
(ii) Content and vocabulary standards at 45 CFR part 162 and 42 CFR 423.160 where required by law, or where such standards are the only available standards for the data type or element; or
(iii) The content and vocabulary standards in either paragraph (c)(3)(i) or (ii) of this section as determined appropriate for the data type or element, where a specific data type or element may be encoded or formatted using content and vocabulary standards in either paragraph (c)(3)(i) or (ii) of this section.
(4) May use an updated version of any standard or all standards required under paragraphs (c)(1) or (3) of this section, where:
(i) Use of the updated version of the standard is required by other applicable law, or
(ii) Use of the updated version of the standard is not prohibited under other applicable law, provided that:
(A) For content and vocabulary standards other than those at 45 CFR 170.213, the Secretary has not prohibited use of the updated version of a standard for purposes of this section or 45 CFR part 170;
(B) For standards at 45 CFR 170.213 and 45 CFR 170.215, the National
(iii) Where use of the updated version of a standard does not disrupt an end user's ability to access the data described in paragraph (b) of this section through the API described in paragraph (a) of this section.
(d)
(1) API syntax, function names, required and optional parameters supported and their data types, return variables and their types/structures, exceptions and exception handling methods and their returns;
(2) The software components and configurations an application must use in order to successfully interact with the API and process its response(s); and
(3) All applicable technical requirements and attributes necessary for an application to be registered with any authorization server(s) deployed in conjunction with the API.
(e)
(1) Reasonably determines that allowing an application to connect or remain connected to the API would present an unacceptable level of risk to the security of personally identifiable information, including protected health information, on the QHP issuer's systems; and
(2) Makes this determination using objective, verifiable criteria that are applied fairly and consistently across all applications and developers through which enrollees seek to access their electronic health information as defined at 45 CFR 171.102, including but not limited to criteria that may rely on automated monitoring and risk mitigation tools.
(f)
(i) Accept such data from any other health care plan that has provided coverage to the enrollee within the preceding 5 years;
(ii) At any time the enrollee is currently enrolled in the plan and up to 5 years after disenrollment, send such data to any other health care plan that currently covers the enrollee; and
(iii) At any time the enrollee is currently enrolled in the plan and up to 5 years after disenrollment, send such data to a recipient designated by the enrollee.
(2) QHP issuers must participate in a trusted exchange network which:
(i) Is capable of exchanging protected health information, defined at 45 CFR 160.103 of this subchapter, in compliance with all applicable State and Federal laws of relevant jurisdictions;
(ii) Is capable of connecting to inpatient electronic health records and ambulatory electronic health records; and
(iii) Supports secure messaging or electronic querying by and between providers, payers and patients.
(g)
(1) General information on steps the individual may consider taking to help protect the privacy and security of their health information, including factors to consider in selecting an application, and understanding the security and privacy practices of any application to which they will entrust their health information; and
(2) An overview of which types of organizations or individuals are and are not likely to be HIPAA covered entities, the oversight responsibilities of OCR and FTC, and how to submit a complaint to:
(i) The HHS Office for Civil Rights; and
(ii) The Federal Trade Commission (FTC).
(h)
(2) The Federally-facilitated Exchange may grant an exception to the requirements in paragraphs (a), (b), or (c) if the Exchange determines that making such health plan available through such Exchange is in the interests of qualified individuals and qualified employers in the State or States in which such Exchange operates.
(i)
(ii) [Reserved]
Environmental Protection Agency (EPA).
Final rule.
This action finalizes the residual risk and technology review (RTR) conducted for the Surface Coating of Wood Building Products source category regulated under national emission standards for hazardous air pollutants (NESHAP). In addition, we are taking final action addressing periods of startup, shutdown, and malfunction (SSM). We are finalizing our proposed determination that the risks are acceptable and that the current NESHAP provides an ample margin of safety to protect public health. We identified no new cost-effective controls under the technology review to achieve further emissions reductions. These final amendments include provisions regarding electronic reporting, adding an alternative compliance equation under the current standards, and technical and editorial changes. This action also finalizes a new EPA test method to measure isocyanate compounds in certain surface coatings. These amendments are being made under the authority of the Clean Air Act (CAA) and will improve the effectiveness of the rule. The amendments are environmentally neutral.
This final rule is effective on March 4, 2019. The incorporation by reference of certain publications listed in the rule is approved by the Director of the Federal Register as of March 4, 2019.
The Environmental Protection Agency (EPA) has established a docket for this action under Docket ID No. EPA-HQ-OAR-2016-0678. All documents in the docket are listed on the
For questions about this final action, contact Mr. John Bradfield, Sector Policies and Programs Division (E143-03), Office of Air Quality Planning and Standards, U.S. Environmental Protection Agency, Research Triangle Park, North Carolina 27711; telephone number: (919) 541-3062; fax number: (919) 541-0516; and email address:
Table 1 of this preamble is not intended to be exhaustive, but rather to provide a guide for readers regarding entities likely to be affected by the final action for the source category listed. To determine whether your facility is affected, you should examine the applicability criteria in the appropriate NESHAP. If you have any questions regarding the applicability of any aspect of this NESHAP, please contact the appropriate person listed in the preceding
In addition to being available in the docket, an electronic copy of this final action will also be available on the internet. Following signature by the EPA Administrator, the EPA will post a copy of this final action at:
Additional information is available on the RTR website at
Under CAA section 307(b)(1), judicial review of this final action is available only by filing a petition for review in the United States Court of Appeals for the District of Columbia Circuit (the Court) by May 3, 2019. Under CAA section 307(b)(2), the requirements established by this final rule may not be challenged separately in any civil or criminal proceedings brought by the EPA to enforce the requirements.
Section 307(d)(7)(B) of the CAA further provides that only an objection to a rule or procedure which was raised with reasonable specificity during the period for public comment (including any public hearing) may be raised during judicial review. This section also provides a mechanism for the EPA to reconsider the rule if the person raising an objection can demonstrate to the Administrator that it was impracticable to raise such objection within the period for public comment or if the grounds for such objection arose after the period for public comment (but within the time specified for judicial review) and if such objection is of central relevance to the outcome of the rule. Any person seeking to make such a demonstration should submit a Petition for Reconsideration to the Office of the Administrator, U.S. EPA, Room 3000, EPA WJC South Building, 1200 Pennsylvania Ave. NW, Washington, DC 20460, with a copy to both the person(s) listed in the preceding
Section 112 of the CAA establishes a two-stage regulatory process to address emissions of hazardous air pollutants (HAP) from stationary sources. In the first stage, we must identify categories of sources emitting one or more of the HAP listed in CAA section 112(b) and then promulgate technology-based NESHAP for those sources. “Major sources” are those that emit, or have the potential to emit, any single HAP at a
For these MACT standards, the statute specifies certain minimum stringency requirements, which are referred to as MACT floor requirements, and which may not be based on cost considerations. See CAA section 112(d)(3). For new sources, the MACT floor cannot be less stringent than the emission control achieved in practice by the best-controlled similar source. The MACT standards for existing sources can be less stringent than floors for new sources, but they cannot be less stringent than the average emission limitation achieved by the best-performing 12 percent of existing sources in the category or subcategory (or the best-performing five sources for categories or subcategories with fewer than 30 sources). In developing MACT standards, we must also consider control options that are more stringent than the floor under CAA section 112(d)(2). We may establish standards more stringent than the floor, based on the consideration of the cost of achieving the emissions reductions, any non-air quality health and environmental impacts, and energy requirements.
In the second stage of the regulatory process, the CAA requires the EPA to undertake two different analyses, which we refer to as the technology review and the residual risk review. Under the technology review, we must review the technology-based standards and revise them “as necessary (taking into account developments in practices, processes, and control technologies)” no less frequently than every 8 years, pursuant to CAA section 112(d)(6). Under the residual risk review, we must evaluate the risk to public health remaining after application of the technology-based standards and revise the standards, if necessary, to provide an ample margin of safety to protect public health or to prevent, taking into consideration costs, energy, safety, and other relevant factors, an adverse environmental effect. The residual risk review is required within 8 years after promulgation of the technology-based standards, pursuant to CAA section 112(f). In conducting the residual risk review, if the EPA determines that the current standards provide an ample margin of safety to protect public health, it is not necessary to revise the MACT standards pursuant to CAA section 112(f).
The EPA promulgated the Surface Coating of Wood Building Products NESHAP on May 28, 2003 (See 68 FR 31746). The standards are codified at 40 CFR part 63, subpart QQQQ. The Wood Building Products Surface Coating industry consists of facilities that are engaged in the surface coating of wood building products, which means the application of coatings using, for example, roll coaters or curtain coaters in the finishing or laminating of any wood building product that contains more than 50 percent by weight wood or wood fiber, excluding the weight of any glass components, and is used in the construction, either interior or exterior, of a residential, commercial, or institutional building. Regulated operations include all processes and process units incorporating wood building products surface coating operations. The source category covered by this MACT standard currently includes 57 facilities.
On May 16, 2018, the EPA published a proposed rule in the
This action finalizes the EPA's determinations pursuant to the RTR provisions of CAA section 112 for the Surface Coating of Wood Building Products source category. This action also finalizes other changes to the NESHAP, including an alternative compliance calculation equation that relies on periodic emissions testing; electronic submittal of notifications of compliance status, semiannual compliance reports, and performance test reports; a new EPA test method for isocyanates, EPA Method 326; IBR of several test methods (listed in section IV below); and various technical and editorial changes.
The EPA proposed no changes to the 40 CFR part 63, subpart QQQQ NESHAP based on the risk review conducted pursuant to CAA section 112(f). We are finalizing our proposed determination that risks from the source category are acceptable, considering all of the health information and factors evaluated, and also considering risk estimation uncertainty. We are also finalizing our proposed determination that revisions to the current standards are not necessary to reduce risk to an acceptable level, to provide an ample margin of safety to protect public health, or to prevent an adverse environmental effect. The EPA received no new data or other information during the public comment period that affected our determinations. Therefore, we are not
We determined that there are no developments in practices, processes, and control technologies that warrant revisions to the MACT standards for this source category. The EPA received no new data or other information during the public comment period that affected our determinations. Therefore, we are not finalizing revisions to the MACT standards under CAA section 112(d)(6).
In its 2008 decision in
We have eliminated the SSM exemption in this rule. Consistent with
Other changes to the NESHAP that do not fall into the categories in the previous section include:
1.
2.
3.
4.
5.
6.
The revisions to the MACT standards being promulgated in this action are effective on March 4, 2019. The compliance date for existing affected sources to comply with the revised requirements is no later than 180 days after March 4, 2019. Affected sources that commenced construction or reconstruction after May 16, 2018, are new sources. New sources must comply with the all of the standards immediately upon the effective date of the standard, March 4, 2019], or upon startup, whichever is later. In section IV.F of this preamble on Electronic Reporting, we discuss a semiannual reporting template that will become the required form for those reports 1 year after it is posted in the EPA's Compliance and Emissions Data Reporting Interface (CEDRI). The EPA expects to post the form on March 4, 2019. Consequently, 1 year or more after March 4, 2019, facilities subject to this standard will need to begin using this form for semiannual reports.
The EPA is finalizing that existing affected sources must comply with the amendments in this rulemaking no later than 180 days after March 4, 2019. The EPA is also finalizing that affected sources that commence construction or reconstruction after March 4, 2019 must comply with all requirements of the subpart, including the amendments being finalized, no later than March 4, 2019 or upon startup, whichever is later. All affected existing facilities would have to continue to meet the current requirements of 40 CFR part 63, subpart QQQQ, until the applicable compliance date of the amended rule. The final action is not a “major rule” as defined by 5 U.S.C. 804(2), so the effective date of the final rule is the promulgation date as specified in CAA sections 112(d)(10) and 112(f)(3). For existing sources, we are finalizing two changes that would impact ongoing compliance requirements for 40 CFR part 63, subpart QQQQ. As discussed elsewhere in this preamble, we are adding a requirement that the notification of compliance status, performance test results, and the semiannual reports using the new template be submitted electronically. We are also changing the requirements for SSM by removing the exemption from the requirements to meet the standard during SSM periods and by removing the requirement to develop and implement an SSM plan. Additionally, we are adding an optional new compliance demonstration equation that adds flexibility for meeting the standard, but this change does not affect ongoing compliance. Our experience with similar industries that are required to convert reporting mechanisms, install necessary hardware and software, become familiar with the process of submitting performance test results electronically through the EPA's CEDRI, test these new electronic submission capabilities, reliably employ electronic reporting, and convert logistics of reporting processes to different time-reporting parameters, shows that a time period of a minimum of 90 days, and more typically, 180 days, is generally necessary to successfully complete these changes. Our experience with similar industries further shows that this sort of regulated facility generally requires a time period of 180 days to read and understand the amended rule requirements; evaluate their operations to ensure that they can meet the standards during periods of startup and shutdown as defined in the rule and make any necessary adjustments; adjust parameter monitoring and recording systems to accommodate revisions; and update their operations to reflect the revised requirements. The EPA recognizes the confusion that multiple different compliance dates for individual requirements would create and the additional burden such an assortment of
For each issue, this section provides a description of what we proposed and what we are finalizing for the issue, the EPA's rationale for the final decisions and amendments, and a summary of key comments and responses. For all comments not discussed in this preamble, comment summaries and the EPA's responses can be found in the comment summary and response document available in the docket, Docket ID No. EPA-HQ-OAR-2016-0678.
For the 40 CFR part 63, subpart QQQQ category risk assessment conducted at proposal, the EPA estimated risks based on actual and allowable emissions from wood building products surface coating sources. Allowable emissions at proposal were estimated to be equal to actual emissions. The estimated inhalation cancer risk to the individual most exposed to emissions from the source category was 6-in-1 million at proposal, at one facility. The assessment showed that approximately 800 people faced an increased cancer risk greater than 1-in-1 million due to inhalation exposure to HAP emissions from this source category. The risk analysis at proposal indicated very low cancer incidence (0.0006 excess cancer cases per year, or one excess case every 1,667 years), as well as low potential for adverse chronic noncancer health effects with a hazard index (HI) of 0.05 for both actual and allowable emissions. The acute screening assessment indicated two facilities with a maximum hazard quotient (HQ) equal to 1 based upon a reference exposure level (REL) for formaldehyde. Therefore, we found there was little potential concern for chronic or acute noncancer health impacts. The multipathway risk assessment indicated no significant potential for exposure from persistent bio-accumulative HAP (PB-HAP) emissions from the source category.
Considering all of the health risk information, the EPA proposed that the risks from the Surface Coating of Wood Building Products source category were acceptable. Although we proposed acceptable risk, risk estimates for approximately 800 people in the exposed population were above 1-in-1 million, caused by formaldehyde emissions from one facility. The maximum acute risk at proposal was an HQ of 1, also associated with formaldehyde from the same facility with the highest chronic risk. As a result, we further considered whether the MACT standards for this source category provide an ample margin of safety to protect public health. Our technology review did not identify any new practices, controls, or process options that were being used in this industry, or in other industries, that would be cost effective and result in further reduction of formaldehyde emissions. Because no new controls, technologies, processes, or work practices were identified to reduce formaldehyde emissions and the risk assessment determined that the health risks associated with HAP emissions remaining after implementation of the Surface Coating of Wood Building Products MACT were acceptable, we proposed that the current standards protect public health with an ample margin of safety.
In response to comments on the proposed 40 CFR part 63, subpart QQQQ, RTR, we reviewed our facility list and made adjustments, adding five facilities and removing four facilities. The five facilities added had responded to a separate EPA survey, indicating that 40 CFR part 63, subpart QQQQ applied to their facilities. The HAP emissions inventory for the source category was revised to reflect these changes to the facility list. Further, we found that 40 CFR part 63, subpart QQQQ did not apply to four facilities. As such, we removed these four facilities from the facility list. In response to comments received, we also reviewed our HAP data and added polycyclic organic matter (POM) to the HAP emission inventory for the source category. At proposal, we set allowable HAP emissions as being equal to actual HAP emissions due to the nature of compliance choices made by facilities in the category. In response to comments, we reviewed this approach and decided to estimate allowable emissions using a 1.6 multiple of actual emissions. The multiplier was derived from source category capacity usage information in the U.S. Census of Manufacturers. In response to comments, we also decided to use the more conservative multiplier of 10 times actual emissions to model acute health impacts. See the
The revised risk assessment for the source category indicated that human health impacts for both chronic and acute risks were lower than stated at proposal. The results of the risk assessment showed that risks based on actual emissions did not exceed a maximum individual risk (MIR) of 1-in-1 million for cancer and resulted in an HI of 0.02 for noncancer. The results of the final risk assessment also showed lower risks based upon allowable emissions with a cancer MIR of 1-in-1 million and a noncancer HI of 0.03. The revised risk assessment also showed lower acute risks than stated at proposal with a maximum acute noncancer HQ of 0.6.
Table 2 of this preamble provides an overall summary of the results of the inhalation risk assessment, as discussed in this section of this preamble. See the
The inhalation risk modeling performed to estimate risks based on actual and allowable emissions relied primarily on emissions data from the National Emissions Inventory (NEI). The results of the inhalation cancer risk assessment, as shown in Table 2 of this preamble, indicate that the MIR could be up to 1-in-1 million for allowable emissions under the current standard, with naphthalene emissions from solvent evaporation associated with spray paint operations as the major contributor to the MIR. The total estimated cancer incidence from wood building product coating sources based on actual emission levels is 0.0004 excess cancer cases per year or one case every 2,500 years, with emissions of naphthalene and ethylbenzene contributing to the cancer incidence. In addition, we estimate that approximately 700 people have cancer risks at 1-in-1 million based on allowable emissions.
The maximum modeled chronic noncancer HI (TOSHI) value for the source category based on actual emissions is estimated to be 0.02, with emissions of triethylamine and naphthalene contributing to the TOSHI. The target organ affected is the respiratory system. No people are estimated to have a noncancer HI above 1 as a result of emissions from this source category.
We received two comments on our proposed risk assessment. One stakeholder supported our risk assessment proposal and further suggested that the Integrated Risk Information System (IRIS) dose response factors for formaldehyde, the principle risk driver in the category, were overly conservative and should be re-evaluated. Another stakeholder disagreed with our assessment, characterizing it as arbitrary because (1) it exceeded the 1-in-1 million CAA presumption of acceptability from CAA section 112(f)(2), and (2) the health impacts of the risk above 1-in-1 million were concentrated in minority and lower income neighborhoods, and, thus, creating what the commenter considered an environmental justice issue.
As stated in our response to comments,
Regarding the comments to risk on disadvantaged communities, under Executive Order 12898, the EPA is directed to the greatest extent practicable and permitted by law, to make EJ part of its mission by identifying and addressing, as appropriate, disproportionately high and adverse human health or environmental effects of its programs, policies, and activities on minority populations and low income populations in the U.S. Consistent with Executive Order 12898 and the Presidential Memorandum
As noted in our proposal, the EPA sets standards under CAA section 112(f)(2) using “a two-step standard-setting approach, with an analytical first step to determine an `acceptable risk' that considers all health information, including risk estimation uncertainty, and includes a presumptive limit on MIR of “approximately 1-in-10 thousand” (see 54 FR 38045, September 14, 1989). We weigh all health risk factors in our risk acceptability
Our final risk assessment was revised based on comments we received at proposal. It included updated facility information, HAP emissions, and production information (see section IV.A.2 of this preamble). The total emissions of HAP for the source category are approximately 270 tpy. The results of the chronic inhalation cancer risk assessment based on actual emissions, the total estimated cancer incidence from allowable emissions in this source category, and the acute HQ are discussed in section IV.A.2 and in Table 2 of this preamble. In evaluating the potential for multipathway effects from PB-HAP, including carcinogenic emissions of arsenic and POM and non-carcinogenic emissions of cadmium, lead, and mercury from the source category, the risk assessment indicates no significant potential for multipathway effects.
We concluded, based on all the health risk information and factors discussed at proposal, that the risks from the Surface Coating of Wood Building Products source category were acceptable. As noted above, the information in the final risk assessment shows lower risk indicators than indicated at proposal. Consequently, the EPA is finalizing an acceptable risk determination for the category. We conducted an analysis to determine if the current emissions standards provide an ample margin of safety to protect public health. Under the ample margin of safety analysis,
As noted, we consider the risks from this source category to be acceptable. However, risk estimates for approximately 700 people in the exposed population are at 1-in-1 million, based on allowable naphthalene emissions from one facility. As a result, we further considered whether the MACT standards for this source category provide an ample margin of safety to protect public health.
At proposal, our ample margin of safety review was informed by the results of our technology review which did not identify any developments in practices, controls, or process options that are being used in this industry, or in other industries, that would be cost effective and result in further emissions reductions. Similarly, our review of the operating permits for major sources subject to the Surface Coating of Wood Building Products MACT did not reveal any facilities with limits set below the current new or existing source limits (Tables 1 and 2 to Subpart QQQQ of Part 63). Limits set below the current standards would have been an indication that improved controls or lower emission-compliant coatings were available. Additionally, our review of the Reasonably Available Control Technology/Best Available Control Technology/Lowest Achievable Emission Rate Clearinghouse identified three sources that are potentially covered under 40 CFR part 63, subpart QQQQ, but none contained new control methods. Because no developments in controls, technologies, processes, or work practices were identified to reduce naphthalene emissions and the risk assessment determined that the health risks associated with HAP emissions remaining after implementation of the Surface Coating of Wood Building Products MACT were acceptable, we are finalizing our risk review determination that the current standards protect public health with an ample margin of safety.
Our review of the developments in technology for the Surface Coating of Wood Building Products source category did not reveal any changes in practices, processes, and controls. In the original NESHAP, we noted that the most prevalent form of emission control for surface coating of wood building products is the use of low-volatile organic compounds and low-HAP coatings, such as waterborne or ultraviolet (UV)-cured coatings. That continues to be the prevalent compliance approach, with less than 10 percent of source category facilities using add-on control to reduce HAP emissions. Because our review did not identify any developments in practices, processes, or controls to further reduce emissions in the category beyond the level required by the current NESHAP, we proposed that no revisions to the NESHAP are necessary pursuant to CAA section 112(d)(6).
The technology review did not change from proposal. Therefore, we are finalizing our proposed determination that no revisions to the NESHAP are necessary pursuant to CAA section 112(d)(6).
We received no comments that identified improved control technology, work practices, operational procedures, process changes, or pollution prevention approaches to reduce emissions in the category since promulgation of the current NESHAP. We received two comments on our proposed technology review. One stakeholder supported our review, while another stakeholder disagreed with our assessment, holding that the new coating application which led to the proposal of an alternative compliance equation constituted a change that should have been adopted across the category (see Docket ID No. EPA-HQ-OAR-2016-0678).
As stated in our comment response (see Docket ID No. EPA-HQ-OAR-2016-0678), we are finalizing the conclusion that there have been no advances in practices, processes, or controls since promulgation in 2003 that justify changes to the stringency of the standards for 40 CFR part 63, subpart QQQQ sources.
At proposal, we explained how the coating planned for use by the facility submitting the alternative monitoring request is similar to other low-HAP coatings in that it uses a liquid catalyst to affect the same type of chemical and physical changes as UV light in the UV-curable coatings, which are low-HAP coatings that predate and were considered during development of the original 40 CFR part 63, subpart QQQQ NESHAP. Regardless of this explanation, we see how the commenter
Our technology review did not identify any changes in practices, processes, or control technologies that would reduce emissions in this category. We did not identify any control equipment not previously identified; improvements to existing controls; work practices, process changes, or operational procedures not previously considered; or any new pollution prevention alternatives for this same category. We also did not find any changes in the cost of applying controls previously considered in this same category. Consequently, we have determined that no revisions to the NESHAP are necessary pursuant to CAA section 112(d)(6).
In its 2008 decision in
We are finalizing the elimination of the SSM exemption in this rule. The SSM provisions appear at 40 CFR 63.4700, 40 CFR 63.4720, and in Table 4 to Subpart QQQQ of Part 63. Consistent with
The EPA has attempted to ensure that the provisions we are eliminating are inappropriate, unnecessary, or redundant in the absence of the SSM exemption. The EPA believes the removal of the SSM exemption creates no additional burden to facilities regulated under the Surface Coating of Wood Building Products NESHAP. Deviations addressed in current SSM plans are now required to be reported in the semiannual compliance report (40 CFR 63.4720). Facilities no longer need to develop an SSM plan or keep it current (Table 4 to Subpart QQQQ of Part 63). Facilities also no longer have to file SSM reports for deviations not described in the their SSM plan (40 CFR 63.4720(c)(2)).
For add-on control systems, the Surface Coating of Wood Building Products NESHAP requires the measurement of thermal oxidizer operating temperature or catalytic oxidizer average temperature across the catalyst bed as well as other types of parameter monitoring. Parameter limits now apply at all times, including during periods of startup and shutdown. The Surface Coating of Wood Building Products NESHAP requires thermal oxidizer or catalytic oxidizer operating temperature and operating parameters for other add-on control devices to be recorded at least once every 15 minutes. The Surface Coating of Wood Building Products NESHAP specifies in 40 CFR 63.4763(c) that if an operating parameter is out of the allowed range, this is a deviation from the operating limit and must be reported as specified in 40 CFR 63.4710(c)(6) and 63.4720(a)(7).
Our permit review of the facilities using add-on control as a compliance approach indicated that all were required, by permit, to have their control system in operation during all time periods when coating processes were operational. The 2003 rule requires compliance based on a 12-month rolling average emissions calculation. Periods of startup and shutdown were included, but, because of operational requirements in the category, are a very small component of the emissions calculation and have little, if any, impact on the 12-month rolling average. Therefore, we are not finalizing separate standards for startup and/or shutdown periods.
As the Court recognized in
Although no statutory language compels the EPA to set standards for malfunctions, the EPA has the discretion to do so where feasible. For example, in the Petroleum Refinery Sector RTR, the EPA established a work practice standard for unique types of malfunction that result in releases from pressure relief devices or emergency flaring events because information regarding petroleum refinery sources was available to determine that such work practices reflected the level of control that applies to the best performing sources in that source category. See 80 FR 75178, 75211-75214 (December 1, 2015). The EPA considered whether circumstances warrant setting work practice standards for a particular type of malfunction and, if so, whether the EPA has sufficient information to identify the relevant best performing sources and establish a standard for such malfunctions.
In the event that a source fails to comply with the applicable CAA section 112 standards as a result of a malfunction event, the EPA would determine an appropriate response based on, among other things, the good faith efforts of the source to minimize emissions during malfunction periods, including preventative and corrective actions, as well as root cause analyses to ascertain and rectify excess emissions. The EPA would also consider whether the source's failure to comply with the CAA section 112 standard was, in fact, sudden, infrequent, not reasonably preventable, and was not instead caused, in part, by poor maintenance or careless operation. 40 CFR 63.2 (definition of malfunction).
If the EPA determines in a particular case that an enforcement action against a source for violation of an emission standard is warranted, the source can raise any and all defenses in that enforcement action and the federal district court will determine what, if any, relief is appropriate. The same is true for citizen enforcement actions. Similarly, the presiding officer in an administrative proceeding can consider any defense raised and determine whether administrative penalties are appropriate.
In summary, the EPA's interpretation of the CAA and, in particular, CAA section 112 is reasonable and encourages practices that will avoid malfunctions. Administrative and judicial procedures for addressing exceedances of the standards fully recognize that violations may occur despite good faith efforts to comply and can accommodate those situations.
We are finalizing revisions to the General Provisions table (Table 4) entry for 40 CFR 63.6(e)(1) and (2) by redesignating it as 40 CFR 63.6(e)(1)(i) and changing the “yes” in column 3 to a “no.” Section 63.6(e)(1)(i) describes the general duty to minimize emissions. Some of the language in that section is no longer necessary or appropriate considering the elimination of the SSM exemption. We are instead adding general duty regulatory text at 40 CFR 63.4700(b) that reflects the general duty to minimize emissions while eliminating the reference to periods covered by an SSM exemption. The previous language in 40 CFR 63.6(e)(1)(i) characterized what the general duty entails during periods of SSM. With the elimination of the SSM exemption, there is no need to differentiate between normal operations and SSM events in describing the general duty. Therefore, the language the EPA is finalizing for 40 CFR 63.4700(b) does not include that language from 40 CFR 63.6(e)(1).
We are also revising the General Provisions table (Table 4) to add an entry for 40 CFR 63.6(e)(1)(ii) and include a “no” in column 3. Section 63.6(e)(1)(ii) imposes requirements that are not necessary with the elimination of the SSM exemption or are redundant with the general duty requirement being added at 40 CFR 63.4700(b). We are also finalizing revisions to the General Provisions table (Table 4) to add an entry for 40 CFR 63.6(e)(1)(iii) and include a “yes” in column 3, which became necessary with the elimination of the SSM. Finally, we are finalizing revisions to the General Provisions table (Table 4) to add an entry for 40 CFR 63.6(e)(2) and include a “no” in column 3. This paragraph is reserved and is not applicable to 40 CFR part 63, subpart QQQQ.
We are finalizing revisions to the General Provisions table (Table 4) to add an entry for 40 CFR 63.6(e)(3) and
We are finalizing revisions to the General Provisions table (Table 4) entries for 40 CFR 63.6(f) by redesignating this section as 40 CFR 63.6(f)(1) and including a “no” in column 3. The previous language in 40 CFR 63.6(f)(1) excluded sources from non-opacity standards during periods of SSM, while the previous language in 40 CFR 63.6(h)(1) excluded sources from opacity standards during periods of SSM. As discussed above, the Court in
We are finalizing revisions to the General Provisions table (Table 4) entry for 40 CFR 63.7(e) by redesignating it as 40 CFR 63.7(e)(1) and including a “yes” in column 3. Section 63.7(e)(1) describes performance testing requirements. Section 63.4764(a) of the rule specifies that performance testing must be conducted when the coating operation, emission capture system, and add-on control device are operating at representative conditions. You must document why the conditions represent normal operation. As in 40 CFR 63.7(e)(1), performance tests conducted under this subpart should not be conducted during periods of startup, shutdown, or malfunction because conditions during malfunctions are often not representative of normal operating conditions. The EPA is finalizing added language that requires the owner or operator to record the process information that is necessary to document operating conditions during the test and include in such record an explanation to support that such conditions represent normal operations. Section 63.7(e) requires that the owner or operator make available to the Administrator such records “as may be necessary to determine the condition of the performance test” available to the Administrator upon request, but does not specifically require the information to be recorded. The added regulatory text to this provision that the EPA is finalizing builds on that requirement and makes explicit the requirement to record the information.
We are finalizing revisions to the General Provisions table (Table 4) by redesignating 40 CFR 63.8(c) as 40 CFR 63.8(c)(1), adding entries for 40 CFR 63.8(c)(1)(i) through (iii), and including “no” in column 3 for paragraphs (i) and (iii). The cross-references to the general duty and SSM plan requirements in those subparagraphs are not necessary considering other requirements of 40 CFR 63.8 that require good air pollution control practices (40 CFR 63.8(c)(1)) and that set out the requirements of a quality control (QC) program for monitoring equipment (40 CFR 63.8(d)).
We are finalizing revisions to the General Provisions table (Table 4) by adding an entry for 40 CFR 63.10(b)(2)(i) and including a “no” in column 3. Section 63.10(b)(2)(i) describes the recordkeeping requirements during startup and shutdown. These recording provisions are no longer necessary because the EPA is finalizing that recordkeeping and reporting applicable to normal operations will apply to startup and shutdown. Special provisions applicable to startup and shutdown, such as a startup and shutdown plan, have been removed from the rule (with exceptions discussed below), thereby reducing the need for additional recordkeeping for startup and shutdown periods.
We are finalizing revisions to the General Provisions table (Table 4) by adding an entry for 40 CFR 63.10(b)(2)(iv) and (v) and including a “no” in column 3. When applicable, the provision requires sources to record actions taken during SSM events when actions were inconsistent with their SSM plan. The requirement is no longer appropriate because SSM plans will no longer be required.
We are also finalizing revisions to the General Provisions table (Table 4) by adding an entry for 40 CFR 63.10(c)(15) and including a “no” in column 3. The EPA is finalizing that 40 CFR 63.10(c)(15) no longer applies. When applicable, the provision allows an owner or operator to use the affected source's SSM plan or records kept to satisfy the recordkeeping requirements of the SSM plan, specified in 40 CFR 63.6(e), to also satisfy the requirements of 40 CFR 63.10(c)(10) through (12). The EPA is finalizing elimination of this requirement because SSM plans would no longer be required, and, therefore, 40 CFR 63.10(c)(15) no longer serves any useful purpose for affected units.
We are finalizing revisions to the General Provisions table (Table 4) entry for 40 CFR 63.10(d)(5) by changing the “yes” in column 3 to a “no.” Section 63.10(d)(5) describes the reporting requirements for startups, shutdowns, and malfunctions. To replace the General Provisions reporting requirement for malfunctions, the EPA is finalizing replacing the SSM report under 40 CFR 63.10(d)(5) with the existing reporting requirements under 40 CFR 63.4720(a). The replacement language differs from the General Provisions requirement in that it eliminates periodic SSM reports as a stand-alone report. We are finalizing language that requires sources that fail to meet an applicable standard at any time to report the information concerning such events in the semiannual report to be required under the final rule. We are finalizing that the report must contain the number, date, time, duration, and the cause of such events (including unknown cause, if applicable), a list of the affected source or equipment, an estimate of the quantity of each regulated pollutant emitted over any emission limit, and a description of the method used to estimate the emissions. Examples of such methods would include mass balance calculations, measurements when available, or engineering judgment based on known process parameters. The EPA is finalizing this requirement to ensure that there is adequate information to determine compliance, to allow the EPA to determine the severity of the failure to meet an applicable standard, and to provide data that may document how the source met the general duty to minimize emissions during a failure to meet an applicable standard.
We will no longer require owners or operators to determine whether actions taken to correct a malfunction are consistent with an SSM plan, because plans would no longer be required. The final amendments, therefore, eliminate the cross-reference to 40 CFR 63.10(d)(5)(i) that contains the description of the previously required SSM report format and submittal schedule from this section. These specifications are no longer necessary because the events will be reported in
The final amendments also eliminate the cross-reference to 40 CFR 63.10(d)(5)(ii). Section 63.10(d)(5)(ii) describes an immediate report for startups, shutdowns, and malfunctions when a source failed to meet an applicable standard, but did not follow the SSM plan. We no longer require owners and operators to report when actions taken during a startup, shutdown, or malfunction were not consistent with an SSM plan because plans would no longer be required.
The EPA proposed the option of using a HAP emission factor based on site-specific measurement of HAP emissions to demonstrate compliance with the emission rate without add-on controls compliance option, instead of assuming that all HAP in the coating is emitted to the atmosphere. As discussed below, we are finalizing a new compliance calculation approach in this rulemaking to allow any facility using a similar process to use the approach without requiring the submittal of an alternative monitoring request to the EPA under the provisions of 40 CFR 63.8(f). The final amendment adds compliance flexibility, but does not alter the originally promulgated emission standards in Tables 1 and 2 to Subpart QQQQ of Part 63.
We are finalizing a new equation within the existing compliance demonstration calculations to more adequately represent the HAP amounts emitted by this type of surface coating or any similar coating.
The EPA is finalizing amendments to the Surface Coating of Wood Building Products NESHAP that provide an additional compliance demonstration equation. Facilities using the alternative compliance demonstration equation (40 CFR 63.4751(i)) of the emission rate without add-on controls option are required to conduct an initial performance test to demonstrate compliance. Those same facilities are also required to conduct repeat performance testing every 5 years to update/verify the process-specific emission factor used to demonstrate continuing compliance for the new alternative equation (see 40 CFR 63.4752(e)).
The EPA is requiring owners and operators of wood building product surface coating facilities to submit electronic copies of the required notification of compliance status, performance test results, and semiannual compliance status reports through the EPA's Central Data Exchange (CDX) using CEDRI. The final rule requires that performance test reports be submitted to CEDRI using the Electronic Reporting Tool (ERT). The final rule requires owners and operators to submit any future notification of compliance status (
The electronic submittal of the reports addressed in this rulemaking will increase the usefulness of the data contained in these reports; is in keeping with current trends in data availability, accountability, and transparency; will further assist in the protection of public health and the environment; will improve compliance by facilitating the ability of regulated facilities to demonstrate compliance with the requirements and by facilitating the ability of delegated state, local, tribal, and territorial air agencies and the EPA to assess and determine compliance; and will ultimately reduce burden on regulated facilities, delegated air agencies, and the EPA. Electronic reporting eliminates paper-based, manual processes, thereby saving time and resources; simplifying data entry; eliminating redundancies; minimizing data reporting errors; and providing data quickly and accurately to the affected facilities, air agencies, the EPA, and the public. A more streamlined and accurate review of performance test data will become available to the public through the EPA's Web Factor Information Retrieval System (WebFIRE).
In summary, in addition to supporting regulation development, control strategy development, and other air pollution control activities, having an electronic database populated with performance test data will save industry, state, local, tribal agencies, and the EPA significant time, money, and effort while improving the quality of emission inventories and air quality regulations.
For a more thorough discussion of electronic reporting, see the discussion in the preamble of the proposal, at 83 FR 22754, and the memorandum titled
We are finalizing EPA Method 326 to improve test methodology related to volatile organic HAP content measured in certain surface coatings containing isocyanates. Because there was no EPA test method for isocyanate emissions, as part of this action, we are finalizing specific isocyanate compound sample collection and analytical requirements as EPA Method 326 of 40 CFR part 63, appendix A. EPA Method 326 is based on “A Method for Measuring Isocyanates in Stationary Source Emissions,” which was proposed on December 8, 1997 (see 62 FR 64532) as EPA Method 207, but was never promulgated. EPA Method 326 does not significantly modify the sampling and analytical techniques of the previously proposed method, but includes additional QC procedures and associated performance criteria to ensure the overall quality of the measurement.
EPA Method 326 is based on the EPA Method 5 sampling train employing a derivatizing reagent (1-(2-pyridyl) piperazine in toluene) in the impingers to immediately stabilize the isocyanate compounds upon collection. Collected samples are analyzed using high performance liquid chromatography and an appropriate detector under laboratory conditions sufficient to separate and quantify the isocyanate compounds.
The sampling and analytical techniques were validated at three sources according to EPA Method 301 (40 CFR part 63, appendix A) and the report of this validation, titled
The EPA is finalizing regulatory text that includes IBR. In accordance with requirements of 1 CFR 51.5, the EPA is incorporating by reference National Council of the Paper Industry for Air and Stream Improvement, Inc. (NCASI) Method ISS/FP A105.01 and the following voluntary consensus standards (VCS) described in the amendments to 40 CFR 63.14:
• ANSI A135.4-2012, Basic Hardboard, approved June 8, 2012, IBR approved for 40 CFR 63.4781.
• ASTM D1475-13, Standard Test Method for Density of Liquid Coatings, Inks, and Related Products, approved November 1, 2013, IBR approved for 40 CFR 63.4741(b)(3) and (c) and 63.4751(c).
• ASTM D2111-10 (Reapproved 2015), Standard Test Methods for Specific Gravity and Density of Halogenated Organic Solvents and Their Admixtures, approved June 1, 2015, IBR approved for 40 CFR 63.4741(a)(2)(i).
• ASTM D2369-10 (Reapproved 2015)
• ASTM D2697-03 (Reapproved 2014), Standard Test Method for Volume Nonvolatile Matter in Clear or Pigmented Coatings, approved July 1, 2014, IBR approved for 40 CFR 63.4741(a)(2)(iii) and (b).
• ASTM D4840-99 (Reapproved 2018)
• ASTM D6093-97 (Reapproved 2016), Standard Test Method for Percent Volume Nonvolatile Matter in Clear or Pigmented Coatings Using a Helium Gas Pycnometer, Approved December 1, 2016, IBR approved for 40 CFR 63.4741(a)(2)(iv) and (b)(1).
• ASTM D6348-03 (Reapproved 2010), Standard Test Method for Determination of Gaseous Compounds by Extractive Direct Interface Fourier Transform Infrared (FTIR) Spectroscopy, including Annexes A1 through A8, Approved October 1, 2010, IBR approved for 40 CFR 63.4751(i) introductory paragraph and (i)(4), 63.4752(e), and 63.4766(b) introductory paragraph and (b)(4).
While the American Society for Testing and Materials (ASTM) methods D2697-86 and D6093-97 were incorporated by reference when 40 CFR part 63, subpart QQQQ, was originally promulgated (68 FR 31760), the methods have been updated and reapproved and are also being cited in additional paragraphs in the final rule, requiring a revision to their IBR. NCASI Method ISS/FP A105.01 was incorporated by reference when 40 CFR part 63, subpart DDDD, Table 4 was amended in 2006. The American National Standards Institute (ANSI) method (published by the Composite Panel Association) and the other ASTM methods are being incorporated by reference for 40 CFR part 63, subpart QQQQ, for the first time under this rulemaking.
