The interoperability rule on patient access to healthcare data is more than a regulation; it’s a catalyst for igniting significant and sustainable change in healthcare quality, delivery and payment. It also gives consumers an enormous amount of power over how they manage their healthcare. Payers that approach compliance with the rule as an investment in digitally transforming their businesses will be well positioned to reap its many potential benefits.
The final rule encompasses managed Medicare, managed Medicaid and individual Federally Facilitated Exchange (FFE) qualified health plans. As expected, the rule requires these plans to publish a third-party developer application programming interface (API) using Fast Healthcare Interoperability Resources (FHIR) and terminology normalization. This API must provide not only claims data, but also other administrative data and even select clinical data. It uses specified standards to support Substitutable Medical Applications and Reusable Technologies (SMART) on FHIR so that every plan’s API is similar. This API must be in production by Jan. 1, 2021.
The Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC) did make a few key modifications to the rule. One is a change to the plan-to-plan data exchange, where a plan must share clinical data with another plan under certain circumstances at the request of a member. This requirement now has a delayed deadline of Jan. 1, 2022. Another requirement, that health plans join a Trusted Exchange Network, has been deferred for future rulemaking.
CMS also clarified some items. As one example, we now know that the data to be provided by the API, and the plan-to-plan exchange, will only include data related to dates of service since Jan. 1, 2016; earlier data is not mandated.
Putting the interoperability rule in context
Even as payers digest the interoperability rule requirements, they must be aware of other regulations likely to emerge over the next few years. Some potential regulations may complement interoperability processes; others may require unique strategies. Payers that stay on top of the potential rules and opt for more flexible technologies and methods to achieve interoperability will find it easier to develop coherent, cost-effective compliance strategies. Proposed rules and legislation may include the following:
- Updates to data standards and formats. Additional refinements are likely to the HL7 Fast Healthcare Interoperability Resource (FHIR) standard in the API for exchanging health data electronically. Further, updates and additions to the data classes and elements with the U.S. Core Data for Interoperability (USCDI) standard will need to be incorporated into the API. Building updates into regular API maintenance will help payers stay current as new requirements are adopted.
- New rules around the enterprise master patient index (EMPI). The industry initially will be executing EMPI requirements without government guidance. When a clear EMPI methodology is prescribed, payers will be better equipped to avoid false positives and false negatives when matching member file data. That will expedite compliance with interoperability data release requirements while helping payers avoid accidentally releasing confidential health information.
- Extension to all lines of business. We expect all types of health insurance, not just government programs, eventually to be included under this rule. Payers should design their compliance approaches under the assumption that the rule’s scope soon will expand, perhaps by executive order.
- Addressing the transparency rule. The transparency directive for payers has different deadlines, technology and requirements than interoperability, so payers initially will find few compliance synergies between them. However, from a business perspective, both transparency and interoperability erode the ability of payers to compete on allowable amounts and network and benefit design, because each rule will make those components increasingly obvious to other payers and providers.
- Added provider-side interoperability. We expect CMS to require providers to implement interoperability in the same ways as payers, meaning the same API and orchestration of both electronic medical record (EMR) and non-EMR data available within one day, among other requirements. When this occurs, every physician, hospital, clinic, etc., will be using the same formats and meeting the same reporting deadlines. Payers can plan now to make the most of this true industry-wide interoperability.
- National privacy and security regulations. Congress may eventually act on consumer concerns about who collects their data and how it is used by creating a national privacy rule analogous to the California Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR). Payers’ security solutions for interoperability must be flexible and extensible to whatever new privacy regulations emerge.