The Centers for Medicare and Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC) released separate but connected proposed rules governing interoperability, information blocking, and the use of application programming interfaces (APIs) in the healthcare industry.
The proposed rules were open for public comment until June 3, 2019. After review, they will likely be finalized sometime in the fall of 2019.
Entities covered by the proposed rules need to implement policies and systems to comply with the information-blocking prohibitions and API-compatibility requirements. Below is a brief overview of interoperability and useful information on the proposed rules.
1. Interoperability 101
Interoperability is what allows a Fitbit to communicate with an iPhone to produce meaningful health data for the consumer. It is the ability of different information systems, devices, or applications to connect and exchange data.
In the health ecosystem, interoperability allows relevant patient data to be shared effectively and securely across the spectrum of care, furthering the goal of improved care by providing seamless access to useful patient information. The information systems exchanging information do so with varying degrees of interoperability, ranging from simply sharing a patient’s chart as a “.PDF” file to interpreting data and presenting it in a way that assists in making clinical decisions.
Ideally, information systems across the health care industry would have the ability to openly and securely share patient data, readily giving patients and physicians access to relevant health information. Patients could access their health records as easily as they check their bank accounts, through a well-designed mobile phone application. Currently, however, different systems are unable to communicate with each other, and some health care providers practice “information blocking.”
CMS’ and ONC’s proposed rules to implement Title IV of the 21st Century Cures Act (Cures Act) take aim at information blocking and propose a common standard for health care APIs. The ONC coordinator, Dr. Don Rucker, commented that the proposed rules for a standard API are the modern equivalent to when Congress mandated a standard track width to ease the construction of the transcontinental railroad. For health care APIs, the standard track width is Fast Healthcare Interoperability Resources (FHIR – pronounced “fire”), which is an open-source health IT standard that allows developers to build standardized applications to allow access to data, regardless of the operating system being used.
2. The Proposed Rules to The Cures Act Define Information Blocking, Provide Exceptions to Information Blocking, and Mandate a Common API Standard
A. Information Blocking, Penalties, & Exceptions Under the ONC’s Proposed Rules
Information blocking is the practice by a health care provider, IT provider, health information exchange, or health information network that interferes with, prevents, or materially discourages access, exchange, or use of electronic health information (EHI). § 4004 of the Cures Act.
Examples of information blocking include, but are not limited to:
- Imposing formal or informal restrictions on access, exchange, or use of EHI;
- Implementing capabilities in ways that limit the timeliness of access, exchange, or use of EHI;
- Imposing terms or conditions on the use of interoperability elements that discourage their use;
- Discouraging efforts to develop or use interoperable technologies or services by exercising influence over customers, users, or other persons;
- Discriminatory practices that frustrate or discourage efforts to enable interoperability; and
- Rent-seeking (practices that, according to ONC, artificially increase costs for accessing, exchanging and using EHI, such as a situation in which an electronic health record developer charges fees to provide an interface that exceeds the actual costs the developer reasonably incurs to provide that interface to its customer) and opportunistic pricing practices.
According to the proposed rules, certain practices will not be considered information blocking:
- Promoting patient safety
- Promoting EHI privacy
- Promoting EHI security
- Allowing for the recovery of costs reasonably incurred by enabling access, exchange, or use of EHI (i.e. fees)
- If an actor is unable to comply with a request to provide, facilitate access, exchange, or use EHI; or the actor could not comply with the request without incurring costs or burdens that are clearly unreasonable
- Limiting access to an interoperability element, so long as the interoperability element is available for use by those that need it on reasonable and non-discriminatory terms (licensing)
- Allowing actors to make health IT temporarily unavailable for maintenance or improvements that benefit the overall performance and usability of health IT
The information blocking rules apply to:
- health information developers
- health information exchanges
- health information networks
- health care providers.
The penalties for information blocking include monetary damages up to $1,000,000 per violation and “public shaming,” where non-complying actors will be publicly identified as information blockers in an effort to discourage such activity. Members of the health care ecosystem will need to undergo policy revisions, implement new technologies, and provide education, training, and support to staff members on the details of the information blocking rules once they are finalized later this year.
B. Proposed Rules Mandate the Implementation of APIs Compatible with FHIR Standard
The Cures Act mandated that organizations be able to exchange data “without special effort.” The proposed rules advance that requirement by adding specific criteria to ensure a uniform, secure, and trusted API is established across the health care industry. To meet the criteria, entities covered by the proposed rules must implement technologies that support APIs capable of using the FHIR standard, which would allow for seamless sharing of EHI.
The CMS and ONC proposed rules would require Medicaid Advantage organizations, state Medicaid and Children’s Health Insurance Program (CHIP) Fee-For-Service (FFS) programs, Medicaid managed care plans, CHIP managed care entities, and qualified health plan issuers to implement FHIR-based APIs in order to make data available to patients through third-party applications by 2020. In addition to claims information, this information also will include diagnoses, procedures, tests, and a list of providers who treated the patient. It does not apply to CHIP programs that do not operate an FFS program.
FHIR allows developers to build standardized, browser-like applications that allow access to data regardless of the EHI operating system. It essentially creates a foundation for the sharing of health care data among different applications. Just as people are able to find a website no matter what operating system they are using, FHIR allows the medical community to access health care data regardless of the EHI system.
The proposed rules will vastly change interoperability in the health care industry. Although the spirit of the proposed rules has been applauded, the specifics have been criticized by many industry stakeholders. Health care industry participants should prepare for the finalization of the proposed rules later this year and begin to transition systems, train employees, and consult with experts on how to comply with the new rules.