Skip to main content Skip to footer

Consumers own their health data and should be able to get it easily and on demand. Those are the driving forces behind the two new and complementary interoperability and access rules proposed by the Centers for Medicare & Medicaid (CMS) and the Office of the National Health Coordinator (ONC). There’s no doubt complying with these rules will require major effort. (See part one of this series, “Five Key Things Healthcare Executives Must Know” about these rules.) Yet the rules also open the way for payers to create new patient-focused products and services. Payers that embrace this opportunity to make data accessible to patients, either on their own or through partnering with third-party developers, will build a strong competitive advantage in the market.

Here are the three general categories of data accessibility required by the CMS and ONC rules that payers can build patient services around.

1    Patients’ access to their data

The rules require health plans to implement and maintain an application programming interface (API) that enables Medicare Advantage enrollees, Medicaid beneficiaries and Federal Exchange Qualified Health Plans (QHP) enrollees to access their electronic health information (EHI) without “special effort.” A health plan’s members can use third-party applications to retrieve their clinical data, coverage information and claims data. Per the rules, health plans must make the following data available:

  • Standardized adjudicated medical and pharmacy claims data, including provider remittances and enrollee cost sharing, one business day after processing a claim.
  • Encounter data one business day after receiving the encounter.
  • Clinical data, including laboratory results, no later than one business day after receiving that data.
  • Directory data of contracted providers must be available to enrollees and prospective enrollees, with changes available within 30 calendar days of their creation (except for QHPs).
  • Medicare Advantage prescription drug plans will be required to make pharmacy directory data and formulary data accessible, including Part D drugs, tiered formulary structures or utilization management procedures. Medicaid and CHIP plans will be required to make preferred drug list information accessible one business day after the effective date of information updates.

For patient data to be accessible, the rule requires developers to implement certain standards in the API. The formats and content requirements in these rules enable the healthcare industry to use one standard language that combines both clinical and administrative data. FHIR HL7 is the required standard for exchanging healthcare information electronically. The data being exchanged requires terminology normalization used in electronic standards, including the U. S. Core Data for Interoperability (USCDI) version 1, the HIPAA administrative requirements, and standards for electronic prescribing. These make the data content understandable to the patients and providers using the applications.

Making clinical and claims data accessible and usable to members and providers within the time frames required is technically complex to achieve. Yet doing so enables that data to be consumed by analytics, machine-learning algorithms and other systems, enabling payers to offer more sophisticated health-data management tools to members and providers. Nascent 5G wireless networks will make it possible to share large amounts of data quickly to — and from — handheld devices.

Given that the rule calls for payers to conduct routine testing and monitoring to ensure the API functions properly and to publish documentation of their API, this seems a natural opportunity for payers to invite tech partners to help them create their own branded apps. Payers should opt to own their members’ experience here and ensure their branded app is their members’ first choice for accessing health data.

2    Five years of electronic health information

Health plans must be prepared to deliver up to five years of patient clinical EHI on request. The kicker: if the member has not been with the plan for five years, the current plan must connect to any health plan that provided coverage to the member in the last five years to gather the data.

Similarly, the health plan must be prepared to send data on its former members to their new payers at the member’s request. Further, it must send a current member’s health data to any recipient its member designates, both while they are enrolled and for up to five years after they disenroll.

Payers must also be prepared to receive clinical EHI from other payers and incorporate it into members’ records.

The proposed rule says at minimum, payers must have a process for the electronic exchange of the data classes and elements included in the USCDI standard Version 1 (see Figure 1). The USCDI is an update to the Common Clinical Data Set (CCDS) used today for electronic health records. New data includes clinical notes, pediatric vital signs, patient address and phone number, and provenance information.


Figure 1

Payers that embrace this requirement can help members build comprehensive, intelligible views of their health history and build complementary features and functions to meet their health needs. As patients become more empowered with their own data, they can share it with whom they choose. That should help eliminate redundant procedures, which will reduce the cost of care. The data needed to make value-based care programs effective will be accessible to providers, enabling health plans to offer more value-based care to members focusing on quality and patient outcomes. Additional capabilities could be built to analyze the data and help members see how their health has evolved over time. An app could offer analytics-driven personalized coaching and incentives.

3    Trusted network participation

The rules call for payers to participate in a trusted exchange network (TEN) capable of the following:

  • Exchanging protected health information in compliance with all applicable state and federal laws.
  • Connecting to inpatient electronic health records and ambulatory electronic health records.
  • Supporting secure messaging or electronic querying among providers, payers and members.

ONC is developing a framework for Trusted Exchange Framework and Common Agreement (TEFCA). Its goal is to establish a single “on-ramp” to nationwide connectivity and ensure electronic information securely follows members when and where it is needed. Many payers participate in health information exchanges today. However, many exchanges often use proprietary technology. TEFCA is designed to scale electronic health information across disparate health information networks (HINs) by outlining a common set of principles, terms, and conditions to support the development of a Common Agreement to exchange electronic health information for which HINs can volunteer to participate.

Payers could create services around their TEN participation and the other interoperability requirements, assuring their members have access to their health information wherever they travel in the U.S. While all data transactions must still be HIPAA-compliant, with their consent, payers could help members take real ownership of and control over their health data.

Health plans can take these immediate steps to help ensure they can meet the 2020 implementation deadline for interoperability:

  • Determine your basic approach to the data delivery, aggregation, orchestration and implementation of new standards.
  • Determine data integration remediation needed to meet one-day availability rules.
  • Evaluate privacy and security concerns and new challenges created; develop a plan to address them.
  • Curate a roadmap of future programs based on the future impact of having access to new data.

For more information, read the first installment in this series, “Preparing for the Interoperability and Patient Access Rules: Five Key Things Healthcare Executives Must Know” and visit the Healthcare and Interoperability solutions sections of our website, or contact us.

FHIR HL7 is the registered trademark of Health Level Seven International and the use does not constitute endorsement by HL7.