The following are additional final changes that address technical and editorial corrections:
• Revised the monitoring requirements section in 40 CFR 63.4764 to clarify ongoing compliance provisions to address startup and shutdown periods when certain parameters cannot be met;
• Revised the recordkeeping requirements section in 40 CFR 63.4730 to include the requirement to record information on failures to meet the applicable standard;
• Revised the references to several test method appendices;
• Revised the General Provisions applicability table (Table 4 to Subpart QQQQ of Part 63) to align with sections of the General Provisions that have been amended or reserved over time; and
• Revised 40 CFR 63.4681 to update reference to 40 CFR part 63, subpart DDDD.
There are currently 57 wood building product manufacturing facilities operating in the United States that conduct surface coating operations and are subject to the Surface Coating of Wood Building Products NESHAP. The 40 CFR part 63, subpart QQQQ, affected source is the collection of all the items listed in 40 CFR 63.4682(b)(1) through (4) that are used for surface coating of wood building products. A new affected source is a completely new wood building products surface coating source where previously no wood building products surface coating source had existed.
At the current level of control, the EPA estimates emissions of total HAP are approximately 270 tpy.
Indirect or secondary air emissions impacts are impacts that would result from the increased electricity usage associated with the operation of control devices (
For further information, see the memoranda titled
We estimate that, as a result of these final amendments, each facility in the source category will experience reporting and recordkeeping costs. Each facility will experience costs to read and understand the rule amendments. Costs associated with the elimination of the SSM exemption were estimated as part of the reporting and recordkeeping costs and include time for re-evaluating previously developed SSM record systems. Costs associated with the requirement to electronically submit
The EPA estimates that one facility will be impacted by this final regulatory action. This facility will conduct an initial performance test to demonstrate compliance with the alternative compliance equation, as related to their request for an alternative monitoring method. This initial performance test has a cost of $22,000, and the repeat testing will cost $22,000 every 5 years.
The total estimated labor costs for the rule are summarized in the Supporting Statement for the information collection request (ICR) in the docket for this action. The estimated labor cost is $38,000 for all 57 affected facilities to become familiar with the final rule requirements. For further information, see the memorandum titled
Economic impact analyses focus on changes in market prices and output levels. If changes in market prices and output levels in the primary markets are significant enough, impacts on other markets may also be examined. Both the magnitude of costs needed to comply with a final rule and the distribution of these costs among affected facilities can have a role in determining how the market will change in response to a final rule.
For the one facility expected to conduct an initial performance test and become familiar with the final rule requirements, the costs associated with 40 CFR part 63, subpart QQQQ's final requirements are approximately 0.002 percent of annual sales revenues. For the remaining 56 facilities, the costs associated with becoming familiar with the final rule requirements are less than 0.001 percent of annual sales revenues. These costs are not expected to result in a significant market impact, regardless of whether they are passed on to the purchaser or absorbed by the firms. For further information, see the memorandum titled
The EPA did not change any of the emission limit requirements and estimates the final changes to SSM, recordkeeping, reporting, and monitoring are not economically significant. Because these final amendments are not considered economically significant, as defined by Executive Order 12866, and because no emission reductions were estimated, we did not estimate any benefits from reducing emissions.
Executive Order 12898 (59 FR 7629, February 16, 1994) establishes federal executive policy on EJ. Its main provision directs federal agencies, to the greatest extent practicable and permitted by law, to make EJ part of their mission by identifying and addressing, as appropriate, disproportionately high and adverse human health or environmental effects of their programs, policies, and activities on minority populations and low-income populations in the United States.
To examine the potential for any EJ issues that might be associated with the source category, we performed a demographic analysis, which is an assessment of risks to individual demographic groups of the populations living within 5 kilometers (km) and within 50 km of the facilities. In the analysis, we evaluated the distribution of HAP-related cancer and noncancer risks from the Surface Coating of Wood Building Products source category across different demographic groups within the populations living near facilities.
The results of the demographic analysis are summarized in Table 3 below. These results for various demographic groups are based on the estimated risks from actual emissions levels for the population living within 50 km of the facilities.
The results of the Surface Coating of Wood Building Products source category demographic analysis indicate that emissions from the source category do not expose people to a cancer risk at or above 1-in-1 million based on actual emissions. Also, no people are exposed to a chronic noncancer TOSHI greater than 1. The percentages of the at-risk population are demographically similar to their respective nationwide percentages for all demographic groups.
The EPA received a comment on our proposed rule stating that we ignored unacceptably disproportionate effects on EJ communities. As noted above, we re-evaluated our risk impacts from the category with a revised risk assessment. One aspect of this assessment was that it generated a risk report based on a more refined risk assessment model. Those risk model results did show lower risk in the EJ communities where larger impacts were noted at proposal. The EPA considered this comment and has reaffirmed its determination that this final rule will not have disproportionately high and adverse human health or environmental effects on minority, low income, or indigenous populations because it increases the level of environmental protection for all affected populations.
The methodology and the results of the demographic analysis are presented in a technical report,
This action is not subject to Executive Order 13045 because it is not economically significant as defined in Executive Order 12866, and because the EPA does not believe the environmental health or safety risks addressed by this action present a disproportionate risk to children. This action's health and risk assessments are contained in
Additional information about these statutes and Executive Orders can be found at
This action is not a significant regulatory action and was, therefore, not submitted to the Office of Management and Budget (OMB) for review.
This action is not an Executive Order 13771 regulatory action because this action is not significant under Executive Order 12866.
The information collection activities in this final rule have been submitted for approval to OMB under the PRA. The ICR document that the EPA prepared has been assigned EPA ICR number 2034.08. You can find a copy of the ICR in the docket for this rule (Docket ID No. EPA-HQ-OAR-2016-0678), and it is briefly summarized here.
We are finalizing changes to the paperwork requirements for the Surface Coating of Wood Building Products NESHAP in the form of eliminating the SSM reporting and SSM plan requirements, and requiring electronic submittal of semiannual compliance reports and any future notifications of compliance status or performance test reports.
An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. The OMB control numbers for the EPA's regulations in 40 CFR are listed in 40 CFR part 9. In addition, the EPA is amending the table in 40 CFR part 9 to list the regulatory citations for the information collection activities contained in this final rule.
I certify that this action will not have a significant economic impact on a substantial number of small entities under the RFA. In making this determination, the impact of concern is any significant adverse economic impact on small entities. An agency may certify that a rule will not have a significant economic impact on a substantial number of small entities if the rule relieves regulatory burden, has no net burden, or otherwise has a positive economic effect on the small entities subject to the rule. We conducted an economic impact analysis which is available in the docket for this final rule, Docket ID No. EPA-HQ-OAR-2016-0678. For all but one of the facilities affected by the final rule, including the small businesses, the costs associated with the final rule requirements are less than 0.001 percent of annual sales revenues; for the remaining facility, the costs are less than 0.002 percent of annual sales revenues. We have, therefore, concluded that this action will have no net regulatory burden for all directly regulated small entities.
This action does not contain an unfunded mandate of $100 million or more as described in UMRA, 2 U.S.C. 1531-1538, and does not significantly or uniquely affect small governments. The action imposes no enforceable duty on any state, local, or tribal governments or the private sector.
This action does not have federalism implications. It will not have substantial direct effects on the states, on the relationship between the national government and the states, or on the distribution of power and responsibilities among the various levels of government.
This action does not have tribal implications as specified in Executive Order 13175. It will not have substantial direct effects on tribal governments, on the relationship between the federal government and Indian Tribes, or on the distribution of power and responsibilities between the federal government and Indian Tribes, as specified in Executive Order 13175. This final rule imposes requirements on owners and operators of wood building product surface coating facilities and not tribal governments. The EPA discussed the proposed action at a meeting of the National Tribal Air Association,
This action is not subject to Executive Order 13045 because it is not economically significant as defined in Executive Order 12866, and because the EPA does not believe the environmental health or safety risks addressed by this action present a disproportionate risk to children. A description of the health risk assessment conducted as part of this action is provided in sections III and IV of this preamble and further documented in the risk report titled
This action is not subject to Executive Order 13211 because it is not a significant regulatory action under Executive Order 12866.
This action involves technical standards. The EPA is finalizing the use of NCASI Method ISS/FP A105.01, “Impinger Source Sampling Method for Selected Aldehydes, Ketones, and Polar Compounds,” December 2005, Methods Manual, and ASTM D6348-03 (Reapproved 2010), “Standard Test Method for Determination of Gaseous Compounds by Extractive Direct Interface Fourier Transform Infrared (FTIR) Spectroscopy” as alternatives to using EPA Method 320 under certain conditions, and is incorporating these alternative methods by reference. EPA Method 320 is added for the measurement of organic HAP emissions if formaldehyde is a major organic HAP component of the surface coating exhaust stream. EPA Method 320 can also be used for other HAP that may be found in wood building products coatings. NCASI Method ISS/FP A105.01 is an impinger source sampling method for the collection and analysis of a wider range of aldehydes, ketones, and polar organics, has previously been incorporated by reference at 40 CFR 63.14, and is reasonably available from National Council of the Paper Industry for Air and Stream Improvement, Inc. (NCASI), P.O. Box 133318, Research Triangle Park, NC 27709-3318 or at
Instead of the current ASTM D6348-12 standard, the ASTM D6348-03 (Reapproved 2010) standard is referenced in the Surface Coating of Wood Building Products NESHAP. The QC criteria in ASTM D6348-03 (Reapproved 2010) are more closely matched to the testing requirements in this NESHAP. Use of ASTM D6348-03 (Reapproved 2010) is defined in 40 CFR 63.4751(i)(4). ASTM D6348-03 (Reapproved 2010) is an extractive FTIR
ANSI A135.4-2012, “Basic Hardboard,” is reasonably available from the Composite Panel Association, 19465 Deerfield Avenue, Suite 306, Leesburg, VA 20176. The standard specifies requirements and test methods for water absorption, thickness swelling, modulus of rupture, tensile strength, surface finish, dimensions, squareness, edge straightness, and moisture content for five classes of hardboard, including tileboard, part of a subcategory in the standard.
The EPA is also using ASTM D4840-99 (Reapproved 2018)
The EPA is finalizing the use of the following four VCS as alternatives to EPA Method 24 for the determination of volatile matter content, water content, density, volume solids, and weight solids of surface coatings and incorporate these VCS by reference:
• ASTM D2111-10 (Reapproved 2015), “Standard Test Methods for Specific Gravity of Halogenated Organic Solvents and Their Admixtures.” These test methods are used for the determination of the specific gravity of halogenated organic solvents and solvent admixtures.
• ASTM D2369-10 (Reapproved 2015)
• ASTM D2697-03 (Reapproved 2014), “Standard Test Method for Volume Nonvolatile Matter in Clear or Pigmented Coatings.” This test method is applicable to the determination of the volume of nonvolatile matter in coatings.
• ASTM D6093-97 (Reapproved 2016), “Standard Test Method for Percent Volume Nonvolatile Matter in Clear or Pigmented Coatings Using a Helium Gas Pycnometer.” This test method is used for the determination of the percent volume nonvolatile matter in clear and pigmented coatings.
The ASTM standards are reasonably available from the American Society for Testing and Materials (ASTM), 100 Barr Harbor Drive, Post Office Box C700, West Conshohocken, PA 19428-2959. See
While the EPA has identified another 18 VCS as being potentially applicable to this final rule, we have decided not to use these VCS in this rulemaking. The use of these VCS would not be practical due to lack of equivalency, documentation, validation date, and other important technical and policy considerations. See the memorandum titled
Under 40 CFR 63.7(f) and 40 CFR 63.8(f) of subpart A of the General Provisions, a source may apply to the EPA for permission to use alternative test methods or alternative monitoring requirements in place of any required testing methods, performance specifications, or procedures in the final rule or any amendments.
The EPA believes that this action does not have disproportionately high and adverse human health or environmental effects on minority populations, low-income populations, and/or indigenous peoples, as specified in Executive Order 12898 (59 FR 7629, February 16, 1994).
The documentation for this decision is contained in section IV.A of this preamble and the technical report titled
We examined the potential for any EJ issues that might be associated with the source category by performing a demographic analysis of the population close to the facilities. See section V.F, above. In this analysis, we evaluated the distribution of HAP-related cancer and noncancer risks from the Surface Coating of Wood Building Products NESHAP source category across different social, demographic, and economic groups within the populations living near facilities identified as having the highest risks. The methodology and the results of the demographic analyses are included in a technical report,
The results of the Surface Coating of Wood Building Products NESHAP source category demographic analysis indicate that approximately 700 people may be exposed to a cancer risk of 1-in-1 million based on allowable emissions from the source category and no one is exposed to a chronic noncancer TOSHI greater than 1. The specific demographic results indicate that the percentage of the population potentially impacted by wood building products emissions is similar among all demographic groups (see Table 3 of this preamble). The proximity results (irrespective of risk) indicate that the population percentages for certain demographic categories within 5 km of source category emissions are greater than the corresponding national percentage for those same demographics. The following demographic percentages for populations residing within close proximity to facilities with Surface Coating of Wood Building Products source category facilities are higher than the corresponding nationwide percentage: African American, ages 65 and up, over age 25 without a high school diploma, and below the poverty level.
The risks due to actual HAP emissions from this source category are low for all populations (
This action is subject to the CRA, and the EPA will submit a rule report to
Environmental protection, Administrative practice and procedures, Air pollution control, Hazardous substances, Incorporation by reference, National Emission Standards for Hazardous Air Pollutants: Surface Coating of Wood Building Products Residual Risk and Technology Review, Intergovernmental relations, Reporting and recordkeeping requirements.
For the reasons set out in the preamble, title 40, chapter I, part 63 of the Code of Federal Regulations is amended as follows:
42 U.S.C. 7401
The revisions and additions read as follows:
(h) * * *
(13) ASTM D1475-13, Standard Test Method for Density of Liquid Coatings, Inks, and Related Products, approved November 1, 2013, IBR approved for §§ 63.4741(b) and (c) and 63.4751(c).
(21) ASTM D2111-10 (Reapproved 2015), Standard Test Methods for Specific Gravity and Density of Halogenated Organic Solvents and Their Admixtures, approved June 1, 2015, IBR approved for § 63.4741(a).
(26) ASTM D2369-10 (Reapproved 2015)
(30) ASTM D2697-03 (Reapproved 2014), Standard Test Method for Volume Nonvolatile Matter in Clear or Pigmented Coatings, approved July 1, 2014, IBR approved for § 63.4741(a) and (b).
(64) ASTM D4840-99 (Reapproved 2018)
(79) ASTM D6093-97 (Reapproved 2016), Standard Test Method for Percent Volume Nonvolatile Matter in Clear or Pigmented Coatings Using a Helium Gas Pycnometer, Approved December 1, 2016, IBR approved for § 63.4741(a) and (b).
(84) ASTM D6348-03 (Reapproved 2010), Standard Test Method for Determination of Gaseous Compounds by Extractive Direct Interface Fourier Transform Infrared (FTIR) Spectroscopy, including Annexes A1 through A8, Approved October 1, 2010, IBR approved for §§ 63.1571(a), 63.4751(i), 63.4752(e), 63.4766(b), tables 4 and 5 to subpart JJJJJ, tables 4 and 6 to subpart KKKKK, tables 1, 2, and 5 to subpart UUUUU and appendix B to subpart UUUUU.
(l) Composite Panel Association, 19465 Deerfield Avenue, Suite 306, Leesburg, VA 20176, Telephone (703)724-1128, and
(1) ANSI A135.4-2012, Basic Hardboard, approved June 8, 2012, IBR approved for § 63.4781.
(2) [Reserved]
(p) * * *
(5) NCASI Method ISS/FP A105.01, Impinger Source Sampling Method for Selected Aldehydes, Ketones, and Polar Compounds, December 2005, Methods Manual, IBR approved for table 4 to subpart DDDD and §§ 63.4751(i) and 63.4752(e).
(c) * * *
(1) Surface coating in the processes identified in paragraphs (c)(1)(i) through (xi) of this section that are part of plywood and composite wood product manufacturing and subject to subpart DDDD of this part including:
(a) For a new or reconstructed affected source, the compliance date is the applicable date in paragraph (a)(1) or (2) of this section:
(1) If the initial startup of your new or reconstructed affected source is before May 28, 2003, the compliance date is May 28, 2003; except that the compliance date for the revised requirements promulgated at §§ 63.4700, 63.4710, 63.4720, 63.4730, 63.4741, 63.4751, 63.4752, 63.4761, 63.4763, 63.4764, 63.4766, 63.4781, table 4 of this subpart QQQQ, and appendix A to 40 CFR part 63 is September 3, 2019.
(2) If the initial startup of your new or reconstructed affected source occurs after May 28, 2003, the compliance date is March 4, 2019 or the date of initial startup of your affected source, whichever is later; except that if you commenced construction or reconstruction of your new or reconstructed affected source after May 28, 2003, but on or before May 16, 2018, the compliance date for the revised requirements promulgated at
(b) For an existing affected source, the compliance date is the date 3 years after May 28, 2003, except that the compliance date for the revised requirements promulgated at §§ 63.4700, 63.4710, 63.4720, 63.4730, 63.4741, 63.4751, 63.4752, 63.4761, 63.4763, 63.4764, 63.4766, 63.4781, table 4 of this subpart QQQQ of part 63, and appendix A to 40 CFR part 63 is September 3, 2019.
The revisions and addition read as follows:
(a) * * *
(2) Any coating operation(s) at existing sources for which you use the emission rate with add-on controls option, as specified in § 63.4691(c), must be in compliance with the applicable emission limitations as specified in paragraphs (a)(2)(i) through (iii) of this section.
(i) Before September 3, 2019, the coating operation(s) must be in compliance with the applicable emission limit in § 63.4690 at all times, except during periods of startup, shutdown, and malfunction (SSM). On and after September 3, 2019, the coating operation(s) must be in compliance with the applicable emission limit in § 63.4690 at all times.
(ii) Before September 3, 2019, the coating operation(s) must be in compliance with the applicable operating limits for emission capture systems and add-on control devices required by § 63.4692 at all times, except during periods of SSM, and except for solvent recovery systems for which you conduct liquid-liquid material balances according to § 63.4761(j). On and after September 3, 2019, the coating operation(s) must be in compliance with the operating limits for emission capture systems and add-on control devices required by § 63.4692 at all times, except for solvent recovery systems for which you conduct liquid-liquid material balances according to § 63.4761(j).
(3) For new or reconstructed sources with initial startup after May 16, 2018, any coating operation(s) for which you use the emission rate with add-on controls option, as specified in § 63.4691(c), must be in compliance with the applicable emission limitations and work practice standards as specified in paragraphs (a)(3)(i) through (iii) of this section.
(i) The coating operation(s) must be in compliance with the applicable emission limit in § 63.4690 at all times.
(ii) The coating operation(s) must be in compliance with the operating limits for emission capture systems and add-on control devices required by § 63.4692 at all times, except for solvent recovery systems for which you conduct liquid-liquid material balances according to § 63.4761(j).
(iii) The coating operation(s) must be in compliance with the work practice standards in § 63.4693 at all times.
(b) For existing sources as of March 4, 2019, before September 3, 2019, you must always operate and maintain your affected source, including all air pollution control and monitoring equipment you use for purposes of complying with this subpart, according to the provisions in § 63.6(e)(1)(i). On and after September 3, 2019 for such existing sources and after March 4, 2019 for new or reconstructed sources, you must always operate and maintain your affected source, including associated air pollution control equipment and monitoring equipment, in a manner consistent with safety and good air pollution control practices for minimizing emissions. The general duty to minimize emissions does not require you to make any further efforts to reduce emissions if levels required by the applicable standard have been achieved. Determination of whether a source is operating in compliance with operation and maintenance requirements will be based on information available to the Administrator which may include, but is not limited to, monitoring results, review of operation and maintenance procedures, review of operation and maintenance records, and inspection of the source.
(d) For existing sources, before September 3, 2019, if your affected source uses an emission capture system and add-on control device, you must develop a written startup, shutdown, and malfunction plan (SSMP) according to the provisions in § 63.6(e)(3). The SSMP must address startup, shutdown, and corrective actions in the event of a malfunction of the emission capture system or the add-on control device. The SSMP must also address any coating operation equipment that may cause increased emissions or that would affect capture efficiency if the process equipment malfunctions, such as conveyors that move parts among enclosures.
(c) * * *
(8) * * *
(ii) For the emission rate without add-on controls option, provide the calculation of the total mass of organic HAP emissions for each month; the calculation of the total volume of coating solids used each month; and the calculation of the 12-month organic HAP emission rate, using Equations 1 and 1A (or 1A-alt) through 1C, 2, and 3, respectively, of § 63.4751.
The revisions and additions read as follows:
(a) * * *
(6) * * *
(ii) The calculations used to determine the 12-month organic HAP emission rate for the compliance period in which the deviation occurred. You must provide the calculations for Equations 1, 1A (or 1A-alt) through 1C, 2, and 3 in § 63.4751; and if applicable, the calculation used to determine mass of organic HAP in waste materials according to § 63.4751(e)(4). You do not need to submit background data supporting these calculations (
(7)
(i) For existing sources, before September 3, 2019, if you used the emission rate with add-on controls option and there was a deviation from an emission limitation (including any periods when emissions bypassed the add-on control device and were diverted to the atmosphere), the semiannual compliance report must contain the information in paragraphs (a)(7)(i)(A) through (N) of this section. This includes periods of SSM during which deviations occurred.
(ii) After March 4, 2019 for new and reconstructed sources, and on and after September 3, 2019 for existing sources, if you used the emission rate with add-on controls option and there was a deviation from an emission limitation (including any periods when emissions bypassed the add-on control device and were diverted to the atmosphere), the semiannual compliance report must contain the information in paragraphs (a)(7)(ii)(A) through (M) of this section.
(A) The beginning and ending dates of each compliance period during which the 12-month organic HAP emission rate exceeded the applicable emission limit in § 63.4690.
(B) The calculations used to determine the 12-month organic HAP emission rate for each compliance period in which a deviation occurred. You must provide the calculation of the total mass of organic HAP emissions for the coatings, thinners, and cleaning materials used each month, using Equations 1 and 1A through 1C of § 63.4751; and, if applicable, the calculation used to determine mass of organic HAP in waste materials according to § 63.4751(e)(4); the calculation of the total volume of coating solids used each month, using Equation 2 of § 63.4751; the calculation of the mass of organic HAP emission reduction each month by emission capture systems and add-on control devices, using Equations 1 and 1A through 1D of § 63.4761, and Equations 2, 3, and 3A through 3C of § 63.4761, as applicable; the calculation of the total mass of organic HAP emissions each month, using Equation 4 of § 63.4761; and the calculation of the 12-month organic HAP emission rate, using Equation 5 of § 63.4761. You do not need to submit the background data supporting these calculations (
(C) A brief description of the CPMS.
(D) The date of the latest CPMS certification or audit.
(E) The date and time that each CPMS was inoperative, except for zero (low-level) and high-level checks.
(F) The date, time, and duration that each CPMS was out-of-control, including the information in § 63.8(c)(8).
(G) The date and time period of each deviation from an operating limit in Table 3 to this subpart, date and time period of any bypass of the add-on control device.
(H) A summary of the total duration of each deviation from an operating limit in Table 3 to this subpart, each bypass of the add-on control device during the semiannual reporting period, and the total duration as a percent of the total source operating time during that semiannual reporting period.
(I) A breakdown of the total duration of the deviations from the operating limits in Table 3 to this subpart and bypasses of the add-on control device during the semiannual reporting period by identifying deviations due to control equipment problems, process problems, other known causes, and other unknown causes; a list of the affected source or equipment, an estimate of the quantity of each regulated pollutant emitted over any emission limit, and a description of the method used to estimate the emissions.
(J) A summary of the total duration of CPMS downtime during the semiannual reporting period and the total duration of CPMS downtime as a percent of the total source operating time during that semiannual reporting period.
(K) A description of any changes in the CPMS, coating operation, emission capture system, or add-on control device since the last semiannual reporting period.
(L) For each deviation from the standard, including work practice standards, a description of the deviation, the date and time period of the deviation, and the actions you took to correct the deviation.
(M) A statement of the cause of each deviation.
(c)
(d)
(i)
(ii)
(iii)
(2) You must submit the Notification of Compliance Status required in § 63.4710(c) and the semiannual compliance reports required in paragraph (a) of this section to the EPA via the CEDRI. (CEDRI can be accessed through the EPA's CDX (
(3) If you are required to electronically submit a report through CEDRI in EPA's CDX, you may assert a claim of EPA system outage for failure to timely comply with the reporting requirement. To assert a claim of EPA system outage, you must meet the requirements outlined in paragraphs (d)(3)(i) through (vii) of this section.
(i) You must have been or will be precluded from accessing CEDRI and submitting a required report within the time prescribed due to an outage of either EPA's CEDRI or CDX systems.
(ii) The outage must have occurred within the period of time beginning five business days prior to the date that the submission is due.
(iii) The outage may be planned or unplanned.
(iv) You must submit notification to the Administrator in writing as soon as possible following the date you first knew, or through due diligence should have known, that the event may cause or has caused a delay in reporting.
(v) You must provide to the Administrator a written description identifying:
(A) The date(s) and time(s) when CDX or CEDRI was accessed and the system was unavailable;
(B) A rationale for attributing the delay in reporting beyond the regulatory deadline to EPA system outage;
(C) Measures taken or to be taken to minimize the delay in reporting; and
(D) The date by which you propose to report, or if you have already met the reporting requirement at the time of the notification, the date you reported.
(vi) The decision to accept the claim of EPA system outage and allow an extension to the reporting deadline is solely within the discretion of the Administrator.
(vii) In any circumstance, the report must be submitted electronically as soon as possible after the outage is resolved.
(4) If you are required to electronically submit a report through CEDRI in EPA's CDX, you may assert a claim of force majeure for failure to timely comply with the reporting requirement. To assert a claim of force majeure, you must meet the requirements outlined in paragraphs (d)(4)(i) through (v) of this section.
(i) You may submit a claim if a force majeure event is about to occur, occurs, or has occurred or there are lingering effects from such an event within the period of time beginning five business days prior to the date the submission is due. For the purposes of this section, a force majeure event is defined as an event that will be or has been caused by circumstances beyond the control of the affected facility, its contractors, or any entity controlled by the affected facility that prevents you from complying with the requirement to submit a report electronically within the time period prescribed. Examples of such events are acts of nature (
(ii) You must submit the notification to the Administrator in writing as soon as possible following the date you first knew, or through due diligence should have known, that the event may cause or has caused a delay in reporting.
(iii) You must provide to the Administrator:
(A) A written description of the force majeure event;
(B) A rationale for attributing the delay in reporting beyond the regulatory deadline to the force majeure event;
(C) Measures taken or to be taken to minimize the delay in reporting; and
(D) The date by which you propose to report, or if you have already met the reporting requirement at the time of the notification, the date you reported.
(iv) The decision to accept the claim of force majeure and allow an extension to the reporting deadline is solely within the discretion of the Administrator.
(v) In any circumstance, the reporting must occur as soon as possible after the force majeure event occurs.
The revisions and additions read as follows:
(c) * * *
(3) For the emission rate without add-on controls option, a record of the calculation of the total mass of organic HAP emissions for the coatings, thinners, and cleaning materials used each month, using Equations 1, 1A (or 1A-alt) through 1C, and 2 of § 63.4751; and, if applicable, the calculation used to determine mass of organic HAP in waste materials according to § 63.4751(e)(4); the calculation of the total volume of coating solids used each month, using Equation 2 of § 63.4751; and the calculation of each 12-month organic HAP emission rate, using Equation 3 of § 63.4751.
(k) If you use the emission rate with add-on controls option, you must keep the records specified in paragraphs (k)(1) through (2) of this section.
(1) For existing sources, before September 3, 2019:
(v) For each capture system that is not a PTE, the data and documentation you used to determine capture efficiency according to the requirements specified in §§ 63.4764 and 63.4765(b) through (e), including the records specified in paragraphs (k)(1)(v)(A) through (C) of this section that apply to you.
(vi) The records specified in paragraphs (k)(1)(vi)(A) and (B) of this section for each add-on control device organic HAP destruction or removal efficiency determination as specified in § 63.4766.
(2) After March 4, 2019 for new and reconstructed sources, and on and after September 3, 2019 for existing sources:
(i) The records required to show continuous compliance with each operating limit specified in Table 3 to this subpart that applies to you.
(ii) For each capture system that is a PTE, the data and documentation you used to support a determination that the capture system meets the criteria in Method 204 of appendix M to 40 CFR part 51 for a PTE and has a capture efficiency of 100 percent, as specified in § 63.4765(a).
(iii) For each capture system that is not a PTE, the data and documentation
(A)
(B)
(C)
(iv) The records specified in paragraphs (k)(2)(iv)(A) and (B) of this section for each add-on control device organic HAP destruction or removal efficiency determination as specified in § 63.4766.
(A) Records of each add-on control device performance test conducted according to §§ 63.4764 and 63.4766.
(B) Records of the coating operation conditions during the add-on control device performance test showing that the performance test was conducted under representative operating conditions.
(v) Records of the data and calculations you used to establish the emission capture and add-on control device operating limits as specified in § 63.4767 and to document compliance with the operating limits as specified in Table 3 to this subpart.
(vi) A record of the work practice plan required by § 63.4693, and documentation that you are implementing the plan on a continuous basis.
The revisions read as follows:
(a) * * *
(2)
(i) ASTM Method D2111-10 (Reapproved 2015), “Standard Test Methods for Specific Gravity and Density of Halogenated Organic Solvents and Their Admixtures,” (incorporated by reference, see § 63.14);
(ii) ASTM Method D2369-10 (Reapproved 2015)
(iii) ASTM Method D2697-03 (Reapproved 2014), “Standard Test Method for Volume Nonvolatile Matter in Clear or Pigmented Coatings,” (incorporated by reference, see § 63.14); and
(iv) ASTM Method D6093-97 (Reapproved 2016), “Standard Test Method for Percent Volume Nonvolatile Matter in Clear or Pigmented Coatings Using a Helium Gas Pycnometer,” (incorporated by reference, see § 63.14).
(b) * * *
(1)
(3) * * *
(c)
The revisions and addition read as follows:
(c)
(e) * * *
(i)
(1) You must also calculate the mass of organic HAP emitted from the coatings used during the month using Equation 1A-alt of this section:
(2) Calculate the organic HAP emission rate for the 12-month compliance period, grams organic HAP per liter coating solids used, using Equation 3 of this section.
(3) The organic HAP emission rate for the initial 12-month compliance period, calculated using Equation 3 of this section, must be less than or equal to the applicable emission limit in § 63.4690. You must keep all records as required by §§ 63.4730 and 63.4731. As part of the Notification of Compliance Status required by § 63.4710, you must identify the coating operation(s) for which you used the emission rate without add-on controls option and submit a statement that the coating operation(s) was (were) in compliance with the emission limitations during the initial compliance period because the organic HAP emission rate was less than or equal to the applicable emission limit in § 63.4690, determined according to this section.
(4) If ASTM D6348-03 (Reapproved 2010) is used, the conditions specified in paragraphs (i)(4)(i) and (ii) must be met.
(i) Test plan preparation and implementation in the Annexes to ASTM D6348-03 (Reapproved 2010), sections A1 through A8 are mandatory.
(ii) In ASTM D6348-03 (Reapproved 2010) Annex A5 (Analyte Spiking Technique), the percent (%) R must be determined for each target analyte (Equation A5.5 of ASTM D6348-03). In order for the test data to be acceptable for a compound, %R must be between 70 and 130 percent. If the %R value does not meet this criterion for a target compound, the test data are not acceptable for that compound, and the test must be repeated for that analyte following adjustment of the sampling and/or analytical procedure before the retest. The %R value for each compound must be reported in the test report, and all field measurements must be corrected with the calculated %R value for that compound using the following equation: Reported Result = (Measured Concentration in the Stack × 100)/%R.
(e) If you use the alternative compliance demonstration described in § 63.4751(i), you must identify each organic HAP component in the coating(s) and conduct a performance test every 5 years to obtain an organic HAP emission factor (EF). You must use the following methods, as appropriate: Method 320 of appendix A to 40 CFR part 63 or NCASI Method ISS/FP A105.01 (incorporated by reference, see § 63.14) (for formaldehyde) or Method 326 of appendix A to 40 CFR part 63 (for isocyanates). The voluntary consensus standard ASTM D6348-03 (Reapproved 2010) (incorporated by reference, see § 63.14) may be used as an alternative to using Method 320 under the conditions specified in § 63.4751(i)(4)(i) and (ii).
(j) * * *
(3) Determine the mass fraction of volatile organic matter for each coating, thinner, and cleaning material used in the coating operation controlled by the solvent recovery system during the month, grams volatile organic matter per gram coating. You may determine the volatile organic matter mass fraction using Method 24 of 40 CFR part 60, appendix A-7, one of the voluntary consensus standards specified in § 63.4741(a)(2)(i) through (iv), or an EPA approved alternative method, or you may use information provided by the manufacturer or supplier of the coating. In the event of any inconsistency between information provided by the manufacturer or supplier and the results of Method 24 of 40 CFR part 60, appendix A-7, or an approved alternative method, the test method results will take precedence unless after consultation, a regulated source could demonstrate to the satisfaction of the enforcement agency that the formulation data were correct.
(h) For existing sources, before September 3, 2019, consistent with §§ 63.6(e) and 63.7(e)(1), deviations that occur during a period of SSM of the
(a) * * *
(1)
(2)
(a) * * *
(1) Use Method 1 or 1A of appendix A-1 to 40 CFR part 60, as appropriate, to select sampling sites and velocity traverse points.
(2) Use Method 2, 2A, 2C, 2D, or 2F of appendix A-1 to 40 CFR part 60, or Method 2G of appendix A-2 to 40 CFR part 60, as appropriate, to measure gas volumetric flow rate.
(3) Use Method 3, 3A, or 3B of appendix A-2 to 40 CFR part 60, as appropriate, for gas analysis to determine dry molecular weight. You may also use as an alternative to Method 3B, the manual method for measuring the oxygen, carbon dioxide, and carbon monoxide content of exhaust gas in ANSI/ASME PTC 19.10-1981, “Flue and Exhaust Gas Analyses [Part 10, Instruments and Apparatus]” (incorporated by reference, see § 63.14).
(4) Use Method 4 of appendix A-3 to 40 CFR part 60 to determine stack gas moisture.
(b) Measure total gaseous organic mass emissions as carbon at the inlet and outlet of the add-on control device simultaneously, using Method 25 or 25A of appendix A-7 to 40 CFR part 60, and Method 320 or 326 of appendix A to 40 CFR part 63, as specified in paragraphs (b)(1) through (5) of this section. The voluntary consensus standard ASTM D6348-03 (Reapproved 2010) (incorporated by reference in § 63.14) may be used as an alternative to using Method 320 if the conditions specified in § 63.4751(i)(4)(i) and (ii) are met. You must use the same method for both the inlet and outlet measurements.
(1) Use Method 25 of appendix A-7 to 40 CFR part 60 if the add-on control device is an oxidizer, and you expect the total gaseous organic concentration as carbon to be more than 50 parts per million (ppm) at the control device outlet.
(2) Use Method 25A of appendix A-7 to 40 CFR part 60 if the add-on control device is an oxidizer, and you expect the total gaseous organic concentration as carbon to be 50 ppm or less at the control device outlet.
(3) Use Method 25A of appendix A-7 to 40 CFR part 60 if the add-on control device is not an oxidizer.
(4) If Method 25A is used, and if formaldehyde is a major organic HAP component of the surface coating exhaust stream, use Method 320 of appendix A to 40 CFR part 63 or NCASI Method ISS/FP A105.01 (incorporated by reference in § 63.14) or ASTM D6348-03 (Reapproved 2010) (incorporated by reference in § 63.14) to determine formaldehyde concentration.
(5) In addition to Method 25 or 25A, use Method 326 of appendix A to 40 CFR part 63 if isocyanate is a major organic HAP component of the surface coating exhaust stream.
(d) For each test run, determine the total gaseous organic emissions mass flow rates for the inlet and the outlet of the add-on control device, using Equation 1 of this section. If there is more than one inlet or outlet to the add-on control device, you must calculate the total gaseous organic mass flow rate using Equation 1 of this section for each inlet and each outlet and then total all of the inlet emissions and total all of the outlet emissions. The mass emission rates for formaldehyde and individual isocyanate must be determined separately.
(f) Determine the emission destruction or removal efficiency of the add-on control device as the average of the efficiencies determined in the three test runs and calculated in Equation 2 of this section. Destruction and removal efficiency must be determined independently for formaldehyde and isocyanates.
(3) On and after September 3, 2019, fails to meet any emission limit, or operating limit, or work practice standard in this subpart during SSM.
Table 4 to Subpart QQQQ of Part 63—Applicability of General Provisions to Subpart QQQQ of Part 63
You must comply with the applicable General Provisions requirements according to the following table:
This method is applicable to the collection and analysis of isocyanate compounds from the emissions associated with manufacturing processes. This method is not inclusive with respect to specifications (
1.1 Analytes. This method is designed to determine the mass emission of isocyanates being emitted from manufacturing processes. The following is a table (Table 1-1) of the isocyanates and the manufacturing process at which the method has been evaluated:
1.2 Applicability. Method 326 is a method designed for determining compliance with National Emission Standards for Hazardous Air Pollutants (NESHAP). Method 326 may also be specified by New Source Performance Standards (NSPS), State Implementation Plans (SIPs), and operating permits that require measurement of isocyanates in stationary source emissions, to determine compliance with an applicable emission standard or limit.
1.3 Data Quality Objectives (DQO). The principal objective is to ensure the accuracy of the data at the actual emissions levels and in the actual emissions matrix encountered. To meet this objective, method performance tests are required and NIST-traceable calibration standards must be used.
2.1 Gaseous and/or aerosol isocyanates are withdrawn from an emission source at an isokinetic sampling rate and are collected in a multicomponent sampling train. The primary components of the train include a heated probe, three impingers containing derivatizing reagent in toluene, an empty impinger, an impinger containing charcoal, and an impinger containing silica gel.
2.2 The liquid impinger contents are recovered, concentrated to dryness under vacuum, brought to volume with acetonitrile (ACN) and analyzed with a high pressure liquid chromatograph (HPLC).
4.1 The greatest potential for interference comes from an impurity in the derivatizing reagent, 1-(2-pyridyl)piperazine (1,2-PP). This compound may interfere with the resolution of MI from the peak attributed to unreacted 1,2-PP.
4.2 Other interferences that could result in positive or negative bias are (1) alcohols that could compete with the 1,2-PP for reaction with an isocyanate and (2) other compounds that may co-elute with one or more of the derivatized isocyanates.
4.3 Method interferences may be caused by contaminants in solvents, reagents, glassware, and other sample processing hardware. All these materials must be routinely shown to be free from interferences under conditions of the analysis by preparing and analyzing laboratory method (or reagent) blanks.
4.3.1 Glassware must be cleaned thoroughly before using. The glassware should be washed with laboratory detergent in hot water followed by rinsing with tap water and distilled water. The glassware may be dried by baking in a glassware oven at 400 °C for at least one hour. After the glassware has cooled, it should be rinsed three times with methylene chloride and three times with acetonitrile. Volumetric glassware should not be heated to 400 °C. Instead, after washing and rinsing, volumetric glassware may be rinsed with acetonitrile followed by methylene chloride and allowed to dry in air.
4.3.2 The use of high purity reagents and solvents helps to reduce interference problems in sample analysis.
5.1 Organizations performing this method are responsible for maintaining a current awareness file of Occupational Safety and Health Administration (OSHA) regulations regarding safe handling of the chemicals specified in this method. A reference file of material safety data sheets should also be made available to all personnel involved in performing the method. Additional references to laboratory safety are available.
6.1 Sample Collection. A schematic of the sampling train used in this method is shown in Figure 207-1. This sampling train configuration is adapted from Method 5 procedures, and, as such, most of the required equipment is identical to that used in Method 5 determinations. The only new component required is a condenser.
6.1.1 Probe Nozzle. Borosilicate or quartz glass; constructed and calibrated according to Method 5, sections 6.1.1.1 and 10.1, and coupled to the probe liner using a Teflon union; a stainless steel nut is recommended for this union. When the stack temperature exceeds 210 °C (410 °F), a one-piece glass nozzle/liner assembly must be used.
6.1.2 Probe Liner. Same as Method 5, section 6.1.1.2, except metal liners shall not be used. Water-cooling of the stainless steel sheath is recommended at temperatures exceeding 500 °C (932 °F). Teflon may be used in limited applications where the minimum stack temperature exceeds 120 °C (250 °F) but never exceeds the temperature where Teflon is estimated to become unstable [approximately 210 °C (410 °F)].
6.1.3 Pitot Tube, Differential Pressure Gauge, Filter Heating System, Metering System, Barometer, Gas Density Determination Equipment. Same as Method 5, sections 6.1.1.3, 6.1.1.4, 6.1.1.6, 6.1.1.9, 6.1.2, and 6.1.3.
