Summary of Proposed Rules on Interoperability of Electronic Health Information
On February 11, 2019, the Centers for Medicare and Medicaid Services (CMS) and the Office of the National Coordinator for Health IT (ONC) both issued proposed rules to fulfill statutory requirements in the 21st Century Cures Act. The proposed rules seeks to improve the ability of health care providers to transmit patient health information to each other in an interoperable format, improve the ability of patients to access their personal electronic health data, and prevent healthcare systems from engaging in “information blocking.” Most of the proposed rule’s provisions will take effect by 2020.
The proposed rules are scheduled to be officially published in the Federal Register on March 4. Public comments on the proposed rule would therefore be due by May 3.
CMS is seeking to leverage its programmatic authority over Medicare Advantage (MA) plans, state Medicaid programs [both fee-for-service (FFS) and managed care], Children’s Health Insurance Plans (CHIP) (including FFS and managed care), and Qualified Health Insurance Plan (QHP) issuers in the health insurance exchanges established by the Affordable Care Act (ACA). Some of the provisions build on existing CMS efforts such as the Blue Button 2.0 (an app allowing access to data of an operating system, application or other service).
The proposed rules do not directly apply to other types of health plans.
The proposed policies seek to establish the patient as the owner of their health data and to make patient electronic health information (EHI) more portable as patients transition between providers and between health plans. CMS describes its intent for patient access to EHI, “When a patient is discharged from a hospital to a post-acute care (PAC) setting there should be no question as to how, when, or where their data will be exchanged. Likewise, when an enrollee changes health plans or ages into Medicare, the enrollee should be able to have their claims history and encounter data follow so that information is not lost.”
Patient Access to Electronic Health Information
The proposed rule would require health care MA plans, Medicaid managed care plans, CHIP managed care entities, and exchange plan issuers to provide beneficiaries with free electronic access to medical claim information by 2020. In addition to medical claims, this information would include diagnoses, procedures, tests and a list of the providers who treated the beneficiary.
It is common knowledge that the U.S. health care system is not truly interoperable. The proposed rule acknowledges the challenges to achieving interoperability and proposes several new policies to address those challenges:
- The lack of a unique patient identifier (UPI) for each patient that is not health plan specific makes it difficult to accurately assign specific EHI or medical records to specific patients. HIPAA required the adoption of a UPI standard but CMS stopped pursuing the creation of a UPI standard, largely due to privacy concerns and Congressional opposition. CMS is not proposing a UPI standard in this proposed rule.
An alternative to the UPI is patient matching, which is a process by which health information from multiple sources is compared to identify common elements, with the goal of identifying multiple records across multiple health systems representing a single patient. This is generally done by using multiple demographic data fields such as name, birth date, gender, and address. CMS and ONC want to promote patient matching. CMS is seeking comments from stakeholders on ways for ONC and CMS to continue to facilitate private sector efforts on a workable and scalable patient matching strategy.
- A lack of standardized computer language is perhaps the most obvious barrier. Rather than require all EHR systems to use the same language, CMS is proposing to require Medicare, Medicaid and ACA plans to deploy open (publicly available programming framework) application programming interfaces (APIs) to make certain information available to enrollees and to other health systems. APIs will allow private entities to develop programs that facilitate the exchange of data in a common format.
- Information blocking, or the intentional withholding or restricting of data sharing between entities is another challenge. Information blocking usually occurs due to one entity not wanting to share information with a competitor. The proposed rule would define information blocking. CMS is proposing to impose fines and to publicly report the names of providers who do not attest that they do not engage in information blocking.
- CMS cites the lack of adoption of Certified EHR Technology (CEHRT) among post-acute care (PAC) providers as another challenge. Interoperability standards can only go so far if providers do not utilize EHR products that can accept the new interoperability standards. This can disrupt the transfer of patient EHI throughout the continuum of care.
- The exchange of health data between entities and patients immediately raises privacy concerns under HIPAA’s privacy and security regulations. CMS and HHS are looking at reforming the HIPAA privacy regulations in a separate request for information (RFI). Privacy concerns must be considered in any policy that facilitates the exchange of health information between entities.
The proposed rule does not establish a specific EHR system or coding standard as a way to achieve interoperability. CMS instead seeks to establish an environment where private entities can create programs/apps to communicate information between non-compatible systems.
CMS also intends to propose additional interoperability activities in the Promoting Interoperability (PI) performance category of the Hospital Inpatient Quality Reporting Program in the 2020 Hospital Inpatient Prospective Payment System (IPPS) proposed rule.
Expand the use of APIs beyond Medicare FFS to Advance Interoperability
Last year, CMS established an “open” Application Programming Interface (API) for developers to create apps that can help beneficiaries access their data and to help health care systems exchange information in an interoperable format. This “Blue Button 2.0 API” is similar to an app store for a smart phone except it is designed for healthcare systems instead. Openly-published APIs are accessible to third-party applications and developers. CMS says that over 1,500 developers are building apps with various purposes within this API.
CMS describes the intent of the API, “Consumers routinely perform many daily tasks on their mobile phones – banking, shopping, paying bills, scheduling – using secure applications. We believe that obtaining their health information should be just as easy, convenient, and user-friendly.”
The CMS and ONC proposed rules would require Medicare Advantage (MA) organizations, state Medicaid and CHIP FFS programs, Medicaid managed care plans, CHIP managed care entities, and health insurers issuing plans on the Federal Health Insurance Exchange to implement an API using the HL7 Fast Healthcare Interoperability Resources (FHIR) programming standard. The Administration is not proposing to require state CHIP programs that do not operate a FFS program to establish an API.
