Vendors Respond to New Proposed HHS Regulations on Health IT Procurement

The U.S. Department of Health and Human Services published new proposed regulations earlier this month outlining new standards and requirements surrounding the procurement of health information technology.

As described in the proposal, which was presented in the Federal Register on August 9, it is intended to amend the existing Health and Human Services Acquisition Regulation, or HHSARto require the procurement of health IT) that “conforms to the standards and implementation specifications (Standards) adopted by the Office of the National Coordinator for Health IT in the following sections: Information Technology Acquisition and Procurement Provisions and Contract Clauses.”

As explained by Assistant Secretary for Technology Policy/National Coordinator for Health Information Technology Micky Tripathi (whose new job title comes from a reorganization of the department last July) in a recent blog postThe move is a key part of the HHS Health IT Alignment Policy that the Biden administration announced in 2022.

The goal of the move — which is being done jointly with HHS’s Office of the Assistant Secretary of Financial Resources — is to “create and monitor a consistent HHS-wide approach to ensuring that health IT requirements in grants, cooperative agreements, contracts, and policies and regulations align with HHS’s adopted data standards,” Tripathi said.

“By focusing on standards that enable interoperability,” he explained, “HHS ensures that federal investments do not contribute to the proliferation of proprietary exchange methods and data repositories that impede data access, sharing, and use.

“Fostering interoperability through investments in HHS can lead to better connected care for patients,” he added, “and smoother data sharing across other facets of health care, such as population health and research activities.”

In the week-plus since the proposed rule was published, several technology vendors have offered their perspective on the HHS alignment and what it could mean for the industry. Healthcare IT News received several responses from the C-suite leaders at these companies, and here’s what they had to say.

Kim Perry, chief growth officer at emtelligent, which develops deep learning technology to gain analytical insights from structured text, said the proposed regulations “represent a significant step forward in realizing the full value of our nation’s healthcare data.

“By requiring standardized health IT across all systems that interact with HHS, this initiative not only improves interoperability and reduces inefficiencies, but also paves the way for advanced technologies like NLP and LLMs to unlock the full potential of this data at scale,” she added. “This not only accelerates and improves patient care, but also paves the way for breakthrough discoveries in clinical research, ultimately transforming the healthcare landscape and driving innovation in treatment and diagnosis.”

Raj Ronanki, CEO of Lyric, which is committed to advancing the use of AI to simplify healthcare delivery, agreed that “it is encouraging to see HHS taking a proactive approach to ensuring data and systems are protected so that everyone’s interests are safeguarded. As partners in healthcare technology, we must embrace a deep understanding of how to embed accountability, security, and balance the profound impact of AI with ethical governance.”

“As artificial intelligence and data security become increasingly important to healthcare,” he added, “the urgency to integrate ethical governance cannot be overstated.”

Meanwhile, George Pappas, CEO of healthcare security company Intraprise Health, said he was concerned — “as a citizen, a patient and a stakeholder in healthcare” — that a new mandate from HHS “could stifle the innovation we need to address legacy costs.”

As he explained, “AI programming models are evolving rapidly, and forcing vendors to adhere to rigid standards could hinder AI’s potential to improve interoperability. Additionally, it could impose unnecessary constraints on the cybersecurity industry, where flexibility is critical to adapt to emerging threats and more effectively protect patient data.”

However, Kevin Heineman, CISO of Lyric, which develops AI tools for health insurers, does see advantages in the proposed IT procurement regulations for security and information exchange.

“Interoperability in health care is critical, but it introduces complexities that can lead to exploitation by those with malicious intent,” he said. “The Office of the Assistant Secretary of Financial Resources’ proposal to simplify the way data is exchanged between health care institutions is a very positive step toward reducing data and system security risk — ultimately helping to make our health care ecosystem more secure.”

Mike Miliard is Editor-in-Chief of Healthcare IT News
Email the author: mike.miliard@himssmedia.com
Healthcare IT News is a publication of HIMSS.