2024 has been an interesting year. It started with final rules from CMS on interoperability and prior authorization and ONC on a variety of health data and health IT topics in its HTI-1 rule, setting the baseline stakes for interoperability for the next several years. It also saw an HTI-2 proposal extending health IT certification to payers and public health authorities, the adoption of use case specific FHIR implementation guides into the official HHS standards list, and other changes and enhancements. The usual USCDI, US Core, SVAP, and other updates that typically occur annually continued as expected.
More than anything else, it was a year where cybersecurity moved to the forefront of everyone's consciousness thanks in large part to the major incident at Change Healthcare in February which disrupted the traditional administrative data exchange pathways for many, many months and affected a huge portion of the healthcare ecosystem. Cybersecurity was already in the spotlight, especially ransomware attacks, but Change Healthcare threw an accelerant on it and made us all rethink some of the traditional ways healthcare business is done in addition to the actual security issues. As a consequence of some of this focus, there have been several proposed rules around additional cybersecurity requirements as well as continued attention from CISA, NIST, and other organizations. In addition, FTC released a final version of its updated Health Data Breach Notification rule covering health data that's not subject to HIPAA restrictions.
ONC morphed into ASTP/ONC, taking a larger role in the health IT practices of HHS generally and starting to act as a centralized data and IT standards hub for the entire department in addition to its pre-existing role around industry standards setting and certifications. As part of these efforts, they produced things like a Federal Health IT Strategic Plan, documented their Health Equity by Design approach, and produced a draft Federal FHIR Action Plan in addition to ramping up the development of USCDI+ data sets to cover essential data for a variety of specific use cases, continued development of USCDI, and significant activity in partnership with the Sequoia Project related to ramping up TEFCA after its official release late last year.
This is just a slice of the activity during 2024. New guidance, reports, data briefs, projects, and proposals came out throughout the year, enough that our Data Governance Collaborative highlights several new items every week in our industry updates.
First, some reassurance. A lot of the health data and health IT initiatives we've all been working on for the past several years have strong bipartisan support. It's unlikely we'll be completely changing course on expanding use of FHIR APIs, better data standards and data quality, or the push toward greater price transparency in healthcare. In fact, it's likely they'll all continue to expand and we'll be adding new components and efforts in these areas over time. Congress put out an RFI asking for input on what else we'd like to see in an updated 21st Century Cures Act, so we may see new legislation around health data and health IT in the next year or two, although it's unlikely anything included in such laws would have 2025 implementation requirements. I won't even begin to speculate about these laws might contain - we'll just have to wait and see.
Price transparency, in particular, has very strong bipartisan support, with both Republicans and Democrats in Congress showing frustration with how slowly the No Surprises Act has been rolled out and enforced by HHS. So my first prediction for next year is almost guaranteed in my opinion - I expect we'll see new regulations covering the payer components of the No Surprises Act involving Advanced Explanations of Benefits or AEOBs - a proposed rule for AEOBs is currently listed in the unified federal agenda for March 2025 release - and possibly also see the current enforcement discretion around convening provider requirements in Good Faith Estimates or GFEs lifted. The process as envisioned in law has one provider or facility in charge of gathering all of the necessary data from other providers or facilities involved in a single point of care such as a hospital admission or pre-admission visit and sending a single GFE with all of the collated information to a patient's payer for them to turn it into a personalized estimate for the patient based on the specifics of their insurance coverage so both of these changes are needed to fully flesh out the No Surprises Act price transparency components. This process is required both for scheduled services and, if the patient requests it, so a patient can shop around and pick a provider for services they haven't yet scheduled. This workflow requires both changes above to be fully realized.
There are quite a few other components to the No Surprises Act, some of which are currently being enforced in a "make a good faith try to comply" way without corresponding regulation and perhaps some of these elements may also make it into regulation.
It is also likely that existing interoperability requirements will continue apace and expand further in areas such as patient access to standardized data, payer and provider data exchange in both directions both generally and for specific use cases like prior authorization and quality measures, and all sorts of other areas and use cases. However, some of language we use to discuss and describe these efforts may change; this happens with every administration change. For example, the term burden reduction, especially in conjunction with prior authorization, came into use during the Biden Administration. We discussed these same concepts previously, but we used different language to do so. I no longer remember what we called things in the previous Trump administration but for the most part it was strictly a change of labels and not substance. Expect some of this to happen again.
On the less positive side, it seems unlikely the current Biden Administration focus on health equity and health equity by design will continue. Privacy and patient control over their own data may also fade out a bit, especially as many of the efforts the Biden administration made in the privacy arena became inextricably tied to reproductive health protections which are unlikely to stand moving forward. While it's unlikely all health equity efforts will cease and some of the existing programs and policies would be hard to unwind, it would be naive not to expect real substantive changes here. The most optimistic outcome is likely that some of this work continues under a new name that's less political.
Another program that seems likely to at least slow down if not see real changes is TEFCA. TEFCA was very much not a priority of the previous Trump administration but it was a major priority of ONC and then ASTP under Micky Tripathi's leadership there. While I don't think TEFCA is going away - its existence is part of the 21st Century Cures Act - it does seem reasonable that it will not be as strong a focus in the new administration and efforts to add additional exchange purposes, move to and expand FHIR access, better support payers and other entities that aren't traditional provider organizations, and some of the other efforts currently underway will either slow down or cease.
Finally, there are a lot of regulatory items - both proposed and final - that are currently expected in November and December according to the latest federal unified agenda. It is unclear how many of them, if any, will actually be released either in this lame duck period or after the inauguration. Every administration puts most of the regulations from the final few months of the previous administration on hold, and there are two streams of thought about how to handle that. One is to rush out as much as possible to put a stake in the ground, knowing some or all of it will be paused, delayed, changed, or tossed out. The other is to accept that some or all of work products from the very end of the administration is unlikely to survive intact and allow the next administration to release them with whatever changes or adjustments they're going to make anyway. It's not possible to know which pathway the Biden administration will take, or if they'll choose on a case-by-case basis. The pending regulations range from final rules on attachments and the No Surprises Act dispute resolution process to proposed rules on pharmacy interoperability and prior authorization processes and new cybersecurity rules and more. Given this, it's impossible to predict if any of these rules will be part of the 2025 landscape at all. [Editorial comment: This article was written before Thanksgiving. As of publication, none of these have been released.]
So the bottom line is, who really knows? Only time will tell if any of these predictions are correct. Let us know what you think will happen by sending an email to info@mahealthdata.org.