6.1.4 Impinger Train. Glass impingers are connected in series with leak-free ground-glass joints following immediately after the heated probe. The first impinger shall be of the Greenburg-Smith design with the standard tip. The remaining five impingers shall be of the modified Greenburg-Smith design, modified by replacing the tip with a 1.3-cm (
6.1.5 Moisture Measurement. For the purpose of calculating volumetric flow rate and isokinetic sampling, you must also collect either Method 4 in Appendix A-3 to this part or other moisture measurement methods approved by the Administrator concurrent with each Method 326 test run.
6.2 Sample Recovery
6.2.1 Probe and Nozzle Brushes; Polytetrafluoroethylene (PTFE) bristle brushes with stainless steel wire or PTFE handles are required. The probe brush shall have extensions constructed of stainless steel, PTFE, or inert material at least as long as the probe. The brushes shall be properly sized and shaped to brush out the probe liner and the probe nozzle.
6.2.2 Wash Bottles. Three. PTFE or glass wash bottles are recommended; polyethylene wash bottles must not be used because organic contaminants may be extracted by exposure to organic solvents used for sample recovery.
6.2.3 Glass Sample Storage Containers. Chemically resistant, borosilicate amber glass bottles, 500-mL or 1,000-mL. Bottles should be tinted to prevent the action of light on the sample. Screw-cap liners shall be either PTFE or constructed to be leak-free and resistant to chemical attack by organic recovery solvents. Narrow-mouth glass bottles have been found to leak less frequently.
6.2.4 Graduated Cylinder. To measure impinger contents to the nearest 1 ml or 1 g. Graduated cylinders shall have subdivisions not >2 mL.
6.2.5 Plastic Storage Containers. Screw-cap polypropylene or polyethylene containers to store silica gel and charcoal.
6.2.6 Funnel and Rubber Policeman. To aid in transfer of silica gel or charcoal to container (not necessary if silica gel is weighed in field).
6.2.7 Funnels. Glass, to aid in sample recovery.
6.3 Sample Preparation and Analysis.
The following items are required for sample analysis.
6.3.1 Rotary Evaporator. Buchii Model EL-130 or equivalent.
6.3.2 1000 ml Round Bottom Flask for use with a rotary evaporator.
6.3.3 Separatory Funnel. 500-ml or larger, with PTFE stopcock.
6.3.4 Glass Funnel. Short-stemmed or equivalent.
6.3.5 Vials. 15-ml capacity with PTFE lined caps.
6.3.6 Class A Volumetric Flasks. 10-ml for bringing samples to volume after concentration.
6.3.7 Filter Paper. Qualitative grade or equivalent.
6.3.8 Buchner Funnel. Porcelain with 100 mm ID or equivalent.
6.3.9 Erlenmeyer Flask. 500-ml with side arm and vacuum source.
6.3.10 HPLC with at least a binary pumping system capable of a programmed gradient.
6.3.11 Column Systems Column systems used to measure isocyanates must be capable of achieving separation of the target compounds from the nearest eluting compound or interferents with no more than 10 percent peak overlap.
6.3.12 Detector. UV detector at 254 nm. A fluorescence detector (FD) with an excitation of 240 nm and an emission at 370 nm may be also used to allow the detection of low concentrations of isocyanates in samples.
6.3.13 Data system for measuring peak areas and retention times.
7.1 Sample Collection Reagents.
7.1.1 Charcoal. Activated, 6-16 mesh. Used to absorb toluene vapors and prevent them from entering the metering device. Use once with each train and discard.
7.1.2 Silica Gel and Crushed Ice. Same as Method 5, sections 7.1.2 and 7.1.4 respectively
7.1.3 Impinger Solution. The impinger solution is prepared by mixing a known amount of 1-(2-pyridyl) piperazine (purity 99.5+%) in toluene (HPLC grade or equivalent). The actual concentration of 1,2-PP should be approximately four times the amount needed to ensure that the capacity of the derivatizing solution is not exceeded. This amount shall be calculated from the stoichiometric relationship between 1,2-PP and the isocyanate of interest and preliminary information about the concentration of the isocyanate in the stack emissions. A concentration of 130 µg/ml of 1,2-PP in toluene can be used as a reference point. This solution shall be prepared, stored in a refrigerated area away from light, and used within ten days of preparation.
7.2 Sample Recovery Reagents.
7.2.1 Toluene. HPLC grade is required for sample recovery and cleanup (see
7.2.2 Acetonitrile. HPLC grade is required for sample recovery and cleanup.
7.3 Analysis Reagents. Reagent grade chemicals should be used in all tests. All reagents shall conform to the specifications of the Committee on Analytical Reagents of the American Chemical Society, where such specifications are available.
7.3.1 Toluene, C
7.3.2 Acetonitrile, CH
7.3.3 Methylene Chloride, CH
7.3.4 Hexane, C
7.3.5 Water, H
7.3.6 Ammonium Acetate, CH
7.3.7 Acetic Acid (glacial), CH
7.3.8 1-(2-Pyridyl)piperazine, (1,2-PP), ≥99.5% or equivalent.
7.3.9 Absorption Solution. Prepare a solution of 1-(2-pyridyl)piperazine in toluene at a concentration of 40 mg/300 ml. This solution is used for method blanks and method spikes.
7.3.10 Ammonium Acetate Buffer Solution (AAB). Prepare a solution of ammonium acetate in water at a concentration of 0.1 M by transferring 7.705 g of ammonium acetate to a 1,000 ml volumetric flask and diluting to volume with HPLC Grade water. Adjust pH to 6.2 with glacial acetic acid.
Because of the complexity of this method, field personnel should be trained in and experienced with the test procedures in order to obtain reliable results.
8.1 Sampling
8.1.1 Preliminary Field Determinations. Same as Method 5, section 8.2.
8.1.2 Preparation of Sampling Train. Follow the general procedure given in Method 5, section 8.3.1, except for the following variations: Place 300 ml of the impinger absorbing solution in the first impinger and 200 ml each in the second and third impingers. The fourth impinger shall remain empty. The fifth and sixth impingers shall have 400 g of charcoal and 200-300 g of silica gel, respectively. Alternatively, the charcoal and silica gel may be combined in the fifth impinger. Set-up the train as in Figure 326-1. During assembly, do not use any silicone grease on ground-glass joints.
During preparation and assembly of the sampling train, keep all openings where contamination can occur covered with PTFE film or aluminum foil until just before assembly or until sampling is about to begin.
8.1.3 Leak-Check Procedures. Follow the leak-check procedures given in Method 5, sections 8.4.2 (Pretest Leak-Check), 8.4.3 (Leak-Checks During the Sample Run), and 8.4.4 (Post-Test Leak-Check), with the exception that the pre-test leak-check is mandatory
8.1.4 Sampling Train Operation. Follow the general procedures given in Method 5, section 8.5. Turn on the condenser coil coolant recirculating pump and monitor the gas entry temperature. Ensure proper gas entry temperature before proceeding and again before any sampling is initiated. It is important that the gas entry temperature not exceed 50 °C (122 °F), thus reducing the loss of toluene from the first impinger. For each run, record the data required on a data sheet such as the one shown in Method 5, Figure 5-3.
8.2 Sample Recovery. Allow the probe to cool. When the probe can be handled safely, wipe off all external particulate matter near the tip of the probe nozzle and place a cap over the tip to prevent losing or gaining particulate matter. Do not cap the probe tip tightly while the sampling train is cooling down because this will create a vacuum in the train. Before moving the sample train to the cleanup site, remove the probe from the sample train and cap the opening to the probe, being careful not to lose any condensate that might be present. Cap the impingers and transfer the probe and the impinger/condenser assembly to the cleanup area. This area should be clean and protected from the weather to reduce sample contamination or loss. Inspect the train prior to and during disassembly and record any abnormal conditions. It is not necessary to measure the volume of the impingers for the purpose of moisture determination as the method is not validated for moisture determination. Treat samples as follows:
8.2.1 Container No. 1, Probe and Impinger Numbers 1 and 2. Rinse and brush the probe/nozzle first with toluene twice and then twice again with acetonitrile and place the wash into a glass container labeled with the test run identification and “Container No. 1.” When using these solvents ensure that proper ventilation is available. Quantitatively transfer the liquid from the first two impingers and the condenser into Container No. 1. Rinse the impingers and all connecting glassware twice with toluene and then twice again with acetonitrile and transfer the rinses into Container No. 1. After all components have been collected in the container, seal the container, and mark the liquid level on the bottle.
8.2.2 Container No. 2, Impingers 3 and 4. Quantitatively transfer the liquid from each impinger into a glass container labeled with the test run identification and “Container No. 2.” Rinse each impinger and all connecting glassware twice with toluene and twice again with acetonitrile and transfer the rinses into Container No. 2. After all components have been collected in the container, seal the container, and mark the liquid level on the bottle.
The contents of the fifth and sixth impinger (silica gel) can be discarded.
8.2.3 Container No. 3, Reagent Blank. Save a portion of both washing solutions (toluene/acetonitrile) used for the cleanup as a blank. Transfer 200 ml of each solution directly from the wash bottle being used and combine in a glass sample container with the test identification and “Container No. 3.” Seal the container, and mark the liquid level on the bottle and add the proper label.
8.2.4 Field Train Proof Blanks. To demonstrate the cleanliness of sampling train glassware, you must prepare a full sampling train to serve as a field train proof blank just as it would be prepared for sampling. At a minimum, one complete sampling train will be assembled in the field staging area, taken to the sampling area, and leak-checked. The probe of the blank train shall be heated during and the train will be recovered as if it were an actual test sample. No gaseous sample will be passed through the sampling train. Field blanks are recovered in the same manner as described in sections 8.2.1 and 8.2.2 and must be submitted with the field samples collected at each sampling site.
8.2.5 Field Train Spike. To demonstrate the effectiveness of the sampling train, field handling, and recovery procedures you must prepare a full sampling train to serve as a field train spike just as it would be prepared for sampling. The field spike is performed in the same manner as the field train proof blank with the additional step of adding the Field Spike Solution to the first impinger after the initial leak check. The train will be recovered as if it were an actual test sample. No gaseous sample will be passed through the sampling train. Field train spikes are recovered in the same manner as described in sections 8.2.1 and 8.2.2 and must be submitted with the samples collected for each test program.
8.3 Sample Transport Procedures. Containers must remain in an upright position at all times during shipment. Samples must also be stored at <4 °C between the time of sampling and concentration. Each sample should be extracted and concentrated within 30 days after collection and analyzed within 30 days after extraction. The extracted sample must be stored at 4 °C.
8.4 Sample Custody. Proper procedures and documentation for sample chain of custody are critical to ensuring data integrity. The chain of custody procedures in ASTM D4840-99 (Reapproved 2018)
9.1 Sampling. Sampling Operations. The sampling quality control procedures and acceptance criteria are listed in Table 326-2 below; see also section 9.0 of Method 5.
9.2 Analysis. The analytical quality control procedures required for this method includes the analysis of the field train proof blank, field train spike, and reagent and method blanks. Analytical quality control procedures and acceptance criteria are listed in Table 326-3 below.
9.2.1 Check for Breakthrough. Recover and determine the isocyanate(s) concentration of the last two impingers separately from the first two impingers.
9.2.2 Field Train Proof Blank. Field blanks must be submitted with the samples collected at each sampling site.
9.2.3 Reagent Blank and Field Train Spike. At least one reagent blank and a field train spike must be submitted with the samples collected for each test program.
9.2.4 Determination of Method Detection Limit. Based on your instrument's sensitivity and linearity, determine the calibration concentrations or masses that make up a representative low level calibration range. The MDL must be determined at least annually for the analytical system using an MDL study such as that found in section 15.0 to Method 301 of appendix A to part 63 of this chapter.
Maintain a laboratory log of all calibrations.
10.1 Probe Nozzle, Pitot Tube Assembly, Dry Gas Metering System, Probe Heater, Temperature Sensors, Leak-Check of Metering System, and Barometer. Same as Method 5, sections 10.1, 10.2, 10.3, 10.4, 10.5, 8.4.1, and 10.6, respectively.
10.2 High Performance Liquid Chromatograph. Establish the retention times for the isocyanates of interest; retention times will depend on the chromatographic conditions. The retention times provided in Table 10-1 are provided as a guide to relative retention times when using a C18, 250 mm x 4.6 mm ID, 5µm particle size column, a 2 ml/min flow rate of a 1:9 to 6:4 Acetonitrile/Ammonium Acetate Buffer, a 50 µl sample loop, and a UV detector set at 254 nm.
10.3 Preparation of Isocyanate Derivatives.
10.3.1 HDI, TDI, MDI. Dissolve 500 mg of each isocyanate in individual 100 ml aliquots of methylene chloride (MeCl
10.3.2 MI. Prepare a 200 μg/ml stock solution of methyl isocyanate-urea, transfer 60 mg of 1,2-PP to a 100-ml volumetric flask containing 50 ml of MeCl
10.4 Preparation of calibration standards. Prepare a 100 μg/ml stock solution of the isocyanates of interest from the individual isocyanate-urea derivative as prepared in sections 10.3.1 and 10.3.2. This is accomplished by dissolving 1 mg of each isocyanate-urea derivative in 10 ml of Acetonitrile. Calibration standards are prepared from this stock solution by making appropriate dilutions of aliquots of the stock into Acetonitrile.
10.5 Preparation of Method Blanks. Prepare a method blank for each test program (up to twenty samples) by transferring 300 ml of the absorption solution to a 1,000-ml round bottom flask and concentrate as outlined in section 11.2.
10.6 Preparation of Field Spike Solution. Prepare a field spike solution for every test program in the same manner as calibration standards (see Section 10.4). The mass of the target isocyanate in the volume of the spike solution for the field spike train shall be equivalent to that estimated to be captured from the source concentration for each compound; alternatively, you may also prepare a solution that represents half the applicable standard.
10.7 HPLC Calibrations. See Section 11.1.
11.1 Analytical Calibration. Perform a multipoint calibration of the instrument at six or more upscale points over the desired quantitative range (multiple calibration ranges shall be calibrated, if necessary). The field samples analyzed must fall within at least one of the calibrated quantitative ranges and meet the performance criteria specified below. The lowest point in your calibration curve must be at least 5, and preferably 10, times the MDL. For each calibration curve, the value of the square of the linear correlation coefficient,
11.2 Concentration of Samples. Transfer each sample to a 1,000-ml round bottom flask. Attach the flask to a rotary evaporator and gently evaporate to dryness under vacuum in a 65 °C water bath. Rinse the round bottom flask three times each with 2 ml of acetonitrile and transfer the rinse to a 10-ml volumetric flask. Dilute the sample to volume with acetonitrile and transfer to a 15-ml vial and seal with a PTFE lined lid. Store the vial ≤4 °C until analysis.
11.3 Analysis. Analyze replicative samples by HPLC, using the appropriate conditions established in section 10.2. The width of the retention time window used to make identifications should be based upon measurements of actual retention time variations of standards over the course of a day. Three times the standard deviation of a retention time for a compound can be used to calculate a suggested window size; however, the experience of the analyst should weigh heavily in the interpretation of the chromatograms. If the peak area exceeds the linear range of the calibration curve, the sample must be diluted with acetonitrile and reanalyzed. Average the replicate results for each run. For each sample you must report the same information required for analytical calibrations (Section 11.1). For non-detect or values below the detection limit of the method, you shall report the value as “<” numerical detection limit.
Nomenclature and calculations, same as in Method 5, section 6, with the following additions below.
12.1 Nomenclature.
12.2 Conversion from Isocyanate to the Isocyanate-urea derivative. The equation for converting the amount of free isocyanate to the corresponding amount of isocyanate-urea derivative is as follows:
12.2 Conversion from Isocyanate to the Isocyanate-urea derivative. The equation for converting the amount of free isocyante to the corresponding amount of isocyante-urea derivative is as follows:
12.3 Calculate the correlation coefficient, slope, and intercepts for the calibration data
12.4 Calculate the concentration of isocyanate in the sample:
12.5 Calculate the total amount collected in the sample by multiplying the concentration (μg/ml) times the final volume of acetonitrile (10 ml).
12.6 Calculate the concentration of isocyanate (μg/dscm) in the stack gas.
12.7 Calculate Relative Percent Difference (RPD) for each replicative sample
12.8 Calculate Field Train Spike Recovery
12.9 Calculate Percent Breakthrough
Evaluation of sampling and analytical procedures for a selected series of compounds must meet the quality control criteria (See Section 9) for each associated analytical determination. The sampling and analytical procedures must be challenged by the test compounds spiked at appropriate levels and carried through the procedures.
Office of the Assistant Secretary for Health, Office of the Secretary, HHS. Department of Health and Human Services.
Final rule.
The Office of Population Affairs (OPA), in the Office of the Assistant Secretary for Health, issues this final rule to revise the regulations that govern the Title X family planning program (authorized by Title X of the Public Health Service Act) to ensure compliance with, and enhance implementation of, the statutory requirement that none of the funds appropriated for Title X may be used in programs where abortion is a method of family planning and related statutory requirements. Accordingly, OPA amends the Title X regulations to clarify grantee responsibilities under Title X, to remove the requirement for nondirective abortion counseling and referral, to prohibit referral for abortion, and to clarify compliance obligations with state and local laws. In addition, Title X regulations are amended to clarify access to family planning services where an employer exercises a religious or moral objection. Finally, Title X regulations are amended to require physical and financial separation to ensure clarity regarding the purpose of Title X and compliance with statutory program integrity provisions, and to encourage family participation in family planning decisions, as required by Federal law.
Compliance with the financial separation requirements contained in § 59.15 is required by July 2, 2019. Until that date, the Department will expect grantees to comply with either § 59.15 or the “Separation” section of the guidance at 65 FR 41281, 41282.
Compliance with §§ 59.7 and 59.5(a)(13) is required by July 2, 2019.
Compliance for reporting, assurance, and provision of service in §§ 59.5(a)(12) and (13) as it applies to all required reports, 59.5(a)(14), (b)(1) and (8), 59.13, 59.14, 59.17, and 59.18 is required by July 2, 2019.
Compliance for all other requirements of this final rule is required by the effective date, that is, by May 3, 2019.
The Office of the Assistant Secretary for Health (OASH) at (202) 690-7694,
The primary purpose of this rule is to finalize, with changes in response to public comments, revisions to the Title X family planning regulations proposed on June 1, 2018.
This rule finalizes requirements that ensure clear physical and financial separation between a Title X program and any activities that fall outside the program's scope. This physical and financial separation will ensure compliance with the statutory requirement that Title X funding not support programs where abortion is a method of family planning—and is consistent with the plain text of Section 1008, legislative history, and case law. In particular, the rule protects against the intentional or unintentional co-mingling of Title X resources with non-Title X resources or programs by amending the Department's regulation finalized on July 3, 2000, (the “2000 regulations”), which required no physical separation and only limited financial separation.
Together, these changes address several concerns of the Department. They address concerns over the fungibility of Title X resources and the potential use of Title X resources to support programs where, among other things, abortion is a method of family planning. They address the potential for ambiguity between approved Title X activities and non-Title X activities and services, which creates significant risk for public confusion over the scope of Title X services, including whether Title X funds are allocated for, or spent on, non-Title X services, including abortion-related purposes. And they address the concern that Title X resources could facilitate the development of, and ongoing use of, infrastructure for non-Title X activities. The Department seeks to protect Title X (and Title X funds) as the only discrete, domestic, Federal grant program focused solely on the provision of cost-effective family planning methods and services. The final rule thus requires physical and financial separation to protect the statutory integrity of the Title X program, to eliminate the risk of co-mingling or misuse of Title X funds, and to prevent the dilution of Title X resources.
This rule facilitates the legal and ethical use of taxpayer dollars by implementing reporting requirements with respect to the use of Title X funds. The 2000 regulations do not require grantees to submit significant information to the government about their subrecipients, referral agencies, or other partners to whom Title X funds may flow. This lack of reporting can be a significant barrier to the Department's ability to ensure Title X funds are directed only to Title X activities. Accordingly, the final rule requires that Title X grant applicants include, as part of their applications, a list of all planned subrecipients, detailed descriptions of the extent of services and collaboration with subrecipients, and a clear explanation of how the applicant, if successful, would conduct an oversight program with respect to its subrecipients.
To increase program integrity, the Department will also increase various monitoring and reporting requirements. Under the final rule, grantees will be required to receive approval for any change in the use of grant funds, and to fully account for and justify charges against the Title X grant. The final rule will also increase monitoring requirements to better ensure appropriate billing practices. And because the 2000 regulations offer scant guidance on the Anti-lobbying Act and appropriations law provisions applicable to Title X, this final rule will require Title X grantees to provide assurances satisfactory to the Secretary that they both understand and agree to the prohibition against lobbying and political activity in the Title X project.
The Department believes that these changes will ensure that OPA has the information necessary to determine whether Title X projects, grantees, and subrecipients are compliant with the statutory and regulatory provisions applicable to the program.
This rule finalizes several regulatory provisions designed to ensure that the requirements of the Title X regulations are consistent with certain laws that protect the conscience rights of individuals and entities who decline to perform, participate in, or refer for, abortions. The 2000 regulations require Title X projects to provide abortion referral
Under the final rule, the Title X regulations no longer require pregnancy counseling, but permits the use of Title X funds in programs that provide pregnancy counseling, so long as it is nondirective. Nondirective pregnancy counseling is the meaningful presentation of options where the physician or advanced practice provider (APP)
Accordingly, this final rule eliminates the abortion counseling requirements in the 2000 regulations, consistent with the Department's interpretation of federal conscience laws and Section 1008. This rule continues to allow nondirective pregnancy counseling, as discussed in more detail below.
This rule finalizes the revocation of the requirement that Title X projects refer for abortion, and finalizes the prohibition against using Title X funds to refer for abortion as a method of family planning, or to perform, promote, or support abortion as a method of family planning. Although the 2000 regulations require Title X programs to refer for abortion when requested by a client,
This rule finalizes the requirement that Title X programs and providers comply with State and local sexual abuse reporting requirements, as well as the requirement for training and clinic protocols on such requirements and related issues, to ensure that Title X providers meet the applicable statutory and regulation reporting requirements of the Title X program and treat the survivors of sexual abuse and assault with dignity and compassion, without hindering State and local efforts to prevent sexual abuse.
As established in § 59.17 of this final rule, Title X providers are required to comply with all State and local laws regarding notification or reporting of child abuse, child molestation, sexual abuse, rape, incest, intimate partner violence, or human trafficking. The 2000 regulations permit the use of confidential information obtained by project staff to comply with State and local reporting requirements,
As part of prevention, protection, and risk assessment efforts, grantees and subrecipients are required to include in such plans, protocols to identify individuals who are victims of sexual abuse or targets for underage sexual victimization and to ensure that every minor who presents for treatment is provided counseling on how to resist attempts to coerce minors into engaging in sexual activities.
This rule finalizes requirements that Title X providers encourage appropriate family participation in family planning decisions, as required by Federal law.
This rule updates and expands the review and scoring criteria applicable to grant applications, to ensure the criteria serve as a meaningful instrument to assess the quality of the applicant and the application. The 2000 Title X regulations set forth application review criteria that give the Department significant flexibility in determining awards but lack rigor, making it possible for less qualified applicants to garner high scores and affording the Department little help in selecting strong Title X grantees. The amended and revised § 59.7 ensures that successful applicants both meet the statutory requirements of the Title X program and are adequately responsive to the statutory goals and purposes of the Title X program. Under this rule, any grant application that does not clearly address how the proposal will satisfy the requirements of the rule would not proceed to the competitive review process, but would be deemed ineligible for funding.
The Department will explicitly summarize each requirement of the Title X regulations (or include the entire regulation) within the Funding Announcement and will require applicants to describe how they affirmatively comply, or would affirmatively comply with each provision. Once an applicant successfully demonstrates such affirmative compliance with the Title X regulations (a yes/no issue), the Department will consider each applicant competitively according to the criteria set forth in the regulation. The first criterion ensures that the project offers a broad range of acceptable and effective family planning methods and services and does not use abortion as a method of family planning. The second criterion looks at the relative need of the applicant and whether the applicant will make rapid and effective use of the funds. The third criterion takes into account the number of patients being served, while also considering the availability of family planning services in the proposed area. The fourth criterion considers the extent to which the services are needed in that local area and if the applicant proposes innovative ways to provide services to unserved or underserved patients. These provisions better achieve the statutory requirements and goals of Title X and increase competition and rigor among applicants, encouraging broader and more diverse applicants and better ensuring the selection of quality applicants.
This rule formally revokes the 2016 amendments to the Title X eligibility requirements. In 2016, the Department finalized a rule that amended Title X eligibility requirements, prohibiting any grantee/recipient making service subawards as part of its Title X project, from excluding an entity from receiving a subaward for reasons other than its ability to provide Title X services. Compliance With Title X Requirements by Project Recipients in Selecting Subrecipients, 81 FR 91852, 91859-91860 (Dec. 19, 2016) (adding paragraph (b) to 45 CFR 59.3) (the “2016 regulation”). The Department's stated reason for issuing the rule was to respond to new approaches to competing or distributing Title X funds that were being employed by several States.
Title X of the Public Health Service Act, 42 U.S.C. 300 through 300a-6, was enacted in 1970 by Public Law 91-572, 84 Stat. 1504. As amended, it authorizes the Secretary of Health and Human Services, among other things, “to make grants to and enter into contracts with public or nonprofit private entities to assist in the establishment and operation of voluntary family planning projects which shall offer a broad range of acceptable and effective family planning methods and services (including natural family planning methods, infertility services, and services for adolescents).” 42 U.S.C. 300(a).
Presently, the Title X program funds approximately 90 public health departments and community health, family planning, and other private nonprofit agencies through grants, supporting delivery of family planning services at almost 4,000 service sites.
Section 1008 of the Act contains the following prohibition, which has not been altered since it was enacted in 1970: “None of the funds appropriated under this title shall be used in programs where abortion is a method of family planning.” 42 U.S.C. 300a-6. The Conference Report described the purpose of this provision as follows:
It is, and has been, the intent of both Houses that funds authorized under this legislation be used only to support preventive family planning services, population research, infertility services, and other related medical, information, and educational activities. The conferees have adopted the language contained in section 1008, which prohibits the use of such funds for abortion, in order to make clear this intent.
Since it originally created the Title X program in 1970, Congress has, from time to time, imposed additional requirements on it, including the following:
• Requirement that “all pregnancy counseling shall be nondirective.”
• Obligation to ensure that Title X funds “shall not be expended for any activity (including the publication or distribution of literature) that in any way tends to promote public support or opposition to any legislative proposal or candidate for public office.”
• Requirement that Title X (1) projects provide distinct services for adolescents;
• Condition that, “[n]otwithstanding any other provision of law, no provider of services under Title X of the PHS Act shall be exempt from any State law requiring notification or the reporting of child abuse, child molestation, sexual abuse, rape, or incest.”
On February 2, 1988, the Secretary of Health and Human Services promulgated Title X regulations (the “1988 regulations”) to give specific program guidance regarding the statutory prohibition on the use of Title X funds in programs where abortion is a method of family planning.
The 1988 regulations were upheld on both statutory and constitutional grounds by the United States Supreme Court in
The Court further upheld the prohibition on abortion counseling and referral, as well as the requirement of physical and financial program separation, as consistent with the First Amendment.
The 1988 regulations were operative until February 5, 1993, when President Clinton suspended them pursuant to a Presidential Memorandum, The Title X “Gag Rule”, 58 FR 7455 (Feb. 5, 1993), and the Department issued a proposed rule, Standards of Compliance for Abortion-Related Services in Family Planning Service Projects, 58 FR 7464 (Feb 5, 1993), that it finalized seven years later as the 2000 regulations.
On December 19, 2016, the Department finalized a rule that amended Title X eligibility requirements, requiring that no grantee making subawards for the provision of services as part of its Title X project prohibit an entity from receiving a subaward for reasons other than its ability to provide Title X services. 81 FR 91852, 91860 (Dec. 19, 2016). The Department's stated reason for issuing the rule was to respond to new approaches to competing or distributing Title X funds that were being employed by several States. The 2016 regulation took effect on January 18, 2017, but was nullified under the Congressional Review Act, when the President signed the Joint Resolution of Disapproval, on April 13, 2017.
On June 1, 2018, the Department published a proposed rule in the
• Clearly delineates a bright line between Title X and non-Title X activities;
• provides grantees direction on how to ensure that no Title X funds are expended where abortion is a method of family planning;
• increases the ability of applicants to receive funding for innovative projects that propose to serve underserved and unserved populations; and
• offers additional protection to patients who may be victims of child abuse, child molestation, sexual abuse, rape, incest, intimate partner violence, and human trafficking.
The Department provided a 60-day public comment period for the proposed rule that closed on July 31, 2018. The Department received over 500,000 public comments,
The Department proposed to revise the authorities cited for the regulations at 42 CFR part 59, subpart A, from “42 U.S.C. 300a-4”, to “42 U.S.C. 300 through 300a-6”. Some commenters support the Department's authority to modify Title X regulations. Other commenters contend that the Department does not have authority to make various changes. The Department has legal authority under section 1006 of the Public Health Service Act, 42 U.S.C. 300a-4, to promulgate and amend regulations to implement the Title X family planning program, and sections 1001 through 1008 of the Public Health Service Act (42 U.S.C. 300 through 300a-6) include substantive provisions which the Department implements through such regulations. The Department has repeatedly exercised its authority to issue regulations to guide Title X grantees in carrying out the program. Section 1006 of the Act states that “[g]rants and contracts made under this title shall be made in accordance with such regulations as the Secretary may promulgate,” and section 1001 also specifies that the Secretary shall by regulation specify certain rights to apply for grants or contracts. The grant of regulatory rulemaking authority in section 1006 is sufficient authority to support all of the requirements adopted through this final rule. However with respect to various details of these final rules, the Department also relies on section 1008 and other directives throughout the Title X statute, as well as appropriations provisos and riders governing the Title X program. The final rule is designed to refocus the Title X program on its statutory mission—the provision of voluntary, preventive family planning services specifically designed to enable individuals to determine the number and spacing of their children—while clarifying that women must be referred for appropriate, medically necessary care identified during preconception screening and for prenatal care services, since such care is important for both the health of the women and for healthy pregnancy and birth. The Department believes this final rule provides appropriate guidance for compliance with such requirements.
Therefore, the Department finalizes, without change, its proposed revision to the authorities cited for 42 CFR part 59, subpart A.
Comments supporting or challenging the Department's authority to make particular changes are discussed in more detail in the relevant sections below.
While many comments were specific to certain sections of the proposed rule, a sizeable number were more general in nature, or commented on portions of the preamble, including content in the background, the need for change, and the statutory authorities sections. Those comments are summarized here, together with responses by the Department. Many related comments are addressed in greater detail further below, within the discussion of specific provisions of the regulation.
The Department received comments expressing diverse and conflicting views on the proposed rule. Many commenters support the language of the rule as proposed, so as to prevent taxpayer dollars from being used to pay for activities related to abortion, contrary to the Title X statute, and to provide the necessary transparency to assure Title X funds are not used for abortion or abortion-related costs. Other commenters assert that proposed changes could reduce access to services, especially for the most vulnerable populations. Some commenters note that the proposed rule closely mirrors the 1988 regulations, while others object to the proposed rule's provisions, particularly on certain abortion referrals, and the similar but broader provisions in the 1988 regulations, and point out that those provisions were never fully implemented. Some commenters support the proposed rule as providing much needed clarification to ensure adherence to the original intent of Title X and to correct the regulations that were issued in 2000. Other commenters contend that the proposed rule is unnecessary, unjustified, unethical, and was proposed without evidence of need.
Some commenters raised legal objections to the rule. Several comments contend the Department's proposed rule is contrary to congressional intent, violative of State sovereignty, and inconsistent with the First Amendment rights of Title X grantees and the Fifth Amendment rights of women. These commenters assert that women have a constitutional right to abortions, and health care workers have a responsibility to counsel individuals on the full scope of family planning options.
Commenters assert that the proposed changes create ethical and legal risks,
Others argue that the proposed rule would make it difficult to meet national performance measures for the Title V Maternal and Child Health Services Block Grant, which serve as a measure of our country's progress on adolescent annual preventive medical visits. Still other commenters argue the proposed rule violates the APA on multiple grounds, including that the rule is arbitrary and capricious, and they assert that the Department has not provided adequate reasons for its rulemaking by examining the relevant data and articulating a satisfactory explanation for its action, including a rational connection between the facts found and the choices made. Several commenters urge the Department to withdraw the proposed rule. Some commenters contend the rule is not legally supportable and that, if the Department finalizes the rule, it will be challenged in court.
In contrast, other commenters argue that the proposed rule closely tracks the 1988 regulations, which were upheld on both statutory and constitutional grounds by the Supreme Court. Those commenters argue that the proposed rule is just as constitutional now as it was then, and observe that many other cases have affirmed the principle that the government is not obligated to fund or facilitate abortions.
Numerous commenters state that the Department has spent much time and effort to craft a solution where there is no problem to be addressed. They claim Title X has never funded abortions, and Title X providers fully understand what the statutes and 2000 regulations require. They state that examples of the misuse of Title X funds are not well founded. Several commenters state that, under the comment filing deadline of July 31, 2018, they were unable to evaluate the full extent of the impacts of the Notice of Proposed Rule Making (NPRM) on affected communities. These commenters requested that the Department extend the comment period an additional 60 days, or to October 1, 2018. They contend this extension would provide the Department more time to hear from impacted populations on changes to Title X. One commenter contends their extension request was due to the Department rushing the publication of the proposed rule, and engaging in insufficient public engagement with stakeholders prior to the release of the rulemaking. Another commenter mentions they were requesting an extension because they experienced issues with submitting their comments electronically.
The Department believes that the final rule represents a better interpretation of the statutory provisions applicable to the Title X program than the 2000 Regulations. The rule permits and will encourage better and closer compliance with these legal obligations on the part of grantees and their subrecipients. The Department agrees with comments stating that the proposed rule is necessary to protect the integrity of the Title X program, and the Department has authority to take such action, as discussed above and supported by case law.
The Department agrees with comments that section 1008 establishes a broad prohibition on funding, directly or indirectly, activities that treat abortion as a method of family planning.
The Department believes that the final rule is a reasonable interpretation of the Title X statute and applicable laws in light of the express statutory terms, legislative history, and case law regarding the implementation and enforcement of provisions such as section 1008. The express terms in section 1008 reasonably support the Department's conclusion that there must be a separation between Title X projects and funds and any project where abortion is a method of family planning.
The Department disagrees with commenters who contend the proposed rule (or this final rule) violates the Constitution and the intent of Title X. The Supreme Court rejected similar constitutional challenges to the 1988 regulations. As an initial matter, it upheld the statutory limitation of Title X funds to programs where abortion is not a method of family planning, concluding that “[t]here is no question but that the statutory prohibition contained in § 1008 is constitutional” because Congress “may `make a value judgment favoring childbirth over abortion, and . . . implement that judgment by the allocation of public funds.' ”
The Department disagrees with commenters contending the proposed rule, to the extent it is finalized here, infringes on the legal, ethical, or professional obligations of medical professionals. Rather, the Department believes that the final rule adequately accommodates medical professionals and their ethical obligations while maintaining the integrity of the Title X program. In general, medical ethics obligations require the medical professional to share full and accurate information with the patient, in response to her specific medical condition and circumstance. Under the terms of this final rule, a physician or APP may provide nondirective pregnancy counseling to pregnant Title X clients on the patient's pregnancy options, including abortion. Although this occurs in a postconception setting, Congress recognizes and permits pregnancy counseling within the Title X program, so long as such counseling is nondirective. The permissive nature of this nondirective pregnancy counseling affords the physician or APP the ability to discuss the risks and side effects of each option, so long as this counsel in no way promotes or refers for abortion as a method of family planning. It permits the patient to ask questions and to have those questions answered by a medical professional. Within the limits of the Title X statute and this final rule, the physician or APP is required to refer for medical emergencies and for conditions for which non-Title X care is medically necessary for the health and safety of the mother or child.
The Department appreciates comments expressing concern about administrative reporting burdens on FQHCs who receive funding under both Section 330 and Title X. However, different federal programs often have different reporting and other requirements, depending on the specific statutory requirements and constraints. The fact that some federal grant programs may require more (or less) to qualify for funding is an appropriate reflection of Congressional direction. The Department is mindful of the administrative burden when establishing requirements for federal grant programs and seeks, as possible, to impose substantially the same administrative requirements on grant programs. However, it is under no obligation to impose the same requirements for multiple grant programs; rather, it is guided by the statutory requirements placed by Congress regarding each individual federal grant program. To the extent that requirements overlap, the Department believes that no additional burden results because the information can be readily shared within the grantee organization. Where the Title X program imposes additional requirements, these additional requirements are the result of specific statutory requirements applicable to the Title X program. The Department believes that these additional requirements are reasonable in light of those specific statutory requirements and the Department's need to ensure compliance with such requirements.
The Department also believes that concerns that Title X will conflict with Section 330's voluntary family planning requirements are unfounded. This final rule continues the historical Title X emphasis that family planning must be voluntary—the definition of “family planning” adopted by the final rule and, thus, applicable to the Title X program explicitly states that “family planning methods and services are never to be coercive and must always be strictly voluntary.” This final rule also confirms the statutorily mandate that a “broad range” of family planning methods and services be available under Title X. This requirement also supports the voluntary
The Department does not agree that the final rule will impede the ability of States and jurisdictions to meet the national performance measure (NPM) for annual adolescent preventive well visits for the Title V Maternal and Child Health Services Block Grant. Some commenters contend that any limitation on a patient's ability to access affordable health care at their preferred site of care for family planning services or to meet with the provider of their choice for preventive health care will impede States' ability to meet their goals for the well-woman visit NPM and the adolescent well-visit NPM for Title V. But by encouraging Title X projects to offer either comprehensive primary health care services onsite or have a robust referral linkage with primary health care providers who are in close proximity to the Title X site, the Department believes this final rule should reinforce States' ability to meet their goals for well-woman and adolescent well-visit NPMs. Furthermore, the Department does not believe that the rule will limit the ability of individuals to access affordable health care; thus, achievement of the NPM will remain unaffected by the changes in regulation. The Title X program currently provides services to adolescents and will continue to provide these services.
The Department agrees with comments stating that demonstrated abuses of Medicaid funds do not necessarily mean Title X grants are being abused and did not make that argument in the proposed rule. Rather, the Department believes that examples of abuse in other Federal programs help illustrate the need for clarity with respect to permissible and impermissible activities in connection with the Title X program and Title X funds, especially where the 2000 regulations foster confusion and ambiguity.
The Department's reasons for deciding to revise the 2000 regulations go beyond evidence regarding abuses of Medicaid funds by entities that are also Title X grantees or subrecipients, and are discussed in more detail below. These additional reasons include the Department's view that Title X grantees must be financially transparent and accountable throughout the grant disbursement process, rather than only after the grant is spent. The Department has a compelling interest in ensuring that, from the moment of disbursal, Title X funds are used only for permissible activities under the Title X statute,
The Department also seeks to remedy the potential for confusion, under the 2000 regulations, about whether Title X funds can be, or are being used, in a project where abortion is a method of family planning. It does so by finalizing the rule to strengthen the requirements for financial separation and to preclude shared physical space and staff with respect to abortion. It also does so by improving grant monitoring, including fiscal and internal controls, to prevent the misuse of taxpayer funds. The Title X program is not unique in the need for such grant monitoring to identify and prevent such misuse. However, particularly because providing abortion as a method of family planning has been statutorily prohibited,
In response to commenters who contend the rule will be challenged in court, the Department believes the Supreme Court's decision in
The Department disagrees with commenters who state that the 60-day comment period was insufficient. The APA does not have a minimum time period for comments, and 60-day comment periods are used for large numbers of very significant rules, including rules that contain far more complicated and complex proposed requirements. The comment period closed 60 days after publication of the proposed rule in the
Several commenters state that the rule gives unprecedented information and regulatory authority to the Department regarding Title X grantees and subrecipients. Some commenters assert that the regulations attempt to give the Department unchecked discretion to disqualify applications. Several commenters contend the proposed rule would impose burdensome and redundant bureaucratic responsibilities on grantees and would limit the participation of certain providers. Some commenters object to the application of the rule to subrecipients, contending it will impose unacceptable burdens on subrecipients and drive qualified providers from Title X projects.
One commenter believes that treating grants and contracts equally will circumvent fair contracting rules, expediting allocation of funds to organizations and programs that do not submit applications as part of a competitive procurement or that will not be required to follow program regulations, including basic eligibility guidelines. The commenter states that, if implemented, this change could drastically alter the landscape of Title X providers, potentially allowing, among other things, for-profit organizations and health care providers that do not meet the highest standards of quality care to be awarded federal funds through a non-competitive process. One commenter states the proposed rule does not adequately discuss the regulatory or economic impact of applying the same requirements of contracts as family planning grants to entities, as contract and grant regulations differ.
