How to Comply with New Healthcare Interoperability Rules

Image for post
Image for post

The concept of interoperability — the ability of different systems and applications to exchange data — has existed in healthcare for over a decade. But only in 2020 has it gone from being a theoretical goal to its new status — a practical and urgent necessity.

Historic changes are coming as a result of interoperability final rules released by the US Department of Health and Human Services (HHS) earlier this year. The two main purposes of the new regulations are to advance data sharing between health systems and grant patients unprecedented control over their care via mobile apps of their choice.

The rules will gradually start to take effect in November 2020 and impact all major industry players — hospitals, health insurers, and health IT developers. Below, we’ll explore the timeline and what stakeholders must do to comply with new policies.

Adopting new interoperability standards: what is FHIR and USCDI?

  • the 4th version of Fast Healthcare Interoperability Resources from HL7 International (HL7 FHIR), and
  • US Core Data for Interoperability (USCDI).

Pronounced “fire,” FHIR specifies exactly how data exchange must be done so that all parties understand each other. It uses HTTP-based RESTful APIs suitable for mobile applications and allows sharing documents represented in one of three formats — XML, JSON, or RDF (Resource Description Framework).

Image for post
Image for post
How interoperability in healthcare will work using FHIR-based APIs, according to the final rules.

USCDI outlines what pieces of information must be shared on a patient’s request. The standard replaced the prior Common Clinical Data Set (CCDS) expanding it with two data classes:

  • clinical notes, both structured and unstructured, and
  • provenance, or extra information about who created the data and when it was created.

It also adds a patient’s current and previous addresses, phone number, and e-mail to the demographics class.

Image for post
Image for post
USCDI data classes and elements. Source: HIMSS Report

Widespread transition to USCDI data exchange via FHIR-based APIs will expedite the realization of the guiding principle behind the final rules — to make healthcare like any other consumer service by enabling consumers to “shop” for providers and insurers right on their smartphones.

Image for post
Image for post
The full list of interoperability rules, players affected, and compliance timeframes.

All that said, let’s look at the most pressing requirements involving new standards in more detail.

Information Blocking provision

Compliance date: November 2, 2020

Information blocking occurs when something prevents access to electronic health information (EHI), its use, and exchange. This includes restrictions enforced by licenses, contracts, and organization policies, limiting technological measures, or cases when a healthcare provider simply refuses to provide necessary data.

The rule developed by the Office of the National Coordinator for Health Information Technology (ONC) requires EHR system developers to enable access to their software via FHIR-based APIs. Healthcare providers, at their end, must utilize the APIs to give patients easy access to USCDI data elements. While patients have been able to get personal health information, hospitals didn’t have to deliver data in a standard online format.

The fine for violation of the rule can be as high as $1 million for IT vendors, while penalties for providers are not yet specified. However, there are situations when information blocking is acceptable. For example, it won’t be considered a violation if data is temporarily unavailable due to a natural disaster, Internet outage, or maintenance activities. To learn more, you can read the official document explaining information blocking exceptions.

It’s worth noting that a denial of data access that doesn’t fall within exceptions won’t automatically be regarded as a violation. Each situation will be judged separately to identify whether or not information blocking has happened.

Admission, Discharge, and Transfer (ADT) Notifications provision

Compliance date: November 2, 2020

Under the ADT provision, hospitals are required to send alerts to practitioners and care managers when a patient is registered in an emergency department, admitted to a hospital, transferred to another facility, or discharged to their home.

The messages must include the following data:

  • the patient’s name,
  • the treating provider’s name, and
  • the sending institution’s name.

At the same time, it’s up to hospitals to decide whether or not to include the information on diagnosis.

Real-time ADT notifications are expected to improve patient care via health information exchange. The provision also aims at detecting patient leakage, identifying frequent users of healthcare systems, and preventing avoidable readmissions.

Patient Access API and Provider Directory API provision

Compliance date: January 1, 2021

This provision obliges insurers regulated by the Centers for Medicare and Medicaid Services (CMS) to implement two types of FHIR-based APIs. The Patient Access API will allow health plan enrollees to request data on claims, costs, and clinical data. All this information must be available no later than one business day after a payer receives it.

A separate public-facing API will give patients access to accurate and up-to-date provider directories — listings of hospitals, pharmacies, clinicians, and other entities participating in a particular plan. At a bare minimum, the data must include provider names, addresses, phone numbers, and specialties. This will enable patients to get information on providers and, as a result, make well-informed decisions on their care.

Payer-to-Payer Data Exchange provision

Compliance date: January 1, 2022

Beyond payer-to-patient data sharing, by 2022 CMS-regulated payers must be ready to exchange patient clinical data between themselves on an enrollee’s request. This measure further supports the ability of patients to easily coordinate their care and switch between health plans. The provision also facilitates the smooth flow of electronic data within the healthcare systems.

Payers don’t have to update or correct data received from another payer. They are also free to choose a method of electronic exchange including the use of APIs. But in the future, the rule may require to utilize FHIR-based APIs only. So, it makes sense to adopt the new standard for sharing data with other payers from the very beginning.

New Standardized API Functionality provision

Compliance date: May 2, 2022

Final Rules require hospitals to use two types of API-enabled functionality — for single patients and for groups of patients. This so-called Standardized API for Patient and Population Services will replace the current “Application access — data category request” criterion.

API services focusing on a single patient will deal with third-party apps used to access personal medical data and with solutions implemented by health care providers to enhance their workflow.

In turn, population-level API services will cater to the needs of applications that improve healthcare management, help hospitals deliver better care for multiple patients, support machine learning, big data analytics, and other powerful computing techniques.

EHI Export Capability provision

Compliance date: May 2, 2023

Today exchangeable electronic health information is restricted to the USCDI standard. However, it is anticipated that the scope of information exposed via APIs will significantly increase. By 2023, EHI will likely cover other elements, including administrative and billing data that is often stored and managed in separate practice management systems, outside the core EHR systems. Under the EHI Export Capability provision, actors will have to provide access to additional information, currently kept in fragmented databases.

Key steps to meet the new requirements

Review existing systems

Put a plan in place

Consider a cloud services provider for interoperability

Educate staff and patients

Dr Chris Norris, Clinical Associate Professor at the University of California now working with Sleep Standards, adds that health providers and health plans should also consider “educating their patients about the benefits and potential risks involved in using third-party apps to access and aggregate their information.”

CMS authorities also emphasize that hospitals and payers should educate patients on how to choose third-party software and warn of dangers associated with transferring data to an app not covered by HIPAA.

In the end, final rules will bring profit

To make the process less stressful, ONC and CMS — the two designers and initiators of the final rules — set a three to six-month window between the implementation or compliance date and the enforcement discretion date. During this period, each instance of non-compliance will be addressed individually to give the healthcare system additional “flexibility for development and implementation.” The entire transition will take more than two years.

As Heather Macre sums it up, “ Interoperability causes a painful uptick in costs but they will go down over time.” Eventually, smooth data exchange will reduce expenses, resulting in more effective treatment plans, enhanced patient experience, and increased productivity. Even more important, it will eventually improve the health of the entire population. At least, the majority of experts hope so.

Originally published at AltexSoft tech blog “How to Comply with New Healthcare Interoperability Rules

Written by

Being a Technology & Solution Consulting company, AltexSoft co-builds technology products to help companies accelerate growth.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store