The HTI-1 Final Rule marks a significant shift in healthcare regulations, establishing comprehensive guidelines aimed at improving the security, privacy, and interoperability of digital health information. As organizations strive to meet these new standards, a deep understanding of the complexities surrounding Decision Support Interventions (DSI) requirements is crucial, as they profoundly impact healthcare workflows. Drummond’s HTI-1 Market Survey Report underscores this, revealing that many health IT developers foresee significant challenges in complying with the (b)(11) DSI requirements. This highlights the importance of careful planning and expert guidance to circumvent these obstacles and ensure successful compliance.
To help your organization navigate these requirements, we will delve into the key elements of the regulations and provide strategic insights to help you navigate them effectively. By focusing on the core components of DSI requirements, your organization can not only meet compliance but also use these regulatory shifts to streamline workflows and improve overall efficiency. We’ll start by exploring how the HTI-1 Final Rule strengthens DSI functionality through expanded USCDI data requirements and how you can maximize the benefits of this regulatory shift.
The Role of USCDI Integration in Decision Support Systems
At the heart of DSI’s effectiveness is its ability to process and interpret patient information accurately. Access to standardized health data is crucial for these systems to deliver relevant and reliable support to clinicians. Recognizing this, the HTI-1 Final Rule mandates that healthcare organizations integrate USCDI Version 3 data into their DSI systems by December 31st, 2025. This requirement, part of the new (b)(11) criterion, is designed to boost the performance of DSIs, as the quality of decision support directly correlates to the accuracy and completeness of the data used.
For organizations to fully benefit from this requirement, several steps must be taken. First, ensure your Electronic Health Record (EHR) systems are fully compatible with USCDI standards, facilitating seamless data exchange. Collaboration amongst EHR vendors and healthcare providers is also crucial to optimally implement these necessary updates and configurations. Additionally, adopting strong data governance practices will help maintain data accuracy and security throughout its lifecycle. Lastly, engaging third-party experts who specialize in DSI integration and HTI-1 compliance can provide invaluable technical support to optimize your systems for effective decision-making.
By following these steps, healthcare organizations can not only meet the (b)(11) criterion but also leverage DSI systems to improve patient care and operational efficiency.
Understanding Evidence-Based vs. Predictive DSI
The HTI-1 Final Rule also updates the definition of Decision Support Interventions (DSIs) to better address the complexities of modern healthcare technology. This update highlights a crucial distinction between Evidence-Based DSI (EBDSI) and Predictive DSI (PDSI). EBDSI provides recommendations based on established clinical guidelines, generally implemented through configurable rule sets, ensuring consistency and reliability in decision-making. In contrast, PDSI uses advanced AI-driven algorithms to predict outcomes and suggest interventions based on large datasets. While PDSI offers the potential for personalized, proactive care, it also raises concerns about oversight, transparency, and potential bias in decision-making.
To address these concerns, the HTI-1 Final Rule introduces specific risk management requirements for each type of DSI, ensuring that AI-driven tools operate within safe and ethical boundaries. These requirements allow for more targeted oversight, which is vital for maintaining patient trust and improving decision support system performance.
Risk Management and DSI Compliance
The HTI-1 Final rule is essential in mitigating the risks associated with decision support systems, particularly in preventing oversight, discrimination, and bias. To address these concerns, the rule requires EHR developers who supply PDSI to provide critical information about their risk management practices by December 31st, 2024. A crucial component of this requirement is the public summary report, which makes the risk management practices used by developers accessible to the public. This transparency promotes greater accountability and oversight, reducing the chances of unchecked discriminatory practices.
Additionally, when PDSI are supplied as part of a (b)(11) certified health IT solution, the certified party must maintain a comprehensive risk management program for each PDSI it supplies. These programs ensure that PDSIs meet stringent standards for safe and effective use in clinical settings. The process begins with a thorough risk analysis to identify potential risks and adverse impacts, focusing on Fair, Appropriate, Valid, Effective, and Safe (FAVES) factors.