One comment states that the proposed rule does not address whether Title X funds used for contracts would offset funds used for grants.
The Department also does not agree with some commenters contending that these regulations are unnecessary, redundant, or overly burdensome. As discussed more below, the Department has a duty to ensure that Title X funds are spent in accordance with statutory requirements; that duty applies equally to Title X funds used by grantees and subrecipients. The final rule helps the Department fulfill that duty and thereby to ensure the proper accounting of Title X funds. The Department believes there has been insufficient transparency and accountability in the use of taxpayer funds because grantees have not been required to provide the Department with sufficient information about subrecipients, to ensure monitoring for potential misuse of funds, or to address express statutory program integrity provisions and limitations (including a Title X specific appropriations provision) that, among other things, prohibit the use of taxpayer funds for political activity or lobbying. The final rule will redress these insufficiencies and improve the transparency and accountability that surrounds the use of Title X funds.
The Department concludes that the final rule appropriately requires that the program integrity provisions of Title X family planning program apply to projects whether they are established by grants or contracts and to any entity receiving Title X funds. The Department disagrees that the application of Title X regulations to the execution of contracts is an exercise of improper or unprecedented regulatory authority. Title X authorizes the Secretary to carry out the Title X program by entering into contracts with, or issuing grants to, public or private nonprofit entities and to promulgate regulations governing grants and contracts issued in the program. 42 U.S.C. 300(a), 300a-4. Thus, the Department has the authority to issue regulations governing the program, including provisions that apply statutory requirements both to grantees and contractors, and subrecipients of Title X funds. With respect to subrecipients, since grantees in most instances do not directly provide Title X services, the only way to ensure compliance with the statutory and regulatory requirements is to require the inclusion of provisions in contracts with, or grants to, subrecipients that require such compliance. Such flow-down requirements are a commonly used mechanism in the Department's grant programs to ensure that the programs are properly implemented. The Department believes that ensuring Title X funds are expended by subrecipients consistent with the statutory and regulatory parameters is a responsibility that all Title X grantees reasonably assume when they extend the financial benefits of the program to another party.
The Department disagrees with commenters that challenge the Department's oversight role in the proposed rule. Title X grantees must ensure adequate oversight of Title X funds, including the use of those funds by subrecipients. The statutory restrictions imposed on the use of Title X funds cannot be avoided by distributing the funds to subrecipients. The Department is committed to ensuring all rules governing Title X funds are applied to both primary grantees and subrecipients. The Department does not agree with commenters who state that the administrative cost of ensuring that subrecipients are compliant with Title X is overly burdensome. Although there may be additional costs involved with these oversight measures, specifying that grantees are responsible for ensuring the compliance of their subrecipients does not add an additional requirement; it merely makes more explicit the fact that grantees are already responsible for ensuring the compliance of their Title X projects with the statutory and regulatory requirements applicable to Title X projects. The specific oversight measures required by this final rule are reasonable and necessary to ensure such compliance with the Title X requirements and proper accountability of Title X funds. The costs associated with those measures are detailed below.
The Department disagrees that the rule will exclude qualified providers from providing Title X services since any eligible organization may apply to provide Title X services, so long as it complies with the requirements set forth in the statute, related regulations, and the funding announcement. The Department disagrees with commenters who suggest oversight will hinder the participation of health centers, except to the extent that they are not compliant with Title X requirements. An organization that qualifies under Title X to provide statutorily appropriate services may also provide non-Title X services, so long as they do so in a manner that complies with the Title X regulations. The Department believes that the provisions of the final rule will result in expanded preconception family planning options available to individuals consistent with the Title X program's explicit mandate.
The Department has considered the comments that express concern about the proposed language that treats Title X contracts and grants equally, but concludes that a plain reading of the statute supports that approach. Title X authorizes the Secretary to award grants and/or enter into contracts to establish and operate voluntary family planning projects—and then authorizes the Secretary to adopt regulations to implement the Title X program.
Accordingly, regardless of whether the Department enters into a grant or contract, requirements of the Title X program shall apply, except for §§ 59.4, 59.8, and 59.10. For example, the Department interprets section 1008 of Title X to require certain restrictions concerning abortion referrals, and physical and financial separation between Title X activities and activities not permitted under the Title X statute. That interpretation would apply to project activities whether they are undertaken by grant or by contract. This regulatory provision applying certain sections of this rule to contracts is necessary to ensure consistency in the implementation and enforcement of Title X statutory program integrity provisions if a project is implemented through the issuance of a contract.
The Department notes comments that draw distinctions between grants and contracts in the general regulatory system and how they serve different purposes. The Department recognizes these differences exist, but for reasons stated above, believes it necessary to ensure the basic requirements of the Title X program are consistent. Title X authorizes the Secretary to enter into contracts, not just grants, to implement the program.
The Department disagrees with commenters who contend the proposed rule would circumvent ordinary procurement procedures. The Department's purpose in adding the provision on its ability to carry out a Title X program/project by contract was not to evade or avoid the substantive requirements imposed by Title X or these regulations—the Department, for example, could not contract with a for-profit entity to carry out a Title X program or project because that would be inconsistent with 42 U.S.C. 300(a)—but to confirm that contracts to implement the Title X program must be consistent with, and implement, the substantive requirements entailed in these regulations, including those related to the prohibition on the use of funds for projects where abortion is a method of family planning. If the Department enters into contracts, it would do so based on other rules generally applicable to contracts, except as specified in the Title X statute or these regulations. Thus, for example, any contracts issued under Title X would continue to be competitive to the extent required by law and regulation. To make that clear, the proposed rule would provide that certain sections of part 59 subpart A would not apply to contracts because those sections address processes specifically applicable to grants and grant applications. The substantive requirements of the other sections of the subpart, in contrast, would apply to Title X projects or programs, regardless of whether they are carried out by grant or contract.
Accordingly, the Department expects both grantees and contractors to ensure that Title X funds are spent on statutorily appropriate activities. The proposed rule and this final rule help to ensure that this expectation is met by formalizing those requirements and that process.
One commenter had inquired about how the issuance of a contract to implement a Title X project would affect Title X grants. Since the funds for the program are fixed by appropriations, funds used for contracts in a given fiscal year would not be used for grants, and vice versa. Thus, Title X funds used for contracts would be offset from funds used for grants, as stated in the proposed rule.
The Department finalizes this definition with changes, including clarifying the role of adoption as a family planning activity by permitting Title X providers to provide information about or referrals for adoption as a Title X service; increasing the understanding that family planning must not be coercive and must always be voluntary; and by making technical edits for consistency and readability.
Some commenters oppose the explicit exclusion of abortion in the definition. One commenter notes that abortion does impact the number and spacing of children and should not be excluded from the meaning of family planning. Such commenters state that couples use abortion as a method of family planning to determine their desired number of children or to space them. They contend that excluding abortion from the definition by labeling it postconception care reflects a failure to consider who may want or need to have an abortion. Additionally, one commenter states that the last sentence of the new definition should be stricken because reducing abortion was not the intent of the enabling legislation. Some commenters suggest the definition creates ambiguity concerning abortion that is not used as a method for family planning.
Many commenters ask the Department to eliminate language that mentions natural family planning and fertility awareness-based methods (FABMs), contending that the definition prioritizes those methods over other contraceptive methods. Such commenters worry that the definition de-emphasizes contraception in favor of abstinence, natural family planning, and fertility awareness-based methods that the agency has long recognized are less-effective methods of family planning. Commenters also contend, for example, that fertility awareness-based methods do not fit everyone's lifestyle and are ineffective for many women; that abstinence programs are ineffective and ignore the needs of participants already engaged in sexual activity; that avoiding sex as a family planning method conflicts with CDC, WHO, and UN definitions of family planning; and directing Title X funds towards natural family planning is unnecessary as 93% of sites report offering it and less than 0.5% of female Title X contraceptive users rely on it.
Some commenters ask, in the alternative, that if the Department does not eliminate language that mentions natural family planning, the Department instead clarify whether it intends to prioritize and promote natural family planning and other FABMs for Title X patients over other contraceptive options, and if so, to provide its justification, and explain why that would not undermine patients' ability to obtain voluntary care free from coercion. Some commenters also state that the proposed language may “blur the lines” between choices, methods,
One commenter says the definition of family planning should ensure that women have sufficient access to evidence-based family planning and sexual health information, and the full range of medically accepted forms of contraception, in order to avoid issues that may arise in light of the new definition of family planning. Commenters express concern that the definition would leave many women without access to contraception or the most effective methods to prevent pregnancy. Other commenters oppose the definition of family planning because they contend negative impacts will result, such as driving some providers out of business; increasing the incidence of unintended pregnancy; increasing the incidence of sexually transmitted diseases; leading to grantees offering a more limited scope of services, making it difficult for patients to receive care they need; and leading to increased costs on the health care system as the result of unintended pregnancies.
One commenter supports including only preconception services in the definition of family planning, and states that the definition empowers the Department and Title X providers to provide comprehensive services. Another commenter similarly states that, by placing postconception care beyond the scope of Title X, and by expressly excluding abortion from the definition of family planning, the definition reorients Title X towards its intended purpose.
Other commenters oppose including only preconception services in the definition. One commenter contends that excluding postconception care disrupts the continuity of care for family planning clients. The commenter additionally states the limitation is contrary to national standards that promote early access to prenatal care. Another commenter argues that the government is discriminating against women who seek abortions by defining the practice as postconception care and excluding this type of care from the definition of family planning, but then requiring projects to refer all pregnant woman for prenatal care.
Some commenters request that the Department eliminate language referring to adoption. Commenters assert that the management of infertility, including adoption, exceeds the intent of the program as its inclusion is beyond the language of the Title X statute. Including adoption would put a strain on the program, commenters contend, as it would redirect a large amount of Title X funds. Additionally, commenters contend adoption is a postconception activity, and say its inclusion in the definition contradicts the definition's statement that family planning only includes preconception activities.
Some commenters also argue that excluding abortion is a violation of the First Amendment's religion clauses due to preferring some religious ideas over others and enforcing religion with the power of the government. They contend excluding abortion, and in their view emphasizing natural family planning, is characteristic of particular religious views.
Finally, one commenter states that the rule does not make it clear whether female or male sterilization services are considered within the scope of family planning methods, and contends they are consistent with the goal of determining the number and spacing of one's children.
Given the statutory emphasis on family planning, the Department believes defining the phrase is important to ensure a coherent and reliable implementation of Title X, consistent with carefully considered statutory parameters. The Department disagrees with commenters who contend there is little support for creating the definition for family planning because no violations have been identified. The Department does not have to identify violations in order to interpret a statutory term. The Department deems it useful to develop and maintain a definition of family planning, in order to establish the scope of the Title X family planning program, to ensure consistency across the program, and to meaningfully ensure that the family planning projects implemented under Title X grants and/or contracts provide a broad range of family planning methods and services, consistent with the Title X statute. The Department believes it is appropriate to exercise its rulemaking authority to define family planning as a term important to the scope of the Title X projects, the development of grant applications, and the issuance of grants and contracts in the Title X program.
Moreover, the Department notes that the definition will address in part its concern that the requirement for abortion referrals, as provided in the 2000 regulations, violates or leads to violations of section 1008's prohibition on funding Title X projects where abortion is a method of family planning. Concerns about family planning methods being used indirectly to violate requirements of the program dates back at least to the 1988 regulations. There, the Department stated, in § 59.14, that a “Title X project may not use prenatal, social service or, emergency medical or other referrals as an indirect means of encouraging or promoting abortion as a method of family planning . . .” 53 FR at 2945. This provision was upheld by the Supreme Court.
The Department disagrees with the many commenters that oppose defining “family planning” to exclude abortion and that urge the Department to define the term to include abortion. Such commenters appear to be either unaware of, or confused about (or to have intentionally ignored), the fact that Title X explicitly excludes
Some commenters ask how the definition applies to abortions that are not used as a method of family planning. Section 1008 prohibits funding Title X projects where abortion is a method of family planning, but does not preclude referral for services to address health issues or conditions where treatment constitutes a medical necessity. In addition, annual Title X appropriations law has consistently barred the expenditure of Title X funds for abortion.
Taking those provisions, the annual appropriations provision, and section 1008 together, the Department has concluded that Title X projects may allow a physician or APP to provide nondirective counseling on abortion generally as a part of nondirective pregnancy counseling, and may refer for abortion for documented emergency care reasons, but may not refer for abortion as a method of family planning. Similarly, the nondirective pregnancy counseling can include counseling on adoption, and corresponding referrals to adoption agencies. As a consequence, the Department considers it appropriate to define “family planning” as (1) excluding abortion, (2) permitting the provision of nondirective pregnancy counseling (including abortion and adoption), and (3) including and requiring Title X projects to refer for prenatal care services.
The Department disagrees with commenters who oppose the last sentence of the definition because, in the commenters' view, Congress's intent in Title X did not include the reduction of abortion.
Defining family planning, for the purposes of Title X, to exclude abortion, and as being, at least in part, for the purpose of reducing abortion, does not suggest that Title X projects may engage in directive pregnancy counseling to reduce abortion. As discussed below, when a Title X physician or an APP engages in pregnancy counseling, such counseling must be nondirective. But the fact that reducing abortion is not a goal of pregnancy counseling under Title X does not mean that the Department's provision and promotion of family planning in all other contexts cannot be undertaken, in part, for the purpose of reducing the incidence of abortion. When the Department funds Title X projects that provide a broad range of family planning methods and services to prevent pregnancy, the results will likely include, among other things, a decrease in pregnancy and with it, a decrease in the incidence of abortion as a method of family planning.
The Department disagrees with commenters who oppose the
The term “fertility awareness-based methods” is a more recent term that refers to the same general kind of family planning methods that Congress intended when it included “natural family planning” in the Title X family planning program. The science of natural family planning methods, and other family planning methods (including contraceptives), has advanced significantly since Congress enacted Title X in 1970. As explained further below, the term “fertility awareness-based methods” includes similar family planning methods and services captured by the term “natural family planning” in the statute. But for greater clarity as to the scope of the program, the Department finalizes the definition as proposed to mention fertility awareness-based methods alongside natural family planning.
The Department agrees with commenters who support Congress's inclusion of natural family planning methods in Title X. Some commenters point out that very few women use natural family planning methods within Title X, but there is insufficient information on why this may be the case. It may be that the method is not presented by a clinic as a meaningful option or it may be that staff are not adequately trained in the method. In general, an increasing number of persons are choosing natural family planning methods,
In response to this and other sections of the proposed rule, some commenters contend natural family planning or fertility awareness-based methods should be excluded from Title X projects because they are not effective. The Department does not find the exclusion of such methods to be consistent with the direction of Congress in section 1001(a), which explicitly includes natural family planning in the range of family planning methods provided through Title X. The commenters also provide no evidence to conclude that natural family planning is categorically ineffective, even if such a conclusion could overcome the statutory language including natural family planning as among the methods of family planning that may be offered in a Title X project. These commenters do not acknowledge that, in the last 40 years, the science behind, and efficacy of, fertility awareness-based methods has improved significantly, leading to FDA approval of certain medical products involving such methods and to increased utilization of these methods.
The Department similarly disagrees with commenters who oppose including choosing not to have sex as a method of family planning. Choosing not to have sex, either for a long period of time or for selected intervals, or choosing not to have sex as often or with as many sexual partners, is clearly a preconception method of family planning for reducing unintended pregnancy. In addition, choosing not to have sex or engaging in sex with a single monogamous partner is protective of preconception health, particularly because it protects an individual from exposure to STDs that may contribute to infertility and negative health outcomes. As a viable method for delaying or avoiding pregnancy altogether, the Department would be remiss if it were to exclude this method, since consistently choosing not to have sex is the most effective way to prevent pregnancy. As with natural family planning, the inclusion of this method within the definition of “family planning” does not invalidate other methods within that definition, nor mean that every Title X clinic has to provide counseling services related to this method of family planning.
The Department therefore disagrees with commenters who contend that recognizing these options within the definition of family planning will diminish an individual's ability to choose another form of family planning. Projects must also provide contraception, and can do so in proportion to the demand for such methods. The individual's free and informed choice to select a family planning method is respected by requiring projects to provide the broad range of family planning options that Congress contemplated in the statute, and to allow individuals to freely select the method they prefer. The definition of family planning merely specifies that these methods are included in the broad range of family planning methods available within each Title X project. Projects may comply with the statutory directive when they include natural family planning in the broad range of family planning methods and services that must be provided. The definition also specifies that family planning is never to be coercive and must always be strictly voluntary. This precludes the conclusion, put forth by some commenters, that including natural family planning or choosing not to have
The Department also notes that this final rule is consistent with the proposed rule, which explicitly includes contraception in the definition of family planning. Contrary to the suggestion of some commenters, the definition does not place a lower priority on contraception as a method of family planning, nor somehow invite Title X providers to pressure clients to use natural family planning instead of contraception. The rule, both as proposed and finalized, will allow funded projects to provide all acceptable and effective Title X family planning methods, while ensuring that participating entities or service sites that wish to offer only a single method or a limited number of methods may also participate in Title X projects, so long as each Title X project, as a whole, provides a broad range of family planning methods and services, including contraception and natural family planning.
Clarifying that those options fall within the program is well within the purview of the Title X program, and ensures individuals' voluntary and informed access to the family planning option of their choice. The Department does not agree that the definition blurs lines between different family planning options, methods, or choices. Rather, the Department agrees with comments suggesting that the new definition of family planning will expand access to a broad range of family planning methods and services and will ensure patients have the ability to make voluntary and informed family planning choices. To provide clarity and ensure that duplicative terms are not interpreted with different meanings, the Department revises the definition by using the words used in the Title X statute, “methods and services,” instead of the word “choices” that was used in the proposed rule. The Department further modifies the sentence “Family planning and family planning services are never coercive and are strictly voluntary” to read “Family planning methods and services are never to be coercive and must always be strictly voluntary.” This clarifies the terms in the sentence and also further aligns the definition with the voluntary requirements set forth in sections 1001 and 1007 of Title X.
The Department acknowledges the concerns of commenters who contend the proposed definition would leave women without access to contraception or other methods of family planning, but believes that these concerns are overstated. The Department is aware of reported success rates regarding various forms of preconception family planning for those engaged in sexual activity. The Department wishes to emphasize that, consistent with the statutory provisions, contraception will continue to be a significant category of family planning methods for Title X projects. This is why the family planning definition specifically mentions contraception among other family planning methods and services and why § 59.5 continues to require a broad range of acceptable and effective family planning methods and services within Title X projects. The Department does not intend to implement or enforce these regulations to have any limiting effect on Title X organizations that offer contraception options if those organizations are otherwise compliant with the Title X grant requirements. The Department believes that the proposed rule broadens access for women seeking preconception family planning options by permitting grantees or subrecipients to provide various or specialized forms of family planning, while also ensuring that projects, as a whole, provide a broad range of family planning methods and services.
The Department finds there is insufficient evidence to support the contention of some commenters that negative impacts will result from the definition, such as driving out some providers, increasing unintended pregnancy, or increasing STDs. The definition encompasses contraception and other methods that these commenters support, and it will not deprive Title X projects of the ability to offer any such methods or services. To the extent commenters believe these negative results will occur because the definition of family planning excludes abortion, and includes natural family planning, both parameters have been mandated by the Title X statute for decades. Any such effect, then, would be attributable to implementing the program as Congress directed.
The Department disagrees with commenters who ask that the definition specify that all family planning methods and services must be “medically approved.” The Department also discusses this issue below concerning the change in such language at § 59.5. When Congress specified what family planning methods and services Title X projects must provide, Congress directed that the methods and services be “acceptable and effective”; it did not specify that they be “medically approved.” The Department also does not understand, and commenters fail to explain, what the addition of “medically approved” to the definition would mean in practice. Family planning methods and services are often provided through licensed health care professionals. Thus, it is true of all family planning methods or services provided by Title X providers that at least one medical professional or clinic has “approved” the method or service, by virtue of providing it to the client. It is not clear what else a requirement of medical approval might mean, or what commenters believe it to mean, if inserted into the family planning definition. For example, would approval by one medical doctor suffice, or would some larger number need to approve, and if so, how many; would certain medical organizations, or governmental organizations, or both, need to approve, and if so, which ones; would a certain level of medical consensus need to exist concerning a particular method or service, and if so, how would the Department measure that consensus; and when doctors and medical organizations disagree either about a family planning method or service, how would that requirement apply? For all of these reasons, the Department does not believe the Title X statute requires the term “medically approved” be included in this definition, and does not believe including it is appropriate. The Department instead relies on the statutory language “acceptable and effective” as sufficiently ensuring that family planning methods and services are appropriate for clients served in Title X projects.
The Department disagrees with commenters who contend the definition of family planning violates the religion clauses of the First Amendment. As discussed in
In response to commenters asking whether family planning includes sterilization, the Department clarifies that acceptable and effective methods of sterilization are a preconception means of implementing an individual's or family's decision as to the number and spacing of births.
The Department agrees with commenters that support the limitation in the proposed definition that family planning does not include postconception health care (as distinct from certain types of postconception counseling/information, such as in the
The Department finds that a distinction between preconception health care services and postconception services is effective and can be more cost-effective. The Department disagrees with commenters who contend limiting family planning to preconception care is contrary to national standards. For the purposes of the Title X program, the limitation to preconception care is appropriate and consistent with Congressional intent. Any concern with national standards is met and addressed by encouraging Title X projects to offer either comprehensive primary health care services onsite or have a robust referral linkage with primary health care providers who are in close proximity to the Title X site. The Department will administer Title X funds to focus on permissible preventive care and preconception family planning, while promoting robust referral networks to ensure that clients have ready access to non-Title X health care services that they need, including treatment for health conditions that are not provided by Title X and for postconception care (other than abortion as a method of family planning).
The Department appreciates and responds to comments raising concern about the inclusion of adoption in family planning services and clarifies the purpose of the rule in this regard, finalizing a change to the language concerning adoption. Adoption is a method by which families can plan their family size, to either increase it, decrease it, relieve burdens attendant to insufficiently spaced children, or deal with infertility (although infertility management is not the only way in which adoption is a method of family planning, and adoption is not the only method of infertility management). Insofar as adoption is considered a preconception method by which families may plan their family size or respond to infertility, it fits comfortably within the broad range of family methods and services contemplated by Title X. Although many commenters focus on the important role of Title X providers in preventing unintended pregnancy through contraception or not having sex, Congress clearly intended Title X to support family planning through more than preventive services, as evidenced by the emphasis on infertility services in Title X.
Moreover, Congress has expressed its intent that postconception adoption information and referrals be included as part of any nondirective counseling in Title X projects when it passed the Children's Health Act of 2000, adding section 330F (“Grants Regarding Infant Adoption Awareness”) to the Public Health Service Act on October 17, 2000. Public Law 106-310, 114 Stat. 1101, sec. 1201, codified at 42 U.S.C. 254c-6 (hereinafter “Infant Adoption Awareness grants”). There, Congress authorized the Department to make grants “for the purpose of developing and implementing programs to train the designated staff of eligible health centers in providing adoption information and referrals to pregnant women on an equal basis with all other courses of action included in nondirective counseling to pregnant women.” 42 U.S.C. 254c-6(a)(1). Congress specified that grantees shall offer that training to Title X grantees and the Secretary shall make reasonable efforts to encourage Title X grantees to participate in that training.
By contrast, because of Congress's primary focus on funding preconception care in Title X, the Department deems the provision of adoption services themselves to be outside the scope of the Title X program. This clarification should address the concern by some commenters about a potential strain on resources of the Title X program caused by the inclusion of adoption in the family planning definition. Title X providers may provide adoption counseling, information, and referral as a voluntary family planning service for non-pregnant clients as a means of addressing health care issues related to
This approach is consistent with the Title X parameters and with the Department's history of implementing Title X. In the 1981 Title X program guidelines, “Program Guidelines for Project Grants for Family Planning Services,” the Department allowed nondirective counseling on, and referral for, adoption and foster care when a woman with an unintended pregnancy requested information on her options. The 1988 regulations continued this support for encouragement of counseling on and referral for adoption. The 2000 regulations required both counseling and referral on adoption, if the client requested such assistance. Given this history and Congress's expressed intent, the Department concludes that Title X funds may facilitate access to adoption through nondirective adoption counseling and referral as a part of the nondirective counseling offered to pregnant clients.
Congress's express intent to include adoption information and referral in Title X projects can be contrasted with its express intent to exclude Title X funding from any projects where abortion is a method of family planning. The Title X statute contains no similar prohibition on funding projects where adoption is a method of family planning, and section 330F requires the Secretary to encourage the inclusion of adoption information and referrals in the Title X program. Similarly, the Title X statute contains no similar prohibition on funding projects that include postconception referrals for prenatal care, which is necessary for pregnancy as a medical condition. Thus, the Department disagrees with commenters contending that the definition improperly discriminates by treating adoption more favorably than abortion. Simply put, abortion is prohibited as a method of family planning within a Title X project and adoption is not. Given Congress's explicit differential treatment of adoption and abortion throughout the applicable statutes, the definition is an appropriate exercise of the Department's authority to promulgate regulations to implement the Title X family planning program.
For all these reasons, the definition of family planning appropriately includes adoption information and referral as a family planning method. To clarify this, in response to questions from commenters about this issue, the Department modifies this aspect of the family planning definition in the final rule by changing “the management of infertility (including adoption)” to “the management of infertility, including information about or referrals for adoption.”
There were no substantive comments regarding this definition.
The Department finalizes the definition of “grantee” in § 59.2 without change, except for minor grammatical corrections.
Commenters support the encouragement of family participation in the family planning decisions of minors, noting that it does not block access to family planning services. Rather, as comments explain, family participation should be the standard for any health care service provided to minors because they do not always know their family history and certain contraceptives are contraindicated for females with certain health conditions. In addition, parents are better able to direct health care decisions for their children if they are aware of other health care services and products that their children are receiving.
Some commenters oppose the definition's requirement that emancipated minors be charged based on their own income only if there is documentation of specific actions taken with respect to each minor to encourage such family participation. Such commenters are concerned this would threaten the confidentiality of these patients, as well as the patient-provider
Many commenters also oppose revising the definition of low income family to include women who are unable to obtain certain family planning services under their employer-sponsored health insurance policies due to their employer's sincerely held religious or moral objections. Many such commenters assert that Title X is already underfunded, and this revision would result in a large number of new Title X patients and could reduce services for actual low income patients, due to limited funds. Many stated that, if the Department does revise the definition, there must be increased Title X funding to account for the new patients.
Commenters who are health care providers note that the Department did not discuss the impacts this change would have on Title X patients and providers. Such commenters stated that the proposed rule did not provide evidence to support the conclusion that the Title X network can absorb the new patient population, nor address how the change would impact current patients. They also contend that the proposed rule did not discuss any financial impacts, operational impacts on projects, or corresponding costs. For example, commenters contend the Department did not explain how women are to show they are in an employer plan with a religious or moral objection to contraceptive coverage. Some Title X providers comment that requiring projects to verify that status would be cumbersome and involve administrative costs. Some commenters ask whether newly eligible patients would be able to obtain other services (
Many commenters object to the new definition on the ground that previous interim final rules concerning contraceptives issued by the Department and the Departments of Labor and of the Treasury in October 2017 are not in effect based on court orders. Such commenters also contend the definition applies to women who are the policyholders of employer-sponsored insurance but not to other beneficiaries of such plans. Commenters further object that the definition does not guarantee coverage for such women but only states the project director may consider her as being from a low income family if good reasons exist under the definition. And commenters object that some women with insurance sponsored by an employer that objects to contraceptive coverage for religious or moral reasons might not have access to a Title X provider.
Some commenters assert that the Secretary does not have the legal authority to deem women as “low income” if their employer-sponsored plans have religious or moral objections to contraceptive coverage. Some commenters object that the definition only encompasses women, not men, whose employer-sponsored plans have religious or moral objections to contraceptive coverage, and they believe the definition does not encompass transgender men. One commenter contends the definition constitutes impermissible government subsidy of religious objections under the Establishment Clause of the First Amendment.
The Department disagrees with the suggestion of some commenters that its revised definition of low income family threatens the confidentiality of unemancipated minors. The revised definition explains that, if a project director seeks to consider only an unemancipated minor's own resources to determine whether the minor seeking confidential services qualifies as a low income family, the project director must document efforts to encourage family participation in the unemancipated minor's decision to seek family planning services. As discussed more fully below, such encouragement is specifically required by Congress and would occur within the context of the provider-patient relationship. Communications in that relationship are already confidential, and communications in which the provider encourages family participation in the minor's decision to seek family planning services would be subject to the same confidentiality requirements.
The Department similarly disagrees with the suggestion that this documentation requirement infringes on the judgment of medical professionals or threatens minors who are in abusive home circumstances. As discussed below, this final rule does not require a Title X provider to encourage family involvement “if the Title X provider has documented in the medical record: (i) That it suspects the minor to be the victim of child abuse or incest; and (ii) That it has, consistent with, and if permitted or required by, applicable State or local law, reported the situation to the relevant authorities.” Situations exist where confidentiality is important, and the Department incorporated those into the proposed rule. Moreover, the rule does not require family participation, but merely the encouragement of such participation. Inserting references to that general requirement in the definition of “low income family” concerning unemancipated minors simply reinforces the already existing statutory requirement—and ensures that Title X providers are actually complying with such requirements. To the extent that there were any infringement on the judgment of medical professionals, it would be the result of requirements imposed on the Title X program by Congress, requirements that the Department merely seeks to faithfully implement.
Some commenters contend the Department lacks statutory authority to include as “low income” patients women who have employer-sponsored health insurance that does not cover contraceptive services based on the employer's religious or moral
For decades, the Department has implemented such regulations by defining “low income family” to mean a family whose total income does not exceed 100% of the Poverty Level guidelines,
This clarification does not, as some commenters contend, contradict the text or intent of the Title X statute. Congress authorized the Secretary to decide what constitutes a “low income family” in the program, and the Department's decades-old decision has allowed project directors to deem families “low income” even if their income exceeds 100% of the Poverty Guidelines. Thus, project directors might conclude based on a particular prospective client's insurance, income, and financial situation that the individual is unable to pay for family planning services. The proposed definition clarifies that a project director may—but is not required to—allow the same treatment for women with health insurance from an employer with a religious or moral objection to contraceptive coverage. And the definition instructs the project director to consider the woman's income in assessing her ability to pay. Thus, under the definition, if a project director concludes that a woman with that insurance status who has an income above 100% of the Poverty Guidelines
Some commenters correctly read the proposed definition to mean the project director may, or may not, deem a particular woman who lacks insurance coverage for contraception because of her employer's religious or moral objection as being from a “low income family,” and they object to the Department giving the director that discretion. They seem to ask that the Department require the project director to deem such women as being from a “low income family,”
The Department rejects that suggestion. It is true that the Department has required, in the “low income family” definition, that a project director “must” consider only an unemancipated minor's own resources if the minor seeks confidential services to determine whether the minor is from a “low income family.” In that way, the Department has previously exercised its regulatory authority to define “low income family” to include some persons who potentially have ability to pay for family planning—namely, minors from families who may have access to funds to pay for family planning services even if they are not employed. But in this case, the Department declines to finalize the definition to require project directors to consider a woman as being from a “low income family” based solely on her employer's religious or moral objection to contraceptive coverage. Some women in such circumstances may be unable to pay for family planning, but others may be able to pay. For example, some may be from families with total incomes well above the poverty level, and their other circumstances may reflect that they are able to pay. The Department wishes to leave this discretion with the project director.
The Department disagrees with commenters who contend the definition is confusing and leaves project directors with insufficient guidance. For decades, the definition of “low income family” has given project directors discretion to determine whether good reasons exist as to why a person cannot pay for family planning. The definition being finalized here provides more guidance, not less, for the project director's exercise of that discretion in the given scenario.
Some commenters object that projects will not be able to determine whether a woman's employer-sponsored insurance omits contraceptive coverage, or does so on the basis of religious or moral objections, but the Department believes
The Department understands the objection that project directors may seek more specific instructions on how to implement the definition, and also understands the concerns of some commenters who believe that women should automatically be deemed as being from a “low income family” if her employer-sponsored insurance coverage omits contraceptive services on the basis of a religious or moral objection. Such comments reflect that, for some women, not having contraceptive coverage may affect their ability to pay and, thus, their economic status. In light of this concern, and the desire to provide more specific direction sought by commenters, the Department is finalizing the definition with the modification that a project director may exercise discretion to consider such women as being from a “low income family” or eligible for a discount for contraceptive services on the schedule of discounts provided for in § 59.5, based on the impact that not having contraceptive coverage may have on their ability to pay for contraceptives.
Under the women's preventive services guidelines issued by the Department, certain plans (or issuers or plan administrators) are required to cover all FDA-approved contraceptives with no cost-sharing, unless an exemption applies to the plan based on sincerely held religious beliefs or moral convictions.
Consequently, in the final rule, the Department modifies the example involving a woman whose employer-sponsored health insurance does not cover contraceptives because of a religious or moral objection on the part of the employer. In such a situation, in determining whether such a woman's income is more than 100% of poverty level, or whether she is subject to sliding scale discounts for contraceptive services under § 59.5, the project director may reduce the woman's annual income by the annual out-of-pocket cost she would pay for the desired contraceptive services. The project director may estimate the annual cost based on the project director's expertise regarding the costs of contraceptive services, or reduce the woman's estimated total income by an estimated
The Department disagrees with commenters who assert that the example is discriminatory because it only refers to women. As discussed more fully below, the definition does not preclude men from seeking to establish good reasons for which they are unable to pay for family planning services. This specific example simply refers to women because it has mainly arisen in a context related to coverage for women's contraceptive services. A section of the PHS Act added by the Affordable Care Act,
The Department notes that the definition maintains the decades-old discretion granted to the project director to deem a person as having good reasons why he or she cannot pay for family planning and therefore deem him or her as being from a “low income family.” Consequently, project directors may also consider a man's lack of access to insurance coverage for contraceptive services as potentially constituting a good reason why the project will consider the man as being from a low income family. The definition has required, and continues to require, project directors to take into consideration such indicia of ability to pay. This final rule mentions one specific context involving women who may not have access to contraceptive coverage as one possible application of the “good reasons” determination, but does not do so in an exclusive way, nor does it negate the applicability of the project director's pre-existing discretion to any person seeking services from the project.
Some commenters ask the Department to clarify whether a woman, who is considered as being from a low income family based in part on the lack of contraceptive coverage in her plan due to her employer's religious or moral objection, then qualifies to receive just the contraceptive services that her plan omits, or qualifies to receive all family planning services provided by the project, such as pap smears and STD testing. The Department clarifies that a project director may consider the woman with this insurance status as being from a low income family, or as qualifying for sliding scale discounts, for the purposes of her payment for the contraceptive services she seeks that are not covered by her insurance plan. The revision does not specify that such a woman will be deemed as being from a low income family for the purpose of receiving other services from the Title X project. Presumably, the woman would have insurance coverage for such other services, and the Title X provider could bill her health insurance company for them. Nevertheless, as noted above, the definition retains the decades-old discretion given to the project director to make a “good reasons” determination to deem a person as being from a “low income family” for the purposes of receiving all the services offered in the Title X project. The example specifies and clarifies how the project director's discretion could be applied in a particular situation, but it does not add limitations to the project director's discretion in other hypothetical cases raised by commenters.
Many commenters express concern that implementation of the example would cause a financial strain on the program. The Department disagrees. As noted above, the example does not mandate that project directors must consider a woman as being from a “low income family” based on her employer's religious or moral objection to contraceptive coverage in her insurance plan. The example simply affirms the project director's discretion to take that fact into consideration. Project directors are aware of long-standing flexibility when defining “low income,” since the 2000 regulations do not preclude project directors from deeming women who do not have contraceptive coverage because of their employer's religious or moral objection to contraceptive coverage in their insurance plans to be “low income.” Because the project director already has that discretion under the 2000 regulations, the Department disagrees that merely making this discretion even more explicit will result in a significant number of women being granted low income status to receive free or low cost contraceptive services from Title X projects. Commenters did not provide data from which the Department could reliably estimate how many women will seek to obtain free or low cost contraceptives from Title X providers as a result of this change and how many will then be granted “low income family” status by project directors.
To the extent that commenters base this objection on estimates in rules concerning religious and moral exemptions to the contraceptive coverage guidelines, the Department notes that such estimates were speculative. The Department, along with the Departments of Labor and of the Treasury, attempted to set forth various estimates concerning the number of women who would use the exemptions, but noted that they lacked adequate data to know whether those estimates were accurate. 83 FR 57536, 57550 (Nov. 15, 2018). The Departments made several assumptions that they noted were likely too high.
Even if those estimates of the women affected by the religious and moral exemption rules were accurate, the Department could not simply assume that all of those women would obtain contraceptive services from a Title X project. As noted above, the proposed additional example in this definition does not require a project director to consider a woman to be from a low income family on this basis. Project directors might conclude that women seeking to use the clarifying example have incomes that, despite their lack of contraceptive coverage, render them able to pay for contraceptive services. Moreover, it is unlikely that all women affected by the exemption rules will seek services from Title X projects. Some of those women may have family incomes under which they can afford the services. Some may choose, for other reasons, not to seek contraceptive services from Title X projects. For example, some may share their employers' objections to such contraceptives.
The Department is not aware of data from which to reliably estimate how many women will seek contraceptive services from Title X projects because the sponsors of their health plans have religious or moral objections leading them to omit contraceptive coverage from their insurance plans, but believes that any overall cost to the Title X program will be slight. With regard to low income women in general, the Department is aware that significantly less than half of such women receive services from Title X projects. In 2017, Title X projects served more than 4 million persons of whom 90% were low income persons.
Consequently, the Department concludes that the number of women whose employers have religious or moral objections leading them to omit contraceptive coverage from their insurance plans is small compared to the number of low income women served by Title X projects; at most, a small minority of such women will seek contraceptive services from Title X projects; the revision to the definition allows project directors to consider deeming those women as being from low income families, but it is likely that only a fraction of them will be deemed unable to pay for family planning; and the cost to the projects of contraceptive services provided or discounts offered is only a fraction of the retail costs of contraceptive services. In light of these factors, even assuming that the use of this example would lead more women to seek to use the existing “good reasons” exception than had previously, the Department does not believe it will lead to an unreasonable strain on the Title X program.
Even if there is an economic impact on the program, it is supported by the Title X statute. Where women are actually deemed to be from a “low income family” after the project director's consideration of their insurance status, the Title X statute provides for low cost or discounted contraceptive services. As discussed above, insurance status is one factor that may affect a woman's overall economic status or ability to pay for family planning services. The Department concludes it is appropriate to clarify the “low income family” definition through the proposed example, so that project directors may appropriately extend eligibility to such women. This helps fulfill the purposes of the Title X statute to ensure that women are not prevented from participating in the program due to their economic status.
The Department disagrees with commenters contending these revisions in the definition violate the Establishment Clause of the First Amendment. The proposed example clarifies the discretion that a project director has long had under the rules concerning good reasons why some persons may be deemed from a low income family. Specifying that a project director may consider a woman's lack of contraceptive coverage as a result of a religious exemption exercised by the sponsor of her health plan from contraceptive coverage into consideration does not violate the Establishment Clause. The example also allows the project director to consider a woman's lack of contraceptive coverage from a sponsor's non-religious moral objection, or to take any number of other non-religious factors into account as a good reason that the woman may be unable to pay for family planning services. The Department also disagrees with a commenter who argues that project directors should consider whether a woman's health plan covers abortion. Title X precludes considering abortion as a method of family planning.
Accordingly, the Department finalizes the definition of “low income family” without change to the prefatory text or paragraph (1), but with changes to paragraph (2) to emphasize that the project director may exercise discretion under the existing “good reason” exception to “consider her insurance coverage status as a good reason why she is unable to pay for contraceptive services” when her employer has a sincerely held religious or moral objection to providing such coverage. The final rule in paragraph (2) is also finalized with guidance for the project director in making this determination.
The Department finalizes this definition as discussed below in response to public comment by stating “
This clarification establishes the Department's finding that any organization receiving Title X funds is responsible to adhere to Title X requirements.
At the same time, the commenter expresses concern that if an entity does not fulfill all or some of the requirements of the announcement, the program or project could argue that it does not meet this definition, and thus can avoid the requirements of the rule. Instead, the commenter suggests restating the definition as “[a]n enterprise, scheme or venture carried out or proposed to be carried out by a grantee, subrecipient(s) or a group of partnering providers pursuant to a Title X award granted by the Secretary.”
There were no substantive comments under this section that are not already discussed elsewhere in the preamble to this rule. The Department finalizes this definition without change, except for minor grammatical corrections.
