When the CMS and ONC released their Interoperability and Patient Access final rules in March, the countdown began for payers to add mandated capabilities before the first deadlines in 2021. These include FHIR®-based patient access APIs, provider directories and payer to payer data exchange.
Adding these capabilities is a major implementation for most payers. Despite CMS announcing its intention to exercise “enforcement discretion” of the final rules due to COVID-19, pushing the effective deadline for the Patient Access API and Provider Directory API from January 2021 to July 2021, mandated organizations still need to move quickly.
Payers face a host of largely unfamiliar challenges with this implementation.
A major initial challenge affects IT teams, who will have a lot of heavy lifting to do mapping clinical and claims data to FHIR. Both FHIR v4.0.1 and United States Core Data for Interoperability (USCDI), the standards mandated by the regulations, are new to payers. And unfortunately, there are no shortcuts to mapping clinical data contained in existing repositories, likely in a mixture of different HL7 standards and proprietary formats, to FHIR.
Payers must also develop a strategy for consent management. Complying with Patient Access API requirements means organizations must turn on publicly-accessible APIs allowing 3rd party applications to access patient health data stored in their repositories. The security standards specified by the rules, namely OAuth 2.0 and OpenID Connect, are widely deployed by other industries but are still relatively underutilized in healthcare. Payer IT teams need to quickly acquire both the technical competency and robust governance frameworks necessary to balance consumer access with granular consent management—especially given the lack of formal certifications for 3rd party applications. Indeed while the final rules stipulate that payers can ask 3rd party app developers whether or not they are adhering to certain privacy practices, these apps are not in all cases subject to the Health Insurance Portability and Accountability Act (HIPAA). Payers, however, will be responsible for any HIPAA violations.
While these new rules will make healthcare more connected, they won’t be the final word on the subject. Standards, as well, will continue to evolve. As such, your organization needs to stand up an infrastructure that is flexible enough to evolve alongside changes to regulations, standards, and consumer preferences.
Selecting the Right Vendor Partner
Faced with a major implementation, an aggressive timeline, and unfamiliar technologies and standards, payers are strongly advised to engage outside vendors with relevant expertise.
Given the tight deadlines, payers don’t have time to experiment with immature and unproven solutions that aren’t ready to be deployed at scale, or vendors whose core products are based on their proprietary information models but have entered the FHIR realm by adding a FHIR module to their pre-existing platforms.
Engaging an experienced vendor with a proven, enterprise-class FHIR solution designed for CMS interoperability compliance can significantly reduce the time and cost (both immediate and long term) of the implementation by:
- supplying a ready-made FHIR server and data platform to build on
- leveraging their FHIR expertise and insights from previous implementations to help dodge common pain points and ensure your organization maximizes your ROI
(For a more indepth look at this topic, get your free copy of our recent whitepaper, Payer Roadmap to Compliance with HHS Interoperability Rules. )
Payer organizations need a proven, FHIR-based data platform and a vendor experienced in large scale, enterprise implementations with other health plans that can deliver compliance now, a platform to facilitate future innovation, and a favourable ROI in the years to come.
A recent Gartner report, Prepare for CMS Interoperability and Patient Access API Compliance for U.S. Healthcare Payers, recommends that payers select a vendor with a “purpose-built solution” to help navigate this complex and highly strategic implementation (as opposed to those offering only generic FHIR servers or professional services to assist in building a solution).
The report further recommends that payers consider whether prospective vendors have “expertise in developing standards and frameworks in accordance with previous CMS initiatives” and if they have the capability to provide “project management and implementation assistance, from initiation through go-live”.
In order to be in production by the mandated deadlines, while ensuring adequate time for executive approval of the chosen vendor, solution design, development & integration as well as testing & remediation, payers should consider selecting their vendor and begin implementations by Q4, 2020.
The Business Case for Interoperability
While regulatory compliance may be the acute factor behind many payers’ IT investments in 2020 and beyond, there are broader market forces at work behind the rules themselves—forces that provide a strategic business case beyond compliance for health plans to engage in digital transformation around interoperability.
The previously mentioned Gartner report encourages payers to “Think of interoperability as an opportunity to transform relationships with members rather than simply checking the box for compliance with the regulatory mandate.”
Given the growing shift from fee-for-service to value-based care payment models and increased consumer demand for app-focused and mobile-first digital experiences, enabling the capabilities required to comply with these regulations aligns with your enterprise’s business interests.
Payers who excel at helping members access and use their health data in ways that improve health outcomes will find themselves with a powerful competitive advantage in a marketplace where consumers have more information and choice regarding their health plan.
Ingesting and storing large amounts of clinical data certainly presents a significant upfront challenge, but it also opens up opportunities to leverage analytics, machine learning, and business intelligence tools to gain new insights into members and plans. For example, using clinical data from electronic health records to optimize risk scores and improve Healthcare Effectiveness Data and Information Set (HEDIS) scores are two particularly high-impact use cases.
In our experience, organizations that stand up a FHIR repository with a relatively narrow use case in mind (for example consumer or provider access) will later discover a host of unforeseen use cases, either from internal innovators or other customers, that further extend the value of their investment.
And while COVID-19 may be responsible for slightly delaying enforcement, it’s also led to a retrenchment of pre-existing trends within healthcare organizations towards digital adoption and transformation, while highlighting the importance to public health of interoperable, portable clinical data.
The rules give payer organizations an opportunity to set themselves up at the center of a dynamic ecosystem of health data, where free-flowing health information, unlocked by open standards and securely accessed by consumers via apps, will drive cost reductions and better health outcomes. There’s no time to waste!
Smile CDR offers unparalleled enterprise-ready tooling and features to help payers comply with CMS and ONC regulations. Smile brings proven experience and a world-class technical foundation to ensure success with large scale implementations. See our payer solution page to find out more about Smile CDR’s Payer Compliance Toolkit, specifically tailored to US payers looking to meet the CMS Interoperability and Patient Access mandates.
FHIR® is the registered trademark of HL7 and is used with the permission of HL7.