Health IT Policy Committee and Health IT Standards Committee: Schedule and Recommendations

AGENCY:

Office of the National Coordinator for Health Information Technology, Department of Health and Human Services.

ACTION:

Notice.

SUMMARY:

This notice fulfills obligations under the Health Information Technology for Economic and Clinical Health (HITECH) Act, Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (Pub. L. 111-5), which amended the Public Health Service Act (PHSA). Section 3003(b)(3) of the PHSA mandates that the Health IT Standards Committee (HITSC) develop an annual schedule for the assessment of policy recommendations developed by the Health IT Policy Committee (HITPC) and publish the schedule in the Federal Register. This notice fulfills the requirements of section 3003(b)(3) and updates the HITSC schedule posted in the Federal Register on August 10, 2015. This notice also meets the requirements under sections 3002(e) and 3003(e) for publication in the Federal Register of recommendations made by the HITPC and HITSC, respectively. Further, this notice serves to meet the requirements of section 3004(a)(3) for publication in the Federal Register of determinations by the Secretary of Health and Human Services regarding HITSC-recommended certification criteria endorsed by the National Coordinator for Health Information Technology.

FOR FURTHER INFORMATION CONTACT:

Michael Lipinski, Office of Policy, Office of the National Coordinator for Health Information Technology, 202-690-7151.

SUPPLEMENTARY INFORMATION:

This notice fulfills obligations under the Health Information Technology for Economic and Clinical Health (HITECH) Act, Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (Pub. L. 111-5), which amended the Public Health Service Act (PHSA).

Health IT Standards Committee Schedule

Section 3003(b)(3) of the PHSA mandates that the Health IT Standards Committee (HITSC) develop an annual schedule for the assessment of policy recommendations developed by the Health IT Policy Committee (HITPC) and publish it in the Federal Register. The HITSC's schedule for the assessment of HITPC recommendations updates the HITSC schedule published on August 10, 2015, and is as follows:

The National Coordinator for Health Information Technology (National Coordinator) will establish priority areas based in part on recommendations received from the HITPC regarding health IT standards, implementation specifications, and/or certification criteria. Once the HITSC is informed of those priority areas, it will:

(A) Identify the best mechanism by which to organize itself in order to respond to the National Coordinator within 90 days with, at a minimum, the following:

(1) An assessment of what standards, implementation specifications, and certification criteria are currently available to meet the priority area;

(2) An assessment of where gaps exist (i.e., no standard is available or harmonization is required because more than one standard exists) and identify potential organizations that have the capability to address those gaps; and

(3) A timeline, which may also account for the National Institute of Standards and Technology (NIST) testing, where appropriate, and include dates when the HITSC is expected to issue recommendations to the National Coordinator.

(B) In responding to the National Coordinator:

(1) Approve a timeline by which it will deliver recommendations to the National Coordinator; and

(2) Determine whether to establish a task force to conduct research and solicit testimony, where appropriate, and issue recommendations to the full committee in a timely manner.

(C) Advise the National Coordinator, consistent with the accepted timeline in (B)(1) and after NIST testing, where appropriate, on standards, implementation specifications, and/or certification criteria, for the National Coordinator's review and determination whether or not to endorse the recommendations, and possible adoption of the proposed recommendations by the Secretary of the Department of Health and Human Services (Secretary).

The standards and related topics which the HITSC is expected to address in 2016 include, but may not be limited to: Quality measurement; precision medicine; security; consumer-mediated information exchange; public health; technical interoperability experience in the field; and updates to the Office of the National Coordinator for Health Information Technology (ONC)'s Interoperability Standards Advisory(ies).

HITPC and HITSC Recommendations

Sections 3002(e) and 3003(e) of the PHSA provides for publication of HITPC and HITSC recommendations in the Federal Register. ONC will post all recommendations received from the HITPC on its Web site at: https://www.healthit.gov/facas/health-it-policy-committee/health-it-policy-committee-recommendations-national-coordinator-health-it. ONC will post all recommendations received from the HITSC on its Web site at: https://www.healthit.gov/facas/health-it-standards-committee/health-it-standards-committee-recommendations-national-coordinator. All prior recommendations received from the HITPC and HITSC can be found at these respective Web site addresses.

HITSC Privacy and Security Recommendations

Section 3004(a)(3) of the PHSA provides for publication in the Federal Register of determinations by the Secretary regarding HITSC-recommended certification criteria endorsed by the National Coordinator.

On March 30, 2015, ONC issued a notice of proposed rulemaking with comment period for the 2015 Edition health IT certification criteria (80 FR 16804). Subsequently, on June 5, 2015, the HITSC submitted a transmittal letter to the National Coordinator which contained the HITSC recommendations for the adoption of two new certification criteria for the ONC Health IT Certification Program. The two certification criteria are:

1. A criterion for encrypting authentication credentials; and

2. A multi-factor authentication criterion for user access to health information.

The National Coordinator endorsed these recommendations for consideration by the Secretary and the Secretary has determined that it is appropriate to propose adoption of these two new certification criteria through rulemaking. Therefore, the Secretary, within a reasonable period of time, will propose adoption of the certification criteria noted above in an available and appropriate notice of proposed rulemaking.

Authority: 42 U.S.C. 300jj-11-14; Office of the National Coordinator for Health Information Technology; Delegation of Authority (74 FR 64086, Dec. 7, 2009).