Getty Images
CMS Releases Finalized Rule on Interoperability
The CMS rule mandates that payers provide patients access to data through a Patient Access API and access to a list of in-network providers through a Provider Directory API.
CMS has released the next phase of the 21st Century Cures Act on interoperability.
The rule, which was expected to be announced at HIMSS20 before the conference was canceled, supports the MyHealthEData initiative, meant to enable the flow of patient data and information among public payers.
“The days of patients being kept in the dark are over,” said CMS Administrator Seema Verma in the press release.
“In today’s digital age, our health system’s data sharing capacity shouldn’t be mired in the stone age. Unfortunately, data silos continue to fragment care, burden patients, and providers, and drive up costs through repeat tests. Thanks to the leadership of President Trump, these rules begin a new chapter by requiring insurance plans to share health data with their patients in a format suitable for their phones or other device of their choice. We are holding payers to a higher standard while protecting patient privacy through secure access to their health information. Patients can expect improved quality and better outcomes at a lower cost.”
The rule states that payers and health systems can no longer engage in “information blocking,” a practice which restricts access to healthcare information and slows down interoperability.
Instead, they must provide the data through an application programming interface (API). Third-party apps and vendors can use the Patient Access API to give patients access to their data.
Payers must make data available through the API so that it follows the patient from provider to provider and payer to payer.
Third-party vendors will require permission from the patient to access the patient’s API data, at least for adjudicated claims, capitated providers, and payer-maintained clinical data within one day after the request is made.
By January 1, 2021, payers must make the data available, spanning claims from January 1, 2016 onward.
The API must meet HHS standards, established by the ONC 21st Century Cures Act final rule.
Payers must also make it clear which providers are in-network. This will be available through a Provider Directory API. This must be a public-facing digital endpoint accessible through the payer’s website.
It must be available by January 1, 2021.
The rule outlines seven exceptions to the rule including when information blocking causes harm to the patient, when the information is inaccessible due to health IT maintenance or improvements to which the user has agreed, unfeasible requests, and other situations in which access would be barred.
In general, ONC said that exceptions will be determined based on whether the activity promotes confidence in the health IT infrastructure and security, puts individuals and entities at risk, and the exceptions are constrained to reasonable situations.
Payers have called upon the ONC and HHS to underscore that payers are exempt from these rules.
The proposed rule stirred up mixed opinions in the payer community. In a June 2019 letter to Donald Rucker, MD, National Coordinator for Health Information Technology of the ONC, Matt Eyles, president and CEO of America’s Health Insurance Plans (AHIP) supported the move towards interoperability. However, he also listed four primary objections to the rule:
- The challenge of maintaining patients’ privacy if their data could be disclosed
- Increased difficulty of keeping patients’ data safe from security breaches
- Anti-competitive implications of the rule if certain pricing data was disclosed
- The timing of the rule’s implementation
Furthermore, as Ryan Howells, MHP, PMP, principal at Leavitt Partners, explained in a recent Xtelligent Healthcare Media webcast, the requirement that health plans have the ability to immediately release healthcare information across Medicaid, the Children's Health Insurance Program, Medicare Advantage plans, and qualified health plans will have a significant impact on payers. It means that payers have to establish tools like APIs and protocols to handle that kind of data sharing securely and quickly.
From June to July 2019, Accenture surveyed 19 payer executives whose companies each accrue over $1 billion in revenue annually to determine whether these industry-leading payers were prepared for the new interoperability rule. Of the 19 surveyed, 26 percent were “very familiar” with the regulations and the same percentage characterized their companies as “very prepared.”
These numbers may seem low, but in comparison with providers it was an impressive representation—only 16 percent of providers said they were “very familiar” with the proposal and a mere 5 percent felt prepared. That being said, the survey covered three times as many billionaire provider organizations as payers.
Additionally, low readiness among provider partners could influence payers’ shift toward value-based care, since the payer-provider relationship is so foundational to that movement.
While the survey does not capture the status of the payer industry as a whole, it may provide insight into the readiness of companies with the most resources to tackle a major technology strategy adjustment and data-sharing protocol shift.