On March 9, 2020, the Department of Health and Human Services (HHS) published two major regulations that will give patients additional access to their health data, while also addressing security of that information. Health information technology interoperability (multiple organizations, networks and software exchanging health information) has been pursued by multiple administrations over the years, and the new rules appear to take a very significant and large step for giving patients effective, efficient and secure access to their healthcare information. This will enable patients to make more informed healthcare decisions, better manage their care and more easily control and access their healthcare information. 

The two rules, issued by the HHS Office of the National Coordinator for Health Information Technology (ONC) and Centers for Medicare & Medicaid Services (CMS), address patient access and interoperability initially set forth in the 21st Century Cures Act (Cures Act). These rules signify the most significant healthcare information sharing policies the government has passed, requiring both governmental and private entities to share health information between patients and other parties while keeping that maintaining the privacy and security of that information.

The goals of the rules are to enhance the delivery of healthcare that is affordable, personalized, and puts patients in control. These efforts hoped to advance healthcare information accessibility in the same way individuals can currently manage their finances, travel and every other component of their lives. While there are important reasons why this was the case, healthcare has generally lagged when it comes to individual access and control of that information, and the use of technologies such as mobile apps for accessing and exchanging health information. 

HHS hopes to incentivize the use of modern technology standards and APIs that give patients access to their health information and give them the ability to use the tools they want to shop for and coordinate their own care on their smartphones. “A core part of the rule is patients’ control of their electronic health information which will drive a growing patient-facing healthcare IT economy, and allow apps to provide patient-specific price and product transparency,” said Don Rucker, M.D., national coordinator for health information technology.

To date, large health IT organizations have largely maintained patient information in their own silos, and charging for access to that information. Data silos can fragment care, burden patients, and providers, and drive up costs through repeat tests. The rules should promote patient access and use of their own health information and spurring the use of and development of new smartphone applications for the accessing and use of health information by patients, caregivers, family members and health care providers.

Promoting the exchange of Health Information

The Cures Act generally prohibits “information blocking,” the concept of health IT providers and healthcare providers limiting access to and sharing of health information, but without sufficient details for implementation of the concept. The ONC Final Rule sets forth the reasonable and necessary activities that do not constitute information blocking while establishing new rules to prevent information blocking.

Many electronic health record (EHR) providers use agreements that either prevent or are perceived to prevent users from sharing information related to the EHRs in use, such as screen shots or video. The ONC final rule updates certification requirements for health IT developers and establishes new provisions to ensure that providers using certified health IT have the ability to communicate about health IT usability, user experience, interoperability, and security including (with limitations) screenshots and video, which are important forms of visual communication for such issues.

The ONC final rule also requires EHR technology and IT companies to provide the clinical data necessary, including classifications and categorization, to promote new business models of care. For example, the rule promotes common standards through the U.S. Core Data for Interoperability (USCDI).  The USCDI is a standardized set of health data classes and data elements that are essential for nationwide, interoperable health information exchange. The USCDI includes medications, allergies, clinical notes and other clinical data to help improve the exchange of electronic health information and ensure that the information can be effectively understood when it is received. The standards also include demographic data to support accurate patient identification across care settings.

Promoting Patient Access and New Technology

The ONC rule establishes secure, standards-based application programming interface (API) requirements to support patient access and control of their electronic health information. APIs are the technology that allow mobile apps to exchange data and talked to each other and other data sources. Patients will be able to securely and efficiently obtain and use their electronic health information from their provider’s medical record for free, typically using the mobile app of their choice.

Building on the foundation established by ONC’s final rule, the CMS rule requires health plans in Medicare Advantage and other federal programs to share claims data electronically with patients. Effective January 1, 2021, plans in the federal programs will be required to share claims and other health information with patients in a confidential, secure, understandable, user-friendly electronic format through standard patient access APIs. Patients will have more complete data can therefore make more informed decisions, which in turn should lead to more effective health outcomes.

This APIs can also be used to integrate a health plan’s information to a patient’s electronic health information. By requiring their relevant health information including their claims to be shared with them, patients can more easily move from plan to plan, and provider to provider throughout the healthcare system.

Finally, the CMS rule requires all Medicare and Medicaid participating hospitals to send electronic notifications to healthcare facilities or community providers or practitioners when a patient is admitted, discharged, or transferred (known as ADTs). These ADT notifications lead to better care coordination and improve patient outcomes by allowing a provider, facility, or practitioner to contact the patient and deliver appropriate follow-up care in a timely manner. CMS also requires states to send enrollee data daily beginning April 1, 2022 for beneficiaries enrolled in both Medicare and Medicaid, improving the coordination of care for this population. Thus, beneficiaries will get better access to appropriate services and that these services are billed appropriately the first time, eliminating waste and burden. 

For more information on the ONC final rule, please click here.

For more information on the CMS final rule, please click here.

To view the CMS final rule, please click here.

To view the ONC final rule, please click here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.