The U.S. Department of Health and Human Services (HHS) has finalized two transformative rules that will give patients unprecedented safe, secure access to their health data. Interoperability has been pursued by multiple administrations and numerous laws, and now, these rules finally deliver on giving patients true access to their healthcare data to make informed healthcare decisions and better manage their care.
The two rules, issued by the HHS Office of the National Coordinator for Health Information Technology (ONC) and Centers for Medicare & Medicaid Services (CMS), implement interoperability and patient access provisions of the bipartisan 21st Century Cures Act (Cures Act) and support President Trump’s MyHealthEData initiative. MyHealthEData is designed to empower patients around a common aim — giving every American access to their medical information so they can make better healthcare decisions.
Together, these final rules mark the most extensive healthcare data sharing policies the federal government has implemented, requiring both public and private entities to share health information between patients and other parties while keeping that information private and secure, a top priority for the Administration.
“Patients should have control of their records, period. Now that’s becoming a reality,” said HHS Secretary Alex M. Azar. “These rules are the start of a new chapter in how patients experience American healthcare, opening up countless new opportunities for them to improve their own health, find the providers that meet their needs, and drive quality through greater coordination.”
“The days of patients being kept in the dark are over,” added CMS Administrator Seema Verma. “In today’s digital age, our health system’s data sharing capacity shouldn’t be mired in the stone age. Unfortunately, data silos continue to fragment care, burden patients, and providers, and drive up costs through repeat tests.”
These final rules deliver on the Administration’s promise to put patients at the center of their care by promoting patient access and use of their own health information and spurring the use of and development of new smartphone applications.
The ONC Final Rule identifies and finalizes the reasonable and necessary activities that do not constitute information blocking while establishing new rules to prevent “information blocking” practices (e.g., anti-competitive behaviors) by healthcare providers, developers of certified health IT, health information exchanges, and health information networks as required by the Cures Act.
Currently, many EHR contracts contain provisions that either prevent or are perceived to prevent users from sharing information related to the EHRs in use, such as screenshots or video. The ONC final rule updates certification requirements for health IT developers and establishes new provisions to ensure that providers using certified health IT have the ability to communicate about health IT usability, user experience, interoperability, and security including (with limitations) screenshots and video, which are critical forms of visual communication for such issues.
The ONC final rule also requires electronic health records to provide the clinical data necessary, including core data classes and elements, to promote new business models of care. This rule advances common data through the U.S. Core Data for Interoperability (USCDI). The USCDI is a standardized set of health data classes and data elements that are essential for nationwide, interoperable health information exchange. The USCDI includes “clinical notes,” allergies, and medications among other important clinical data, to help improve the flow of electronic health information and ensure that the information can be effectively understood when it is received. It also includes essential demographic data to support patient matching across care settings.
Furthermore, ONC’s final rule establishes secure, standards-based application programming interface (API) requirements to support a patient’s access and control of their electronic health information. APIs are the foundation of smartphone applications (apps). As a result of this rule, patients will be able to securely and easily obtain and use their electronic health information from their provider’s medical record for free, using the smartphone app of their choice.
Building on the foundation established by ONC’s final rule, the CMS Interoperability and Patient Access final rule requires health plans in Medicare Advantage, Medicaid, CHIP, and through the federal Exchanges to share claims data electronically with patients. CMS took the first step towards interoperability by launching Medicare Blue Button 2.0 for Medicare beneficiaries in 2018. Medicare Blue Button 2.0 gives beneficiaries the ability to securely connect their Medicare Part A, Part B and Part D claims and encounter data to apps and other tools developed by innovators. Engagement and partnership with the technology community has involved more than 2,770 developers from over 1,100 organizations working in the Medicare Blue Button 2.0 sandbox to develop innovative apps to benefit Medicare patients. Currently, 55 organizations have applications in production. Beginning January 1, 2021, Medicare Advantage, Medicaid, CHIP, and, for plan years beginning on or after January 1, 2021, plans on the federal Exchanges will be required to share claims and other health information with patients in a safe, secure, understandable, user-friendly electronic format through the Patient Access API. With more complete data in their hands, patients can be more informed decision makers leading to better informed treatment.
This Patient Access API will allow patients to access their data through any third party application they choose to connect to the API and could also be used to integrate a health plan’s information to a patient’s electronic health record (EHR). By requiring their relevant health information including their claims to be shared with them, patients can take this information with them as they move from plan to plan, and provider to provider throughout the healthcare system.
In addition, to further advance the mission of fostering innovation, the CMS final rule establishes a new Condition of Participation (CoP) for all Medicare and Medicaid participating hospitals, requiring them to send electronic notifications to another healthcare facility or community provider or practitioner when a patient is admitted, discharged, or transferred. These notifications can facilitate better care coordination and improve patient outcomes by allowing a receiving provider, facility, or practitioner to reach out to the patient and deliver appropriate follow-up care in a timely manner. Additionally, CMS is requiring states to send enrollee data daily beginning April 1, 2022 for beneficiaries enrolled in both Medicare and Medicaid, improving the coordination of care for this population. This ensures beneficiaries are getting access to appropriate services and that these services are billed appropriately the first time, eliminating waste and burden. Beneficiaries will get the right services at the right time at the right cost, with no administrative burden to rebill services.