As discussed above in section II.B concerning § 59.1, the proposed rule would not apply § 59.3 to contracts, and some commenters asked whether § 59.3 and other sections should apply to contracts. Section 1001 of the Title X statute specifies that, “in the establishment and operation of voluntary family planning projects,” the Secretary “is authorized to make grants and to enter into contracts with public or nonprofit private entities.” To conform § 59.3 to the scope of the statute, the Department finalizes § 59.3 with changes to the title of that section to read “Who is eligible to apply for a family planning services grant or contract?” Likewise, the text of § 59.3 is finalized with change to read: “Any public or nonprofit private entity in a State may apply for a family planning grant or contract under this subpart.”
In the proposed rule, the Department proposed a number of revisions and additions to § 59.5(a)(1), (5), and (10) and (b)(1) and (8). Each is discussed in turn.
Some commenters, however, support the proposed rule and point out that it will increase choices for persons served by Title X projects, allowing the government to choose the most qualified applicants instead of the applicants who happen to provide the most services.
The Department disagrees with comments that oppose removal, from the regulatory text, of the phrase “medically approved,” leaving “acceptable and effective” to describe the family planning methods and services to be provided by Title X projects. As noted above, the Title X statute does not contain the phrase “medically approved” and it is far from clear what that undefined phrase requires. The Title X statute provides that Title X projects “shall offer a broad range of acceptable and effective family planning methods and services . . . .” 42 U.S.C. 300. That language was sufficient when Congress drafted the Title X statute, and the Department concludes that it is sufficient today. As such, the revision is clearly within the Department's statutory authority. The Department disagrees with commenters
The “medically approved” language risked creating confusion about what kind of approval is required for a method to be deemed “medically approved.” Family planning methods offered by Title X projects are already offered by health care professionals, so, to that extent, those methods are already medically approved. But different medical doctors and professional organizations may differ on which methods of health care they approve, including different methods of family planning. Some family planning methods cannot be medically approved by a government agency, such as the Food and Drug Administration, because they do not fall within its jurisdiction.
The Department does not believe that the final language of the first two sentences of § 59.5(a)(1), as finalized here, would limit access to family planning services or other necessary health care, nor lead to an increase in unintended pregnancies.
Many commenters express concern with the language describing the broad range of family planning methods and services that projects must provide. Some commenters say the proposed language would reduce the methods offered within a project by stating, “projects are not required to provide every acceptable and effective family planning method or service . . . as long as the entire project offers a broad range of such family planning methods and services.” Commenters express concern that projects will not be required to provide every acceptable and effective family planning method or service, and contend the language seems to encourage projects to not offer every acceptable and effective family planning method or service. Many commenters state that the proposed rules are inconsistent with the original intent of Title X to establish as a national goal the provision of adequate family planning services and to all those who want them but cannot afford them. Many commenters oppose the proposed language because they believe it will limit access to family planning services and other necessary health care. One commenter states that the definition will limit access to comprehensive reproductive health services, and therefore adversely impact women's ability to attain positive economic outcomes for themselves and their families. A commenter requests that the Department clarify that, even if a Title X project need not provide every acceptable and effective family planning method or service, a project must provide a broad range of contraceptive methods. Some commenters assert that the proposed rule may cause more abortions by encouraging low-efficacy methods of family planning and decreasing access to contraception and, therefore, increasing unintended pregnancies.
Many commenters express concern regarding the language specifying that participating entities within a project may offer a single method, or a very limited number of methods, of family planning. Some of these commenters suggest that this weakens the Title X program, undermining its status as a program offering comprehensive services, and prevents patients from making the best decisions about their health due to lack of information or options.
Many commenters suggest that allowing participating entities that offer limited services would divert scarce family planning dollars away from entities that provide effective and preferred methods of contraception and instead provide grants to entities that provide few, if any, methods that patients find acceptable. One commenter expresses concern that inexperienced entities might participate in the Title X program, making navigation more challenging as patients struggle to find providers that offer desired services. Some commenters contend that the proposed rule opens the potential for what they call “fake” women's health care facilities to receive funding from Title X, and that the proposed rule deemphasizes the importance of contraception and the full range of family planning methods.
Some commenters express concern that the language might allow for or encourage coercion, and might undermine the standard of health care service delivery and outcomes. Many commenters express concern that the rule will remove a person's choice in the selection of family planning method.
Other commenters, however, assert that there is no requirement for each participating entity to provide all family planning services and that this flexibility is in line with our Nation's longstanding commitment to protecting freedom of conscience and comports with the First Amendment.
The Department appreciates concerns of commenters who believe the proposed language that says projects are not required to provide every acceptable and effective family planning method or service would reduce the range of family planning methods that Title X projects must provide, but does not believe that this is a reasonable interpretation of the proposed rule. To clarify, projects would continue to be required to offer a broad range of family planning methods and services, consistent with the statutory mandate. However, neither the plain language of the statutory requirements, nor the 2000 regulatory text, requires that Title X projects provide every acceptable and effective family planning method or service. Thus, the proposed rule and this final rule merely clarify, and make explicit, that the requirement for a broad range of acceptable and effective family planning methods and services does not mean every acceptable and effective family planning method or service. Furthermore, neither the plain language of the statute, nor the 2000 regulatory text, requires participating entities within a project to provide every acceptable and effective family planning method or service, or even a broad range of such methods or services. It is permissible under the 2000 regulations for a subrecipient within a funded project to offer only a single or limited number of family planning methods or services.
The Department disagrees that requiring a broad range of family planning methods and services, while recognizing that some projects may not offer every method or service, would lead to an increase in unintended pregnancies. Similar to the 2000 regulations, this rule requires the project as a whole to offer a broad range of acceptable and effective family planning methods and services, which includes contraceptives. While the rule clarifies the broad range of family planning methods and services permissible under Title X, it also ensures Title X patients are free, without coercion, to select any of the broad range of family planning methods and services offered in a project. The Title X statute has always provided as much, and the 2000 regulations did too.
The Department disagrees with commenters opposing the language allowing participating entities to offer one or few family planning methods. The 2000 regulations explicitly permits this, stating “[i]f an organization offers only a single method of family planning, it may participate as part of a project as long as the entire project offers a broad range of family planning services”; this language has been included in regulations since at least 1988. To the extent the commenters opposing this language do not find fault with the 2000 regulations, the Department sees no cause for concern over this provision. About four million patients are annually served with the current provision that allows organizations that offer only a single family planning method to participate in a Title X project. The Department now merely confirms this practice by stating that “[a] participating entity may offer only a single method or a limited number of methods of family planning as long as the entire project offers a broad range of such family planning methods and services.” Therefore, the Department disagrees with the concerns expressed about including this sentence in the final rule.
The Department also disagrees that the proposed rule weakens the standing of Title X programs as comprehensive sources for family planning. The rule does not prohibit projects or providers from offering every acceptable and effective family planning method or service, so long as abortion is not considered a method of family planning. The rule simply reflects, as stated in the 2000 regulations, that Title X projects are required to provide a broad range of acceptable and effective family planning methods and services (not every such method or service), and that participating entities are permitted to participate in a Title X project even if not all of them offer every method—and, indeed, even if some participating entities within a project offer only one family planning method. The range of available family planning methods has significantly increased over the last few decades. The Department believes it may be unreasonably difficult or expensive to add a new requirement that all projects and all participating entities must offer all acceptable and effective forms of family planning. It may also be difficult for clients to access certain methods in which not all participating entities have specific training and expertise. This rule enhances the ability of individual Title X projects to offer, and clients to access, such methods, while preserving the requirement that individual Title X projects offer a broad range of family planning methods and services. The Department disagrees with some commenters who say the rule is misleading to Title X clients. This rule is substantially similar to the 2000 regulations rule in that it permits single method providers to participate in the Title X program and includes natural family planning methods as those that qualify under the “broad range.”
The Department disagrees that the proposed and final rules authorize Title X funding for what some commenters call “fake” women's health care facilities. It is not clear what such commenters deem to be “fake” facilities, but nothing in the rule authorizes projects to use clinics that engage in fraud or allow the practice of medicine without a license. Title X projects are subject to quality oversight by the Department and are also subject to relevant State laws in the operation of health clinics.
The Department believes that permitting entities to provide services for which they have particular expertise allows greater access to family planning methods in Title X projects and contributes to quality care for patients. The final rule does not require projects to include participating entities that offer only one or just a few methods, but it continues to allow them to do so, if they deem it appropriate and consistent with offering a broad range of family planning methods and services.
The final rule, thus, clarifies and reframes, but does not create or invent the ability of a single-method entity to participate in a Title X project. The Department believes that continuing to allow such entities to participate will give people served under Title X access to specialized expertise in certain methods. Increasing client choices among family planning clinics and methods in a project is likely to decrease unintended pregnancies, not increase them, because clients are more likely to visit clinics that respect their views and beliefs and to use methods that they desire and that fit their individual circumstances.
The Department also agrees with commenters that say the final rule is consistent with principles of the First Amendment and laws that protect freedom of conscience. By allowing projects to use entities that offer a single method or limited methods—including providers that might do so for reasons of conscience—the language being finalized will, among other things, both protect the ability of health care providers and facilities with conscientious objections to providing certain types of family planning methods and services to participate in Title X projects and maintain Title X projects that offer a broad range of family planning methods and services.
Other commenters object to language specifying adoption as a type of family planning service. They contend that the management of infertility, including adoption, is beyond the language and intent of the Title X statute. They also believe that including adoption would put a strain on the program, as it would redirect a large amount of Title X funds. And they assert that including adoption in the definition is contradictory because adoption is a postconception activity and the new definition states that family planning only includes preconception activities. Some commenters also assert that the Department improperly redefines the meaning of a reproductive life plan.
The definition of family planning at § 59.2 uses the word “or” before the phrase “other fertility awareness-based methods,” whereas the text at § 59.5(a)(1) uses the word “and.” The Department considers the word “or” to be more appropriate in both instances. This clarifies that by “other fertility awareness-based methods,” the Department is not referring to methods that are not “natural family planning,” nor is it requiring projects to offer natural family planning and other fertility awareness-based methods as if those are two different kinds of categories. Instead, by using the word “or,” the Department intends for projects to have flexibility in deciding which types of natural family planning or fertility awareness-based methods they will offer in meeting their obligation to offer natural family planning methods within the project. Therefore, the Department finalizes § 59.5(a)(1) with a change to replace the word “and” with the word “or” before the phrase “other fertility-awareness based methods.”
The language specifying that participating entities may offer only a single method does not mention natural family planning or any other single method. Therefore, it does not emphasize natural family planning over other methods as some commenters contend. Under the final rule, single-method providers are permitted in projects whether their single method is a natural family planning method, a contraceptive method (for example, an implant), or some other family planning method. The Department disagrees with commenters' concerns that allowing single or limited method entities to participate in a Title X project limits family planning to natural family planning methods, limits what individuals may choose, or deprives individuals of methods they may choose. Those results have not occurred under the 2000 regulations, which already allow for single method participating entities.
The Department also disagrees with commenters who oppose the inclusion of adoption information as a type of infertility services offered by Title X providers. As discussed with respect to the proposed definition of family planning, the Title X statute does not define “family planning,” and the Department has always read the
In addition, under Infant Adoption Awareness grants program, Congress specified that eligible health centers (which includes Title X clinics) should receive training on providing adoption information and referrals, and that the Secretary should encourage the same.
Importantly, the proposed language in no way limits the choices of Title X clients or infringes on their views of what services to choose. The final rule does not require any Title X client to pursue adoption, natural family planning, or any other particular family planning method or service. On the contrary, as discussed above, the definition of family planning is finalized to specify that “[f]amily planning methods and services are never to be coercive and must always be strictly voluntary.”
At §§ 59.14 and 59.16, the proposed rule proposed more specific parameters to implement the requirement in § 59.5(a)(5) that “[a] Title X project may not perform, promote, refer for, support, or present abortion as a method of family planning . . .” and to implement the requirement that any pregnancy counseling provided by Title X projects must be nondirective. The proposed rule addressed in this section relates to the proposal to remove the requirement for nondirective pregnancy counseling and referral (including the obligation to counsel on, and refer for, abortion), and replace it with a prohibition in § 59.5(a)(5) on the use of Title X funds to perform, promote, refer for, support, or present abortion as a method of family planning. Comments discussing pregnancy counseling are discussed in a distinct part of this preamble, as are comments discussing the deletion of the requirement to refer for abortions. Comments discussing the prohibition on abortion referrals, and permissible referral activities in general, are discussed with regard to section §§ 59.14 and 59.16.
The Department finalizes the proposed rule in § 59.5(a)(5) with one change to make it clear that providers are allowed to provide nondirective pregnancy counseling about abortion, by removing “present” from the proposed list of prohibitions regarding abortion as a method of family planning.
Other supportive commenters note that the 2000 regulations stand in the way of some organizations applying for Title X funds, or participating in Title X projects, due to the requirement for abortion referrals and information. Such commenters contend the 2000 regulations limit choice for patients, especially those who live in rural or remote areas, where faith-based and local community organizations would be more likely to apply if the abortion counseling and referral requirement were lifted.
Some commenters express concerns related to federal conscience protections, including the Weldon, Coats-Snowe, and Church Amendments, that may apply to Title X grantees and subrecipients. The Church Amendments prohibit grantees from discriminating in “the employment, promotion, or termination of employment of any physician or other health care personnel” or “the extension of staff or other privileges to any physician or other health care personnel” because “he performed or assisted in the performances of a lawful sterilization procedure or abortion. . . .” 42 U.S.C. 300a-7(c). One commenter asks that the final rule include similar conscience protections for health care personnel who refuse to engage in family planning research or services that are contrary to their religious beliefs or moral convictions. A commenter also requests clarification on whether this provision would require religious or pro-life groups who receive Title X funds to hire someone who disagrees with their religious and moral convictions
Several commenters disagree with the proposed rule's elimination of the abortion information, counseling, and referral requirements. Such commenters argue that withholding information about pregnancy options interferes with the patient-provider trust relationship, is contradictory to patient-centered care, and compromises the health of the patient, as well as the ability of the patient to make timely and fully informed decisions. One commenter states that some patients are surprised to hear abortion is legal and have other misconceptions about the procedure, making it imperative that comprehensive information about abortion be shared with those patients.
Some commenters contend that restricting counseling for and information about abortion in Title X projects would encroach on physicians' codes of ethics and responsibilities to patients. Many commenters state that prohibitions on abortion counseling and referral would directly conflict with the requirements or codes of ethics of medical professional associations, including the American College of Physicians and the American College of Obstetricians and Gynecologists. These associations state that patients should receive full and accurate information to inform their health care decisions. For example, commenters refer to the American Medical Association Code of Medical Ethics that providers should “present relevant information accurately and sensitively, in keeping with the patient's preferences” and that “withholding information without patient's knowledge or consent is ethically unacceptable.” Some commenters contend that the restriction on referral, and on directive abortion counseling, may put providers at risk of medical liability since a delay or failure to diagnose is one of the top three liability allegations cited by ob-gyns, who are already at an elevated liability risk compared to their colleagues.
One commenter takes the view that the rule should prohibit Title X from offering nondirective counseling on abortion altogether. The commenter proposes instead that providers should provide only life-affirming counseling to pregnant clients who consent to receive such counseling. The commenter says this approach would protect the conscience rights of certain organizations and their employees.
Since that time, however, Congress has contemplated that nondirective pregnancy counseling may be offered in Title X projects. The HHS fiscal year 2019 appropriations act provides that “amounts provided to said projects under such title shall not be expended for abortions, that all pregnancy counseling shall be nondirective. . . .”
The Department has carefully considered the provision of counseling and information about abortion in the Title X context in light of Section 1008, the appropriations riders in place since 1996 that all counseling be nondirective, public comments, policy considerations, and the Department's historical positions. As a result, the Department concludes that:
• Title X projects will not be required to refer for abortion (and, as discussed in regard to § 59.14, referrals for abortion as a method of family planning are prohibited).
• Physicians or APPs within Title X projects may offer pregnancy counseling, including counseling that addresses the option of abortion among other options, so long as the counseling is nondirective and does not include referrals for abortion as a method of family planning.
• Title X projects will not be required to offer nondirective pregnancy counseling in general, or abortion information and counseling specifically.
In stating that “all pregnancy counseling shall be nondirective,” Congress did not explicitly require pregnancy counseling, nor prohibit such counseling from discussing abortion if the counseling is nondirective. Unlike abortion referral, nondirective pregnancy counseling would not be considered encouragement, promotion, support, or advocacy of abortion as a method of family planning, which would be prohibited by the Title X statute and this final rule. Therefore, the approach of this final rule is more permissive than the 1988 regulations, which prohibited any counseling concerning the use of abortion as a method of family planning, but predated Congress's directive that all pregnancy counseling in the program be nondirective. Therefore, the Department finalizes without change the proposed rule's deletion of the language in § 59.5(a)(5) requiring pregnancy options information and counseling, including requiring information, counseling and referrals for abortion. Consistent with that rescission of § 59.5(a)(5)(i) and (ii), there is no requirement in the final rule that a project offer nondirective counseling or information about abortion. The rule does not, however, prohibit nondirective pregnancy counseling by physicians or APPs, even if that counseling discusses abortion.
Some commenters urge the Department to prohibit nondirective counseling concerning abortion in a way similar to the 1988 regulations. The Department acknowledges that it has the
Some commenters contend this rule will deprive women of the information they need about abortion or where to obtain one, but the purpose of Title X is not to provide such information. To the contrary, Congress expressly restricted the Department from funding Title X projects where abortion is a method of family planning. Title X programs, accordingly, may offer information about abortion only as part of nondirective pregnancy counseling. The primary focus of Title X remains on preconception family planning methods and services. In implementing section 1008, moreover, the Department has a history of establishing prohibitions on abortion referral, even if at other times it has allowed or required such referrals. The 1988 regulations, for example, prohibited Title X projects from providing abortion information, counseling or referrals. The 2000 regulations took a different approach by requiring information, counseling and referrals for abortion as a method of family planning in certain cases. The Department has now reconsidered this issue and believes the approach taken in this final rule is a better interpretation of section 1008, consistent with the subsequent Congressional directive that all pregnancy counseling be nondirective. Further, in the Department's view, it is not necessary for women's health that the federal government use the Title X program to fund abortion referrals, directive abortion counseling, or give to women who seek abortion the names of abortion providers. Information about abortion and abortion providers is widely available and easily accessible, including on the internet.
The Department disagrees with commenters who assert that prohibiting referrals or directive counseling about abortion violates the First Amendment rights of grantees or subrecipients. The Supreme Court explicitly rejected this claim in
The Department appreciates comments that discuss how conscience laws such as the Church, Coats-Snowe, and Weldon Amendments apply in the context of the Title X program. In deciding to rescind the requirement that Title X projects counsel, provide information on, and refer for abortion, the Department concludes those requirements in the 2000 regulations are not consistent with federal conscience laws. As explained in the preamble to the proposed rule, the Department had already acknowledged this problem in the preamble to the 2008 regulations implementing these conscience protections. 73 FR 78087. There, the Department observed, “[w]ith regards [sic] to the Title X program, commenters are correct that the current regulatory requirement that grantees must provide counseling and referrals for abortion upon request (42 CFR 59.5(a)(5)) is inconsistent with the health care provider conscience protection statutory provisions and this regulation. The Office of Population Affairs, which administers the Title X program, is aware of this conflict with the statutory requirements and, as such, would not enforce this Title X regulatory requirement on objecting grantees or applicants.”
The Department continues to conclude that the abortion referral and counseling requirements in the 2000 regulations cannot be enforced against objecting grantees or applicants, and that such requirements cannot be used to deny participation in the Title X program or a Title X project comprised of objecting family planning providers. The 2000 regulations required that projects provide information about abortion, counsel a client about abortion if she asks for it, and refer her for abortion. However, the Weldon Amendment prohibits the federal government from engaging in discrimination against a health care entity on the basis that it does not, among other things, refer for abortion. The Coats-Snowe Amendment also prohibits the federal government and State and local governments that receive federal financial assistance—such as State and local health departments that receive Title X funds—from discriminating against a health care entity on the basis that it refuses to “provide referrals” for abortion or refuses to “make arrangements for” providing referrals for abortion. To ensure compliance with these and other federal conscience laws, this final rule does not require Title X projects to provide any nondirective counseling, information, or referral for abortion. In order to ensure compliance with section 1008, the Department affirmatively prohibits referrals for abortion. The Department thus concludes that these federal conscience protection laws, along with its interpretation of section 1008, support its decision to finalize the rescission of the requirement in the
The Department appreciates the concerns of commenters about other ways in which federal conscience laws might apply in Title X projects, for example, whether they require Title X providers to hire personnel with certain views or objections, or prohibit entities from firing an individual willing to perform an abortion, or who has done so in the past. The Department intends to operate the Title X program consistent with federal conscience laws, the First Amendment, the Religious Freedom Restoration Act, and similar federal laws. The Department also notes that the Title X statute itself explicitly prevents programs from receiving Title X funds where abortion is a method of family planning. Accordingly, any Title X project must ensure compliance with this final rule to receive Title X funds. The Title X statute has coexisted with federal conscience laws for over 40 years. The limitation on referral for abortion as a method of family planning in this final rule, along with the removal of the abortion counseling, information, and referral requirements, is consistent with these statutory provisions. Just as
The Department declines the invitation of a commenter to expand these final rules to further address the protection of conscience in the Title X program. First, because the Department did not propose such provisions in the proposed rule and did not expressly request comment on the issue, it does not have the benefit of extended comment on the issue. Second, the Department does not believe further clarification of this issue is necessary in this final rule, when the federal health care conscience laws are already the subject of separate rulemaking. The Department also will not address in this rule individual qualifications for staff hiring by a Title X program for services performed before or outside the Title X program, nor accept one commenter's invitation to add provisions to implement the Religious Freedom Restoration Act as it may apply to personnel who work for entities participating in Title X projects. Rather, the Department simply notes that the Office of Population Affairs bears the responsibility for holding grantees responsible for complying with federal conscience laws in the Title X program. In addition, the HHS Office for Civil Rights has been designated to receive complaints of conscience law violations and to coordinate with the relevant program office with respect to such complaints.
The Department does not agree with the commenter who proposes that Title X providers provide prenatal care. While the Department agrees that prenatal care is important to maternal and infant outcomes, the primary purpose of the Title X program is to provide preconception family planning services. Nondirective counseling and referrals for postconception services—although not the provision of postconception health care services themselves—are the appropriate approach in the context of pregnancy, so long as they do not include referral for abortion as a method of family planning. Within a Title X project, Title X providers may not provide prenatal care because it is outside the scope of the project, but must refer for prenatal care as pregnancy makes such referral medically necessary. However, the Department encourages Title X grantees either to offer comprehensive primary health services onsite (although outside the scope of the Title X project) or to have a robust referral linkage with primary health providers who are in close physical proximity to the Title X site.
The Department agrees with commenters that say the Department should offer more guidance concerning how projects that provide nondirective pregnancy counseling should do so consistent with applicable Title X statutory requirements. The proposed rule set boundaries on Title X projects concerning referral for, encouragement of, promotion of, advocacy for, support for, and assistance with, abortion as a method of family planning, and those boundaries would also apply to any nondirective pregnancy counseling that physicians or APPs provide within the Title X project. The proposed rule did not further specify the parameters of such counseling, for example by defining “nondirective.” Nevertheless, projects must comply with Congress's requirement that pregnancy counseling be nondirective, and the Department must enforce that requirement.
Therefore, the Department offers the following guidance on the requirement of nondirective pregnancy counseling. When a woman is confirmed to be pregnant, a physician or APP may provide nondirective pregnancy counseling. While all pregnancy counseling must be nondirective, in compliance with Congress's consistent direction through the HHS appropriation laws, this rule permits the physician or APP to exercise discretion on whether to offer such counseling.
Title X projects should not use nondirective pregnancy counseling, or referrals made for prenatal care or adoption during such counseling, as an indirect means of encouraging or promoting abortion as a method of family planning. They should not use such counseling or referrals to steer clients to abortion or to specific providers because those providers offer abortion as a method of family planning. Referrals for abortion as a method of family planning may not be offered. If the patient is provided a list or the contact information of licensed, qualified, comprehensive primary health care service providers (including providers of prenatal care), the list—and the Title X staff—must not identify to the woman which, if any, providers on the list offer abortion.
Referrals for abortion for emergency care purposes are not prohibited.
Referrals for, and information about, adoption are also permitted, as long as the counseling remains nondirective. Title X projects are not required to offer nondirective counseling or information on abortion.
Referring for adoption or prenatal care, but not for abortion, does not, in the Department's view, make pregnancy counseling directive in light of Congress's legislative directives applicable to the Title X program. Where care is medically necessary, as prenatal care is for pregnancy, referral for that care is not directive because the need for the care preexists the direction of the counselor, and is, instead, the result of the woman's pregnancy diagnosis or the diagnosis of a health condition for which treatment is warranted. Moreover, seeking prenatal care is not the same as choosing the option of childbirth. Regarding adoption referrals, in Infant Adoption Awareness grants and the Infant Adoption Awareness Training Act, Congress made clear that the provision of adoption information and referrals do not necessarily render pregnancy counseling directive.
The Department disagrees with commenters who contend the rule will require health care professionals to violate medical ethics, regulations concerning the practice of medicine, or malpractice liability standards. In
As the Supreme Court affirmed, section 1008 and its implementing regulations are simply a matter of Congress's choice of what activities it will fund, not about what all clinics or medical professionals may or must do outside the context of the federally funded project. The Department believes that medical ethics, regulations concerning the practice of medicine, and malpractice liability standards are not inconsistent with this final rule. The Supreme Court upheld similar conditions and restrictions in
The Department disagrees with commenters who contend current Title X providers will necessarily be shut out as future Title X providers. Removal of this consultation requirement does not prejudge whether current grantees will continue to receive Title X grants, nor whether new applicants will receive grants. The Department, likewise, does not believe that the removal of the consultation requirement will lead to uncoordinated care. Of course, applicants may voluntarily choose with whom they partner and with whom they consult, and such coordination may strengthen an applicant's proposal. However, the Department believes the removal of this as a requirement encourages a broader range of applicants and permits innovative approaches that may not have been envisioned or supported in the past.
The Department finds no evidence to support the assertion that the final rule will drive current providers from the Title X program. Under the final rule, the government will choose from the most qualified applicants in order to achieve the statutory goals of the program. The fact that some applicants received funding in the past is not a guarantee of future funding, but neither is it a guarantee that their funding will end in the future. Encouraging new applicants in the program could improve both the quality and breadth of service within the Title X program; it does not reflect a preference for new applicants over previous grantees.
A commenter supports the new text and expresses the view that the rule would amend the criteria for grants and increase competition to encourage a broader, more diverse, applicant pool.
The Department believes that the connection between Title X services and comprehensive primary care decreases the overall cost and transportation challenges to obtain needed health care services identified as a result of routine family planning screening and consultation. A 2013 Child Trends Research Brief, “The Health of Women Who Receive Title X supported Family Planning Services,” found that 60% of women receiving care at Title X clinics report that the clinic is their primary source for health care, yet many fear they cannot address other health concerns with their family planning provider, making the need for a linkage to comprehensive primary care providers essential for women's health.
Since Title X family planning services are primarily limited to preconception services, it is important that Title X sites assist clients with onsite care outside of the Title X project itself, or at least with referrals to local providers, to achieve optimal preconception and general health outcomes. Since any sexually active woman of childbearing age could become pregnant, the inclusion of preconception health screenings in the continuum of family planning care is
The Department disagrees with commenters who contend this language concerning the proximity of comprehensive primary health care cannot be implemented by Title X service providers that specialize in family planning. First, as part of providing comprehensive primary health care, clinic may employ, among other providers, health care providers who specialize in family planning. Second, the primary care provision presents two options, onsite comprehensive primary care and referrals; it does not require the provision of onsite comprehensive primary care by Title X service providers. The Department believes this clarification addresses some concerns of commenters who feared that specialized providers could not provide all the services that an individual may need. The final rule also does not permit primary care to be subsidized by Title X funds, unless it serves the goals of the program. Thus, the requirement for Title X service providers to provide onsite, or have a robust referral linkage with, comprehensive primary health services does not move Title X outside of its scope of services. Instead, the final rule makes it easier to ensure that Title X clients, particularly low income clients, have access to necessary medical services and related educational and nondirective counseling services; that screening, diagnosis, and treatment can be provided within close proximity to the clinic; and that the most needy have access to care.
The Department adopts this provision in the final rule with four changes. First, in § 59.5(a)(13)(i), the Department replaces “referral agencies” with simply “agencies” who are “providing referral services”. Second, the Department removes the phrase “as well as less formal partners within the community” from § 59.5(a)(13)(ii) and replaces it with any individuals “providing referral services”. Third, the Department removes the phrase “and those who serve as referrals for ancillary or core services” from § 59.5(a)(13)(iii). Fourth, the Department makes stylistic changes to improve clarity.
The Department also received comments on whether and how to include referral agencies in these requirements. One commenter states that the Department should require documentation from referral agencies to ensure that referrals are not used to promote abortion. Other commenters state that the referral agencies, which receive no Title X funding, should not be subject to these reporting requirements.
Some commenters state that the regulatory text is unclear and inconsistent, and fails to provide sufficient notice of obligations under the rule. They point out that it does not define “less formal partners” and does not express a distinction between “ancillary” and “core” services. They contend the rule unreasonably assumes an individual physician would know the myriad revenue streams that a large system receives.
The Department also disagrees with the suggestion that the transparency requirements disincentivize collaborations. The fact that grantees need to describe subrecipient and agencies or individuals providing referral services by name, location, expertise and services provided or to be provided does not deter those collaborations. Grantees should already know the details of those collaborations if they are important to the success of their projects. Understanding and being able to describe the details of collaborations is important to ensure the collaborations help the project achieve the goals of the program and comply with all applicable program requirements.
The Department appreciates the responses to its request for comment specifically on whether a referral agency should be subject to the same reporting requirements as a grantee and/or
The Department also concurs that the phrase “ancillary or core services” may not have been clear. Therefore, the Department does not include the phrase “and those who serve as referrals for ancillary or core services” in § 59.5(a)(13)(iii) of the final rule. The Department also agrees with commenters who say it is difficult to understand what is meant by “less formal partners.” The Department believes it is sufficient to include subrecipients and referral agencies and individuals in the explanation of collaborations, so the phrase “as well as less formal partners within the community” will likewise not be included in § 59.5(a)(13)(ii) of the final rule.
Many commenters express concern that providers will be confused about their obligations. They assert this requirement is not responsive to the CDC/OPA Quality Care Guidelines, and state that it runs afoul of the Title X regulations that require providing services in a manner that protects patients dignity and ensures patient choices are entirely voluntary. Many commenters suggest that involving family members is not always advisable or realistic, and could cause conflict with some State statues or regulations that allow minors to make decisions about their health care, including contraception. One such commenter suggests that this paragraph be stricken or at least clarified further.
Many commenters feel that clinicians should not be required to take specific actions to document attempts to involve family members, as this would undermine patient-provider relationships and is unnecessary and excessively burdensome. Alternatively, commenters recommend that the efforts and funds from Title X programs would be better used to support training for providers on the best methods to encourage family involvement consistent with minor patient's confidentiality rights, health needs, and best interests.
Some commenters support the language requiring, and documenting, the encouragement of family participation, saying it is an appropriate clarification of the Congressional mandate for the program. Several commenters state that the requirement is consistent with the statutes and Supreme Court jurisprudence on parental rights. One commenter states that the encouragement of family participation and other reporting requirements provide an appropriate layer of protection for children to ensure Title X agencies are considering circumstances in which minors may be suffering abuse. One commenter states that the language does not have a chilling effect on access to Title X health services. Other commenters commend the Department's proposed language and suggest that encouraging parental involvement should always be the standard for any health care services provided to a minor.
The Department disagrees that the rule causes conflict with State statutes and other Title X regulations. As noted above, the rule specifically implements several federal statutory requirements by requiring encouragement of family participation in family planning decisions while making allowance for instances where such encouragement would not be appropriate. Requiring
The Department understands some commenters' concerns about the need to maintain patient confidentiality. The Department agrees that Title X providers must continue to comply with laws concerning patient confidentiality, including those specifically pertaining to the confidentiality of minors with respect to Title X services. Health care providers already have conversations with their patients and document those discussions in patient records, while maintaining patient confidentiality. More broadly, such health care providers in the Title X program are also already required to encourage family participation where practical by the statutory directives adopted by Congress. This provision merely implements that requirement. With respect to minors, the Department believes that Title X projects and participating entities can comply with the rule's requirement to encourage family participation and to document such encouragement, or to note the reason why that was not appropriate, without infringing on patient confidentiality.
To those commenters who contend that encouraging family participation imposes barriers to the care of minors, the Department would point out that Congress made a different judgment. Congress requires that, “[t]o the extent practical”, Title X grantees “shall encourage familiy [sic] participation in projects assisted under this subsection.” 42 U.S.C. 300(a). Similarly, specifically with respect to minors, Congress has made it a condition of funding that an applicant for a Title X award “certifies to the Secretary that it encourages family participation in the decision of minors to seek family planning services.” HHS Appropriations Act 2019, Public Law 115-245, Div. B, sec. 207, 132 Stat. at 3090; Consolidated Appropriations Act 2018, Public Law 115-141, Div. H, sec. 207, 132 Stat. 348, 736. Congress clearly did not anticipate a meaningful barrier when it enacted these requirements. Moreover, encouraging family participation is not the same as requiring family participation. The rule also allows appropriate discretion for health care professionals with respect to the requirement to encourage family participation where, for example, family participation may present a serious risk to the minor, such as when child abuse or incest is suspected. The rule simply requires Title X providers to document, in the patient's records, the reasons why family participation was not encouraged and, consistent with applicable local law, to report any suspected abuse to the relevant authorities.
The Department disagrees with those who contend the rule may compromise the provision of patient-centered care or the protection of the patient's dignity. The Department believes that involving parents in general, and in family planning decision-making in particular, can improve behavioral consistency with health recommendations for an adolescent. There is evidence that parent-child communication about family planning decisions increases the likelihood that the adolescent will consistently make healthier choices.
Tianji Cai et al.,
For all these reasons, the Department considers it appropriate to finalize the proposed rule concerning encouragement of family participation, with the clarification noted above.
Provide for medical services related to family planning (including physician's consultation, examination, prescription, and continuing supervision, laboratory examination, contraceptive supplies) and referral to other medical facilities when medically necessary, consistent with § 59.14(a), and provide for the effective usage of contraceptive devices and practices.
All comments concerning this section are addressed in the section of this preamble that discusses new § 59.14(a).
The Department's discussion of and response to other comments relevant to this language are incorporated in the section of the preamble discussing proposed § 59.14(a).
The Department finalizes this language without change, except for corrections in punctuation.
The Department finalizes this section with changes in § 59.7(c)(2) to address concerns raised by certain comments regarding an applicant's ability to procure a broad range of diverse subrecipients. In the final rule, the Department also retains § 59.7(b) and (c) of the 2000 regulations, which the proposed rule would have deleted, but redesignates them as § 59.7(d) and (e). Finally, several stylistic changes are made to improve clarity and readability of the application review criteria.
Some commenters state the rule will unconstitutionally give an advantage to religious groups due to the second factor of the grant review process criteria stating that preference will be given “especially among a broad range of partners and diverse subrecipients and referral individuals and organizations, and among non-traditional Title X partnering organizations.” Some of these commenters express concern that the “diverse” and “non-traditional” organizations the Department is referring to are faith-based providers or religious entities that oppose abortion and some or all forms of contraception. The commenters state that these organizations have been previously ineligible to receive Title X funds but would now be eligible under the new criteria. One commenter argues the rule provides no evidence supporting the idea that there are many “non-traditional” organizations and different kinds of new subrecipients that could cycle into Title X projects and improve low income patients' access to high-quality family planning services.
Some commenters state the rule will not increase competition and rigor among applicants, encourage broader and more diverse applicants, or better ensure quality applicants are selected. Rather, they contend the rule will curtail the current wide reach of Title X by allowing funding to organizations that do not provide comprehensive pregnancy counseling. A few commenters state that there was no evidence that a change in the application review process or additional diversity among applicants is necessary.
Some commenters note that the existing network of Title X primary grantees and subrecipients has been relatively stable over time and has developed deep expertise and experience in family planning that profoundly benefits the communities they serve. They believe the rule will jeopardize the existence of well-developed, proven-effective programs that are based on the best clinical standards, scientific evidence, and care. One commenter asserts that, although the Department states there will be increased competition for funding, the changes set forth in the proposed rule will only change the types of entities applying for these funds, inviting organizations to apply that have no interest in fulfilling the statutory program mandate to provide a broad range of effective family planning methods and services.
Some commenters express concern regarding how much weight will be allocated to each criterion, and whether preferences may be established for Title X projects that do not provide a full scope of scientific, medically based care, citing providers of natural family planning and other fertility awareness-based methods. One commenter expresses a belief that sites providing abortion services will be disqualified and other sites that offer natural family planning and fertility awareness-based methods will be preferred.
One commenter supporting the proposed rule describes the process for evaluating applicants as thorough, and is in favor of requiring applicants to demonstrate their ability to comply with regulations, especially in terms of separation of funds and transparency of activity. The commenter adds that this requirement likely would reduce the potential for misuse of funds. One commenter argues grant applicants should be required to provide written assent to all relevant statutory and regulatory requirements, and should submit all relevant organizational documents, such as personnel manuals, client guidelines and protocols, in order to demonstrate that the organization has a pervasive policy framework and organizational culture consistent with the law and the final rule.
Several commenters state the Department will have unchecked discretion to prevent applications from reaching the objective review process that now governs the awarding of grants, putting the Department in complete unfettered control of which applications will be a part of the objective review process. Such commenters state that, historically, the process has hinged on the evaluation of objective review panels, but the new assessment would be subjective and non-transparent, and would give the Department discretion to block any applicant from reaching the competitive review process, perhaps for political purposes. Several commenters state the criteria are unclear and vague, and ask the Department to specifically and clearly state the criteria with which it will review applicants before they reach the objective panel review. One commenter contends the Department is bypassing the regulatory process to add new criteria, and says the rule will include a subjective standard without oversight.
A few commenters state that, in applying these criteria retroactively to grantees with current grants at the time the final rule goes into effect, the rule would undermine the fairness of the funding opportunity announcement (FOA) and thwart the award process in which applicants were scored on criteria about which they were aware at the time of their applications. The commenters contend that imposition of
Proposed § 59.7(b) would require Title X applicants to clearly address how their proposal will satisfy the requirements of this regulation, in order to proceed to the competitive grant review process. As a result of confusion by some commenters, the Department provides additional clarity with further detail related to the requirements for compliance with this initial screening. An applicant would be required to describe its plans for affirmative compliance with each requirement of the Title X regulations, as explicitly defined by the Department in the funding announcement. For example, this would include not only demonstrating physical and financial separation from abortion as a method of family planning (when compliance with such requirement becomes required), but also explaining how the applicant will provide a broad range of acceptable and effective family planning methods and services. The funding announcement will clearly describe how applicants should address this requirement, including any documentation that is necessary to demonstrate affirmative compliance with each of the regulation requirements. The Department will implement these requirements to better direct Title X funds for family planning projects, to prevent misuse of funds, and to save taxpayer dollars by only sending qualified applications to the costly and time consuming competitive review committee. Once the applicant successfully demonstrates affirmative compliance with the Title X regulations (a yes/no issue), the Department will consider each applicant competitively according to the criteria set forth in the regulation.
In response to a commenter suggesting that applicants be required to submit additional documentation such as personnel guidelines and documents regarding the organizational structure of applicants, the Department agrees that submission of such documents may be included to support an application, but will not require it. The Department concludes that such a requirement may be overly burdensome. Applicants will be required to demonstrate they will achieve the goals of the program and meet the statutory and regulatory criteria, but the Department declines to add the additional documentation requirements suggested by the commenter.
The Department acknowledges the confusion expressed by commenters on the meaning of the phrase “a broad range of partners and diverse subrecipients and referral individuals and organizations, and among non-traditional Title X partnering organizations” in § 59.7(c)(2) of the proposed rule. Although most such commenters objected to the need for new partners, the Department notes that it does not intend that grant funds be designated to referral individuals or referral organizations, since such referrals are made without any monetary exchange. Grant funds would only be provided to “non-traditional Title X partnering organizations” if they are subrecipients in a Title X project. The Department further clarifies that it does not intend that grantees must change subrecipient relationships each year, but that grantees make ongoing efforts to expand the network of partners throughout the service area, especially with respect to nontraditional partnering organizations. The Department additionally clarifies that it does not expect grantees who plan to provide all family planning services themselves, to now designate that these services be provided by subrecipients. The Department wishes to spur innovation and more extensive service, but does not wish to limit grantees' flexibility. However, if grantees implement a model in which they partner with subrecipients for services, the Department wants to emphasize that a broad range of subrecipients be partners, including those who are nontraditional organizations, but this does not necessarily mean that such subrecipients will be new providers in the Title X program. Finally, the Department adds the phrase “as applicable” following the “broad range of diverse subrecipients in recognition of and to allow for grantees, such as community health centers, who may choose to directly provide services and not use any subrecipients. To clarify this provision and resolve the concerns of many commenters, the Department modifies the language of § 59.7(c)(2) in the final rule to read as follows: “The degree to which the relative need of the applicant for federal funds is demonstrated in the proposal, and the applicant shows capacity to make rapid and effective use of grant funds, including its ability to procure a broad range of diverse subrecipients, as applicable, in order to expand family planning services available to patients in the project area.”
