This blog post was Written by Julie Barnes of Maverick Health Policy
Not so long ago, people had to go into a physical bank to have access to their money or go to a bookstore to buy books, but now these and so many other daily transactions happen through apps on a “smart” phone. The health care system is about to have its own dramatic modernization moment.
As part of its overall value-based care initiatives, HHS is seeking to improve health care quality and lower costs by empowering individuals with easy access to and portability of their electronic health information.
In February, CMS and the Office of the National Coordinator for Health Information Technology issued two proposed rules that will require health plans to give their enrollees free and relatively immediate electronic access to their personal health information.
CMS is proposing to require Medicare Advantage plans, Medicaid and CHIP managed care plans, and QHP issuers in federal exchanges to implement openly published FHIR-based APIs to make claims data and other personal health information available to patients through third-party applications. ONC’s proposed rule applies to providers, its E.H.R. vendors, and health information networks and exchanges, addressing many 21st Century Cures mandates on Health IT certification, interoperability, and information blocking activities.
Both proposed rules create substantial new requirements for health plans, providers and health IT developers and will necessitate organization-wide review and feedback to not only articulate concerns but to begin to develop a compliance plan.
A quick snapshot of the CMS Proposed Rule:
WHAT IS CMS PROPOSING?
For health plans to make a variety of health data accessible to enrollees, including claims, provider directories, lab results, and drug benefit data, and to participate in a Trusted Exchange Network (see definition below).
WHEN ARE COMMENTS DUE?
CMS will accept comments until June 3, 2019.
WHEN WILL THE RULE BE FINALIZED?
There is no set date for final rule publication, but it seems likely that some or all of this proposed rule will be finalized soon after comments are reviewed (~September 2019).
WHAT DO PLANS HAVE TO DO?
(Remember, this only applies to plans that contract with the federal government, like Medicare Advantage, Medicaid managed care and FFE plans, but CMS is encouraging voluntary adoption by the entire health insurance industry)
- USE APIs.
Plans need to use an open API (application programming interface) to make specific data accessible to enrollees. An API permits third-party applications to retrieve data with the approval and at the direction of an individual MA enrollee. Under HIPAA, individuals can exercise their right of access to their protected health information and plans are not responsible for determining the worthiness of the third party as a recipient of PHI.
- SEND ELECTRONIC DATA TO ENROLLEES.
Health plans must make the following specific data accessible to enrollees:
- Claims and Encounters: adjudicated claims (approved or denied), encounters with capitated providers, provider remittances, enrollee cost-sharing, and all clinical data including laboratory results managed by the payer. Plans will have one business day upon claim processing or data receipt to make this data accessible to enrollees.
- Provider Directories: plan networks of contracted providers, including providers’ names, addresses, phone numbers, and specialties. Plans would be required to update the information available no later than 30 calendar days after changes are made or the entity receives the updated information.
- Pharmacy Directories and Formularies: MA organizations offering Part D plans must also offer the number, mix, and addresses of pharmacies in their network and information about covered outpatient drugs and preferred drug lists.
- JOIN A TRUSTED EXCHANGE NETWORK.
Plans must participate in a trusted exchange network, effective beginning January 1, 2020. The point of a trusted exchange network is to allow for broader interoperability beyond one health system or point to point connections among payers, patients, and providers. These networks establish rules of the road for interoperability and allow for scaling interoperability across multiple participants, including several federal agencies, EHR vendors, retail pharmacy chains, large provider associations, and others.
WHEN MUST PLANS COMPLY WITH THESE RULES?
The proposed compliance date is January 1, 2020, but is expected to be extended.
WHO SHOULD REVIEW THESE RULES?
- Your legal/regulatory/ policy team, particularly privacy and security compliance experts.
- Your technology and information teams, and anyone else who is familiar with the requirements for FHIR, OAuth, OpenID Connect Core standards, ONC’s certification criteria for APIs, and USCDI standards.
- Your provider network team, because the quick turnaround on making this data available will require cooperative agreements with providers and other partners.
- Your business operational teams who oversee claims and encounter data, EOBs, provider directories, and other enrollee data.
- If you are a MA Part D plan, your pharmacy team or whoever oversees your drug benefit data, pharmacy directories information, and formularies.
A fact sheet on the proposed rule can be found on the CMS website here.
Please contact Julie Barnes at [email protected] with comments or questions.