Once risks are identified, developers must implement effective risk mitigation strategies to address each issue, ensuring that the DSI operates safely and effectively. Moreover, PDSIs must adhere to strict governance policies that oversee how data is acquired, managed, and used. This governance is an ongoing certification requirement, meaning that all “supplied” DSIs must continuously comply with these standards to remain certified. By following these intervention risk management (IRM) practices, EHR developers can ensure that PDSIs are safe, reliable, and free from biases in healthcare decision-making.
New Source Attribute Requirements for DSIs
Source Attributes are another DSI requirement (enforced December 31st, 2024) designed to uphold fairness and validity in DSI functionality. The HTI-1 Final Rule introduces a new set of source attribute requirements specifically for PDSI, including numerous data elements intended to enable end users to understand, assess, and manage potential risk factors independently. These attributes are crucial when developers supply DSIs, as they provide proper disclosure about how these systems function, akin to a help menu within the actual product. EHR developers are tasked with maintaining and regularly updating specific source attributes related to the technical performance and quality of the DSI, a responsibility that requires robust functionality. However, Drummond’s HTI-1 Market Survey Report highlights that the majority of developers feel they lack the necessary tools to fully meet these requirements. This gap underscores the potential need for external support to complement internal resources, ensure accurate interpretation of the rules, and develop efficient project plans to meet deadlines.
For EBDSIs, this involves 13 attributes, while PDSIs require a more extensive set of 31 attributes. These attributes must be presented in plain language, avoiding complex technical jargon, to help healthcare providers easily understand the information and make informed decisions. These source attributes aim to allow end users of a DSI module to comprehend its purposes and risks, and how risks are assessed and managed. The source attributes and risk management requirements form interconnected elements of a comprehensive approach to responsible data governance and decision-making in healthcare.
Addressing Gaps in DSI Risk Management
While the DSI requirements are broad in scope, they only partially address the risks of oversight, discrimination, and bias in decision-support systems. One major limitation is that although EHRs are required to have functionality supporting transparency—such as identifying the origins of data used by algorithms—there is no ONC regulation compelling third-party developers to disclose this critical information. As a result, the DSI framework for risk management remains incomplete, leaving room for potential bias and discrimination to go unchecked.
This gap is particularly concerning as predictive algorithms have become increasingly influential in healthcare decisions. To address this, sectors of the market not directly governed by these rules should consider voluntarily adopting best practices like IRM and source attribute standards. Not only does adopting these standards help manage risks, but it also fosters trust between patients, providers, and developers. By proactively implementing these measures, organizations outside the regulatory framework can help create a more equitable and secure healthcare environment, reducing the risks of biased algorithms and positioning themselves as leaders in responsible innovation.
Such steps can mitigate risks and position these organizations favorably as future regulations tighten and expectations for AI transparency become more widespread. By embracing voluntary compliance, healthcare providers and developers can stay ahead of the curve, ensuring the security and reliability of their AI solutions in an increasingly regulated market.
Final Thoughts
Working toward compliance with the (b)(11) requirements of the HTI-1 Final Rule presents numerous benefits for Health IT developers, EHR vendors, and healthcare organizations. By meeting these standards ahead of the December 31st, 2024, deadline, systems will be better equipped to support transparency, risk management, and oversight of predictive algorithms, which are essential in ensuring that AI-driven tools remain fair and accurate. For EHR vendors, complying with (b)(11) offers a competitive edge by improving their systems’ functionality and aligning with industry best practices. Independent developers, despite often working with fewer resources, can strengthen their products by ensuring seamless integration with existing EHR systems and building trust with healthcare providers. Healthcare organizations benefit from enhanced data transparency and interoperability, which can lead to better patient outcomes and operational efficiency. Ultimately, proactive compliance with (b)(11) not only fulfills regulatory obligations but also fosters innovation, strengthens trust across the healthcare ecosystem, and ensures long-term success in an increasingly AI-driven healthcare landscape.