Part 2: A Tidal Shift for Payers
In Part 1 of this three-part series, I laid out the background on proposed rules from the Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare and Medicaid Services (CMS). Should they be ratified, they would mandate interoperability for the sake of patients, including enhancing patients’ access to their data.
In this installment, I’m going to focus on the impact of the CMS and ONC proposed Interoperability rules for payers. Although many of the requirements of the proposed rules have broad impact for hospitals, physician practices, and other providers, there’s a lot to say about the impact to payers.
When I first started digging into the rules, especially those proposed by CMS, I realized that health plans covered by this rule would need help. Historically, much of the payer-focused regulations from CMS have focused on payment and quality programs. This is the first time the CMS has focused on how payers should implement health IT itself. Unlike their counterparts in the provider world, payers haven’t been required to think about how standards such as HL7® FHIR®, ways of making data available via Application Programming Interfaces (APIs), and exposing data to members would affect their organizations. Many payers don’t have the infrastructure in place to support what is being requested. It reminds me of the early days of Meaningful Use Stage 1 -- but this time, for payers.
This rule would require covered health plans to provide patients with access to their data through “open” APIs that let those patients use third-party applications to access that data, provided neither the APIs nor the data shared violate HIPAA.
Should the rules become final as proposed, payers would have to share:
- Their entire provider directory;
- Information on adjudicated claims, akin to the Explanation of Benefits that payers already provide;
- Drug benefit data, including a pharmacy directory and formulary or preferred drug list data; and
- Pharmacy directory data for Medicare Part D.
In addition, all APIs must be compliant with ONC API standards, using the FHIR standard published in the companion ONC proposed rule.
Lastly, the rule also requires payers to support subscribers in coordinating their own care – essentially facilitating better payer-to-payer coordination – and to share information with a Trusted Exchange network.
We suggest that payers think about their strategy to address these new rules in phases, starting with the underlying technology platform.
Phase 1: Payers need a member-centric data strategy that aggregates claims, as well as administrative and clinical data into a longitudinal view. Many, if not most, payers have limited access to clinical data via Electronic Health Records (EHRs), local Health Information Networks (HINs), lab data, registries and other sources. However, they often don’t have the right infrastructure to capture, normalize, deduplicate and expose that data via API for consumption through third-party applications. Regional health networks, many providers, and some innovative payers achieve this with a unified care record – essentially a comprehensive longitudinal view of members and patients.
Phase 2: Implement a FHIR gateway that allows data to be exposed through APIs based on the FHIR standard. FHIR was originally implemented to support the needs of providers; as such, many of the resources and profiles that have been developed upon it support exposing clinical data. More and more resources being developed through HL7 now support claims and administrative data. Furthermore, through the DaVinci project http://www.hl7.org/about/davinci/, a multi-stakeholder effort to use FHIR to implement use cases in support of value-based care, payers have come to the table to implement FHIR and share clinical and claims data with their provider partners.
Phase 3: To share data from payer to payer, payer to provider, or payer to HIN (Health Information Network) using the USCDI (US Core Data for Interoperability) framework proposed by ONC, payers can leverage the clinical data aggregated in a unified care record.
There are still many parts of the proposed rule that are ambiguous. I am particularly concerned about how the privacy and security of data will be handled, given that patients have not traditionally shared their health data with third parties that are not part of HIPAA. My other concern is that the rules don’t apply to commercial health plans that are not funded by CMS.
Overall, though, the proposed rules are good – good for information sharing, good for payer collaboration both with one another and with providers, and good for patients themselves. With a strong commitment to IT (and, dare I say, the right technology vendor), I think that health plans will be successful meeting the CMS requirements.
Next in our three-part series, we’ll cover what the proposed rules mean to providers.