The Department rejects the claim by some commenters that the criteria set forth in the rule gives an unconstitutional advantage to religious groups. Neither the proposed language, nor the language of the final rule (including § 59.7(c)(2)), mentions religious groups nor expresses a preference in favor of them. The Department's focus in implementing Title X is on providing and expanding the provision of services to low income, unserved or underserved patients in a timely manner. The Department welcomes applications from faith-based organizations as well as secular non-profit entities. With respect to the criteria in § 59.7(c)(2), the Department would favor those applicants that can meet the needs of patients, especially those who are unserved and underserved, seeking family planning services, while complying with the statutory and regulatory requirements of the Title X program. The Department encourages Title X applicants to develop innovative strategies to meet the family planning needs of the various populations in their proposed service areas. Diversity in the range of partners included in applicants' proposals is but one factor among many that the Department will consider in reviewing applications.
The Department disagrees with commenters who contend the criteria in § 59.7 will diminish the program's effectiveness. Rather, these criteria will assist the Department in ensuring that the statutory requirements of the Title X program are met, the program is serving patients as Congress intended, gaps in services (or populations served) are closed, and providers are free to explore and test new ways to better provide service to patients.
The Department similarly disagrees with commenters who fear the rule, and the review criteria in particular, will exclude some applicants, especially those who provide abortion or those who have long experience with the program. No provision in Title X or in the proposed or final rule prevents abortion-providing organizations from applying for, and receiving, Title X funding, so long as the organization meets this rule's requirements with respect to the proposed Title X project, including physical and financial separation, and not providing,
The Department also disputes the assertion by some commenters that an emphasis will be placed on natural family planning over other methods. In the final rule at § 59.7(c)(1), the Department clearly and specifically requires every Title X project to provide a “broad range of acceptable and effective family planning methods and services (including natural family planning methods, infertility services, and services for adolescents).” The Department emphasizes that Section 1001 of the Title X statute includes natural family planning in its non-exclusive list of family planning methods and services.
Consistent with the Department's historic processes, the weight attached to each criterion is not established in this rule. This is not only consistent with how the Department has operated, but also with the process of most other grant funding programs. The Department reserves the discretion to set forth more specific weights for each criterion in funding opportunity announcements.
The Department has not given itself unchecked discretion to disqualify applications in this rule. First, the Department is bound to maintain the integrity of the program and to implement the program in such a manner as to ensure compliance with statutory requirements. All provisions in this rule seek to achieve that purpose. The 2000 regulations afforded the Department significant flexibility in determining criteria for awards. In the revised version of § 59.7, paragraph (b) sets forth an overarching requirement that each applicant clearly address how the proposal will satisfy the requirements of the regulations and describe the applicant's plans for affirmative compliance. That paragraph, far from giving the Department unconstrained discretion, ensures that projects will comply with the provisions of the applicable statutes (which are embodied in the regulation) and the regulations themselves. It also increases the efficiency of the review process by only expending Department resources for the competitive review panel to review applications that meet the minimum requirements for the program.
Second, paragraph (c) of § 59.7, as revised, does not set forth any novel flexibility or discretion not already provided by the Title X statute and available under the Title X regulations. The 2000 regulations, like section 1001(b) of Title X, simply state the Department shall “take into account” those factors. The statutory list of factors is not exclusive. And the Department has periodically described, in funding opportunity announcements and its grants policy, other criteria applicable to proposals, paying due attention to consistency with the Title X statute and regulations. Section 59.7(c) of this final rule states that applicants “will be subject” to those criteria, again leaving the Department some discretion to describe additional criteria. But in all events, the Department recognizes that such criteria must be consistent with any applicable statutes and regulations. And here, the new regulatory criteria are consistent with the requirements set forth in the Title X statute.
Third, as is true throughout the Department, Title X grants are awarded through a merit-based grantmaking process consistent with the Department's grants policy, and in accordance with the Executive Branch's Uniform Administrative Requirements and the Department's own grants regulations. In this competitive process, eligible applications are reviewed by a panel of independent reviewers and evaluated based in part on criteria in the Title X program regulations, and published in the funding opportunity announcement. In addition to the independent review panel, Federal staff review each application for programmatic, budgetary, and grants management compliance. Finally, applications recommended for funding are evaluated, in accordance with 45 CFR 75.205, for risks before an award is issued.
The Department does not agree with commenters that it will assert unchecked discretion to arbitrarily dismiss applications before reaching the independent review panel. For example, as stated in paragraph (b) of the final rule, the Department has committed to “explicitly summarize each requirement of the Title X regulations . . .” or provide the entire regulation with which the applicant must demonstrate compliance, and has explained that applicants must “describe its plans for affirmative compliance with each requirement.” These requirements, which focus on regulatory provisions with which grantees must comply, provide meaningful parameters to the Department's discretion. Failure by an applicant to clearly demonstrate compliance with Title X regulations would constitute a fatal flaw to an application for Title X funds.
The Department also notes that broad discretion is granted to it by the Title X statute when selecting between potential grantees. The 2000 regulations acknowledged this discretion when they stated that “the Secretary may award grants for the establishment and operation of those projects which will in the Department's judgment best promote the purposes of Section 1001.” 42 CFR 59.7(a). Requiring applicants to establish compliance with Title X regulatory provisions is important to providing the Department with an informed baseline for exercising this discretion. As noted above, these regulatory provisions ensure compliance with the statutory framework and, thus, provide useful information for assessing applications both before and within the competitive grant review process. The Department believes that receiving this information will enable the Department to more efficiently and effectively review the significant number of applications for Title X funding, as well as provide important information to the independent review panel. Accordingly, the Department finds that the final rule reflects a proper and effective exercise of the Department's grant discretion bound by the statutory and regulatory text.
In sum, the Department believes the final rule functionally and appropriately limits the Department's discretion by requiring that applicants be subject to the criteria set forth in § 59.7(c), and that the discretion the Department retains under § 59.7 to consider other factors is not fundamentally different from the non-exclusive lists of factors set forth in the 2000 regulations. The Department believes that this final rule will help ensure reliability and certainty in the grant selection process, while maintaining an open process similar to the selection process for other grants at the Department. In pursuing these ends, the Department continues to focus on ensuring compliance with the statutory Title X requirements,
In response to a commenter who requests that an additional criterion be added to § 59.7(c) to consider whether there is a family planning gap in the community, the Department appreciates the concern. But, as part of the final rule, § 59.7(c)(4) already states the Department will consider “[t]he extent to which family planning services are needed locally. . .” and whether the applicant proposes innovative ways to provide services to unserved or underserved patients. The Department believes that the community's need—including any family planning gaps in the community—is already adequately addressed in that criterion. Furthermore, in response to comments cited earlier that emphasize the value of Title X as the sole federal program dedicated to funding family planning services for low income individuals, the Department adds a reference to low-income patients to the criterion in § 59.7(c)(3) in order to accentuate the obligation of Title X projects to serve low-income patients and populations.
The Department agrees with the concerns of commenters who ask that the application criteria not be effective with regard to a FOA that has already been published, and where applications have already come due, prior to the effective date of this final rule. The Department agrees that applicants should know the criteria on which review of their applications will be based. Therefore, the Department will establish compliance dates for these provisions so that § 59.7 and the criteria set forth therein will be applied only to future FOAs issued after the effective date of this final rule, consistent with the effective dates and compliance dates established in this final rule. To the extent these criteria are relevant to applications for continuation awards under previously awarded grants, § 59.7 will also apply if those continuation award applications are due after the effective/compliance date,
The proposed rule would have deleted current § 59.7(b) and (c) from the Title X regulations. These provisions concern the amount of an award with respect to a project's estimated costs. The Department did not receive comments concerning the proposal to delete these paragraphs. Upon further consideration, however, the Department has determined that it is appropriate to retain these two paragraphs from the 2000 regulations. In section 1006(a), Title X provides that, while the Secretary shall determine the amount of any grant, no grant may generally be made for less than 90% of its costs. The Department believes that these current provisions in the Title X regulations—which reiterates this requirement and provides that no grant may be made for an amount equal to 100% of the project's estimated costs—express statutory requirements for the Title X program. The Department believes explicitly maintaining these statutory parameters in the Title X regulations provide helpful clarity for Title X grantees. Therefore, the Department is not finalizing the proposal to delete these two paragraphs from the 2000 rule, and this final rule will retain the paragraphs, redesignated as paragraphs (d) and (e).
The Department adopts the modification to this section without change, except for corrections in punctuation.
The Department believes the final rule is consistent with standard health care confidentiality practices, in which providers already have conversations with their patients, document those discussions in patient records, and comply with State and local reporting requirements, while otherwise maintaining the confidentiality of that information. Although the Department understands the challenge of balancing protection for victims, complying with State reporting laws, and maintaining trust in the patient-provider relationship, the Department's annual appropriations law requires that Title X projects comply with such State reporting requirements. Moreover, the Department believes that Title X programs can best serve minors and other vulnerable populations by ensuring Title X providers have a plan for reporting abuse as required by State and local reporting laws. Title X projects and participating entities can comply with these reporting requirements and document the measures taken to comply, much as health care providers do in other contexts, without infringing in any way on patient confidentiality.
The Department finalizes this definition with changes in response to comments that emphasize the grantee's responsibility to provide satisfactory assurance to the Secretary that the project complies with the statutory and regulatory Title X requirements.
Commenters also assert that the regulations do not articulate how compliance should be demonstrated under § 59.13, and what documentary evidence would be necessary to provide this assurance.
Other commenters raise general concerns discussed elsewhere in this preamble.
The Department addresses this confusion by modifying a phrase and adding further clarity with regard to where responsibility for compliance lies.
The Department disagrees with commenters who contend the proposed rule at § 59.13 gives improper or unprecedented regulatory authority to the Department beyond the concern addressed above. Title X authorizes the Secretary to promulgate regulations governing grants and contracts issued in the program. 42 U.S.C. 300a-4. Thus, the Department is authorized, and in many cases required to, apply requirements both to primary grantees and to subrecipients of Title X funds. This includes the requirements set forth in section 1008.
The Department disagrees with commenters who assert that the regulations do not articulate how compliance should be demonstrated under § 59.13, and what documentary evidence would be necessary to provide this assurance. The plain text in proposed § 59.13 would require that the grantee provide representations of compliance with the section and each of the requirements in §§ 59.14 through 59.16, and be prepared to support the representations with documentary evidence of compliance if requested by the Department. Proposed § 59.17(b) similarly requires the establishment and documentation of certain protocols, plans and training related to knowledge of and compliance with certain State or local notification or reporting requirements. The grantee would provide a representation or assurance that it has adopted the required protocols and conducted/provided the required training. The types of documentary evidence that might be required could include (1) copies of the protocols or plans that have been adopted and implemented; (2) copies of the training materials; (3) training session sign in sheets; and (4) notations in patients' records as to reporting, notification, or in the case of minors, screening for abuse or victimization. To the extent that additional documentation is required by the Secretary at a later date, future guidance will be communicated to grantees.
Comments concerning the prohibition on providing or performing abortion as a method of family planning are addressed above in the discussion of the definition of “family planning” in § 59.2 and in the discussion of the prohibition on providing, promoting, referring for, or supporting abortion as a method of family planning in § 59.5(a)(5).
Comments concerning the rescission of the requirement in the 2000 regulations to provide abortion counseling, information, and referrals, and concerning nondirective pregnancy options counseling under this rule, are addressed above in the discussion of § 59.5(a).
Comments concerning the prohibition on referral for abortion as a method of family planning, on the promotion, or support of abortion as a method of family planning, and on taking affirmative action to assist a patient to secure an abortion, are considered here, and relate to § 59.14 as well as parts of §§ 59.5(a)(5) and 59.16(a).
The Department finalizes the language at § 59.14 with changes in response to public comments, as discussed below.
Other commenters oppose the prohibition on abortion referrals. A significant number of commenters call the prohibition a gag rule, arguing it restricts providers from speaking freely with their patients about every health concern they may have. They state that this prohibition violates ethical standards and undermines the patient-provider relationship, noting that a health care provider should not fail to provide certain services, namely those associated with abortion, because of private religious beliefs. Some commenters also contend the proposed changes disregard the consciences of providers who support ensuring patient access to information related to abortion and abortion-related services, including providing abortion referrals. And some commenters state that the abortion referral prohibitions in the proposed rule regulate activities outside the Title X program and are, therefore, illegal.
A commenter supporting the proposed rule disputes the characterization of the prohibition on abortion referrals and promotion as a gag rule. The commenter contends the language merely implements what the law already requires and does not prevent physicians or APPs from providing nondirective counseling as long as it is done in a manner consistent with the Title X statute. In addition, the commenter notes that abortion referral prohibitions do not prevent a doctor from making medical determinations on behalf of a patient that require services
The Supreme Court has already recognized the reasonableness of this interpretation. In
The challenged regulations implement the statutory prohibition by prohibiting counseling, referral, and the provision of information regarding abortion as a method of family planning. They are designed to ensure that the limits of the federal program are observed. The Title X program is designed not for prenatal care, but to encourage family planning. A doctor who wished to offer prenatal care to a project patient who became pregnant could properly be prohibited from doing so because such service is outside the scope of the federally funded program. The regulations prohibiting abortion counseling and referral are of the same ilk. . . . This is not a case of the Government `suppressing a dangerous idea,' but of a prohibition on a project grantee or its employees from engaging in activities outside of the project's scope.
The Department disagrees with the view of some commenters that the prohibitions on referral for, encouragement of, promotion of, advocacy for, support of, or assistance with, abortion as a method of family planning regulate non-Title X activities. The Department intends these prohibitions to apply only to the Title X project. The Supreme Court, in
The Department also disagrees with commenters who contend that prohibiting referring for, promoting, supporting, encouraging, advocating for, or taking any other affirmative action to assist a patient to secure, abortion as a method of family planning in Title X projects violates the Church Amendment rights of Title X projects or their employees. Although paragraph (c)(1) of the Church Amendments protects personnel on the basis that they “performed or assisted in the performance of a lawful . . . abortion,”
The Department, thus, finalizes the first sentence of § 59.14(a).
The Department finalizes § 59.14(b)(1) with changes, including to permit the provision of a single list of licensed, qualified, comprehensive primary health care providers (including providers of prenatal care) to pregnant clients. In addition, the final rule requires referral for prenatal care since such care is medically necessary to maintain or improve the health of both the mother and the unborn baby. The Department simplifies and clarifies the description of pregnancy health information in this final rule to read “[i]nformation about maintaining the health of the mother and unborn child during pregnancy.”
The Department also finalizes provisions addressing the permissive nature of nondirective pregnancy counseling and the provision of information about pregnancy health.
As discussed below, the Department also finalizes, as proposed, the final sentence in proposed paragraph (b) concerning cases that require emergency care as paragraph (b)(2).
The Department finalizes § 59.14(c) with changes in response to comments, including the consolidation of the two lists of comprehensive health care providers (from paragraphs (a) and (c) of the proposed rule) into one list and the addition of the requirement that the list and project staff not identify which providers on the list, if any, perform abortion.
The Department finalizes § 59.14(e), which sets forth examples illustrating the rules described in paragraphs (a) through (d), with changes consistent with the changes to those subsections.
Other commenters oppose the fact that the list may include some health providers that perform abortions, contending that Title X projects should not provide women seeking abortion with any list of providers that perform abortion. They contend providing such a list, or any information a woman may use to obtain an abortion, would violate section 1008 as it would make the project one “where abortion is a method of family planning.” Such commenters also contend providing such a list would constitute a referral for abortion. They point to the proposed rule, published by the HHS Office for Civil Rights in January 2018 to implement conscience laws such as the Weldon Amendment, defining referral as providing information that could provide assistance in obtaining a particular health care service.
Several commenters contend that rule's description of two lists—one that may include abortion providers to be given to pregnant patients who want an abortion (described in § 59.14(a) and (c)), and another (described at the end of § 59.14(a)) that does not include abortion providers and that would be given to all other pregnant patients—is confusing and cumbersome for both the patient and the provider.
Other commenters object to the requirement that only doctors are permitted to give the list of providers to a woman seeking abortion described in § 59.14(a) and (c).
Some commenters assert that requiring referrals for pregnant patients to obtain prenatal and/or social services, regardless of the patient's wishes, violates the Congressional requirement that all Title X counseling be nondirective.
Many commenters present objections to the examples set forth in subsection (e) consistent with their objections to the requirements of subsection (a) that those examples illustrate.
The Department's approach to counseling is somewhat different than in the 1988 regulations, which, in addition to prohibiting abortion referrals, also prohibited “counseling concerning the use of abortion as a method of family planning.” In subsequent years, Congress has indicated that nondirective postconception counseling would be permissible, without requiring that any such counseling occur. It has done so through appropriations law provisions requiring that any pregnancy counseling offered in Title X projects be nondirective.
As clarified by the direction given by Congress, nondirective counseling is consistent with the provision as analyzed in
The Department has seriously considered the many comments offered regarding the two lists referenced in proposed § 59.14(a) and (c): One list required for pregnant clients generally, and another list permitted in the more specific circumstance where pregnant clients have decided to seek an abortion and request an abortion referral. The Department agrees that the proposal for two lists to be provided in two different and specific circumstances was potentially confusing and/or burdensome for projects which might be confused or unclear about how to develop and implement the lists. The proposed rule's duplicative description (in both paragraphs (a) and (c)) of the more specific list allowed when a client requests abortion may also have been confusing. And although the proposed rule attempted to describe, in more detail, how a project would respond to requests for abortion or abortion referrals, the Department concludes that description was also potentially confusing and is unnecessary in the final rule.
The Department is finalizing § 59.14(b)(1)(ii) to allow Title X providers to give a single list of providers to any pregnant woman. This list will contain licensed, qualified, comprehensive primary health care providers (including providers of prenatal care). At § 59.14(c), the Department consolidates and finalizes the description and requirements applicable to such list. The Department permits, but does not require, some providers on the list of comprehensive primary health care providers (including providers of prenatal care) to be providers that also provide abortion. The Department believes this will enable some projects to create a single list of comprehensive primary health care providers (including providers of prenatal care). For example, some service sites might find that the main provider of comprehensive primary or prenatal health care services is a hospital that also performs some abortions. At the same time, projects cannot create or distribute a list in which every provider (or a majority) on the list provides abortion. Projects, however, may compile their list so that no providers of abortion are on the list.
Because referrals for abortion as a method of family planning are prohibited, the list of comprehensive primary health care providers (including providers of prenatal care) that Title X projects and providers may provide to pregnant clients (and which may include abortion providers) cannot be used to indirectly refer for abortion or to identify abortion providers to a client. Thus, in the circumstance where a pregnant woman asks for an abortion or an abortion referral for family planning purposes, the project's response would be to say it does not refer for abortions, and then to offer her, if she desires, a list of comprehensive primary health care providers (including providers of prenatal care); that list could include (but not identify) such providers that also perform abortions.
The Department believes these limitations on the list of comprehensive primary health care providers (including providers of prenatal care), as well as the context in which the list would be provided, prevents distribution of that list from violating section 1008, even if some providers on the list also provide abortions. There are many potential reasons or purposes for a Title X provider to provide the list to a pregnant patient. If provision of the list is for a referral purpose, it must be for a permissible purpose, such as to refer the patient for prenatal care or for care of pre-existing maternal health conditions, not for the purpose of referring for abortion as a method of family planning. The final rule prohibits the list and project staff from identifying which, if any, providers on the list provide abortions. The Department, therefore, disagrees with some commenters who contend that including any abortion providers on a list of comprehensive primary and/or prenatal health care providers would render the project one “where abortion is a method of family planning.”
In response to comments, the Department has decided to eliminate the requirement that a list provided specifically to women seeking abortion referrals be provided only by a doctor. Some commenters object to this requirement and note that the proposed rule did not require the list of prenatal care referrals, which was to be provided to all pregnant women, to be provided only by a doctor. Upon consideration of these comments, the Department has decided not to finalize any restriction on which personnel may provide the list to a pregnant patient. Any member of the Title X staff may provide the list, but only physicians and APPs may provide any nondirective pregnancy counseling.
In light of section 1008 and federal conscience laws, the Department has concluded it will not require Title X projects to offer nondirective counseling or information about abortion. The Department similarly will not require projects to offer nondirective pregnancy counseling on other subjects if they choose not to do so. Congress did not require that projects offer pregnancy counseling, but only that such counseling be nondirective, when/if offered. The Department concludes that the final rule should take a similar approach. Accordingly, this rule does not require a Title X project to offer abortion-related pregnancy counseling (or pregnancy counseling at all). When a project chooses to offer such pregnancy counseling, it must be nondirective. The clinic may offer referral services except that, given the statutory parameters set forth in Section 1008, a project is not permitted to provide referrals for abortion as a method of family planning.
Some commenters contend that providing prenatal care referrals violates Congress's requirement that pregnancy counseling be nondirective. The Department responds to this comment above in its discussion of referrals for prenatal care and adoption in § 59.2. Prenatal care is medically necessary for any patient who is pregnant, so referrals for such care do not render counseling directive. Moreover, the Department notes that low income women are more likely to deliver low birthweight babies
The Department does not, however, agree with the commenter who proposes that Title X providers are responsible for prenatal care. While the Department agrees that prenatal care is important to maternal and infant outcomes, and encourages Title X providers to provide comprehensive health care services onsite or through robust referral networks, the provision of postconception and pregnancy services (as distinct from information and referrals for them) are outside the scope of Title X.
Accordingly, the Department is finalizing this section as discussed to simplify and clarify the approach set forth in the proposed rule. Consequently, § 59.14(a) is finalized to prohibit Title X projects from referring for abortion, which includes “any affirmative action to assist a patient to secure such an abortion.” Section 59.14(b)(1) is also finalized to only require Title X projects to refer pregnant clients to a “health care provider for medically necessary prenatal health care.” Subsection (b)(1) also establishes that the Title X provider may also provide certain specified counseling and/or information to the pregnant woman. Finally, subsection (b)(2) establishes that, in cases requiring emergency care, referral is required “to an appropriate provider of medical services needed to address the emergency.”
The Department is finalizing the changes described above to reduce confusion, facilitate implementation of the rule, provide pregnant clients with counseling and information for prenatal care and information to promote the health of the mother and unborn child, and implement section 1008 to ensure Title X does not fund projects where abortion is a method of family planning. The Department also finalizes the examples in paragraph (e), with changes corresponding to the changes made in paragraphs (a) through (d).
At § 59.14(d), the proposed rule would provide: “Provision of medically necessary information. Nothing in this subpart shall be construed as prohibiting the provision of information to a project client that is medically necessary to assess the risks and benefits of different methods of contraception in the course of selecting a method, provided that the provision of such information does not otherwise promote abortion as a method of family planning.” The Department finalizes § 59.14(d) without change.
Several commenters express concern that the proposed language would allow providers to refer patients who need emergency care only to an emergency room, which may not be the best place for the patient. They assert that this will increase unnecessary emergency room use. Commenters ask the Department to clarify in the rulemaking that providers be allowed to refer the pregnant woman to the provider that is clinically appropriate for the patient.
Several other commenters request that the Department clarify the language in the proposed rulemaking regarding women who experience ectopic pregnancies and other life-threatening conditions related to pregnancy. They contend that the exception for “danger of death” should be included in the discussions of the Hyde Amendment. They contend this would assure that Title X providers have accurate information to be compliant and consistent among federal agencies.
The Department appreciates commenters who suggest that the final sentence in proposed § 59.14(b) limits referral to emergency rooms. The Department agrees with a commenter who stated that a hospital emergency room may not always be the most appropriate referral location and that the referral should be commensurate with the medical need. Because the text of the proposed rule would require only referral to “an appropriate provider of emergency medical services,” the Department finalizes this language with clarification to avoid confusion and to emphasize, “[i]n cases in which emergency care is required, the Title X project shall only be required to refer the client immediately to an appropriate provider of medical services needed to
It is also not the intent of the regulatory provisions at § 59.14(b)(2) or § 59.5(b)(1) to restrict the ability of health professionals to communicate to a patient any information they discover in the course of physical examination (or otherwise) about her medical condition, such as an extant condition that might make her pregnancy high risk; to communicate an assessment of the urgency of the need for treatment; or to ensure that a patient is referred to the appropriate specialist for treatment of the condition, consistent with the exercise of his or her professional judgment and the parameters of the Title X program. The restrictions in these provisions solely concern abortion as a method of family planning. For this reason, the Department disagrees that these provisions of the final rule will increase medical liability, or will prohibit Title X projects from providing the factual information necessary to assess risks of a particular family planning or contraceptive method as set out in the patient package inserts.
As noted, at § 59.14(c), the final rule will also provide that a Title X project may not use emergency medical or other referrals as an indirect means of encouraging or promoting abortion as a method of family planning.
The proposed rule, at § 59.15, would require physical and financial separation of a Title X project or facility from prohibited activities (
The Department finalizes this section without change. The Department finalizes the compliance date for this section, as set forth in § 59.19, with changes in response to public comments, as discussed below.
Many other commenters contend that the proposed financial and physical separation requirements and reduced flexibility of funds are illegal, not intended by Congress, burdensome, and unworkable. To begin, commenters claim that the Department fails to adequately justify why the change is necessary and argue that concerns about fungibility or possible co-mingling of funds are flawed. They assert that Title X already prohibits clinics from using federal funds to provide abortions and requires that funds used for abortion be kept separate, and that regular, extensive, and comprehensive audits currently are already used to enforce the existing rule. They contend that the 2000 regulations have successfully ensured separation compliance and that no additional measures are needed. They also contend that improving public education efforts so the public understands Title X funds cannot be used for abortion, would make physical separation unnecessary. These commenters urge the Department to withdraw the new separation requirement, or at a minimum, to provide clearer justifications for the requirement.
Some commenters focus on the possible burden and workability of the rule. They contend that the Department lacks evidence that the rules are feasible, particularly because the separation requirements in the 1988 regulations, which were nearly identical to the proposed rule here, were never fully implemented. They assert that the Department neglected to do adequate research and analysis of how the proposed changes would interact with various State laws, including laws that govern medical licensure and scope of practice. Some commenters state that a Department notice (Provision of Abortion-Related Services in Family Planning Projects, 65 FR 41281, 41282 (July 3, 2000)) allows Title X service sites to use common waiting rooms, staff, filing systems, and other resources and argue that changes to this approach would impair the family planning network by constraining certain providers' ability to participate in the Title X program. They state, for example, that many Title X grantees are hospitals that must be able to perform abortions in emergency situations and would not be able to afford separate infrastructure. Other commenters contend that the financial separation provisions would increase the cost of medical supplies and reduce grantees' ability to make cost-effective bulk purchases. Some commenters contend that 60 days from the date the final rule is published is insufficient time to accomplish the requirement of separate electronic health records. One commenter urges the Department to consult with a diverse group of Title X providers to calculate the monetary and time costs to comply with the proposed changes.
Some commenters contend that the rule will harm patient care. They state that, for women seeking both Title X services and abortion, the rule would require two separate visits to separate facilities because of effects of the restrictions on same-day post-abortion contraception. They claim that the need for two separate visits would create unnecessary costs and obstacles to care. Other commenters express concern that the new provisions would exacerbate health inequalities in terms of sexually transmitted diseases (STDs) among low income people affected by the loss of Title X providers. Some commenters state that the separation provisions undermine the objectives of integrated care and health systems. Similarly, many commenters argue that the requirement for separate electronic medical records (EHR) contradicts the principles of integrated, patient-centered medical care. They contend the financial separation requirement could lead to instances of missing or incomplete patient data and increased costs, as the same patient must have two separate medical records—one for Title X services and another for abortion services.
Some commenters raise other objections. One commenter, for example, expresses concern that the mandated physical separation would reinforce the notion that abortion is not a normal and legal part of health care. One commenter states that if the separation provisions force clinics that perform abortions to close, it would impede training for residents in obstetrics and gynecology. Another commenter expresses concern that requiring physical separation serves to highlight locations where abortion services are provided, which may increase the risk of those locations being the target of violent crime or protest. Several commenters object to the proposed signage requirements. Many other commenters object to the rule because, in their view, it gives the Department unrestricted authority to determine how to apply the separation requirements, while leaving Title X programs with insufficient guidance.
Finally, some commenters argue that mere physical and financial separation is not enough to ensure program integrity. They recommend Title X
In the 1988 regulations, the Department noted that it was requiring physical and financial separation because it found the regulations inadequate without that requirement, stating that the Department found, “as a matter of experience with Title X, its responsibility to administer the program as provided by Congress, and its general administrative discretion, that the provisions of the current guidelines do not faithfully or effectively maintain the prohibition contained in section 1008.” 53 FR at 2923. The 1988 regulations had several key features to address this deficiency and required compliance with the statutory prohibition. Among those, the regulations required grantees to separate their Title X project—physically and financially—from any abortion activities.
Those regulations were upheld on both statutory and constitutional grounds in
The Court similarly rejected constitutional challenges to the regulations. As an initial matter, it upheld the statutory limitation of Title X funds to programs where abortion is not a method of family planning, concluding that “[t]here is no question but that the statutory prohibition contained in [section] 1008 is constitutional” because Congress “may `make a value judgment favoring childbirth over abortion and . . . implement that judgment by the allocation of public funds.' ” 500 U.S. at 192-93 (internal citations omitted; ellipsis in original). The Court explained that the requirement of physical and financial separation was also consistent with the First Amendment:
By requiring that the Title X grantee engage in abortion-related activity separately from activity receiving federal funding, Congress has, consistent with our teachings . . . not denied it the right to engage in abortion related activities. Congress has merely refused to fund such activities out of public fisc, and the Secretary is simply requiring a certain degree of separation from the Title X project to ensure the integrity of the federally funded program.
The Department carefully considered the issue of physical and financial separation in light of the statutory guidance of section 1008 and notes that it is similar to the 1988 regulations, which were upheld by the Supreme Court. The Department has reconsidered the 2000 regulations, which allowed the sharing of physical space so long as certain financial separation was maintained. The Department continues to hold with the 2000 regulations, to the degree it requires financial separation, that financial separation is a necessary condition to implementing section 1008, but it no longer believes financial separation is sufficient without physical separation. For the reasons discussed below, financial separation without physical separation does not sufficiently address the Congressional mandate that Title X funds be separate and distinct from abortion-related services.
The Department disagrees with commenters who contend it has not provided sufficient reasons or evidence to justify the physical and financial separation requirements. In
This concern is particularly acute in light of more recent evidence that abortions are increasingly performed at sites that focus primarily on contraceptive and family planning services—sites that could be recipients of Title X funds. A 2014 report from the Guttmacher Institute provides detail about the various types of facilities at which abortions are performed.
Together, these circumstances create a risk of intentional or unintentional misuse of Title X funds and have created public confusion over the scope of Title X services, about whether Title X projects provide abortion services, and about whether federal taxpayers fund abortion services provided by organizations that are grantees (or subrecipients) of Title X grants/funds. The Department believes that such potential co-mingling and confusion provides sufficient supporting evidence, in addition to the Department's rationale for physical and financial separation upheld in
As discussed above, the Department interprets section 1008 to require Title X project activities to be separate and distinct from prohibited activities (
The Department disagrees with comments opposing the requirement of physical separation on the basis that other means exist to achieve same goals of the proposed rule while still allowing the Title X project and a program engaged in prohibited activities to occupy the same physical space. The Department considered other alternatives to physical separation. For example, it considered whether signs or brochures could be posted to indicate distinctions between the Title X project and Title X prohibited activities, or whether separate staff and examinations rooms within the same area in the facility could sufficiently delineate a separation between the Title X project and abortion-related services. The Department has determined, however, that a shared reception area with materials available on both Title X family planning services and abortion-related services would not resolve the confusion, but could allow it to continue. Signage is often not read, and the segregation of staff or staff responsibilities would not, in the Department's view, provide sufficient distinction to end confusion. Single facilities often have staff fulfilling distinct roles without making the program itself separate. Patients might not be aware of the distinction made between different examination rooms if the entrance and reception area is shared in common, especially in a smaller facility. The optics and practical operation of two distinct services within a single collocated space do not sufficiently create the separation Congress intended when it said Title X funds cannot be spent “where” abortion is a method of family planning. As in its 1988 regulations, the Department interprets section 1008 to require clear physical separation between Title X projects and places “where” abortion is offered as a method of family planning.
The Department agrees that educational efforts to help the general public understand the services provided by Title X as well as those not provided by Title X, would be beneficial and will be considered by the Department. The Department believes that public educational efforts could augment the requirement for physical separation and contribute to more accurate public perception. But such efforts do not negate the need for clear and understandable separation between Title X services and abortion services at the clinic level. Physical separation assists with statutory compliance, in addition to improving public perception, by ensuring that both intentional and unintentional comingling of resources, activities, and services do not take place in ways that are exacerbated when both services are housed in the same space.
The final rule seeks to reduce, and potentially eliminate, any confusion—actual or potential—as to the scope of services supported by Title X funds by requiring funded projects to maintain clear physical and financial program separation from programs that use abortion as a method of family planning. The Department believes the rule will create a clearer and more transparent system of separation and accountability, similar to that established by the 1988 regulations and affirmed in
The Department disagrees with commenters who contend that, because the Department did not have sufficient
Commenters contend that the Department should have conducted more research regarding State laws, and regulation implementation costs by interviewing Title X providers. However, the number or administrability of State laws cannot take precedence over the statutory requirements of the federal Title X grant program. Additionally, the large volume of responses submitted within the 60-day comment period verifies that this process was sufficient for organizational and State stakeholder responses, both of which the Department received and carefully considered.
With respect to the contention of some commenters that the physical and financial separation requirements will destabilize the network of Title X providers, the Department disagrees. The rule continues to allow organizations to receive Title X funds even if they also provide abortion as a method of family planning, as long as they comply with the physical and financial separation requirements. The rule also allows case-by-case determinations on whether physical separation is sufficiently achieved to take the unique circumstances of each program into consideration. As is true for all program requirements, the Department welcomes regular interaction with grantees and subrecipients, should they have questions. Project officers are available to help grantees successfully implement the Title X program in compliance with both the statute and the regulation. The Department encourages grantees to contact the program office with questions, discuss ways to comply with the physical separation requirement, and put a workable plan in place to meet the compliance deadline. Moreover, the Department will not require compliance with the physical separation requirements of § 59.15 until one year after this final rule is published in the
Commenters' insistence that requiring physical and financial separation would increase the cost for doing business only confirms the need for such separation. If the collocation of a Title X clinic with an abortion clinic permits the abortion clinic to achieve economies of scale, the Title X project (and, thus, Title X funds) would be supporting abortion as a method of family planning. Put differently, the abortion clinic would be benefiting from the presence of the Title X project in the same location. Moreover, it would be the participation of the Title X project in bulk purchases and other economies of scale that enables the abortion clinic to achieve economies of scale. Such an argument makes the case that comingling of funds between Title X and abortion services is difficult to avoid without a physical and financial separation between the two.
The final rule does not prevent a woman from seeking and obtaining an abortion. It simply draws a bright line between permissible services provided with Title X funds and prohibited abortion services. The Department, thus, disagrees with commenters who contend the rule should not be finalized because women might need to make separate visits if they seek both Title X services and abortions from a Title X provider. Congress chose to restrict the use of Title X funding in section 1008, and the Supreme Court held in
Moreover, for the reasons discussed above, the Department does not anticipate any loss of Title X providers that will exacerbate health inequalities or harm patient care. The Department anticipates that the rule, overall, will contribute to more clients being served and gaps in services being closed. In response to commenters who contend more time is needed than the proposed 60 days to implement aspects of § 59.15 other than physical separation, such as factors concerning separate signs and other forms of identification in paragraph (d), or factors concerning the requirement for separate electronic health care records in paragraph (c), which commenters say would require separate Electronic Health Record (EHR) systems, the Department disagrees. The Department notes that EHR systems would be considered part of the physical separation requirement. The Department found that approximately 80% of the 4,000 Title X sites were using an electronic practice management system in 2016, with about 70% using the more advanced EHR system.
Although the proposed rule does not identify these factors as such, factors (b)-(d) are factors that help determine whether there is physical separation (the degree of separation from facilities; existence of separate personnel, electronic or paper-based health records, and workstations; and the extent to which signs and other forms of identification of the Title X project are present, and signs and material referencing or promoting abortion are absent). Accordingly, the 1-year compliance date applicable to physical separation will apply to them. Factor (a) (separate, accurate accounting records)
Regarding the remaining comments, the Department rejects the comment that it should not finalize the rule because physical separation reinforces the notion that abortion is not a normal part of health care. It is Congress that singled out abortion as an impermissible activity for Title X projects when it specified that it will not fund Title X projects where abortion is a method of family planning.
The Department likewise rejects the suggestion that the rule will impede training for residents in obstetrics and gynecology because the rule will force abortion clinics to close. This final rule does not require clinics that perform abortions to shut down; it only requires that Title X programs maintain physical and financial separation from any provision of abortion. Residents in obstetrics and gynecology will be able to continue their training on family planning methods and services in Title X clinics or at other clinics that provide abortion services. Such training is not impeded by this final rule.
Although the Department takes seriously the concerns raised about potential violence to locations where abortion services are provided, the Department views those concerns as misplaced objections to this rule. Congress chose not to use Title X funds to support programs where abortion is a method of family planning, and the Department has determined that a clear separation between Title X projects and locations offering abortion services is the most appropriate means of implementing that requirement. In order to comply with statutory program integrity provisions to separate Title X funds from facilities where abortion is a method of family planning, the Title X project should not be intermixed with such abortion services. The Department believes that having signs and other forms of materials referencing or promoting abortion present together with Title X materials will confuse the patient regarding what Title X allows. In addition, the Department believes clinic signs must be clear in identifying Title X services versus abortion services. All such requirements avoid confusion regarding what are Title X services and what are not Title X services. Congress has separately provided protections for locations offering abortion services.
Title X authorizes the Secretary to promulgate regulations governing the program. 42 U.S.C. 300a-4. The Department has exercised this authority through regulations to guide Title X grantees in carrying out the program. The Department disagrees with commenters who assert that Title X programs have insufficient guidance on how to apply the physical and financial separation requirements. The Department has included the factors it considers for physical and financial separation of Title X project or facility from prohibited activities in § 59.15. The Department will also take individual circumstances into consideration. For example, a Title X service site might be a hospital that also performs some abortions. However, there is likely less chance of confusion between the hospital's family planning services and abortion services. There are many and diverse centers within the hospital, often in different locations within the hospital building or complex, with different entrances, signage, waiting rooms, and protocols. In addition, it is highly unlikely that a Title X clinic and abortion facilities would be collocated within a hospital building or complex. As long as the Title X clinic and the hospital facilities where abortions are performed are not collocated or located adjacent to each other within a hospital building or complex, it is highly likely that the hospital is not violating the requirement that there be physical separation between the Title X funded activities and activities related to abortion as a method of family planning. By contrast, in a free-standing clinic, physical separation might require more circumstances to be taken into account in order to satisfy a clear separation between Title X services and abortion services. A free-standing clinic would likely present greater opportunities for confusion between Title X and abortion services, including, for example, the same entrances, waiting rooms, signage, examination rooms, and the close proximity between Title X and impermissible services.
The Department does not believe that the physical and financial separation requirement will lead to the mishandling of patient data, as some commenters suggest. Separate EHR systems may lead to two separate electronic medical records, but that is no more burdensome than if the clinic only offers specific services and the patient needs to go to a separate clinic for other needed health care services. It is not uncommon for people to have different health care providers for different health care needs. If Title X services and abortion services are separate, it is no more difficult for Title X providers to maintain two electronic records, one for Title X services and another for abortion services, than to keep abortion services and other services separate within the same EHR system. Moreover, because of growing interoperability of EHRs and other health IT, it is a simpler matter for one provider to share a patient's EHR with another provider—thus, any risk associated with mishandling or missing patient data should be minimized.
Finally, the Department has considered comments on whether the rule should also require, not just physical and financial separation between Title X projects and programs where abortion is a method of family planning, but also organizational separation, and/or provisions such as a requirement that a Title X clinic must operate under a distinct name from a facility that provides abortion as a method of family planning. After considering all the comments and balancing the Department's need to transition to and implement the proposals it is finalizing in this rule, the Department has concluded that, at this time, it will not finalize this rule to add a requirement of organizational separation or name separation, beyond the requirement for physical and financial separation.