Under CMS’ proposal, the scope and volume of the information to be provided or made accessible through the open API would include: adjudicated claims (including cost); encounters with capitated providers; provider remittances; enrollee cost-sharing; and clinical data, including laboratory results (where available). The claims and encounter data to be disclosed should include information such as enrollee identifiers, dates of service, payment information (provider remittance if applicable and available), and enrollee cost-sharing.
CMS is also proposing to require MA organizations, state Medicaid and CHIP FFS programs, Medicaid managed care plans, and CHIP managed care entities to make their provider networks available to enrollees and prospective enrollees through API technology. Exchange issuers are already required to make this information available to beneficiaries. MA plans would be required to update provider directory information available through the API no later than 30 calendar days after changes to the provider directory are made. The directories would be required to include the names of providers, addresses, phone numbers, and specialty.
Entities that would be required to implement an open API under this rulemaking would be free to upgrade to newer versions of the required standards at any pace they wish.
Establishment of Trusted Exchange Networks
In addition to APIs, CMS is proposing that payers in CMS programs should participate in any trusted health information network they choose. Trusted Exchange Networks are secure health information exchanges.
Improve Portability of Patient Electronic Health Information
CMS wants all health plans to “have the ability to exchange data seamlessly with other payers for timely benefits coordination or transitions, and with providers to facilitate more coordinated and efficient care.”
Beginning on January 1, 2020, CMS is proposing to require MA organizations, Medicaid managed care plans, CHIP managed care entities, and Exchange plan issuers to support electronic exchange of data for transitions of care as patients move between these plan types. This data includes information about diagnoses, procedures, tests and providers seen and provides insights into a beneficiary’s health and health care utilization.
Under the proposal, a regulated health plan entity would have to be able to send this data to another plan that covers the enrollee (or a recipient identified by the enrollee) at any time during coverage or up to five years after coverage ends. Also, the plan would have to be able to receive this data from any health plan that covered the enrollee within the preceding five years. This data exchange can occur directly from entity to entity or via an API. CMS is also considering allowing this data to be transmitted via a regional health information exchange in addition to an API.
Definition of Information Blocking
The 21st Century Cures Act prohibits healthcare providers from engaging in data or information blocking which is to be enforced by monetary fines of up to $1 million per violation. The statute delegates the authority to define information blocking to ONC. The ONC’s proposed rule implements the statutory prohibition on information blocking and proposes seven exceptions from the prohibition:
- Preventing Harm.
- Promoting the Privacy of EHI.
- Promoting the Security of EHI.
- Recovering Costs Reasonably Incurred.
- Responding to Requests that are Infeasible.
- Licensing of Interoperability Elements on Reasonable and Non-discriminatory Terms.
- Maintaining and Improving Health IT Performance.
Increase Access to Digital Provider Directories using National Plan and provider Enumeration System (NPPES)
CMS is proposing to identify clinicians who have not submitted digital contact information to the NPPES. CMS is also proposing for MA, Medicaid, CHIP, and Exchange plans to make provider directories available to patients via an API.
Improve Clinical Event Data Sharing During Care Transitions
CMS wants to improve electronic sharing of information related to clinical events between the various health care providers who treat a patient, especially in the post-acute setting. CMS is proposing to add to the hospital Conditions of Participation (CoP) that would require hospitals, psychiatric hospitals, and congenital adrenal hyperplasias (CAHs) to make electronic patient event notifications available to another healthcare facility or to another community provider unless a facility does not have an EHR system with the technical capacity to generate and send this information.
CMS believes these notifications may improve post-discharge transitions and reduce the likelihood of complications resulting from inadequate follow-up care.
CMS proposes that these notifications would need to be sent at admission and either immediately prior to or at the time of the patient’s discharge or transfer to licensed and qualified practitioners, other patient care team members, and PAC services providers and suppliers that:
- Receive the notification for treatment, care coordination, or quality improvement purposes;
- Have an established care relationship with the patient relevant to his or her care; and
- For whom the hospital, psychiatric hospital, or CAH has a reasonable certainty of receipt of notifications.
Improving Dual Eligible Status Information
CMS is proposing to require states to submit data identifying beneficiaries as dually eligible for Medicare and Medicaid on a daily (business day) basis by April 1, 2022. States currently provide that information monthly. Increasing the frequency by which this information is submitted will help improve the ability of providers to correctly identify patients who are dual eligible beneficiaries.
Advance Interoperability within New Payment Models
CMS will leverage the Center for Medicare and Medicaid Innovation (CMMI)’s authority to promote interoperability within new alternative payment models.
Requests for Information
CMS is requesting information from stakeholders in several areas. This information will help guide future rulemaking efforts.
- How CMS can more broadly incentivize the adoption of interoperable Health IT.
- CMS is requesting information on how to improve patient identification and matching patients to the correct medical record.
- CMS is requesting information on the burdens associated with exchanging information between providers and health plans via APIs.
- With regard to the requirement for a patient’s health plan to exchange the patient’s health data, CMS seeks comments on how plans might combine records and address error reconciliation or other factors in establishing a more longitudinal record for each patient.
How the proposals will affect dual eligible beneficiaries. How interoperability can improve the coordination of benefits for dual-eligible beneficiaries.