Key Takeaways:

• The executive branch has been active this month, focusing on regulating the use of artificial intelligence (AI) in healthcare.
• In October, President Joe Biden issued an executive order making the development and safe use of AI to drive improved health outcomes for Americans a top priority for the Biden-Harris Administration.
• In response to Biden’s executive order, 28 healthcare providers in December signed a commitment for the safe, secure and trustworthy use and purchase and use of AI in healthcare.
• At the same time, the Department of Health and Human Services (HHS) released a new AI transparency rule that aims to help the healthcare industry make more informed decisions about the use of AI.
• The regulations are targeted at improving transparency in the healthcare industry to ensure that AI is being used fairly, appropriately, validly, effectively and safely.

White House Announces Executive Order and Responsible AI Healthcare Provider Pledge

On Oct. 30, President Biden signed an executive order calling for a coordinated government approach to establish new safeguards for AI safety and security in healthcare. In response to the executive order, on Dec. 14 the White House announced that 28 healthcare providers and payers had voluntarily committed to the safe, secure and trustworthy use and purchase and use of AI in healthcare. According to the White House press release,

The commitments received today will serve to align industry action on AI around the “FAVES” principles—that AI should lead to healthcare outcomes that are Fair, Appropriate, Valid, Effective, and Safe. Under these principles, the companies commit to inform users whenever they receive content that is largely AI-generated and not reviewed or edited by people. They will adhere to a risk management framework for using applications powered by foundation models—one by which they will monitor and address harms that applications might cause. At the same time, they pledge to investigating and developing valuable uses of AI responsibly, including developing solutions that advance health equity, expand access to care, make care affordable, coordinate care to improve outcomes, reduce clinician burnout, and otherwise improve the experience of patients.

The healthcare providers specifically pledged the following commitments regarding the use of AI:

1. We commit to vigorously developing AI solutions to optimize healthcare delivery and payment by advancing health equity, expanding access, making healthcare more affordable, improving outcomes through more coordinated care, improving patient experience, and reducing clinician burnout.
2. We will work with our peers and partners to ensure outcomes are aligned with fair, appropriate, valid, effective, and safe (FAVES) AI principles.
3. We will deploy trust mechanisms that inform users if content is largely AI-generated and not reviewed or edited by a human.
4. We will adhere to a risk management framework that includes comprehensive tracking of applications powered by frontier models and an accounting for potential harms and steps to mitigate them.
5. We will research, investigate, and develop swiftly but will do so responsibly.

New HHS AI Transparency Rule

On Dec. 13, the HHS released the Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing (HTI-1)final rule. The goal of the new rule is to advance interoperability, improve transparency and support patient access to the use of AI in clinical settings. The rule implements provisions of the 21st Century Cures Act (Cures Act) and updates the Office of the National Coordinator for Health Information Technology (ONC) Health Information Technology (IT) Certification Program, a program that includes standards, implementation specifications and certification criteria for electronic health record companies and health IT developers. The following is a high-level summary of important details finalized in the rule.

1. Algorithm Transparency

The rule establishes the first transparency and risk management requirements for certified health IT and software developers, specifically focusing on AI and predictive algorithms. This includes AI that analyzes medical imaging, generates notes or summaries, notifies providers of risks to patients, and ultimately contributes to provider decision making. ONC’s regulatory approach is intended to ensure that users and the public have access to consistent information on predictive algorithms and whether the use of such technology is fair, appropriate, valid, effective and safe.

2. Adoption of USCDI Version 3

The rule requires developers to adopt United States Core Data for Interoperability (USCDI) Version 3 as the new baseline standard for the certification program, effective Jan. 1, 2026. The new USCDI — which is a standard set of health data classes and elements that enable nationwide, interoperable health information exchange — version incorporates more accurate and complete patient characteristics data to ensure algorithms promote health equity, reduce health disparities and support public health data interoperability.

3. Strengthened Information Blocking Requirements

The rule revises some information blocking definitions and exceptions to encourage information sharing, including the establishment of an exception to advance the secure, efficient exchange of electronic health information (EHI) under the Trusted Exchange Framework and Common Agreement (TEFCA). Essentially, the new TEFCA Manner Exception applies where an actor and requester of EHI are both part of the TEFCA. When the exception is met, fulfilling certain requests for EHI only via TEFCA will not be considered information blocking.

ONC revised and updated the existing Infeasibility Exception to the information blocking rule in several ways, including by revising the “uncontrollable events” condition to the exception to clarify when an actor’s practice constitutes an uncontrollable event for purposes of the exception. ONC further added two new conditions to the Infeasibility Exception: the first applies when an actor denies a third party’s request to enable the use of EHI to modify EHI — including deletion and creation functionality — so long as the request is not from a healthcare provider requesting the use from an actor that is their business associate. The second new condition to the Infeasibility Exception applies where an actor has exhausted the Manner Exception, including instances where one manner uses certain technology certified to specific standards.

As part of the enhancements to the information blocking regulations, ONC made several definitional changes, including defining what it means to “offer health IT” for purposes of complying with information blocking regulations. ONC narrowed the definition of “offer health IT” to exclude certain activities, including making available funding to obtain or maintain certified health IT (so long as the funding is made available without conditions on limiting the interoperability of EHI). ONC clarified that a provider or health IT user does not “offer health IT” when engaging in certain health IT implementation and use activities, even if they obtain the health IT from a commercial developer or reseller or develop it themselves. ONC further excluded from the definition of “offer health IT” certain legal and consulting services when the health IT is supplied to complement certain other services provided to a provider in a comprehensive turnkey package for administrative management purposes.

ONC also modified the definition of “health IT developer of certified health IT” to clarify that the rule does not apply to healthcare providers that develop their own certified health IT but do not offer any certified health IT to others in a way that would meet the definition of “offer health IT.” Further, ONC revised the definition of “information blocking” to remove language that was no longer applicable under the current standards.

4. New Reporting Metrics for Certified Health IT

In creating the Insights Condition and Maintenance of Certification (Insights Condition), the final rule implements the Cures Act requirement for developers of certified health IT to report certain metrics as part of their participation in the Certification Program. The Insights Condition will require developers participating in the program to report on specific metrics if the developer has each of the following:

1. At least 50 hospital sites or 500 individual clinician users across their certified health IT.
2. Any certified health IT certified to the certification criteria specific in each measure.
3. Any user using the certified health IT associated with the measure.

Developers that do not meet the above qualification will submit a response to indicate that they do not meet the minimum reporting qualification for a measure.

As part of this new condition, the rule “adopts seven measures across areas related to interoperability, including an individual’s access to electronic health information, clinical care information exchange, standards adoption and conformance, and public health information exchange” to capture information about the use of certified health IT. The measure regarding individuals’ access to EHI through certified health IT is intended to capture how individuals use different methods to access their EHI (e.g., apps and/or patient portals). The public health information exchange measure captures the use of certified health IT to send vaccination and immunization information to immunization information systems. Another measure is intended to capture the use of health IT to obtain, reconcile and incorporate consolidated clinical document architecture documents. Finally, to capture how certified health IT is used within the app ecosystem, other measures capture information about apps connected to certified health IT products (and the intended purposes and users), the capacity and variety of Fast Healthcare Interoperability Resources (FHIR) transferred to apps from certified health IT, and the use of FHIR bulk data access via certified health IT.

The collection of these metrics is intended to provide transparent reporting and information about the use of certified health IT.

We will continue to monitor developments pertaining to the regulation of AI within the healthcare industry. For additional analyses of ONC’s final rule implementing penalties for violations of the information blocking rule, see Steep Penalties for Information Blocking Finalized.

[View source.]