The proposed third sentence, and paragraphs (a)(1) through (6), of § 59.16 would specify that the prohibitions include various activities. Paragraph (b) gives examples to illustrate how the proposed prohibitions and specific items listed in § 59.16(a) would apply.
The Department finalizes the third sentence, and paragraphs (a)(1) through (5), of § 59.16 without change, except for formatting changes to improve readability, as § 59.16(a)(2)(i) through (v). The Department finalizes paragraph (a)(6) of the proposed rule in § 59.16(a)(2)(vi), as modified in response to comments. The Department finalizes § 59.16(b)(2) and (3) with changes for clarity in response to comments, as discussed below, and otherwise finalizes § 59.16(b) without change.
The Department received various and conflicting comments about its legal authority to enact this section. Some commenters argue the Department is exceeding its statutory authority by impermissibly limiting providers' non-Title X activities and by limiting speech and activities by defining such activities as lobbying. Some of these commenters assert the Department does not adequately explain why the prohibitions on advocacy, lobbying and political activities are justified, stating that it is unreasonable to impose the cost of complying with the proposed rule with no justification. Other commenters contend the proposed rule sufficiently protects free speech by prohibiting the encouragement, promotion or advocacy of abortion by Title X projects but not outside of those projects. These commenters further defend the proposed rule on First Amendment grounds by supporting the Department's rescission of the paragraph in § 59.5 that required Title X providers to counsel on, and refer patients for, abortion.
Some commenters state that the proposed language in § 59.16 is vague, making it difficult to discern what is permissible under the proposed rule, causing confusion, and leading to a prohibitory effect on activities paid for with non-Title X funds. Some of those commenters state that the vagueness may lead to decreased participation in the program or the exclusion of qualified providers, reducing access to care for many patients. Some commenters contend that, to comply with the restriction not to pay affiliation dues or disseminate materials with non-Title X funds, grantees would need separate facilities, and this would lead to the isolation of family planning centers that receive Title X funding, limitations on access, and decreases in the quality of care.
Other commenters oppose the section as unnecessary, arguing that Title X grantees already receive sufficient guidance on what is and is not a permissible use of funding, and that the Department has power without this rule to remedy any findings of noncompliance.
Still other commenters support the proposed rule, and assert that the Department should add additional activities to § 59.16, activities that would be considered as promoting abortion. They ask the Department to provide a wider list of prohibited activities in order to avoid confusion. One commenter provided a list of additional activities that should be prohibited.
Multiple commenters express concern about the proposed rule's impact on State law. For example, commenters write that § 59.16 is not consistent with California's Reproductive Privacy Act and Healthy Youth Act. Some commenters contend that, in New York, organizations that can apply for funding through Title X are already prohibited from funding or engaging in any kind of lobbying activities, rendering this section unnecessary.
In
The Department concludes that § 56.16 of the final rule does not violate the First Amendment's protections for the same reasons that the Supreme Court held that the 1988 regulations withstood First Amendment challenges in
The Department appreciates commenters' suggestions of additional activities that should be included in § 59.16(a) as actions that cannot be undertaken in Title X projects, but declines to add to the list of actions in § 59.16(a). The regulatory text indicates that the list is non-exhaustive and that prohibited actions “include” the actions listed; it does not indicate that those actions listed are the only actions that fall under the prohibition on encouragement, promotion, or advocacy of abortion as a method of family planning.
The Department disagrees with commenters who contend the provisions will have the effect of pushing providers out of the Title X program, and, therefore, that § 59.16 will have a negative impact on access to care. Much of § 59.16 merely implements the applicable appropriations law provisions; thus, Title X projects should not currently be using Title X funds to engage in such activities. To the extent that § 59.16 incorporates new requirements, the Department concludes that the articulation of those requirements in rulemaking after notice and public comment is an appropriate approach to ensure consistency and compliance with the parameters applicable to Title X. But in any event, nothing in the final rule precludes entities that encourage, promote, or advocate abortion from being grantees or subrecipients, if such activities are undertaken outside the scope of the project and consistent with the physical and financial separation requirements of these rules. Because section 1008 precludes projects where abortion is a method of family planning, if entities are encouraging, promoting, or advocating such abortions within a project, they are diverging from the goals of Title X. By ensuring that Title X project funds are not diverted to activities that encourage, promote or advocate abortion as a method of family planning, or that assist women to obtain abortions for family planning purposes or to increase the availability or accessibility of abortion, the Department anticipates that more project funds will be available to provide the family planning services that Congress intends in its focused approach to Title X's scope.
The Department does not agree that this rule inadequately considers the requirements of State laws. The rule represents implementation of a clear choice by Congress not to fund certain activities in Title X projects. Applicants for Title X funding will need to maintain an awareness regarding State and local laws to which they are subject, as well as the requirements to which they are subject under this final rule.
The Department finalizes the example in § 59.16(b)(2) with a clarifying change. The proposed rule provided a proposed example that established a Title X project violates paragraph 59.16(a) if it makes an appointment with an abortion clinic for a pregnant client. The Department clarifies this example to be more consistent with section 1008 of the PHS Act, which prohibits funding a Title X project where abortion “is a method of family planning.” Consistent with that language, as noted above and in the second sentence of § 59.16(a), the provisions of this rule implementing section 1008 apply to “abortion for family planning purposes.” Therefore the Department finalizes the example listed in § 59.16(b)(2) to specify that the scenario in question is one where “[a] Title X project makes an appointment for a pregnant client for an abortion for family planning purposes . . .” The Department also makes a change to the example in § 59.16(b)(3), so that it illustrates more directly the activity prohibited in § 59.16(a)(2)(iv), by incorporating into the example information about whether the lobbying funds were separately collected and segregated.
Many commenters state that the proposed rule wrongly gives the Department compliance oversight over State and local reporting laws. Several commenters contend that mandated reporting of intimate partner violence (IPV) would prevent patients from speaking candidly with health care providers for fear that their abuse will be reported before they have had the opportunity to protect themselves (and their children, if applicable) financially, legally, and physically from their abusers. Commenters mention that medical records documenting IPV and other abuse issues can be used in legal contexts, putting patients at risk for further violence.
Many commenters note the complexity and variety of State and local reporting laws. Several commenters emphasize that there must be a balance between the protection for victims of abuse, complying with State laws, and trust in the patient-provider relationship. Several commenters note that State laws already include specific requirements that provide clear direction to health professionals regarding their obligations to report and their responsibility to exercise discretion. One commenter argues that federal and state laws should support physicians in their clinical judgment. Other commenters contend that allegations of providers avoiding reporting responsibilities are without evidence and should not be a basis for policy-making.
In reply to the Department's request for comment on whether a referral agency (to which a Title X project refers) should be subject to the same reporting requirements as a grantee or subrecipients subject to § 59.17, some commenters state there is no need for a referral agency to be subject to the same reporting requirements as a grantee or subrecipient. Several commenters state that community partners and referral agencies are not Title X funded entities, are often overburdened and additional requirements may cause referral agencies to terminate collaborative relationships rather than comply with the new reporting requirements, thereby reducing patients' access to health care.
Some commenters contend that Department enforcement of the provisions of § 59.17(b), including the threat of revocation of funding based on whether providers comply with State and local reporting requirements, would increase pressure on Title X projects to over-report abuse and to engage in “excessive policing,” thus traumatizing patients through interrogative questioning. They also contend the rule would erode patient-provider trust, put patients at risk for serious harm, re-victimize patients that have experienced trauma, stigmatize patients that are sexually active, and negate personal agency for adolescents.
Many commenters contend that mandatory screening raises issues regarding confidentiality for adolescents and minors, noting that the Title X protections for patient confidentiality are some of the strongest under current law.
A few commenters mention that the proposed rule would result in increased cost for screening and reporting, specifically noting the transition to electronic health record templates. A few commenters note that this would lead to decreased care and family planning options for patients, resulting in increased costs for unintended pregnancies.
Many commenters fear, in particular, that screening minors with a sexually transmitted disease (STD), pregnancy, or suspicion of abuse would be harmful to patients and detrimental to the provider-patient relationship, compromising trust and honesty in consultations. Many argue that mandated screening would shift the provider role to that of an interrogator, making young people less likely to reveal abuse, and making them less likely to return to the Title X facility. One commenter argues that the age of a teenager's sexual partner does not have bearing on family planning services. Others contend that mandatory screening would deter patients from seeking family planning services and treatment for STDs, resulting in increased pregnancy and STDs.
Other commenters assert that screening should only be required for patients that show signs of abuse. Commenters argue that the screening is unnecessary, as Title X grantees already are mandated to adhere to Federal and State notification requirements. Some commenters note that the proposed rule may conflict with Medicaid coverage, which permits confidential family planning services for individuals of childbearing age, suggesting that it creates confusion as to who must be screened.
Several commenters support a commitment to confidentiality, but also support the new rules as an important safeguard for minors who may be the victims of sexual abuse. One commenter recommends that projects be required, rather than permitted, to diagnose, test for, and treat STDs.
Finally, some commenters describe instances in which they claim the language of the proposed rule is confusing. For example, they contend that required screening for patients “under the age of consent in the State” is inconsistent with the requirement for Title X projects to implement a plan committing to preliminary screening of teenagers with a sexually transmitted disease (STD), pregnancy, or any other suspicion of abuse. Such commenters suggest the language be re-written to clarify the intent.
The Department understands the sensitivity that comes with IPV, but concludes that, if a State or local jurisdiction has enacted laws to require reporting of IPV by entities that are Title X grantees or subrecipients, it is appropriate for the Department to ensure that such entities comply with
The Department acknowledges that complying with State and local laws may be complicated, and for that reason Title X grantees and subrecipients must have in place a plan that ensures that the grantee and any subrecipients are aware of what specific reporting requirements apply to them in their State (or jurisdiction), and provide adequate training for all personnel with respect to these requirements and how such reports are to be made. The complexity of those laws is not an excuse for non-compliance, and the Department will not tolerate Title X grantees and subrecipients failing to comply with the reporting requirements that State and local governments have seen fit to enact as binding legal requirements. The proposed rule at § 59.17 defers to State and local jurisdictions on what reporting requirements apply, and in this way fully respects Federalism and the proper jurisdiction over such crimes that is exercised by State and local governments. The proposed rule does not add any substantive reporting requirement that State and local jurisdictions do not already impose; the rule simply ensures that the Title X grantees and subrecipients are in compliance with federal law by ensuring that such grantees and subrecipients are in compliance with State and local reporting requirements.
As several commenters note, State and local laws can be vital resources in crafting protocols since they often provide direction to health professionals regarding how to balance their obligations for reporting with the exercise of discretion to best protect the safety of the victim. As part of prevention, protection, and risk assessment efforts, grantees and subrecipients should include compliance protocols to identify individuals who are victims of sexual abuse or who are targets for underage sexual victimization, as well as to ensure that every minor who presents for treatment is provided counseling on how to resist attempts to coerce them into engaging in sexual activities (as required by appropriations law applicable to Title X).
The Department believes that increased compliance requirements strengthen protection for minors and other vulnerable populations. The proposed rule, and this final rule, at § 59.17 explicitly address the requirement for Title X projects to comply with all State and local laws regarding the notification or reporting of crimes involving sexual exploitation, child abuse, child molestation, sexual abuse, rape, incest, intimate partner violence, and human trafficking (collectively, “State notification laws”). The Department's Office of Inspector General (OIG) issued a 2005 report revealing that even though OPA informs and periodically reminds Title X grantees and subrecipients of their responsibilities regarding State child-abuse and sexual-abuse reporting requirements, it could not determine the extent to which grantees actually comply with these requirements.
The Department is also sensitive to concerns raised by commenters that victims of abuse are sometimes repeatedly victimized after abuse is reported. Therefore, the Department expects grantees and subrecipients to include additional training in their protocols to assist counselors with their interactions with a victim of abuse and to ensure that they are equipped to make referrals that increase the safety of the patient. The regulatory text is updated to reflect this additional component of training for Title X staff in paragraph (b)(1)(ii) of § 59.17. The final rule adds that the policies will include training regarding State notification laws and “appropriate interventions, strategies, and referrals to improve the safety and current situation of the patient. . . .”
The Department has considered the request of some commenters to broaden the reporting requirements even further. The Department concludes, however, that the proposed language is consistent with language that has been included in appropriations acts for the Department since fiscal year 1999.
Having considered the comments about whether to broaden the reporting requirements to include entities that are not grantees or subrecipients, such as referral agencies, the Department agrees with commenters who state that referral partners should not be subject to the same reporting requirements. Referral agencies do not receive Title X funds, therefore, the Department declines to make changes in § 59.17 that would expand the provision to impose reporting requirements on entities that are neither recipients nor subrecipients of Title X funds.
The Department disagrees with commenters who say the training and reporting requirements in the proposed rule will lead to over-reporting or erode patient trust and confidentiality. Title X grantees and subrecipients are already subject to State and local reporting laws, and Congress has made it clear that the receipt of Title X funds does not permit Title X grantees and subrecipients to avoid such obligations. In addition, § 59.11 of the 2000 regulations permits the use of confidential information obtained by project staff to comply with State and local reporting requirements. The Department will not second guess the determinations of States or local governments that these reporting requirements do not erode patient trust and confidentiality, but protect vulnerable persons. The Department is not aware of compelling evidence to the contrary from commenters. The Department also hopes that victims of
The Department disagrees with commenters who assert the regulations will abrogate confidentiality for minors, stigmatize them, cause them to lose their personal agency, or violate their informational privacy rights. All recordkeeping, except that which must be submitted as a result of mandatory reporting, is subject to the same confidentiality requirements as other medical services rendered by the clinic. If a minor is a suspected victim of abuse, the Title X provider has the obligation to report suspected abuse,
The Department disagrees with some commenters who contend the age of a minor's sexual partner has no relevance for Title X grantees. State and local reporting laws concerning sexual abuse or child abuse often have elements concerning the age of the minor and the minor's sexual partner. Title X exempts neither Title X providers nor Title X health care providers from their responsibility to comply with State and local reporting laws. Child abuse, child molestation, sexual abuse, rape, incest, intimate partner violence, and human trafficking are crimes that affect individuals, families, and communities. Title X projects should be the exemplar of an appropriate model for protecting those who are vulnerable to sexual abuse, rape, and assault; in developing protocols to identify clients who may be at risk for sexual abuse; in counseling teens on, and in producing programs and materials that assist teens in, resisting sexual exploitation, abuse, and coercion;
.
The Department disagrees that required sexual abuse/victimization screenings are harmful to patients. Similar to typical components of a medical history, Title X projects are already required to conduct a preliminary screening of any teen who presents with an STD, pregnancy, or suspicion of abuse in order to rule out victimization of a minor. Such screening is required with respect to any individual who is under the age of consent in the jurisdiction in which the individual receives Title X services. If positively diagnosed, projects are permitted to treat STDs as an appropriate preconception service. The requirement in the final rule is more explicit in the age parameters in order to offer consistency from State to State and to ensure that this requirement consistently applied throughout all Title X services areas. This requirement is responsive to both State notification laws as well as the appropriations rider related to sexual coercion of minors. The Department does not believe, as some commenters suggest, that Title X providers should be required to diagnose, test for, and treat STDs, although testing and treatment would be an appropriate referral service, if not offered onsite. Sites must offer a variety of family planning services, but are not required to provide all such services. As an important component of the screening process, staff would sensitively converse with patients and build trust, while obtaining the information needed to comply with the screening and reporting requirements.
The Department disagrees with commenters who assert the rule conflicts with Medicaid coverage confidentiality requirements. The rule requires screening for minors who are pregnant or test positive for STDs. The preliminary screening is used to determine whether the minor is a likely victim of sexual coercion, a concern of Congress, as evidenced by its specific mandate that Title X projects provide “counseling to minors on how to resist attempts to coerce minors into engaging in sexual activities.”
The Department disagrees with commenters who assert only those with visible signs of abuse should be screened or that screening is unnecessary. Pregnancy, or the presence of an STD, can be evidence of abuse or a predictive sign of abuse, especially among younger minors. Often victims
The Department agrees with some commenters who observe that the language of the proposed rule is inconsistent in referring to a “minor” several times, an individual below the “age of consent” in another place, and to a “teen” in the first part of the first sentence of § 59.17(b)(1)(iv). The Department intended the rule to refer to “minors” in all such instances, and finalizes § 59.17(b)(1)(iv) to change the word “teen” to “minor;” and to remove the sentence referencing “age of consent” in relation to State laws, since preliminary screening for minors would be separate from, but inclusive of, ages included in individual State notification laws.
Although § 59.17(a) defines the term “State notification laws” for the purposes of the section to refer collectively to “all State and local laws requiring notification or reporting of child abuse, child molestation, sexual abuse, rape, incest, intimate partner violence or human trafficking”, the prefatory text of § 59.17(b)(1) mistakenly uses the phrase “State laws” instead of “State notification laws.” The Department therefore finalizes § 59.17(b)(1) prefatory text to change the phrase “State laws” to “State notification laws,” consistent with the intent of the proposed rule.
The 2000 regulations required that any Title X funds must be expended solely for the purposes for which the funds were granted. The proposed rule would add § 59.18, which clarifies this language by detailing the prohibited uses of Title X funds, including their use for abortion-related infrastructure building, lobbying activities, and any other possible misuse of funds. The Department finalizes the section without change, except to make technical edits that improve understanding and readability.
Some commenters support the proposed language of § 59.18 prohibiting the use of Title X funds for building infrastructure that supports a Title X grantee's abortion-related activities. Commenters state that the proposed changes will help ensure that Title X funds are correctly appropriated. Others believe the rule should go further and require grantees or subrecipients to demonstrate that they do not fund abortion services with Title X funds.
Some commenters contend it is unnecessary for the Department to prohibit the use of Title X funds to support abortion services, infrastructure building for that purpose, or lobbying. They contend current accounting, reporting, and auditing requirements already ensure that each Title X project fully accounts for and justifies charges against the Title X grant.
The Department disagrees with commenters who suggest that there have been no concerns raised regarding improper use of Title X funds. The Department believes that, even if the extent of such misuse of funds is not fully known, the Department is still legally obliged to ensure funds are not misused, so it is appropriate for the final rule to identify what constitutes such misuse of Title X funds. Increased transparency will ensure greater accountability for the use of Federal funds and will mitigate confusion about what services the federal government supports and funds.
As explained in the proposed rule, the flexibility in the use of Title X funds under the 2000 regulations raises concerns about the fungibility of assets that could be used to build infrastructure for abortion services. By law, Title X providers must secure other sources of revenue to leverage Title X grants. 42 CFR 59.7(c) (“No grant may be made for an amount equal to 100 percent for the project's estimated costs.”). Medicaid providers are reimbursed by States for allowable expenditures. By their very nature, grants afford considerably greater latitude and versatility to grantees on how funds are used. If an organization receives both Medicaid and Title X funding, for example, Medicaid reimbursement payments might be used to cover many family planning services, freeing up Title X funds to be used for infrastructure-building and support. In its
Up-front funding helps supply a cash-flow cushion for providers who are often operating on tight and uncertain budgets. More specifically, Title X grantees use the program's flexible grant funding in a variety of ways to address staff-related issues, including hiring individuals capable of meeting communities' need for linguistic or culturally appropriate care, training staff on the latest medical techniques or to provide tailored counseling for clients with special needs, maintaining sufficient staff to operate outside regular business hours and paying sufficient wages to staff at all levels to reduce high turnover rates that often plague health centers. Providers may also use Title X funds for operational investments, such as utilizing advanced technologies and facilitating more accessible and efficient client care . . . . Finally, Title X undergirds the infrastructure and general operations of the health centers themselves in ways that Medicaid and private insurance simply cannot. Title X funds go to centers up front as grants, rather than after the fact as reimbursement for services centers have provided to individual enrollees. Providers have long relied on that flexibility to hire, train and maintain their staff to meet the diverse needs of their clients and community. They have also depended on these grants to keep their lights on and their doors open, to adapt to unexpected budget shortfalls and to make improvements to their facilities. Such versatility is even more vital in the era of health reform. The up-front investments in staffing, training and infrastructure needed to work effectively with health plans—and to thereby draw in new revenue to serve more clients—are substantial, and flexible funds like those provided through Title X are ideal for such investments. Those expenses include upgrading health information technology systems and training staff on their use, training clinicians and front-line staff to properly code and bill for services provided, obtaining the appropriate credentials to ensure third-party reimbursement, and devoting time and resources to researching available health plans and negotiating contracts with them. They may also include expenses related to outsourcing some administrative functions to private contractors or as part of collaborations with other health care providers.
In a 2007 report, Guttmacher expanded upon the infrastructure support afforded by Title X funding:
Title X can subsidize the intensive outreach necessary to encourage some individuals to seek services. Furthermore, by paying for everything from staff salaries to utility bills to medical supplies, Title X funds provide the essential infrastructure support that enables clinics to go on and claim
Infrastructure building may include securing physical space, developing or acquiring health information technology systems (including electronic health records), bulk purchasing of contraceptives or other clinic supplies, clinical training for staff, and community outreach and recruiting. An anecdotal story
Ibarra of California's Venice clinic says her agency sends street outreach teams into the community with backpacks of condoms and basic educational materials, while other teams make regular visits to homeless shelters. Often, it will take multiple visits to a shelter or street-corner conversations until someone feels safe enough to come to a clinic. According to Ibarra, Title X will fund and train the outreach workers, purchase the condoms and often even develop the educational materials they distribute. Only when a client actually comes to the clinic is reimbursement available (through Medicaid or any other source), and then only if the client qualifies. According to Annette Amey, director of program evaluation for CFHC, “it's all about getting people to the inside of the clinic door, and for that Title X dollars are indispensable.”
The Department is concerned about this infrastructure building on both statutory and policy grounds. As a statutory matter, the use of Title X funds to build infrastructure that can be used for purposes prohibited with these funds, such as support for the abortion business of a Title X grantee or subrecipient, clearly violates section 1008. As a policy matter, Title X is the only discrete, domestic, Federal grant program focused solely on the provision of cost-effective family planning methods and services. As the number of Americans at or below the poverty level has increased, the need to prioritize the use of Title X funds for the provision of family planning services has as well.
The Department concludes it is appropriate to implement the statutory requirements applicable to Title X by imposing the § 59.18 restrictions addressing the use of Title X funds for infrastructure purposes related to abortion, particularly in combination with the § 59.15 requirement of physical and financial separation of Title X projects from prohibited activities (
One commenter asks that the changes be scheduled to take effect at the end of the project period during which the rule is finalized in order to limit confusion for current grantees. One commenter suggests that Title X create different transition requirements for different Title X providers based on resource-level, location revenue, and client population.
Additionally, one commenter notes the cost of establishing new Electronic Health Record (EHR) systems would include the costs for new hardware and infrastructure for these systems. In New York State, providers may not purchase equipment in the final year of a grant cycle. Since 2019 is the final year of the grant for New York State Family Planning projects, the commenter contends that these providers would be unable to comply with the new requirements until a new grant is issued.
One commenter requests that the financial transition period be lengthened from 60 days to six months, stating that, according to businesses that provide modification and implementation of EHR systems, six months, at minimum, is needed. The majority of commenters recommended changing the transition period to one year for financial separation.
The Department extends some of the compliance dates of certain sections or paragraphs in the rule, by which covered entities must comply with those sections after their effective date, in response to public comments as follows.
The Department maintains the compliance date of one year for the physical separation requirements of § 59.15. The Department disagrees with commenters who contend one year is an insufficient time period for covered entities to comply with the physical separation requirement of the rule. The Department believes one year is an ample and generous amount of time for an entity to rearrange locations, find new locations, comply with related State requirements, or even make changes to a facility to physically separate Title X services from abortion services. These rules might be satisfied by placing Title X projects (or the abortion services) in a different location without changing any physical or facility space. It is not uncommon for health care providers to change locations, change their physical space, or even add new service delivery locations. As a result, the Department disagrees with commenters who assert that patients will lose service because of the physical separation requirement would apply beginning one year after the publication of the final rule.
The Department agrees with commenters who contend some other components of § 59.15, such as those pertaining to electronic health records, should also be subject to the one-year separation requirement. The Department considers the electronic health records to pertain to physical separation and, thus, subject to the one-year compliance deadline. However, the Department will require that Title X projects and providers comply with the requirement of financial separation by July 2, 2019. The Department therefore finalizes paragraph (a) of the transition rule specifying the compliance date for the physical separation requirements contained in § 59.15, by which covered entities must comply with such requirement, as March 4, 2020. Title X projects may comply with the physical
Various parts of the final rule impact applications for grants, namely § 59.7, the removal of § 59.5(a)(10)(i), and § 59.5(a)(13) as it applies to grant applications. The Department intends that these requirements will apply prospectively to applications for competitive or continuation awards, but not to applications that have been submitted before publication of the final rule or that are due in a time period soon after publication of the final rule. The Department intends that these provisions will apply to applications for which the Department has informed the applicant these provisions will apply. Therefore, the Department finalizes paragraph (b) of the transition section to establish that the compliance date for covered entities regarding § 59.7, the deletion of § 59.5(a)(10)(i), and § 59.5(a)(13) as it applies to grant applicationswill be the date on which competitive or continuation award applications are due, where that date occurs after July 2, 2019.”
The Departments have carefully reviewed comments seeking more time for implementation of requirements for reporting, submitting assurances, and providing certain services. These sections include §§ 59.5(a)(12), 59.5(a)(13) as it applies to all required reports, 59.5(a)(14), (b)(1) and (8), 59.13, 59.14, 59.17, and 59.18. In response to the request by commenters that more than 60 days is needed for compliance with such requirements, the Department has concluded that it will finalize the transition section to allow 120 days for compliance with this section. The Department believes this provides sufficient time for grantees and subrecipients to comply with these requirements. Therefore, the Department finalizes paragraph (c) of the transition section to establish the compliance date for covered entities regarding § 59.5(a)(12), § 59.5(a)(13) as it applies to all required reports, § 59.5(a)(14), § 59.5(b)(1), § 59.5(b)(8), § 59.13, § 59.14, § 59.17, and § 59.18is July 2, 2019.”
The Department concludes that the remaining requirements of the final rules, that is, all requirements not specified above, can be satisfied within 60 days of publication of the final rules in the
The Department examined the impacts of the final rule as required by Executive Order 12866 on Regulatory Planning and Review (September 30, 1993); Executive Order 13563 on Improving Regulation and Regulatory Review (January 18, 2011); the Regulatory Flexibility Act, 5 U.S.C. 601 (RFA); Unfunded Mandates Reform Act, 1995, Public Law 104-4, Title II, sec. 202(a), 109 Stat. 48, 64 (1995); Executive Order 13132 on Federalism (August 4, 1999); the Congressional Review Act, 5 U.S.C. 804(2); section 654, 5 U.S.C. 601 (note), on the Assessment of Federal Regulation and Policies on Families; E.O. 13771 on Reducing Regulation and Controlling Regulatory Costs (January 30, 2017); and the Paperwork Reduction Act of 1995, 44 U.S.C. 3501-3520.
In addition, the Department carefully reviewed the public comments, and as a result, has updated the estimated costs for implementing the final rule in some cases. Those changes are described below and reflected in the narrative and calculations represented later in this section.
Commenters contend that the proposed rule qualifies as a “significant regulatory action” under E.O. 12866 and E.O. 13563, and maintain that the Economic Impact Analysis performed by the Department failed to address the potential cost to patients and providers. Commenters contend that the Department focused on the benefits and protections of the proposed rule, but failed to adequately address potential problems. For example, commenters contend that the Department did not accurately estimate costs associated with the physical separation requirement, the new definition of “low income family,” and unintended births that will result from the regulation.
The Department's impact analysis provides its best thinking on the effects of the proposed rule. It acknowledges that it is difficult to forecast all of its effects, and acknowledges uncertainty regarding the estimates. However, the Department believes that this proposed rule will result in better outcomes for people interested in utilizing Title X family planning services and does not believe that public comments provided substantive evidence of negative effects of the proposed rule.
Executive Orders 12866 and 13563 direct agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). Under Executive Order 12866, the Office of Management and Budget's (OMB's) Office of Information and Regulatory Affairs determines whether a regulatory action is significant and, therefore, subject to the requirements of the Executive Order and review by OMB. Section 3(f) of Executive Order 12866 defines a “significant regulatory action” as an action that is likely to result in a rule that (1) has an annual effect on the economy of $100 million or more, or adversely affects in a material way a sector of the economy, productivity, competition, jobs, the environment, public health or safety, or State, local or tribal governments or communities (also referred to as economically significant); (2) creates serious inconsistency or otherwise interferes with an action taken or
The RFA requires agencies that issue regulations to analyze options for regulatory relief of small entities, businesses, 501(c)(3) entities, as well as government entities if a rule has a significant impact on a substantial number of small entities. The RFA generally defines a “small entity” as (1) a proprietary firm meeting the size standards of the Small Business Administration (SBA); (2) a nonprofit organization that is not dominant in its field; or (3) a small government jurisdiction with a population of less than 50,000. (States and individuals are not included in the definition of “small entity.”) The Department considers a rule to have a significant economic impact on a substantial number of small entities if at least 5% of small entities experience an impact of more than 3% of revenue. The Department does not believe that the rule will have a significant economic impact on a substantial number of small entities. Supporting analysis is provided below.
Section 202(a) of the Unfunded Mandates Reform Act of 1995 requires that agencies prepare a written statement, which includes an assessment of anticipated costs and benefits, before proposing “any rule that includes any Federal mandate that may result in the expenditure by State, local, and tribal governments, in the aggregate, or by the private sector, of $100,000,000 or more (adjusted annually for inflation) in any one year.” Public Law 104-4, Title II, sec. 202(a), 109 Stat. 48, 64 (1995). The current threshold after adjustment for inflation is $150 million. The Department does not expect this rule to result in expenditures that would exceed this amount.
Executive Order 13132 establishes certain requirements that an agency must meet when it promulgates a rule that imposes substantial direct requirement costs on State and local governments or has federalism implications.
One commenter stated that the Department did not adequately assess the impact of the NPRM on individuals' health and well-being, as is required under Public Law 105-277. According to the commenter, the Department provided no details of an assessment in the NPRM, but only stated that the proposed rule would not negatively impact health and well-being. The commenter requests that the Office of Management and Budget (OMB) look into this issue.
The Department also disagrees with comments suggesting that federalism requires the Department to permit Title X projects to provide directive counseling and information about abortion, or referrals for abortion. As the Supreme Court held in
The Department disagrees with comments that suggest the inclusion of a federalism impact statement in the 2016 Title X regulation demands the same for this rule. The 2016 regulation was a regulatory change to the status quo of the 2000 regulations that limited the ability of states and other grantees to choose their own subrecipients; the Department specifically stated that its reason for issuing the rule was to respond to new approaches to competing or distributing Title X funds that were being employed by several States. As a result, the 2016 regulation had a federalism impact. This final rule, however, removes a provision that Congress has already legislatively repealed through the Congressional Review Act. That regulatory provision was nullified as a matter of law when the President signed the repeal. This rule simply conforms the text of the Title X regulations to what Congress has already done. Consequently, there is no federalism impact of the removal of this provision.
Additionally, States are free to apply or not apply for Title X funding and so are only required to comply with regulations in this Federal program if they decide to apply for a grant under the discretionary Title X program and, thereby, voluntarily agree to follow the statutory program integrity provisions, the regulation provisions, and those requirements communicated in the funding announcement. Should they agree that the Title X program is a good fit for their State government
The Department disagrees with comments suggesting that State and local entities will incur additional costs to provide services that were once part of Title X, but are no longer permitted. Commenters fail to provide convincing evidence of these costs and also fail to provide evidence that there will be reduced access to Title X services as a result of this rule. Accordingly, the Department concludes that the final rule does not contain policies that have federalism implications, as defined in Executive Order 13132 and, consequently, a federalism summary impact statement is not required.
This final rule amends the regulations governing the Title X program to ensure programmatic compliance with statutory program integrity provisions. Specifically, the rule:
(1) Aligns the regulation with the statutory requirements and purpose of the Title X program, the appropriations provisos and riders addressing the Title X program, and other obligations and requirements established under other Federal law;
(2) Expands the scope of enforcement and auditing mechanisms available to the Department to enforce such program requirements; and
(3) Requires individuals and entities covered by this proposed rule to adhere to certain procedural and administrative requirements that aim to improve client care and increase transparency.
The Department evaluated the effects of this rule over 2019-2023. As a result of comments, it has increased estimated costs. Costs are estimated to be $69.2 million in 2019 and $14.8 million in subsequent years. Present value costs of $110.4 million and annualized costs of $26.4 million are estimated using a 3% discount rate; present value costs of $91.1 million and annualized costs of $27.2 million are estimated using a 7% discount rate. The quantified and non-quantified benefits and costs are summarized in Table 1.
This final rule addresses two categories of problems:
(1) Insufficient compliance with the statutory program integrity provisions and the purpose and goals of the Title X program (especially those related to section 1008), the appropriations provisos and riders addressing the Title X program, and other obligations and requirements established under other Federal law; and
(2) Lack of transparency regarding the provision of services (with respect to both the identity of the providers and the services being provided by such entities). Each of the issues fall into one or more of these categories.
While the 2000 regulations state that Title X projects must not provide abortion as a method of family planning, they do not provide sufficient guidance to ensure that Title X projects comply with section 1008 by not encouraging or promoting abortion as a method of family planning. Limiting section 1008's prohibition to only “direct” facilitation of abortion is not consistent with the best reading of that provision, which was intended to ensure that Title X funds are also not used to encourage or promote abortion. For example, the 2000 regulations:
• Mandate that providers provide counseling on and referral for abortion, if requested by the client;
• Permit shared locations, facilities, personnel, file systems, phone numbers, and websites between Title X clinics and abortion clinics, creating confusion regarding the scope of Title X services and whether the Federal government is funding abortion services; and
• Permit a fungibility of assets that can be used to free funds and build infrastructure for abortion services, including physical space, health information technology systems, community recruitment, and bulk purchase of contraceptives and other clinic supplies.
The lack of clear operational guidance on the abortion restriction in section 1008 has created confusion as to what activities are proscribed by section 1008. With abortions increasingly performed at nonspecialized clinics primarily serving contraceptive and family planning clients, it is critical that the Department ensure that Federal funds are not directly or indirectly supporting, encouraging, or promoting abortion as a method of family planning and that there is a clear demarcation between Title X services and abortion-related services for which Title X funds cannot be used.
The 2000 regulations suffer from additional deficiencies. They are inconsistent with the conscience
This final rule addresses each of the foregoing problems. First, to assist the Department in ensuring compliance with, and enforcement of, the section 1008 prohibition, the final rule will prohibit family planning projects from using Title X funds to encourage, promote, provide, refer for, or advocate for abortion as a method of family planning; require assurances of compliance; eliminate the requirement that Title X projects provide abortion counseling and referral; require physical and financial separation of Title X activities from those which are prohibited under section 1008; and provide clarification on the appropriate use of funds in regard to the building of infrastructure.
To assist the Department in ensuring compliance with, and enforcement of, appropriations provisos and riders addressing the Title X program, the final rule also reiterates the voluntary, non-coercive nature of Title X services; requires Title X facilities to encourage family participation in a minor's decision to seek family planning services; requires Title X facilities to provide minors with counseling on how to resist attempts to coerce them into engaging in sexual activities; prohibits the use of Title X funds for any activity that in any way tends to promote public support or opposition to any legislative proposal or candidate for office; clarifies the duty of projects to comply with State and local laws requiring notification and reporting of criminal sexual exploitation; explains that confidentiality of information may not be used as a rationale for noncompliance with such notification or reporting laws; and requires assurances of compliance and maintenance of records.
To assist the Department in ensuring compliance with conscience protections embodied in the Church, Coats-Snowe, and Weldon Amendments, the final rule eliminates the requirement that Title X projects provide abortion counseling and referral. These changes will also add clarity to extant conscience protections, making it easier for entities to participate who may have felt unable to do so in the past. In addition, though already permitted in the 2000 regulations, the final rule clarifies that participating entities within a project may offer only a single method or a limited number of methods as components of a Title X family planning project, so long as the overall project provides a broad range of acceptable and effective family planning methods and services throughout the service area.
Second, to ensure that the Title X program places an adequate emphasis on holistic family planning services that recognize the need for linkages with comprehensive primary health care providers, the final rule clarifies the definition of family planning; provides for the referral of pregnant patients for appropriate prenatal services; encourages the provision of comprehensive primary health services onsite or through a robust referral linkage; and updates the application review criteria, including to expand provision of family planning service in under- and un-served areas and populations.
Third, to ensure transparency regarding the provision of services, the final rule requires additional information from applicants and grantees regarding subrecipients, requires a clear explanation of how grantees ensure adequate oversight and accountability for compliance and quality outcomes among subrecipients and requires each project supported under Title X to fully account for, and justify, charges against the Title X grant. The Department believes these changes will ensure that OPA has the information necessary to determine whether Title X projects, grantees, and subrecipients are complying with the statutory provisions of the program. Title X grantees and subrecipients must comply with the Federal laws that are the subject of this proposed rulemaking. In addition to conducting outreach and providing technical assistance, OPA has the authority to initiate compliance reviews and take appropriate action to assure compliance with the provisions in this final rule.
This rule would affect the operations of entities which receive Title X grants or are subrecipients of such entities at some point in time. According to the 2016 Family Planning Annual Report (FPAR), there were 91 Title X grantees and 1,117 Title X subrecipients in 2016.
The Department estimates the hourly wages of individuals affected by this proposed rule using information on hourly wages in the May 2016 National Occupational Employment and Wage Estimates provided by the U.S. Bureau of Labor Statistics
Throughout, estimates are presented in 2016 dollars. When present value and annualized values are presented, they are discounted relative to year 2016. Finally, the Department estimates impact over five years starting in 2019. Please note that the list includes staff that the Department assumes will be impacted by the final rule and is inclusive of those positions which are included in the APP category.
To comply with the regulatory changes proposed in this final rule, affected entities must learn the rule's requirements, review their policies in the context of these new requirements, and determine how to respond. Affected entities here would include not only existing grantees and subrecipients, but also potential grantees and subrecipients. Consistent with our view that this proposed rule would increase competition for Title X funding, the Department estimates that potential grantees and subrecipients range from between 100% and 300% of their 2016 values, with a central estimate of 200%. This implies 182 potential grantees and 2,234 potential subrecipients. The Department estimates that learning the final rule's requirements and determining how to respond would require an average of 20 hours for potential grantees and an average of 10 hours for potential subrecipients, divided evenly between managers and lawyers, in the first year following publication of the final rule. As a result, using wage information provided in Table 2, this implies costs of $3.11 million in the first year following publication of the final rule.
Individuals involved with delivering family planning services would need to receive training on the requirements of the final rule. To convert FTEs reported in FPAR to the number of individuals who would receive training, the Department assumes that each individual works an average of between 0.5 FTEs and 1.0 FTEs delivering Title X services, with 0.75 FTEs as its central estimate. This implies that there are approximately 4,733 clinical service providers and 1,625 other service providers who will need training in order to ensure compliance with these regulations. The Department estimates that these individuals would require an average of 4 hours of training in the first year following publication of this rule. In subsequent years, it assumes that this new information would be incorporated into existing training requirements, resulting in no incremental burden. As a result, using wage information provided in Table 2, this would imply costs of $2.71 million in the first year following publication of a final rule in this rulemaking.
In addition, training materials would need to be updated to reflect changes made by this rulemaking. Training materials for Title X providers are currently developed by contract. The Department estimates that these updates would cost approximately $200,000. In addition, changes to training materials would require interaction with OPA employees in order to ensure that the materials are suitable for Title X providers. The Department estimates that this would require half of an FTE at the GS-13 level and half of an FTE at the GS-14 level. It estimates that all of these costs would be incurred in the first year following publication of the final rule. Using wage information provided in Table 2, this would imply costs of $0.43 million in the first year after publication of the final rule.
Title X grantees and subrecipients face new assurance requirements because of this final rule. The Department estimates that these new requirements would require a lawyer to spend an average of 3 hours reviewing the assurances and 3 hours reviewing organizational policies and procedures or taking other actions to assess compliance, and a medical and health services manager to spend 2 hours total for the same tasks the first year of the final rule for each grantee and subrecipient. In subsequent years, the Department estimates that these new requirements would require a lawyer to spend an average of 1 hour reviewing the assurances, 3 hours reviewing organizational policies and procedures or taking other actions to assess compliance, and a medical and health services manager to spend 2 hours total for the same tasks at each grantee and subrecipient. Using wage information provided in Table 2, this would imply costs of $1.2 million in the first year following publication of the final rule, and $0.9 million in subsequent years.
Title X grantees and subrecipients need to document their compliance
In addition, the rule requires Title X projects to report certain crimes in compliance with State notification laws, and to counsel minors on how to resist sexual coercion, but the Department does not include cost estimates for compliance with these provisions because grantees are already required to comply with these congressional mandates. However, while Congress encourages family participation, especially related to minors, this rule requires an additional compliance step that grantees document that they encourage family participation with each minor—and to so document this conversation in each minor's patient file.
