Annual report shows Health IT dramatically improving quality of care

Since the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act, the health information technology (health IT) landscape has dramatically evolved, with hospitals and health care providers using health IT more than ever. In 2015, 96 percent of hospitals and 78 percent of physician offices used certified EHR technology. The Office of the National Coordinator for Health Information Technology (ONC) details the advancements made in the health IT landscape in its 2016 Report to Congress on Health IT Progress.

Reporting requirements

Section 13113(a) of the American Recovery and Reinvestment Act of 2009 (ARRA) (P.L. 111-5), under the HITECH Act, requires HHS to submit to the appropriate committees of the House of Representatives and the Senate a report (1) describing the specific actions that have been taken by the federal government and private entities to facilitate the adoption of a nationwide system for the electronic use and exchange of health information; (2) describing barriers to the adoption of such a nationwide system; and (3) containing recommendations to achieve full implementation of such a nationwide system. This is the annual update to the previous submissions, which were released on January 17, 2012, June 21, 2013, October 9, 2014, and February 29, 2016.

HHS priorities

The progress of health IT allowed for a transition in focus for HHS to the seamless and secure flow of health information, or interoperability. The advancements set the foundation for delivery system reform, the Cancer Moonshot, combating the opioid epidemic, the Precision Medicine Initiative, clinical innovation, and protecting and advancing public health. HHS has focused on three priority areas:

  • promoting common standards to facilitate the seamless and secure exchange of data, including through the use of standardized, open application programming interfaces (APIs);
  • building the business case for interoperability, particularly through delivery system reform efforts that change the way CMS pays for care to reward quality over quantity of services; and
  • changing the culture around access to information through combating information blocking; ensuring that individuals know they have a right to access and transmit their health information and that health care providers know they must provide access to the individuals; and reminding health care providers that they are legally allowed to exchange information in the course of treatment or coordinating care.

Health IT changing the provision of care

The rapid adoption of health IT has facilitated increased use of functionalities that have real-world clinical impacts. These include clinical decision support, which can point health care providers to evidence-based clinical guidelines at the point of care, facilitate an enhanced diagnosis or treatment path, and alert providers to potentially harmful drug interactions. Hospitals and physicians have also gained the ability to exchange more electronic health information than ever, with 82 percent of non-federal acute care hospitals electronically exchanging laboratory reports, radiology reports, clinical summaries, or medication lists. Approximately 90 percent of hospitals reported that they routinely had clinical information needed from outside sources or health care providers available at the point of care. Notably, EHR systems have transformed the prescribing and dispensing of medications, with e-prescribing systems lowering costs, improving care, and saving lives by reducing medication errors and checking for drug interactions.

Increased access to health information

Digitizing the U.S. health system has empowered individuals to be more in control of their own health decisions. Those with electronic access to their health information can monitor chronic conditions, better adhere to treatment plans, find and fix errors in their records, and directly contribute their information to research. Today, 95 percent of hospitals have the capability to allow patients this type of access.

ONC will directly review certified health IT products

The HHS Office of the National Coordinator for Health Information Technology (ONC) gained the authority to directly review certified health information technology (IT) products in circumstances that may pose a risk to public health or safety, or when practical challenges make it difficult for ONC-authorized certification bodies (ONC-ACBs) to do so. In an advance release of a Final rule to be published in the Federal Register on October 19, 2016, the ONC created a regulatory framework for such review. It also established a process allowing it to oversee accredited testing laboratories to align with its existing oversight of ONC-ACBs and made identifiable surveillance results of certified health IT publicly available.

Direct review

ONC-ACBs issue certifications for health IT and are responsible for conducting ongoing surveillance, based on adopted certification criteria, to ensure that certified health IT continues to conform with program requirements. However, their assessments may not involve interactions among certified capabilities and other capabilities or products that are not certified under the program, and may be limited to certain functional outcomes. Because the ONC is better suited to perform evaluations without such limitations, the Final rule grants it the authority to perform reviews both independent of, and in addition to, ONC-ACBs.

Circumstances of review

Section 3001 of the Public Health Service Act (PHSA) (42 U.S.C. §6A) permits the ONC to directly review health IT in a broad range of circumstances. However, the agency will use its limited resources to directly review products only in circumstances in which it believes that certified health IT is causing or contributing to serious risks to public health or safety, or in which practical challenges make it difficult for ONC-ACBs to effectively investigate or respond to non-conformities. For example, the ONC may have access to confidential information related to non-conformities that is unavailable to ONC-ACBs. Other investigations may require concurrent or overlapping investigations by multiple ONC-ACBs or may exceed the ONC-ACBs’ resources or expertise. The ONC will exercise its right not to review certified health IT for potential non-conformities, especially in circumstances in which it thinks other HHS agencies are better suited to oversee or enforce laws, including in circumstances involving threats to protected health information (PHI).

