This morning the US Department of Health and Human Services dropped its long-awaited final rules on interoperability, information blocking and patient access.
While the two final documents from the HHS Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Medicare & Medicaid Services (CMS) specify a number of new requirements laid out in the 21st Century Cures Act – including those to prevent information blocking and other anticompetitive behaviors among providers, health information exchanges and health IT developers – new policies outlining standardized APIs will have a particular impact on third-party health app developers.
Chief among these is the establishment of a Patient Access API outlined in CMS' Interoperability and Patient Access rules.
Starting January 1, 2021, Medicare Advantage, Medicaid, CHIP and plans on the federal Exchanges (that begin in 2021) will be required to support a standardized API (HL7 FHIR version 4.0.1) that allows patients to access claims and various information related to their medical encounter, such as cost or clinical information, through a third-party app of their choice. The API could also be used to integrate a health plan's information to a patient's EHR.
Another policy outlined in the final rule calls for the implementation of a Provider Directory API among the CMS-regulated payers. This API aims to provide third-party app developers with the means to connect patients with a broad selection of provider options, or to help clinicians find other providers for care coordination. This rule also has an implementation deadline of January 1, 2021.
"Delivering interoperability actually gives patients the ability to manage their healthcare the same way they manage their finances, travel and every other component of their lives. This requires using modern computing standards and APIs that give patients access to their health information and give them the ability to use the tools they want to shop for and coordinate their own care on their smartphones," Dr. Don Rucker, national coordinator for health information technology, said in a statement. "A core part of the rule is patients' control of their electronic health information which will drive a growing patient-facing healthcare IT economy, and allow apps to provide patient-specific price and product transparency."
HHS wrote on its website that a document outlining best practices for payers and third-party app developers to build and maintain a FHIR-based API is "coming soon."
WHAT'S THE IMPACT
On the surface, these API requirements provide an opportunity for startups and established tech giants alike. The adoption of a single standard means that developers will no longer need to tailor their products between the CMS-regulated payers, and will be provided with new streams of health data to boot.
According to the administration, providing more comprehensive personal information to individuals through the digital tools of their choice – rather than through physical documentation or other provider-specific means – will encourage greater and more meaningful engagement across the board.
"In today's digital age, our health system's data sharing capacity shouldn't be mired in the stone age. Unfortunately, data silos continue to fragment care, burden patients and providers, and drive up costs through repeat tests," CMS Administrator Seema Verma said in a statement. "Thanks to the leadership of President Trump, these rules begin a new chapter by requiring insurance plans to share health data with their patients in a format suitable for their phones or other device of their choice. We are holding payers to a higher standard while protecting patient privacy through secure access to their health information. Patients can expect improved quality and better outcomes at a lower cost."
THE LARGER TREND
Reactions to HHS' draft rule proposal on the data sharing APIs have varied, ranging from supportive, to cautiously optimistic, to outright opposed. Among the most vocal critics was EHR vendor Epic CEO Judy Faulkner, whose leaked letter to chief executives at major hospitals and health systems warned of "unintended consequences" of rising costs and privacy compromises if stronger safeguards weren't in place. Faulkner later told Politico that Epic could sue HHS, depending on the content of the final rules.
On the other hand, a number of major names in tech that are dipping their toes into healthcare – including Apple, Google and Microsoft – have come out as proponents of the draft rules and highlighted their role in empowering individuals to manage their own care. A number of patient groups have taken similar stances, with some like the Society for Participatory Medicine calling out Epic and others for seeking to maintain a "paternalistic environment" that assumes patients are unable to manage their own data.
At first glance, HHS appears to have stuck with the top-level proposals these groups have either applauded or opposed. It will take some time for stakeholders to comb through each rule's hundreds of pages, however, so expect more finalized stances to emerge from both sides of the debate over the next few weeks.
ON THE RECORD
"President Trump is delivering on his vision for healthcare that is affordable, personalized, and puts patients in control. From the start of our efforts to put patients and value at the center of our healthcare system, we've been clear: Patients should have control of their records, period. Now that's becoming a reality," HHS Secretary Alex M. Azar said in a statement. "These rules are the start of a new chapter in how patients experience American healthcare, opening up countless new opportunities for them to improve their own health, find the providers that meet their needs, and drive quality through greater coordination."