Second, grantees must generate reports with information related to subrecipients involved in the grantee's Title X project. The Department believes that this will impose direct and indirect costs. It estimates that these new requirements would require a health services manager to spend an average of 4 hours in each year following publication of the final rule at each grantee and subrecipient. Using wage information provided in Table 2, this would imply costs of $0.5 million in each year following publication of a final rule in this rulemaking.
In addition, based on public comment, the Department also believes that these documentation requirements will result in indirect costs. In particular, it believes that affected entities may update systems to facilitate newly required documentation and reporting. It estimates that between 25% and 75% of service sites, with a central estimate of 50%, will make changes along these lines in response to these new requirements. These changes could range from very minor tweaks to existing systems to more comprehensive overhauls. The Department estimates that an average of between $1,000 and $5,000, with a central estimate of $3,000, would be incurred at these sites in the first year following publication of this proposed rule. This would imply costs of $11.69 million in the first year following publication of a final rule.
This final rule will result in additional monitoring of Title X grantees and subrecipients in order to ensure compliance with new regulatory and existing statutory requirements.
Some commenters contend that requiring grantees to provide information concerning their subrecipients will be burdensome because of limited funding and the magnitude of oversight required and will prohibit them from freely selecting subrecipients. Commenters contend that these requirements will be prohibitive to providing comprehensive care and continuing partnerships with referral agencies. Other commenters contend that many clinics will be forced to close as a result of the burdensome requirements and that this is evidence of a departmental agenda to discourage participation in the Title X program. Commenters request a response as to whether the Department has studied the costs to subrecipients and referral agencies associated with data collection, training and oversight. Commenters also note that other programs with comparable federal funding are not required to submit to the same requirements.
HHS does not agree with commenters who say that providing the Department with information regarding subrecipients is unduly burdensome or prohibitive, since grantees already are responsible for ensuring that all partners who receive funding as a part of the grant project are providing services that are responsive and compliant with the purposes of Title X. The Department is only requiring that compliance and appropriate service provision be documented and submitted to HHS. Grantees may relieve reporting burdens by requiring subrecipients to draft compliance reports that grantees can submit to HHS after certifying their accuracy. Commenters provided no documentation to support the assertion that such certification of subrecipient compliance would be unique among federal programs. In addition, as a result of comments, HHS is only requiring monitoring and oversight of subrecipients, not referral agencies, because only grantees and subrecipients receive Title X funds for their services. Requirements regarding referral agencies will be limited to the grantee providing information that they should already have available, such as the name of the referral agency, the services it provides, and the extent of the referral partnership. For all of these reasons, the Department does not find this objection compelling.
Similarly, the Department does not agree with the concern expressed by some commenters regarding the effect of this rule on quality and accessibility of Title X services. These commenters did not provide evidence that the rule will negatively impact the quality or accessibility of Title X services. And the Department believes that this rule will likely improve quality and accessibility for Title X services.
For example, the Department expects that honoring statutory protections of conscience in Title X may increase the number of providers in the program. If health care providers or entities know they will be protected from discrimination on the basis of conscience with respect to counseling on, or referring for, abortion, they might seek to participate in programs as a subrecipient where they may previously have been deterred from doing so under the current regulations because of concerns that they would be forced to violate their religious belief or moral conviction. This may also lead to an increase in the number of health care providers who apply and receive funding under the Title X program, thus decreasing current gaps in family planning services in certain areas of the country. For example, under the 2000 regulations, some individuals and entities may have chosen not to apply to provide Title X services because they anticipated they would be pressured to counsel or refer for abortions. One public commenter supporting finalization of the proposed rule on behalf of religiously affiliated health care organizations cited polling data and organizational comments suggesting that protecting conscience in the Title X program would prevent medical providers or students from refraining from participation in the program due to concerns about being forced to violate their consciences.
Similarly, a certain proportion of decisions by currently practicing health providers to leave the profession are presumably motivated by such pressure.
This effect may also occur at the macro scale in the health industry. For example, hospitals or other facilities that will not refer for abortion as a method of family planning may view the final rule as granting Title X participants greater freedom to provide family planning services consistent with their beliefs and may find it worthwhile to apply for Title X funds, or seek to participate in a Title X project as a subrecipient, in order to serve more people or new populations, or underserved communities, including urban or rural, consistent with their calling to serve the health care needs of the poor and underserved.
As a result, the rule will not impede access to care in areas with fewer providers, such as rural communities, but enhance it. Indeed, because patients may seek out health care providers that reflect their own religious beliefs or moral convictions, service delivery should be improved because opportunities for conflict may be limited and the cultural competency of providers may be increased.
The Department estimates that addressing additional monitoring and enforcement activities would require management staff for each grantee to spend an average of an additional 40 hours each year, and would require an average of an additional 10 hours for each Title X service provider each year. Finally, additional monitoring and enforcement require additional time by Federal staff. The Department estimates this would require 3 FTEs at the GS-13 level, 2 FTEs at the GS-14 level, and 2 FTEs at the GS-15 level. As a result, using wage information provided in Table 2, this would imply costs of $8.53 million every year following publication of this rule.
As a result of this final rule, Title X providers would be required to provide Title X services at facilities that are physically separate from facilities at which abortion as a method of family planning is provided. A Congressional Research Service
The Department does not anticipate that these requirements will have a significant impact on access to services. Although some facilities may relocate in response to the new requirement, the Department does not anticipate that there will be a decrease in the overall number of facilities offering services, since it anticipates other, new entities will apply for funds, or seek to participate as subrecipients, as a result of the final rule. Further, the Department cannot calculate or anticipate future turnover in grantees. Various entities may change their decision to apply to be a grantee or sub-grantees or may change the way in which they provide services, affecting the viability of their applications. Such calculations would be purely speculative, and, thus, very difficult to forecast or quantify. Based on the Department's best estimates, it anticipates that the net impact on those seeking services from current grantees will be zero, as any redistribution of the location of facilities will mean that some seeking services will have shorter travel times and others seeking services will have longer travel times to reach a facility. Additionally, as a result of this final rule, the Department anticipates expanded competition that will engender new and/or additional grantees who will serve previously unserved or underserved areas, likely expanding coverage and patient access to services.
Title X providers are already required by the Title X statute to encourage minors to involve their parents in family planning services, but this rule would ensure that actions are taken to satisfy this requirement and require such actions be documented in a minor's medical record. As noted previously, the Department estimates that complying with the requirement to document the encouragement of family participation will result in 600,000 adolescent patients' medical records requiring documentation each year. The Department estimates that an additional 0-50% of these adolescents, with a central estimate of 25%, would receive additional encouragement to involve parents each year. It estimates that this would require an average of an additional ten minutes spent by a registered nurse and ten minutes spent by the service recipient in each case. These impacts would occur each year upon publication of this final rule. Using wage information provided in Table 2, this would imply costs of $2.93 million in each year upon publication of this final rule.
The Department does not include costs associated with compliance with State reporting requirements or the requirement that minors receive counseling to avoid sexual coercion because these Congressional requirements should already be satisfied by grantees.
This final rule is expected to offer benefits to taxpayers and stakeholders who want assurance that their tax dollars are being used in compliance with the requirements of the Title X program. It is also expected to increase the number of entities interested in participating in Title X as grantees or subrecipient service providers and, thereby, to increase patient access to family planning services focused on optimal health outcomes for every Title X client. Third, because of the clarifying language, as well as the new provisions within this rule, the Department expects the quality of service to improve. Finally, the rule would clarify the role of the Title X program within communities across the nation, expand and diversify the field of medical professionals who serve individuals and families, and build a better appreciation for the important services offered as a result.
As discussed throughout this rule, the statutory prohibition on the use of Title X funds in programs/projects where abortion is a method of family planning has been in existence as long as the program. This final rule is expected to provide the Department with tools to ensure compliance with those statutory requirements. It is also expected to increase transparency and assurances that taxpayer dollars are being used as Congress intended. The Title X program, too, would benefit, as the requirement of physical and financial separation and the prohibition on infrastructure building for non-Title X purposes will ensure greater accountability for the use of Federal funds and mitigate confusion about what services the Federal government supports and funds.
The Department expects that the final rule will have additional benefits for patients and providers. Benefits for patients are significant. First, as noted above, the new regulation will encourage Title X service providers to offer either comprehensive primary health services onsite or have a robust referral linkage with primary health providers who are in close physical proximity to the Title X site. This will promote seamless care and services for patients while expanding the breadth of services available within the States, territories, and throughout the regions.
Second, the final rule will protect certain patients from coercion or further victimization. It will require Title X facilities to counsel minors on how to resist attempts to coerce them into engaging in sexual activities. Such consulting would serve to help minors resist coercion and exercise self-determination. In addition, the final rule will protect certain Title X patients from further victimization by requiring Title X grantees and subrecipients to comply with all State and local laws requiring notification or reporting of child abuse, child molestation, sexual abuse, rape, incest, intimate partner violence, and human trafficking; to develop a plan for such compliance and provide adequate training for all personnel on the subject; and to maintain records identifying the age of any minor clients served, the age of their sexual partner(s) where required by law, and the reports or notifications made to appropriate State or local law enforcement or other authorities, in accordance with such laws. These provisions would protect patients, especially minor children, from further victimization, and promote the identification and bringing to justice of those who would prey on women, men, and children.
For providers, the final rule is expected to create benefits through respect for conscience. It will do so by better aligning the Title X regulations with the statutory prohibitions on discrimination against health care entities, including individual health care providers, who refuse to participate in abortion-related activity such as counseling on, and referral for, abortion. Potential grantees and subrecipients that refuse to provide abortion counseling and referrals will clearly be eligible to participate in the Title X program and to apply to provide family planning
As the Department has stated with regard to other conscience protection actions, open communication in the doctor-patient relationship would foster better over-all care for patients. While the benefit of open and honest communication between a patient and her doctor is difficult to quantify, one study showed that even “the quality of communication [between the physician and patient] affects outcomes . . . [and] influences how often, and if at all, a patient would return to that same physician.”
The Department considered a variety of options to ensure that it is clear to grantees, the general public, and patients who depend upon Title X services, that Title X programs do not fund, support, or promote abortion as a method of family planning. Specifically, the Department considered:
(1) Maintaining the status quo, where only line-item, pro-rated financial separation from activities that treat abortion as a method of family planning is required. However, such financial accounting separation leaves too much ambiguity surrounding abortion activities that may be a part of the overall services of the organization or facility, although not a part of Title X-funded family planning services. The Department considered utilizing programmatic guidance and funding opportunity announcements (FOAs, also known as notices of funding opportunities) to address that problem, but such actions would not be able to fix the requirement that Title X providers provide counseling on, and referral for, abortion upon request, a requirement inconsistent with federal conscience laws, and at least in terms of abortion referrals, is also inconsistent with section 1008 and that could be discouraging to potential grantees and subrecipients that refuse to counsel on, or provide referrals for, abortion. The maintenance of this requirement, as noted above, is potentially inconsistent with the Coats-Snowe Amendment and the Weldon Amendment. Moreover, part 59 as it currently exists, affords no mechanisms by which the Department would be able to verify whether grantees and their subrecipients are complying with the statutory program integrity, education, and reporting requirements. In addition, the Department would still be required to use application review criteria that the Department now believes fail to ensure that applicants comply with the statutory requirements of the Title X program. As detailed earlier, application review criteria must serve as a meaningful instrument to assess the quality of the applicant and the application. While the Department had discretion under the 2000 regulations to strengthen the selection criteria through FOA requirements, such an approach does not give the public notice of the long term commitment of the program.
(2) Requiring signage, brochures or separate staff and examination rooms within the same physical space to delineate a separation between Title X and abortion-related services. The Department considered that this less restrictive option might serve the same goal as physical separation in erasing, or mitigating, the current confusion between Title X and abortion-related services. But the Department determined that a shared reception area with materials available on both Title X family planning services and abortion-related services would continue the confusion, rather than mitigate it. Signage is often not read, and the segregation of staff or staff responsibilities within the same reception area likely would not provide sufficient distinction to end confusion. If the same physical space provides both Title X and abortion-related services, signs and separate receptionists may only diminish, but not eliminate, the public perception and confusion. Different examination rooms would likely have little impact because patients would be unaware that the purpose of a suite of examination rooms differs by funding stream, if the entrance and reception area is shared in common. The optics and practical operation of two distinct services within a single collocated space are difficult, if not impossible to overcome.
Commenters contend that the Department neglected to fully address the economic impact of proposed regulatory provisions, maintain that there are more cost-effective alternatives, and present three regulatory alternatives that would not substantively change the status quo and which were not considered in the analysis: (1) Provide exemptions to those with objections to providing information about abortion; (2) improve public education efforts, so the public understands Title X funds cannot be used for abortion; and (3) permit longer time frames between finalization of, and required compliance to, the final rule in order to lower costs associated with implementation.
The Department appreciates these suggestions, but does not accept these as meaningful alternatives to the changes proposed by the rule. While cost is an important consideration in any rulemaking, compliance with statutory program integrity provisions is of greater importance and none of the alternatives suggested by commenters guarantees such program integrity. The first alternative, the provision of exemptions to those who object to providing information concerning abortion, is unnecessary with the elimination of the requirement for abortion counseling and referral. Also, the Department's approach obviates the need for a burdensome process, involving the expenditure of additional time and resources by both the provider and the federal government associated with proposing, processing, and investigating each request for exemption. The elimination of the requirement for abortion counseling and referral, coupled with the regulatory permission for nondirective pregnancy counseling, achieves the same objective without the need for such a burdensome process. In addition, the mere existence of the requirements—even with a process to apply for exemptions—may serve to discourage organizations with religious or moral objections to
The Department, therefore, concludes that no other alternative would adequately address the two categories of problems it seeks to address: (1) Insufficient compliance with the statutory requirements and the purpose and goals of the Title X program (especially those related to section 1008), the appropriations provisos and riders addressing the Title X program, and other obligations and requirements established under other Federal laws; and (2) lack of transparency regarding the provision of Title X family planning services.
Thus, for these reasons and other stated reasons for our decision to propose both physical and financial separation, the Department determines that all of these options would be insufficient to ensure statutory compliance and clarity regarding such compliance.
Executive Order 13771 on Reducing Regulation and Controlling Regulatory Costs (January 30, 2017) requires that the costs associated with significant new regulations “to the extent permitted by law, be offset by the elimination of existing costs associated with at least two prior regulations.” This final rule is considered an Executive Order 13771 regulatory action. The Department estimates that this rule generates $15.0 million in annualized costs at a 7% discount rate, discounted relative to fiscal year 2016, over a perpetual time horizon.
As discussed above, the RFA requires agencies that issue a regulation to analyze options for regulatory relief of small entities if a rule has a significant impact on a substantial number of small entities. The Department considers a rule to have a significant economic impact on a substantial number of small entities if at least 5% of small entities experience an impact of more than 3% of revenue.
In the public comments, some commenters contend that implementing the new requirements within the first year after publication of the final rule will require transitioning to electronic health records, allocating staff to perform additional documentation, recruiting new staff/consultants, engaging legal support, and allocating training time (requiring facility closure). Commenters argue that these changes would incur costs much higher than the Department's estimated cost to implement the new requirements. Commenters express concern that these requirements will result in decreased provider participation in the Title X program, reducing services for the communities they serve.
In most cases, the Department does not find these comments compelling, since commenters do not provide sufficient detail and explanation. The Department accordingly does not find comments that predicted a large impact more reliable than the estimates set forth in the proposed rule. But the Department made some amendments to this final rule, particularly with respect to extending compliance dates and clarifying what requirements fall under each date of compliance. These amendments are described in other parts of the final rule and those germane to the RIA are detailed throughout this section.
The Department calculates the costs of the changes per service site over 2019-2023. The estimated average annualized cost of the final rule per service site is approximately $6,761 using a 3% discount rate, accounting for comments received. This represents an increase from $5,423 in the proposed rule. The Department notes that this figure includes all costs and that relatively large entities are likely to experience proportionally higher costs. The U.S. Small Business Administration establishes size standards that define a small entity. According to these standards, family planning centers with revenues below $11.0 million are considered small entities. Since the estimated costs of the final rule would be a small fraction of the standard by which a family planning center entity is considered a small entity, the Department anticipates that this final rule will not have a significant economic impact on a substantial number of small entities.
Section 654 of the Treasury and General Government Appropriations Act of 1999, Public Law 105-277, sec. 654, 112 Stat. 2681 (1998), requires Federal departments and agencies to determine whether a policy or regulation could affect family well-being.
Agencies must assess whether the regulatory action: (1) Impacts the stability or safety of the family, particularly in terms of marital commitment; (2) impacts the authority of parents in the education, nurture, and supervision of their children; (3) helps the family perform its functions; (4) affects disposable income or poverty of families and children; (5) if the regulatory action financially impacts families, are justified; (6) may be carried out by State or local government or by the family; and (7) establishes a policy concerning the relationship between the behavior and personal responsibility of youth and the norms of society.
Some commenters contend that the proposed rule fails to address the impact of unplanned births on families, arguing that unplanned births are a known factor in familial instability and dysfunction, decreased disposable income, and decreased relationship satisfaction. Commenters contend that the Department has incorrectly concluded that the proposed rule will not pose negative effects to family well-being, and noted a lack of evidence and/or justification for this conclusion. Commenters contend that increased
The Department does not change from its opinion that the action taken in this final rule cannot be carried out by State or local government or by the family because the rule pertains to the enforcement of certain Federal laws and the administration of a Federal program. While the Department agrees that family planning is important, it does not agree that the final rule will negatively impact access to family planning. On the contrary, more patients could have access to services because of changes to the program. Commenters offer no compelling evidence that this rule will increase unintended pregnancies or decrease access to contraception.
Other commenters note that the Department previously has supported legislation that increases access to family planning care and provides necessary referrals. Commenters contend that the Department has supported the personal agency of families and individuals over Federal involvement in family activities in the past. Commenters contend that the Department should be required to explain its change in position.
The Department is perplexed by these comments, since the Department supports increased access to family planning services, promotes informed care for patients, and encourages family participation in family planning decisions. The final rule is designed to increase access to family planning and referrals to maintain the health of the patient. In fact, providing health care services to patients is of such importance to the Department that it encourages grantees to either provide comprehensive health services or maintain a close relationship with those who do. The Department therefore rejects the premise of this set of comments and concludes that it is not necessary to prepare a Family Policymaking Assessment.
The Secretary certifies that this final rule has been assessed in accordance with section 654 of the Treasury and General Government Appropriations Act of 1999, Public Law 105-277, sec. 654, 112 Stat. 2681 (1998), and will not negatively affect family well-being.
This final rule contains information collection requirements (ICRs) that are subject to review by the Office of Management and Budget (OMB) under the Paperwork Reduction Act of 1995, 44 U.S.C. 3501-3520. A description of these provisions is given in the following paragraphs with an estimate of the annual burden, summarized in Table 3. To fairly evaluate whether an information collection should be approved by OMB, section 3506(c)(2)(A) of the Paperwork Reduction Act of 1995 (PRA), the Department solicited comment on the following issues:
• The need for the information collection and its usefulness in carrying out the proper functions of our agency.
• The accuracy of our estimate of the information collection burden.
• The quality, utility, and clarity of the information to be collected.
• Recommendations to minimize the information collection burden on the affected public, including automated collection techniques.
The Department solicited public comment on each of the required issues under section 3506(c)(2)(A) of the PRA. The collections of information required by the final rule relate to § 59.2 (Definitions), § 59.5 (What requirements must be met by a family planning project?), § 59.7 (What criteria would the Department of Health and Human Services use to decide which family planning services projects to fund and in what amounts?), § 59.13 (Standards of compliance with prohibition on abortion), § 59.17 (Compliance with reporting requirements), and § 59.18 (Appropriate use of funds).
Section 59.2 would apply to situations where an unemancipated minor wishes to receive services on a confidential basis and be considered on the basis of her/his own resources, as would § 59.5(a)(14). In such cases, the Title X provider would be required to document in the minor's medical records the specific actions taken by the provider to encourage the minor to involve her/his family (including her/his parents or guardian) in her/his decision to seek family planning services. This documentation requirement would not apply if the Title X provider (1) believes that the minor is a victim of child abuse or incest and (2) has, consistent with applicable State or local law, reported the situation to the relevant authorities. The reporting requirement must be documented in the medical record.
Section 59.5 requires Title X providers to report, in grant applications and in all required reports, information regarding subrecipients and referral agencies and individuals, including a detailed description of the extent of collaboration and a clear explanation of how the grantee will ensure adequate oversight and accountability; and to maintain records with respect to minors on the specific actions taken to encourage family participation (or the reason why such family participation was not encouraged).
Section 59.7 requires Title X grant applicants to describe, within their applications, their affirmative compliance with each provision of the regulations governing the Title X program.
Section 59.13 requires Title X grantees to provide assurance satisfactory to the Secretary that, as a Title X grantee, it does not provide abortion and does not include abortion as a method of family planning. This assurance will include, at a minimum, representations (supported by documentary evidence where the Secretary requests it) as to compliance with § 59.13 and each of the requirements in § 59.14 through § 59.16.
Section 59.17 requires Title X grantees to provide appropriate documentation or other assurance satisfactory to the Secretary that it has in place and has implemented a plan to comply with all State and local laws requiring notification or reporting of child abuse, child molestation, sexual abuse, rape, incest, intimate partner violence, and human trafficking. It also requires Title X grantees to maintain records to demonstrate compliance with the requirements of § 59.17, and makes continuation of funding for Title X services contingent upon demonstrating to the Secretary that the criteria have been met.
Lastly, § 59.18 requires Title X grantees to give a detailed accounting of use related to grant dollars, both in their applications for funding, and within any annually required reporting, and to fully account for, and justify, charges against the Title X grant.
The burden for the assurance of compliance is the cost of grantee and/or subrecipient staff time to (a) review
The labor cost would include a lawyer spending an average of 3 hours reviewing all assurances and a medical and health service manager spending an average of one hour reviewing and signing the assurances at each grantee and subrecipient. The Department estimates the number of grantees and subrecipients at 1,208, based on 2016 number of Title X grantees and subrecipients, as represented in Title X FPAR data. The mean hourly wage (not including benefits and overhead) for these occupations is $67.25 per hour for the lawyer and $52.58 for the medical and health service manager, as noted in the table above. The labor cost is $307,000 in the first year (($67.25 × 3 + $52.58 × 1) × 1,208 grantees and subrecipients). The Department estimates that the cost, in subsequent years, would be $145,000, which would represent an annual allotment of one hour for the lawyer and one hour for the medical and health service manager (($67.25 × 1 + $52.58 × 1) × 1,208 grantees and subrecipients).
The Department estimates that all grantees and subrecipients will review their organizational policies and procedures or take other actions to self-assess compliance with applicable Title X requirements each year, spending an average of 4 hours doing so. The labor cost is a function of a lawyer spending an average of 3 hours and a medical and health service manager spending an average of one hour. The labor cost for self-assessing compliance, such as reviewing policies and procedures, is a total of $307,000 each year (($67.25 × 3 + $52.58 × 1) × 1,208 grantees and subrecipients).
The burden for the documentation of compliance is the cost of grantee and/or subrecipient staff time to (a) document in a minor's medical records actions taken to encourage the minor to involve parents in family planning services and (b) complete reports regarding information related to subrecipients, referral agencies and individuals involved in the grantee's Title X project. The Department assumes that a physician assistant would be used to document such compliance. The mean hourly wage (not including benefits and overhead) for this occupation is $49.08 per hour. The labor cost would require spending an average of 10 minutes to make appropriate documentation in a minor's medical records. Approximately 20% (800,000) of the 4 million Title X clients are adolescents. The Department estimates that complying with the requirement to encourage family participation will result in 75% (600,000) of adolescent patients' medical records requiring appropriate documentation. The labor cost will be $982,000 each year ($49.08 per hour × 2 minutes × 600,000 adolescents).
The labor cost would also include a medical and health services manager spending an average of four hours each year to complete reports regarding information related to subrecipients involved in the grantee's Title X project at each grantee and subrecipient. The labor cost will be $254,000 each year ($52.58 per hour × 4 hours × 1,208 grantees and subrecipients).
The Department asked for public comment on the information collection including what additional benefits may be cited as a result of this rule. Where warranted, changes were made in the preceding calculations of cost.
The Department has submitted a copy of this rule to OMB for its review of the rule's information collection and recordkeeping requirements. These requirements are not effective until they have been approved by OMB.
Family planning, Grant programs—health, Grant programs—social programs, Health professions, Reporting and recordkeeping requirements, Youth, Health, Abortion, Birth control, Title X, Contraception, Natural family planning, Infertility, Fertility awareness.
For the reasons set forth in the preamble, the Department of Health and Human Services amends 42 CFR chapter I, subchapter D, part 59, as set forth below:
42 U.S.C. 300 through 300a-6.
(a) The regulations of this subpart are applicable to the award of grants under section 1001 of the Public Health Service Act (42 U.S.C. 300) to assist in the establishment and operation of voluntary family planning projects. These projects shall consist of the educational, comprehensive medical, and social services necessary to aid individuals to determine freely the number and spacing of their children. Unless otherwise specified, the requirements imposed by these regulations apply equally to grantees and subrecipients, and grantees shall require and ensure that subrecipients (and the subrecipients of subrecipients) comply with the requirements contained in these regulations pursuant to their written contracts with such subrecipients.
(b) Except for §§ 59.4, 59.8, and 59.10, the regulations of this subpart are also applicable to the execution of contracts under section 1001 of the Public Health Service Act (42 U.S.C. 300) to assist in the establishment and operation of voluntary family planning projects, and will be applied in accordance with the
The additions and revision read as follows:
(1) Unemancipated minors who wish to receive services on a confidential basis must be considered on the basis of their own resources, provided that the Title X provider has documented in the minor's medical records the specific actions taken by the provider to encourage the minor to involve her/his family (including her/his parents or guardian) in her/his decision to seek family planning services, except that documentation of such encouragement is not to be required if the Title X provider has documented in the medical record:
(i) That it suspects the minor to be the victim of child abuse or incest; and
(ii) That it has, consistent with, and if permitted or required by, applicable State or local law, reported the situation to the relevant authorities.
(2) For the purpose of considering payment for contraceptive services only, where a woman has health insurance coverage through an employer that does not provide the contraceptive services sought by the woman because the employer has a sincerely held religious or moral objection to providing such coverage, the project director may consider her insurance coverage status as a good reason why she is unable to pay for contraceptive services. In making that determination, the project director must also consider other circumstances affecting her ability to pay, such as her total income. The project director may, for the purpose of considering whether the woman is from a “low income family” or is eligible for a discount for contraceptive services on the schedule of discounts provided for in § 59.5, consider her annual income as being reduced by the total annual out-of-pocket costs of contraceptive services she uses or seeks to use. The project director may determine those costs, or estimate them at $600.
Any public or nonprofit private entity in a State may apply for a family planning grant or contract under this subpart.
The revisions and additions read as follows:
(a) * * *
(1) Provide a broad range of acceptable and effective family planning methods (including contraceptives, natural family planning or other fertility awareness-based methods) and services (including infertility services, information about or referrals for adoption, and services for adolescents). Such projects are not required to provide every acceptable and effective family planning method or service. A participating entity may offer only a single method or a limited number of methods of family planning as long as the entire project offers a broad range of such family planning methods and services.
(5) Not provide, promote, refer for, or support abortion as a method of family planning.
(12) Should offer either comprehensive primary health services onsite or have a robust referral linkage with primary health providers who are in close physical proximity, to the Title X site, in order to promote holistic health and provide seamless care.
(13) Ensure transparency in the delivery of services by reporting the following information in grant applications and all required reports:
(i) Subrecipients and agencies or individuals providing referral services by name, location, expertise and services provided or to be provided;
(ii) Detailed description of the extent of the collaboration with subrecipients, referral agencies, and any individuals providing referral services, in order to demonstrate a seamless continuum of care for clients; and
(iii) Clear explanation of how the grantee will ensure adequate oversight and accountability for quality and effectiveness of outcomes among subrecipients.
(14) Encourage family participation in the decision to seek family planning services; and, with respect to each minor patient, ensure that the records maintained document the specific actions taken to encourage such family participation (or the specific reason why such family participation was not encouraged).
(b) * * *
(1) Provide for medical services related to family planning (including physician's consultation, examination, prescription, and continuing supervision, laboratory examination, contraceptive supplies) and referral to other medical facilities when medically necessary, consistent with § 59.14(a), and provide for the effective usage of contraceptive devices and practices.
(8) Except as provided in § 59.14(a), provide for coordination and use of referral arrangements with other providers of health care services, local health and welfare departments, hospitals, voluntary agencies, and health services projects supported by other federal programs.
The revisions and additions read as follows:
(a) Within the limits of funds available for these purposes, the Secretary may award grants for the establishment and operation of those projects which will, in the Department's judgment, best promote the purposes of statutory provisions applicable to the Title X program, and ensure that no Title X funds are used where abortion is a method of family planning.
(b) Any grant applications that do not clearly address how the proposal will satisfy the requirements of this regulation shall not proceed to the competitive review process, but shall be deemed ineligible for funding. The Department will explicitly summarize each requirement of the Title X regulations or include the Title X regulations in their entirety within the Funding Announcement, and shall require each applicant to describe its plans for affirmative compliance with each requirement.
(c) If the proposal is deemed compliant with this regulation, then applicants will be subject to criteria for selection within the competitive grant review process, including:
(1) The degree to which the applicant's project plan adheres to the Title X statutory purpose and goals for the establishment and operation of voluntary family planning projects which shall offer a broad range of acceptable and effective family planning methods and services (including natural family planning methods, infertility services, and services for adolescents), while meeting all of the statutory and regulatory requirements and restrictions, including that none of the funds shall be used in programs where abortion is a method of family planning.
(2) The degree to which the relative need of the applicant for Federal funds is demonstrated in the proposal, and the applicant shows capacity to make rapid and effective use of grant funds, including its ability to procure a broad range of diverse subrecipients, as applicable, in order to expand family planning services available to patients in the project area.
(3) The degree to which the applicant takes into account the number of patients, particularly low-income patients, to be served while also targeting areas that are more sparsely populated and/or places in which there are not adequate family planning services available.
(4) The extent to which family planning services are needed locally and the applicant proposes innovative ways to provide services to unserved or underserved communities.
All information as to personal facts and circumstances obtained by the project staff about individuals receiving services must be held confidential and not be disclosed without the individual's documented consent, except as may be necessary to provide services to the patient or as required by law, with appropriate safeguards for confidentiality; concern with respect to the confidentiality of information, however, may not be used as a rationale for noncompliance with laws requiring notification or reporting of child abuse, child molestation, sexual abuse, rape, incest, intimate partner violence, human trafficking, or similar reporting laws. Otherwise, information may be disclosed only in summary, statistical, or other form which does not identify particular individuals.
A project may not receive funds under this subpart unless the grantee provides assurance satisfactory to the Secretary that the project does not provide abortion and does not include abortion as a method of family planning. Such assurance must also include, at a minimum, representations (supported by documentary evidence where the Secretary requests it) as to compliance with this section and each of the requirements in §§ 59.14 through 59.16. A project supported under this subpart must comply with such requirements at all times during the project period.
(a)
(b)
(i) Nondirective pregnancy counseling, when provided by physicians or advanced practice providers;
(ii) A list of licensed, qualified, comprehensive primary health care providers (including providers of prenatal care);
(iii) Referral to social services or adoption agencies; and/or
(iv) Information about maintaining the health of the mother and unborn child during pregnancy.
(2) In cases in which emergency care is required, the Title X project shall only be required to refer the client immediately to an appropriate provider of medical services needed to address the emergency.
(c)
(2) The list of licensed, qualified, comprehensive primary health care providers (including providers of prenatal care) in paragraph (b)(1)(ii) of this section may be limited to those that do not provide abortion, or may include licensed, qualified, comprehensive primary health care providers (including providers of prenatal care), some, but not the majority, of which also provide abortion as part of their comprehensive health care services. Neither the list nor project staff may identify which providers on the list perform abortion.
(d)
(1) A pregnant client of a Title X project requests prenatal health care services. Because the provision of such services is outside the scope of family planning supported by Title X, the client is referred for prenatal care and may be provided a list of licensed, qualified, comprehensive primary health care providers (including providers of prenatal care). Provision of a referral for prenatal health care is consistent with this part because prenatal care is a medically necessary service.
(2) A Title X project discovers an ectopic pregnancy in the course of conducting a physical examination of a client. Referral arrangements for emergency medical care are immediately provided. Such action complies with the requirements of paragraph (b) of this section.
(3) After receiving nondirective counseling at a Title X provider, a pregnant woman decides to have an abortion, is concerned about her safety during the procedure, and asks the Title X project to provide her with a referral to an abortion provider. The Title X project tells her that it does not refer for abortion, but provides the following: A list of licensed, qualified, comprehensive primary health care providers (including providers of prenatal care), which is not presented as a referral for abortion, but as a list of comprehensive primary care and prenatal care providers that does not identify which providers perform abortion, and the project staff member does not identify such providers on the list; and information about maintaining her health and the health of her unborn child during pregnancy. Such actions comply with paragraphs (a) through (c) of this section.
(4) A pregnant woman asks the Title X project to provide her with a list of abortion providers in the area. The project tells her that it does not refer for abortion, and provides her a list that consists of hospitals and clinics and other providers, all of which provide comprehensive primary health care (including prenatal care), as well as abortion as a method of family planning. Although there are several licensed, qualified, comprehensive primary health care providers (including providers of prenatal care) in the area that do not provide abortion as a method of family planning, none of these providers is included on the list. Provision of the list is inconsistent with paragraphs (a) and (c) of this section.
(5) A pregnant woman requests information on abortion and asks the Title X project to refer her for an abortion. The counselor tells her that the project does not consider abortion a method of family planning and, therefore, does not refer for abortion. The counselor offers her nondirective pregnancy counseling, which may discuss abortion, but the counselor neither refers for, nor encourages, abortion. The counselor further tells the client that the project can help her to obtain prenatal care and necessary social services and offers her the list of licensed, qualified, comprehensive primary health care providers (including providers of prenatal care), assistance, and information for pregnant women described in paragraph (b) of this section. None of the providers on the list provide abortions. Such actions are consistent with paragraphs (a) through (c) of this section.
(6) Title X project staff provide contraceptive counseling to a client in order to assist her in selecting a contraceptive method. In discussing oral contraceptives, the project counselor provides the client with information contained in the patient package insert accompanying a brand of oral contraceptives, referring to abortion only in the context of a discussion of the relative safety of various contraceptive methods and in no way promoting abortion as a method of family planning. The provision of this information is consistent with paragraph (d) of this section and this section generally and does not constitute an abortion referral.
A Title X project must be organized so that it is physically and financially separate, as determined in accordance with the review established in this section, from activities which are prohibited under section 1008 of the Act and §§ 59.13, 59.14, and 59.16 of these regulations from inclusion in the Title X program. In order to be physically and financially separate, a Title X project must have an objective integrity and independence from prohibited activities. Mere bookkeeping separation of Title X funds from other monies is not sufficient. The Secretary will determine whether such objective integrity and independence exist based on a review of facts and circumstances. Factors relevant to this determination shall include:
(a) The existence of separate, accurate accounting records;
(b) The degree of separation from facilities (
(c) The existence of separate personnel, electronic or paper-based health care records, and workstations; and
(d) The extent to which signs and other forms of identification of the Title X project are present, and signs and material referencing or promoting abortion are absent.
(a)
(2) Prohibited actions include the use of Title X project funds for the following:
(i) Lobbying for the passage of legislation to increase in any way the availability of abortion as a method of family planning;
(ii) Providing speakers or educators who promote the use of abortion as a method of family planning;
(iii) Attending events or conferences during which the grantee or subrecipient engages in lobbying;
(iv) Paying dues to any group that, as a more than insignificant part of its activities, advocates abortion as a method of family planning and does not separately collect and segregate funds used for lobbying purposes;
(v) Using legal action to make abortion available in any way as a method of family planning; and
(vi) Developing or disseminating in any way materials (including printed matter, audiovisual materials and web-based materials) advocating abortion as a method of family planning.
(b)
(2) A Title X project makes an appointment for a pregnant client for an abortion for family planning purposes. The Title X project has violated paragraph (a)(1) of this section.
(3) A Title X project pays dues with project funds to a State association that, among other activities, lobbies at State and local levels for the passage of legislation to protect and expand the legal availability of abortion as a method of family planning. The association spends a significant amount of its annual budget on such activity and does not separately collect and segregate the funds for such purposes. Payment of dues to the association violates paragraph (a)(2)(iv) of this section.
(4) An organization conducts a number of activities, including operating a Title X project. The organization uses non-project funds to pay dues to an association that, among other activities, engages in lobbying to protect and expand the legal availability of abortion as a method of family planning. The association spends a significant amount of its annual budget on such activity. Payment of dues to the association by the organization does not violate paragraph (a)(2)(iv) of this section.
(5) An organization that operates a Title X project engages in lobbying to increase the legal availability of abortion as a method of family planning. The project itself engages in no such activities, and the facilities and funds of the project are kept separate from prohibited activities. The project is not in violation of paragraph (a)(2)(i) of this section.
(6) Employees of a Title X project write their legislative representatives in support of legislation seeking to expand the legal availability of abortion, in their personal capacities and using no project funds to do so. The Title X project has not violated paragraph (a)(2)(i) of this section.
(7) On her own time and at her own expense, a Title X project employee speaks before a legislative body in support of abortion as a method of family planning. The Title X project has not violated paragraph (a)(2)(i) of this section.
(8) A Title X project uses Title X funds for sex education classes in a local high school. During the course of the class, information is distributed to students that includes abortion as a method of family planning. The Title X project has violated paragraph (a)(2)(vi) of this section.
(a) Title X projects shall comply with all State and local laws requiring notification or reporting of child abuse, child molestation, sexual abuse, rape, incest, intimate partner violence or human trafficking (collectively, “State notification laws”).
(b) A project may not receive funds under this subpart unless it provides appropriate documentation or other assurance satisfactory to the Secretary that it:
(1) Has in place and implements a plan to comply with State notification laws. Such plan shall include, at a minimum, policies and procedures that include:
(i) A summary of obligations of the project or organizations and individuals carrying out the project under State notification laws, including any obligation to inquire about or determine the age of a minor client or of a minor client's sexual partner(s);
(ii) Timely and adequate annual training of all individuals (whether or not they are employees) serving clients for, or on behalf of, the project regarding State notification laws; policies and procedures of the Title X project and/or provider with respect to notification and reporting of child abuse, child molestation, sexual abuse, rape, incest, intimate partner violence and human trafficking; appropriate interventions, strategies, and referrals to improve the safety and current situation of the patient; and compliance with State notification laws.
(iii) Protocols to ensure that every minor who presents for treatment is provided counseling on how to resist attempts to coerce them into engaging in sexual activities; and
(iv) Commitment to conduct a preliminary screening of any minor who presents with a sexually transmitted disease (STD), pregnancy, or any suspicion of abuse, in order to rule out victimization of a minor. Projects are permitted to diagnose, test for, and treat STDs.
(2) Maintains records to demonstrate compliance with each of the requirements set forth in paragraph (b)(1) of this section, including which:
(i) Indicate the age of minor clients;
(ii) Indicate the age of the minor client's sexual partners if such age is an element of a State notification law under which a report is required; and
(iii) Document each notification or report made pursuant to such State notification laws.
(c) Continuation of grantee or subrecipient funding for Title X services is contingent upon demonstrating to the satisfaction of the Secretary that the criteria have been met.
(d) The Secretary may review records maintained by a grantee or subrecipient for the purpose of ensuring compliance with the requirements of this section, the requirement to encourage family participation in family planning decisions, or any other section of this rule.
(a) Title X funds shall not be used to build infrastructure for purposes prohibited with these funds, such as support for the abortion business of a Title X grantee or subrecipient. Funds shall only be used for the purposes, and in direct implementation of, the funded project, expressly permitted by this regulation and authorized within section 1001 of the Public Health Service Act, that is, to offer family planning methods and services. Grantees must use the majority of grant funds to provide direct services to clients, and each grantee shall provide a detailed plan or accounting for the use of grant dollars, both in their applications for funding, and in any annually required reporting. Any significant change in the use of grant funds within the grant cycle shall not be undertaken without the approval of the Office of Population Affairs.
(b) Title X funds shall not be expended for any activity (including the publication or distribution of literature) that in any way tends to promote public support or opposition to any legislative proposal or candidate for office.
(c) Each project supported under Title X shall fully account for, and justify, charges against the Title X grant. The Department shall put additional protections in place to prevent possible misuse of Title X funds through misbilling or overbilling, or any other unallowable expense.
(a)
(b)
(c)