Let’s talk about your EHR needs: 1.800.383.6278  

Tuesday January 25, 2022  |  Mary Ann Chaffee, VP Policy and Federal Affairs, Surescripts

Six Regulatory And Policy Issues To Watch In 2022

Six Regulatory Policy Issues Watch 2022

A version of this article was originally published by our ePCS (electronic prescribing of controlled substances) partner, Surescripts.

Our partnership with Surescripts plays a critical role in helping our hospital customers remain compliant with several healthcare IT-related regulations.


As Congress reconvenes in Washington this week, here are six healthcare regulatory and policy issues we’re keeping our eyes on. We hope this primer will help demystify the state of the health IT regulatory environment and give readers a deeper understanding of the impact and import of this activity.

  1. The 21st Century Cures Act, Interoperability and Patient Access Rules

The gist: In 2020, the Department of Health and Human Services (HHS) issued two related rules to implement the 21st Century Cures Act to encourage interoperability among health information technology systems, improve patient access to their health care information, and discourage practices that unreasonably prevent the access, exchange or use of such information. These rules, among many other things:

  • Prohibit “information blocking,” defined by HHS as a practice likely to interfere with access, exchange or use of electronic health information, unless the practice is required by law or covered by an applicable exception
  • Require hospitals participating in programs regulated by the Centers for Medicare and Medicaid Services (CMS) to send electronic patient event notifications of a patient’s admission, discharge, or transfer (ADT). For more information, check out the CMS Interoperability and Patient Access Fact Sheet.

Background: The intent of these rules is to address concerns that healthcare organizations may make it unnecessarily difficult for patients and providers to obtain electronic health information, whether it's upon a patient's request, or for purposes already permitted under applicable law, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Status: These rules are in effect. We expect the HHS Office of Inspector General (OIG) to release its final rule regarding the enforcement of the information blocking provision early this year.

2. The Trusted Exchange Framework and Common Agreement (TEFCA)

The gist: TEFCA is intended to establish the infrastructure model and the governing approach for users in different networks to securely share basic clinical information with each other—all under commonly agreed-to expectations and rules. In August 2019, the Office of the National Coordinator for Health Information Technology (ONC) awarded a cooperative agreement to The Sequoia Project to serve as the Recognized Coordinating Entity (RCE) to administer a new nationwide network based on the Common Agreement. Visit ONC’s TEFCA website for more detail.

Status: The RCE recently finalized the common agreement,  standard operating procedures as well as the Qualified Health Information Network (QHIN) technical framework. ONC expects to begin reviewing QHIN applications and onboarding QHINs to the network by the second half of 2022.

3. HIPAA Notice of Proposed Rule Making and Care Management

The gist: The current HIPAA regulation limits the ability to access protected health information (PHI) for purposes of care coordination and case management with entities that are not health care providers. HHS is looking to change that. The HIPAA Notice of Proposed Rule Making modifies the current regulation in order to support individuals' engagement in their health care, remove barriers to coordinated care, and decrease regulatory burdens on health care providers and health plans.

More background: These modifications address impediments to the transition to value-based health care by limiting or discouraging care coordination and care management communications among individuals and covered entities (including hospitals, physicians, and other health care providers, payers, and insurers) or posing other unnecessary burdens. The NPRM includes proposals to address these burdens while continuing to protect the privacy and security of individuals' PHI.

Status: This is a proposed rule, pending the publication of a final rule by the HHS Office of Civil Rights.

  1. Real-Time Prescription Benefit Tools

The gist: The Consolidated Appropriations Act of 2020 included three provisions aimed at accelerating adoption and use of a real-time benefit tool (RTBT) for prescription drugs by 1) requiring that all Part D insurers provide for a RTBT that enables electronic transmission of eligibility, formulary and benefit information to each enrollee’s prescribing clinician; (2) adding use of a RTBT to the Merit-Based Incentive Payment System (MIPS) measures, and (3) requiring qualified EHRs under the ONC Health IT Certification Program to include a RTBT that conveys patient-specific cost and coverage information.

Status: The requirement on Part D plans was implemented on January 1, 2021. The second provision regarding MIPS took effect January 1, 2022. However, HHS’ implementation of the third provision, which requires qualified EHRs to include RTBT functionality that conveys patient-specific cost and coverage information, has been delayed. The delay is due to the requirement that rulemaking be conducted by CMS and ONC prior to implementation We don’t expect rulemaking to be complete before the third quarter of 2022 at the earliest.

Context and commentary: The requirement that insurers make an RTBT available in the Part D context is already in place. Surescripts Real-Time Prescription Benefit enables prescribers to be compliant with these legislative and regulatory actions. As of October, more than 550,000 prescribers were using Real-Time Prescription Benefit, which speaks to the technology’s utility and value. This year, we also expanded the reach of Real-Time Prescription Benefit among pharmacy benefit managers and health plans, covering more than 97% of U.S. patients in October 2021, up from 82% in 2020.

  1. Electronic Prior Authorization Requirement

The gist: On Dec 31, 2020, CMS issued a final rule that, for the first time, requires Part D prescription drug plans and prescribers to support a new electronic prior authorization transaction standard for their Part D e-prescribing programs. The rule, which has an effective date of January 1, 2022, but allowed plans to begin adopting it on January 1, 2021, also requires Part D plans to adopt NCPDP SCRIPT standard v2017071.

Status: This rule took effect on January 1, 2022 and adoption is underway.

Context and commentary: We are glad that CMS has recognized the value of the NCPDP standard for electronic prior authorization by mandating it for the patient populations they serve, specifically those in Medicare Part D plans and prescribers. Surescripts Electronic Prior Authorization utilizes NCPDP SCRIPT standard v2017071.

  1. EPCS Federal Mandate

The gist: On December 1, 2020, CMS announced in a final rule its decision to require that Part D providers use e-prescribing of controlled substances (EPCS) effective January 1, 2021. The rule implements a provision of the SUPPORT for Patients and Communities Act, which became law in 2018.

Status: While the rule is in effect, CMS has delayed the start date for compliance actions by one year to January 1, 2023. The start date for compliance actions for Part D prescriptions written for beneficiaries in long-term care facilities has also been delayed to January 1, 2025. CMS will initially enforce compliance by sending compliance letters to prescribers violating the EPCS mandate.


In partnership with Surescripts, MEDHOST is dedicated to helping hospitals across the nation remain in compliance with new healthcare IT regulations, optimize patient care, maximize reimbursements, and avoid penalties.

To learn more about how we can support your hospital reach out to us at or call 1.800.383.6278.

You may also be interested in: