On March 9, 2020, HHS announced two long-anticipated rules from the ONC and CMS designed to “finally deliver on giving patients true access to their healthcare data.” Some expected these deadlines to be a few years out, but HHS had other plans in mind: Payer compliance would begin January 1, 2021. Specifically, that deadline was for establishment of the Patient Access API and Provider Directory API for Medicare Advantage (MA), Medicaid, and the Children’s Health Insurance Program; and for the Patient Access API for Qualified Health Plan issuers on federally-facilitated exchanges.
Just six weeks later, CMS announced it would implement enforcement discretion due to the reverberations the COVID-19 pandemic has sent across the healthcare ecosystem – effectively pushing the deadline out to July 1, 2021. (The Payer-to-Payer Data Exchange, a key provision for health plans, remains slated for January 1, 2022.) Despite the delay, there is no time for health plans to slow down in the race toward interoperability.
Change is long overdue
These regulations meet the HHS directive to provide patients and clinicians with complete health information – wherever, whenever – hearkening back to the bipartisan 21st Century Cures Act of 2016. As members increasingly demand autonomy in their care decisions, health plans should provide consumable, transferable data to earn and retain their loyalty. Moreover, rapid electronic transfer of clinical data has proven more important now than ever, four years later, as healthcare organizations diligently work to respond to the crisis at hand.
Time is of the essence
The CMS rule mandates that payers share “claims and other health information with patients in a safe, secure, understandable, user-friendly electronic format through the Patient Access API.” This is a requirement for clinical information maintained by the health plan with a date of service on or after January 1, 2016. Specifics include:
- Access must be provided via the new standard for data exchange, Fast Healthcare Interoperability Resources (FHIR) Release 4, meaning members must be able to access their health data from the mobile applications of their choosing
- Mechanisms for authentication and access will follow industry standards such as OAuth2 and OpenID Connect Core
- After being processed by a health plan, information must be made available the next business day
- Health plans will need to make claims, encounters, remittances, cost-sharing and clinical data available that are maintained by the health plan. Clinical data will be the hardest since health plans have acquired data in various format and standards.
- Clinical data must use the US Core Data for Interoperability (USCDI), which contains standardized health data classes and data elements
For many health plans, clinical data continues to take a back seat to claims data. Those that fail to put more focus on the former will find it difficult to comply with the Patient Access API rule. The speed with which payers adapt will undoubtedly play a role in determining the winners and losers emerging from this paradigm shift.
Act today for the sake of tomorrow
There’s no doubt that COVID-19 requires and deserves significant attention and resources. Yet, with just a six month delay from HHS, health plans still need to act fast to ready themselves for the new data sharing requirements.
For whatever “recovery” or “new normal” appears on the horizon, scores of people will continue to receive care virtually and in new care settings, necessitating health information exchange now. Moreover, this transition and the threat of future pandemics will make all people and caregivers informed and prepared for the future. While much uncertainty remains, we can be sure that getting the right information to the right people at the right time has never been more essential.