New Federal Requirements for AI and IT System Implementation in Healthcare

On October 30, 2023, the Biden administration issued Executive Order 14110 on the Safe, Secure and Trustworthy Development and Use of Artificial Intelligence (the “Executive Order”). As detailed in our previously published article, the Executive Order directs over 50 federal entities and agencies to develop new guidelines, reports, and governance structures relating to AI development and deployment. In this Executive Order, consistent with previous policy guidance and executive orders, the Biden administration specifies that America’s AI development, use, and governance must be performed in accordance with eight guiding principles and priorities, including the enactment of appropriate safeguards against unintended bias, discrimination, and infringement of privacy rights.

As a meaningful step toward advancing the Executive Order’s mandates, the U.S. Department of Health and Human Services’ (“HHS”) issued the 916-page Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing final rule (the “Final Rule”), which will go into effect on February 8, 2024. Issued through the HHS’ Office of the National Coordinator for Health Information Technology (“ONC”), the Final Rule establishes certain requirements of ONC-certified health information technology (“IT”) to promote valid, safe, effective, and fair development and implementation of AI systems consistent with the Executive Order’s principles and priorities. Specifically, the Final Rule aims to advance ONC-certified health IT interoperability, algorithm transparency, and data standardization to drive better patient outcomes and reduce healthcare costs by:

• Enhanced Certification and Transparency Criteria: Adopting certification and transparency criteria for predictive algorithmic decision support interventions (“DSIs”) (including certification requirements for predictive AI models, or “Predictive DSIs”), patient demographics and observations, and electronic case reporting. These enhancements intend to provide users with access to consistent baseline data about DSI design, development, training, and fairness evaluations. Applying specific criteria and transparency requirements promotes the application of responsible AI and enables ONC-certified health IT clinical users to assess the fairness, effectiveness, validity, and safety results of algorithms or DSIs used in clinical decision.
• New Certified Health IT Reporting Requirements: Implementing the Electronic Health Record Reporting Program of the 21st Century Cures Act’s Condition of Certification (referred to as the “Insights Condition”), certified health IT developers must submit initial and ongoing metrics regarding interoperability, usability, and user-centered design, security, and other information as part of their health IT certification. By analyzing the collected metrics, the ONC intends to learn about users’ experience with certified health IT and identify information gaps to encourage the development of better health IT and patient outcomes.
• Enhanced Information Blocking Requirements: Amending certain definitions in and exceptions to the Public Health Service Act’s information blocking provisions (implemented through the 21st Century Cures Act in 2016 to deter healthcare providers from restricting access to or refusing to exchange electronic health information (“EHI”)) the ONC implements a standards-based EHI exchange pursuant to the Trusted Exchange Framework and Common Agreement^SM. With these changes, the ONC anticipates entrance barriers (e.g., market consolidation) for competitors will be reduced offering greater value for health IT customers and users.
• USCDI Version 3: Beginning January 1, 2026, the United States Core Data for Interoperability Version 3 (“USCDI v3”) becomes the baseline standard for the ONC Health IT Certification Program and data accessible through certified health IT systems. By expanding the data elements and classes included in prior USCDI versions, USCDI v3 standardizes the sharing of more accurate and complete patient characteristics data to reduce inequities and disparities in the datasets used to train AI models and support health IT operability.

As ONC-certified health IT supports care delivery in more than 96% of hospitals and 78% of office-based physicians across the country, HHS intends the Final Rule’s requirements and criteria to enhance equity and efficiency and promote more patient-centric and data-focused healthcare.

Key Takeaways:

• Update certified health IT systems and technical standards to comply with the revised ONC Health IT Certification Program criteria and standards.
• Refresh information sharing policies and procedures to support access, exchange, and use of EHI as required by the enhanced information blocking regulations.
• Collect metrics and generate transparency reports and adapt their systems to updated certification criteria.
• Consider integrating USCDI v3 definitions and requirements into new, expanded, or otherwise modified certified health IT systems ahead of the January 1, 2026, enforcement date.