The healthcare industry is now closer than ever to its quest for true interoperable data exchange. July 1, 2021 was the enforcement date for the Centers for Medicare and Medicaid Services (CMS) Interoperability and Patient Access final rule. The rule requires that all healthcare payer organizations participating in a CMS program allow members to download and share their data using API’s (Application Programming Interface). This technology is most recognized as the method for people to share data in their mobile apps.
While this mandate was designed to empower consumers as the agents of interoperability for their healthcare information, payers found the adoption of API technology very challenging. The technology methods to support API’s (REST, API, OAuth, OPEN ID) have not typically been employed by payers to share data with patients, vendors, or any other healthcare stakeholders. The software, processes and business relationships required to comply with the CMS mandate have heretofore been untested within the contexts of privacy and security, or technical reliability.
This mandate is just one of many policies and rules published by both the Office of the National Coordinator for Health Information Technology and CMS to make interoperable data exchange a reality. For over fifteen years, the federal government has used both carrots and sticks to make the ubiquitous exchange of patient data a key component of its goal of creating a better, faster, more affordable, healthcare industry. With these rules, an important milestone has been established wherein the exchange will be at least faster and cheaper. Broad-based adoption will be the final step in actually making healthcare better.
The truth is the interoperability movement finally has a clear path to success and momentum is building quickly. Consequently, with structured patient data feeding the creation of value, payers and providers will need to make substantial investments in the data supply chain in order to remain competitive in this dynamic landscape.
The following analysis provides an “inside look” into the most recent interoperability ruling and identifies which strategies led some payers to comply quickly and which approaches delayed compliance and set payers behind the competition. These findings are critical for payers to consider to comply with future legislation.
Understanding the Ruling and its Impact
Today, we’re at a unique moment in the push for interoperability with both industry stakeholders and consumers pushing these changes forward. Providers understand that with the continued uncertainty around the pandemic, it’s more important than ever that healthcare data is seamlessly transferred across the health continuum. Sharing contact tracing information and vaccination records data, in an efficient, timely, and digital manner provide two obvious examples of how outcomes might have been better during the pandemic had the recent rules been enacted prior to 2019. In addition, as patients move between hospitals, care homes, or different healthcare payers, consumers are starting to demand their data be “liquid” to support a much-heightened consumer/patient experience. In particular, there is an emerging growing appetite among consumers to share their data with non-traditional agents who can create value from data in the way they are being offered value-added services in every other aspect of their mobile and digital lives.
In the ways we see buyers and sellers being “perfectly matched” using artificial intelligence and machine learning, there is a growing awareness that healthcare will benefit from a whole new set of eyes looking at patient data. Payers and providers will have to relinquish to a great degree, the traditional roles they have been playing in regard to patient care because new perspectives will be available for patients.
For decades consumers had to navigate through an incredibly complex healthcare system. With data kept in siloed fortresses, there was little automated support for continuity of care or independent quality oversight. The CMS Interoperability and Patient Access final rule aims to meet a critical demand to functionally put patients at the center of their care. Patient-centered care is a concept that can now be a reality.
Before it becomes a reality, however, the rule needs to be broadly and comfortably adopted. The fact that the mandate goes beyond just adopting an information exchange standard and extends to what is essentially a standard of performance has made clarity around the definition of compliance a challenge both to payers and CMS.
Compliance Challenges
Even with the evolving sense of clarity, many payers have struggled with extracting and mapping data into the new standards and infrastructure required to support APIs and Fast Healthcare Interoperability Resources (FHIR) based data exchange. Due to the aggressive timeline to achieve compliance, many payers are relying on a “good faith” effort and are adding data incrementally over the summer to achieve full compliance. Some plans even experienced their technology vendor of choice failing to meet deadlines or withdrawing altogether from commitments.
Aside from aligning with FHIR, some organizations also struggle to manage data coming in from disparate sources and have no convenient way to view, track, or audit the data. Other payers are taking a more labor-intensive approach and leveraging open-source code to standardize their data. This can be a costly use of resources that could be spent creating additional value for the business, and more importantly, their customers.
In this light, the most significant cost of delayed compliance is a lost strategic growth opportunity. Payers that complied quickly are positioned to lead their competitors in member engagement, patient outcomes management, and even more tangible gains like administrative and operational efficiency.
What Works: How Payers Complied Quickly
When we look at a sample of payers who adapted quickly, there are a few common elements to their successful compliance strategy. One key factor associated with many payers who met their compliance targets was the adoption of hosted or SaaS solutions specifically designed to remove the technology hurdles of meeting mandate requirements. These solutions avoid the complexity and start-up effort associated with “on-premise” solutions. Implementation and development costs to their vendors were amortized across a broad customer base and lowered risk and capital costs. Data provisioning to FHIR servers, identity management infrastructure and the extract, map and load efforts are largely outsourced with such models and greatly simplify implementations.
This approach also accelerated the ability of an organization to adapt to the evolving definition of compliance by CMS as precision emerged over time about the details associated with the CMS program requirements under the rule. Going forward, as it appears the U.S. Department of Health and Human Services will continue to promulgate further rules to address concerns about interoperability, health equity, and transparency, payers will need to quickly adapt to evolving regulatory environment. They need to invest in long-term infrastructure that fuels future innovation rather than building a solution to comply with specific mandates at a point in time.
A few payers, large and small began tracking the emergence of FHIR-based patient data exchange shortly after the passage of the CURES act. In some cases, even as the national conversation about data blocking started in Congress, payers started to build out an FHIR infrastructure as early as 2018. On-premise implementations served those payers very well in successfully complying with the mandate. Further, they are well-positioned to leverage FHIR capabilities to innovate with their provider networks around Value-Based Care, Risk Assessment, Quality Interventions and Gaps in Care programs. Perhaps even more important, the use of API’s radically accelerates many payer plans’ ability to roll out a mobile device strategy specifically designed to drive high levels of member engagement and as well deploy new product designs that rely on easy, bilateral exchange of patient data among the payer, the provider and the patient.
No matter the status of payer compliance at this point, the fact is that almost every payer and provider in the U.S. now has a functioning FHIR server at the edge of their enterprise capable of connecting with each other to create value for themselves or their customers. Let the games begin.
About John Kelly
John provides strategic consulting to Edifecs customers, specializing in information exchange and applying the principles of supply chain integration to the healthcare delivery lifecycle. His wide-ranging experience includes serving as CIO of healthcare network provider NaviNet, director of eBusiness Architecture at Harvard Pilgrim Health Care, and managing director of his own health IT consulting firm.
