The Centers for Medicare and Medicaid Services proposed a rule Monday to require Medicaid, the Children's Health Insurance Program, Medicare Advantage plans and health plans in the federal ACA exchanges provide their 125 million patients with free electronic access to their personal health data including medical claims by 2020.
A separate but related Office of the National Coordinator for Health Information Technology proposed rule calls on the industry to adopt standardized application programming interfaces, or APIs: the part of the server that receives requests and sends responses between computer systems. It also would put into effect the information blocking provisions of the bipartisan 21st Century Cures Act by identifying what does and does not constitute information blocking.
The dual rules followed swelling pressure on the government to release any details on how it plans to enable patients to regain control of their health information and share it with the necessary bodies. The rules stagnated in the Office of Management and Budget's Office of Information and Regulatory Affairs since late September, and the delay was blasted by lawmakers and industry alike.
The rules are part of an ongoing push by government to enable interoperability of health systems.
The proposed changes build on CMS' MyHealthEData and Blue Button 2.0 initiatives, and would require healthcare providers and payers to leverage open data sharing technologies to make it easier for patients to switch between plans, companies and sites of care.
Last year's Blue Button 2.0 initiative created an API for Medicare fee-for-service. Now, CMS is proposing that MA plans, state Medicare and CHIP programs, CHIP managed care entities, Medicaid managed care plans and qualified health plans in the federal exchanges "implement, test, and monitor" a Health Level Seven FHIR-compliant API.
The agency wants those plans to make their provider directories available to current and potential enrollees through the API technology too (excepting the federal exchanges, which already do so).
CMS finalized regulations that use potential payment reductions to encourage providers to improve electronic patient access to their PHI just last year as well.
Payers in its programs would be required to participate in a trusted exchange network, an online network that automatically verifies the security and identity of participants to enable the free flow of information.
CMS also plans to publicly report any players that participate in information blocking: practices that limit interoperability, whether purposefully or otherwise. The agency hopes that the public shaming will incentivize businesses to prioritize the free flow of information. Still, businesses would self-report their compliance.
ONC's proposal deals more with the nitty-gritty of fostering interoperability. Along with adopting standardized APIs and defining information blocking under Cures, the rule is aimed at giving consumer free electronic access to their structured and unstructured health information.
The agency plans to update the 2015 Edition certification EHR criteria to ensure health IT systems send and receive electronic health information in a synchronous manner, while allowing patients to export and view their data.
The rule allows seven "reasonable and necessary" exceptions to the definition of information blocking: preventing harm, promoting electronic health information privacy, promoting information security, recovering reasonably incurred costs, responding to infeasible requests, licensing interoperability elements and maintaining and improving health IT performance.
Businesses will not be subject to civil penalties or other legal measures if their actions satisfy one or more of these exceptions, ONC says.
Many IT groups are frustrated it’s taken so long for the government to step in. In August, more than a dozen members of the broad-based coalition Health IT Now sent a letter to ONC and the Office of the Inspector General warning that it is “past time” to implement data blocking statues.
OMB received the long-awaited ONC proposal on September 17, and CMS's interoperability proposal four days later.
The budget office took sped past a 90-day window to review the proposed rule clarifying what exactly constitutes information blocking, mandated under the 21st Century Cures Act of 2016. The law bans health IT vendors, providers or other entities from knowingly restricting or blocking the exchange of electronic health information.
Under Cures, HHS and ONC are required to regulate and improve the interoperability of healthcare information, taking action against any malfeasance or wrongdoers impeding the electronic flow of patient data. The bodies can impose up to $1 million in financial penalties per violation.
Last October, the administration issued guidance to inform providers participating in the Quality Payment Program’s Merit-based Incentive Payment System when and how to attest that they’re not engaged in data blocking.
The twin rules build off one another's strictures. CMS' proposal says players must conform to the API standards outlined by ONC's for health IT. Both also include synchronous content and vocabulary standards for clinical data classes through the U.S. Core Data for Interoperability standard.
Experts expect ONC to release the Trusted Exchange Framework and Common Agreement soon to bolster the new rules. TEFCA would provide a technical, nationwide framework for health data sharing, though some stakeholders worry connecting health IT systems without addressing underlying patient matching challenges will result in an overflow of data without ways to sort it.
CMS requested feedback on interoperability and health IT adoption in post-acute care settings, patient matching and how to best improve patient care. ONC is also asking stakeholders for comment on transparency in pricing when it comes to data access.
Comments are due early April.