A final Department of Health and Human Services rule will require developers seeking certification for health IT that employs artificial intelligence or other algorithms to meet certain transparency criteria by the end of 2024, despite calls in comments to push that deadline back.
While the final rule from HHS’s Office of the National Coordinator for Health Information Technology extended deadlines for other requirements between the proposed and final versions — such as requirements related to a new baseline standard for the health IT certification program — it maintained the end-of-next-year deadline for the AI and algorithms portion, underscoring the Biden administration’s focus on regulating the nascent and growing technology.
Under the rule — called Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing, or HTI-1 — developers will need to update health IT currently certified under ONC’s old requirements by Dec. 31, 2024. Those new requirements mandate that tools used to aid decision-making that use AI and algorithms must share information about how the technology works as part of the agency’s certification process.
“I think it will be very interesting, you know, with that deadline coming a year out to see how the vendor community responds, and … can they make these new requirements work?” Jonathan French, senior director of public policy and content development at the Healthcare Information and Management Systems Society (HIMSS), said in an interview.
In July, HIMSS recommended the agency delay the deadline to 2026.
ONC Deputy National Coordinator Steven Posnack acknowledged the change in several deadlines in a call with reporters after the final rule was released last week, saying the agency “sought to space and pace many of the different requirements over time” to give industry time to make incremental adjustments.
But Posnack added that “the algorithm-related transparency was a high priority for our office, the secretary, and administration. That’s one of the ones that we required straight out of the gate within a one-year time period.”
The algorithmic and AI requirements for decision support interventions (DSI) in the final rule come as the Biden administration has intensified its focus on regulating the technology. For example, the administration last week also announced voluntary commitments from health care companies to harness AI while managing its risks.
Generally, the algorithm requirements in the rule are aimed at promoting transparency and responsible AI use in health IT, such as electronic health records systems. In an interview with FedScoop in June, Micky Tripathi, the national coordinator for health IT, described the requirements as a “nutrition label” for algorithms.
In addition to the new AI and algorithm certification requirements, the rule also makes data interoperability updates to its health IT certification process and implements provisions under the 21st Century Cures Act.
ONC’s certification program is voluntary, but it’s incentivized by requirements that hospitals and physicians use certified systems when participating in certain Centers for Medicare and Medicaid Services payment programs. In a press release about the rule last week, ONC said health IT that it has certified “supports the care delivered by more than 96% of hospitals and 78% of office-based physicians around the country.”
While the deadline remains, industry experts analyzing the 916-page document said the final rule so far appears to address other concerns around the algorithm transparency portion. French, for example, pointed to more detailed information on the “source attribution” requirements and more detail on testing information.
During the public comment period, the ONC received responses that said the rule’s AI and algorithmic requirements went too far, and others that said they didn’t go far enough. The American College of Cardiology called the proposal “overly broad,” whereas Ron Wyatt, the chief scientist and medical officer at the Society to Improve Diagnosis in Medicine, argued that the rule should go further, requiring information provided about the algorithms to be made publicly available.
The final rule does include changes, according to ONC. “In response to public comments, the final DSI criterion includes clearer [and] more precisely scoped requirements for health IT developers,” ONC said in a fact sheet accompanying the rule. “In particular, the final criterion requires that health IT developers are responsible for only the predictive DSIs that they supply as part of their certified health IT.”
Joseph Cody, associate director for health IT and digital health policy at the American College of Cardiology, said ONC “made steps in the right direction” with some of the changes.
In particular, he said “they did a much better job of delineating the difference between” evidence-based and predictive DSIs. Though he said some of the definitions are “still overly broad.”
“If you’re expecting clinicians to spend a lot of time to go through and look at all the different components that are required to be publicly transparent and available to them, it becomes very hard for that clinician to be able to spend that time,” Cody said. He added that ACC is looking forward to having conversations with federal agencies about additional steps.
The final rule also includes ongoing maintenance and risk management requirements for health IT developers to keep “source attributable” information in the DSIs up-to-date, according to ONC. Health IT will be required to comply with the maintenance certification starting January 2025.
Rebecca Heilweil contributed to this article.