CAPs, suspensions, and terminations

Where the ONC determines that non-conformities may exist, it may require entities to follow corrective action plans (CAPs) and may suspend or terminate certification for failure to comply with CAPs. Furthermore, it will ban a health IT developer from obtaining future certification where the developer’s current complete electronic health record (EHR) or health IT module is: terminated by the ONC; withdrawn by an ONC-ACB at the developer’s request when it was the subject of a potential or actual non-conformity; or withdrawn by an ONC-ACB at the developer’s request when it was the subject of pending or actual surveillance. However, the ONC will allow developers to respond to ONC concerns and appeal suspensions and terminations. The Final rule requires developers participating in CAPs to notify potentially affected customers of non-conformities and plans for resolution, and requires suspended or terminated developers to notify customers of the suspension or termination.


ONC-ACBs are only permitted to accept testing results from laboratories from laboratories accredited by the National Voluntary Laboratory Accreditation Program (NVLAP). The Final rule will require NVLAP-accredited labs to apply to become ONC-Authorized Testing Labs (ONC-ATLs), allowing the ONC direct oversight.

Surveillance results

To increase transparency and the availability of certified health IT information, the Final rule requires ONC-ACBs to post identifiable surveillance results on the publicly accessible Certified Health IT Product List (CHPL) on a quarterly basis. The ONC believes that, because most developers are conforming with certification criteria and other program requirements, the posted surveillance data will reassure stakeholders, while encouraging those developers that are not conforming to comply with requirements.

HHS funds cybersecurity sharing center to disseminate information about health care threats

HHS agencies have awarded the National Health Information Sharing and Analysis Center (NH-ISAC) $350,000 in cooperative agreements to allow it to disseminate information about cybersecurity threats among health care stakeholders. The agency hopes that increased information sharing in the health care community will alert stakeholders to threats more quickly, so that they can avoid them or mitigate the damages caused by breaches more efficiently. This type of information sharing was one goal of the Cybersecurity Information Sharing Act (CISA), enacted as part of the Consolidated Appropriations Act, 2016 (P.L. 114-113) and is part of the HHS’ ongoing efforts to reduce breaches among Health Care Portability and Accountability Act (HIPPA) (P.L. 104-191) covered entities and business associates (see Changes to ACA requirements, COOL, cybersecurity, and more in Appropriations Act, Health Law Daily, December 21, 2015).

The NH-ISAC is a member-owned non-profit that that offers non-profit and for-profit health care stakeholders, including independent hospitals, health insurance payers, and medical schools, a forum for sharing cyber and physical threat indicators. The HHS funding will prepare NH-ISAC to receive cyberthreat information from HHS and share it with stakeholders. Small providers, in particular, are expected to benefit from this process, which will alert them to threats and provide them with advice for responding to those threats. The agreements will also support NH-ISAC’s ability to receive threat information from stakeholders to provide other stakeholders with information about system breaches, including ransomware attacks.

The Office of the National Coordinator for Health Information Technology (ONC), which coordinates national health information technology and promotes the exchange of electronic health information, awarded $250,000 to build NH-ISAC’s capacity to receive and share cyber threat information with stakeholders and HHS and provide education about cyberthreats and appropriate responses. The Assistant Secretary for Preparedness and Response (ASPR), which prepares the nation to respond and recover from adverse health effects of emergencies, awarded a separate $150,000.

$87M in IT enhancements to ‘unlock’ data, improve health center quality

HHS will provide $87 million in funding to support information technology (IT) enhancements in 1,310 health centers throughout the United States and its territories. The funding is intended to support the health centers’ transition to value-based models of care, promote information-sharing to improve quality of care, allow the centers to use information to support better decisions, and increase their engagement in transforming delivery systems. HHS Secretary Sylvia Burwell stated that the funding “will help unlock health care data and put it to work.”

Health Resources and Services Administration (HRSA) health centers provide comprehensive preventive and primary health care to patients regardless of their ability to pay, adjusting fees based on that ability. Section 10503 of the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) established an $11 billion, five-year Community Health Center (CHC) Fund to strengthen the centers, which was extended by the Medicare Access and CHIP Reauthorization Act (MACRA) (P.L. 114-10) of 2015. Funding for the IT enhancements comes from the CHC Fund.

Health centers that use the funding to purchase or upgrade electronic health record (EHR) systems must ensure that the technology is certified by the Office of the National Coordinator for Health Information Technology (ONC).