Jonathan Shannon
Cures Act not a cure-all for healthcare interoperability woes
August 26, 2022
By Jonathan Shannon
The 21st Century Cures Act mandated new interoperability standards that enable patients to access their own health data more easily at no cost. Additionally, the rule calls on innovators in healthcare to adopt standardized application programming interfaces (APIs), so patients can securely and easily access, exchange, and use structured health information without special effort, namely through smartphone applications. If executed optimally, this patient-focused model prioritizes the flow of information to improve clinical care and outcomes.
The goal of electronic health information (EHI) interoperability in healthcare is not new. In fact, it traces back nearly two decades to the implementation of HIPAA’s version 4010 electronic transaction standards guidance. More recently, Meaningful Use rulemaking has made efforts to improve the sharing of EHI across providers. However, complying with interoperability Fast Healthcare Interoperability Resources (FHIR) API standards and regulations is proving challenging for many providers amid tightening reimbursements, staffing challenges, and the global pandemic.
Similarly, many payers have struggled to implement Patient Access APIs for data extraction and provider directory access into broad usage. Although many of them complied with the letter of the law, an interoperable utopia is still not here due to the challenge of internal consolidation and orchestration of this and the fact that many plans are concerned about breaches in light of this novel flow of sensitive health information. The security concern, voiced by AHIP in 2020, is rationale, particularly considering the involvement of third-party app developers that are not included under HIPAA’s requirements. As such, some payers are installing meaningful hurdles to access these APIs to protect their members’ privacy or because they simply are not ready to offer the data—or both.
When LexisNexis Risk Solutions surveyed 110 health plan professionals about their readiness and concerns about the Cures Act, 38 percent of respondents said they were primarily focused on the need to protect patient privacy and adhere to security standards. Another driver of feeling unprepared is that some health plans are still working to stand up technology to provide access to databases to comply with new interoperability rules. Among questions about API requirements, payers wonder what specific applications (e.g., wellness trackers, personal health records) will request their members’ health data and the duration that the authorization to share will be active.
These uncertainties are compromising compliance, compounding the challenges of adhering to FHIR standards, public reporting mandates, and various data exchange security concerns, say payers.
Mounting interoperability challenges constitute a significant concern for payers and providers alike. CMS, perhaps aware of the lack of clarity around new API requirements, does not appear to be enforcing the rule for payers. This will continue to harm the overarching goal of interoperability in healthcare, affecting patients, providers, and the payers themselves in several ways:
● Providers rely on data from various sources, organizations, and applications. Walling off data from them hinders clinicians from providing timely, data-driven care.
● For optimal patient care provision, clinicians require longitudinal patient history. When a patient switches providers, their clinical history often does not follow. If payer databases lock that information in, the complete EMR—and patient history—can be lost, creating a piecemeal view instead of a comprehensive one.
● Independent providers struggle to attain patient history, particularly if they are not part of a large health network. Small providers suffer if data access is restricted.
● With stringent data protection, both providers and payers can miss strategic opportunities for appropriate individualized engagement and allocation of care management resources at the point of new member/patient engagement—as well as other operational efficiency opportunities and competitive advantages.
Facilitating consumer-driven data exchange through APIs is proving to be a journey, not a destination. For patients, healthcare data is either difficult to find, difficult to access, or difficult to understand. On the payer and provider end, disparate sources make both data ingestion and dispersion significant concerns.
As an industry, we cannot sacrifice the protection of data for the achievement of interoperability. We must be working toward an environment where data flows simply and securely, affording patients the ability to personally engage and make fundamental decisions about their healthcare.
About the author: Jonathan Shannon is the senior director of healthcare strategy at LexisNexis Risk Solutions.
The 21st Century Cures Act mandated new interoperability standards that enable patients to access their own health data more easily at no cost. Additionally, the rule calls on innovators in healthcare to adopt standardized application programming interfaces (APIs), so patients can securely and easily access, exchange, and use structured health information without special effort, namely through smartphone applications. If executed optimally, this patient-focused model prioritizes the flow of information to improve clinical care and outcomes.
The goal of electronic health information (EHI) interoperability in healthcare is not new. In fact, it traces back nearly two decades to the implementation of HIPAA’s version 4010 electronic transaction standards guidance. More recently, Meaningful Use rulemaking has made efforts to improve the sharing of EHI across providers. However, complying with interoperability Fast Healthcare Interoperability Resources (FHIR) API standards and regulations is proving challenging for many providers amid tightening reimbursements, staffing challenges, and the global pandemic.
Similarly, many payers have struggled to implement Patient Access APIs for data extraction and provider directory access into broad usage. Although many of them complied with the letter of the law, an interoperable utopia is still not here due to the challenge of internal consolidation and orchestration of this and the fact that many plans are concerned about breaches in light of this novel flow of sensitive health information. The security concern, voiced by AHIP in 2020, is rationale, particularly considering the involvement of third-party app developers that are not included under HIPAA’s requirements. As such, some payers are installing meaningful hurdles to access these APIs to protect their members’ privacy or because they simply are not ready to offer the data—or both.
When LexisNexis Risk Solutions surveyed 110 health plan professionals about their readiness and concerns about the Cures Act, 38 percent of respondents said they were primarily focused on the need to protect patient privacy and adhere to security standards. Another driver of feeling unprepared is that some health plans are still working to stand up technology to provide access to databases to comply with new interoperability rules. Among questions about API requirements, payers wonder what specific applications (e.g., wellness trackers, personal health records) will request their members’ health data and the duration that the authorization to share will be active.
These uncertainties are compromising compliance, compounding the challenges of adhering to FHIR standards, public reporting mandates, and various data exchange security concerns, say payers.
Mounting interoperability challenges constitute a significant concern for payers and providers alike. CMS, perhaps aware of the lack of clarity around new API requirements, does not appear to be enforcing the rule for payers. This will continue to harm the overarching goal of interoperability in healthcare, affecting patients, providers, and the payers themselves in several ways:
● Providers rely on data from various sources, organizations, and applications. Walling off data from them hinders clinicians from providing timely, data-driven care.
● For optimal patient care provision, clinicians require longitudinal patient history. When a patient switches providers, their clinical history often does not follow. If payer databases lock that information in, the complete EMR—and patient history—can be lost, creating a piecemeal view instead of a comprehensive one.
● Independent providers struggle to attain patient history, particularly if they are not part of a large health network. Small providers suffer if data access is restricted.
● With stringent data protection, both providers and payers can miss strategic opportunities for appropriate individualized engagement and allocation of care management resources at the point of new member/patient engagement—as well as other operational efficiency opportunities and competitive advantages.
Facilitating consumer-driven data exchange through APIs is proving to be a journey, not a destination. For patients, healthcare data is either difficult to find, difficult to access, or difficult to understand. On the payer and provider end, disparate sources make both data ingestion and dispersion significant concerns.
As an industry, we cannot sacrifice the protection of data for the achievement of interoperability. We must be working toward an environment where data flows simply and securely, affording patients the ability to personally engage and make fundamental decisions about their healthcare.
About the author: Jonathan Shannon is the senior director of healthcare strategy at LexisNexis Risk Solutions.