CMS, ONC Rules & the Information Technology Foundation of Healthcare Progress

In February, CMS and ONC released joint rules proposing steps to advance interoperability with a focus on freeing data and putting information in the patient’s hands. Stakeholders now have until May 3 to provide comments on these proposed regulations. The electronic care coordination regulation, which was released at the same time as these CMS updates, has the potential to hold payers more accountable for providing access to great patient care.

Policy has a huge impact on business in healthcare IT, but not all regulations or proposed rules have clear downstream effects. If you have ever been to the doctor and then tried to use your X-rays or tests or blood work with another provider only to find yourself paying for duplicate tests, you should care about these regulations.

I have the Epic MyChart application on my phone, as my obstetrician used that platform. My primary care provider, however, did not — so none of my information from visits to her is recorded in my app. Is it easy to make an appointment? No. Is the Epic MyChart a complete history of the bills from a single pregnancy? No. Would it track maternal health history to help with insurance coverage or best care? No. I can’t access my complete billing history because it isn’t designed to help me manage my bills and keep records for taxes. To be honest, I have no idea who patient portals are designed to help.

Imagine if all of our technology aided with patient care, as opposed to merely creating confusion, unnecessary duplication and a lack of streamlined information. The proposed ONC and CMS rules won’t achieve this, but they could improve data sharing and provide some clarity as to which healthcare stakeholders are responsible for what.

API Connections and Better Health Data Formatting

Healthcare information data portability is a challenge that we are not meeting. But regulators and companies are working to improve this. Public comments by CMS and ONC seem to frame these proposed rules not as policies tiptoeing around HIPAA, but as a patient’s right under HIPAA. That is, HIPAA contains a right of access to health information — and a right to request the format of that information. CMS and ONC have proposed a path forward which takes the technical guesswork away from the consumer and helps define what that form and format should be, such that our health information is readable on the average smartphone. Just as some groups have made applications and technology that helps patients and care coordinators at the point of care — such as the work Geisinger does with pediatric patients — new regulations and policies expand those possibilities through consistent information and expectations.

For years #HIPAA was dissed as out of date. Now cos tout new products, like #Alexa & @SlackHQ features, under #HIPAA. But some digital health cos like @omadahealth are built on #HIPAA. I've said for years that this #privacy law stands the test of time. https://t.co/QRGJzzMsIh

— Lucia Savage (@SavageLucia) April 6, 2019

The CMS proposal, known as the “Patient Access and Interoperability Proposed Rule,” lodges a new requirement for CMS payers (Medicaid Managed Care plans, Medicare Advantage plans, Medicaid fee-for-service and plans on Healthcare.gov), to open up their data to third-party apps via an open application programming interface (API).

It is worth parsing out how this is different than just a payer app like many patients have. This is a requirement much like Blue Button 2.0, which proposes a door through which any app — as authorized by the beneficiary — can access their data. That is, in theory, one app could connect to multiple payers. So we can imagine a future state where a mother uses a mobile app that shows the Medicaid Managed Care information for herself and her children, as well as information on her parents’ Medicare Advantage plans if they authorize her as a caregiver. Given that the API is proposed to be aligned with the Fast Healthcare Interoperability Resources (FHIR), which Apple has aggressively supported through its HealthKit, one can imagine some rapid innovation in this space.

CMS Electronic Care Coordination

Another overlooked but potentially transformative component is a requirement for CMS payers to electronically coordinate care. That is, as patients move from one plan to the other, there would be an assumption that it is the responsibility of the payer to help coordinate care.

Care coordination often lies in a gray area of reimbursement. Without clarity about who is responsible to pay, there are few volunteers to pick up the check. This administration and the previous have been focused on reducing provider burden, and CMS lays out the argument that payers could do more to reduce some of the headaches faced by patients and providers. CMS believes that if its payers are required to exchange a summary of care record known as the United State Core Data for Interoperability (USCDI), it could result in providers writing fewer unneeded letters of medical necessity and unnecessary prior authorizations, and payers might even support this requirements assistance in helping with their own risk-screening efforts.

CMS has also been partnering with ONC to define the provider directory space. They get explicit here on a proposed requirement that provider directories become more patient friendly via the proposed API. So patients should be able to find out which providers are in and out of network through such directories, which could also become care coordination hubs where providers can exchange notes and summaries on patients. Once the patient is pulled in to those exchanges, this arrangement could add a great deal of value to the app landscape as well.

Insurance companies’ provider directories are inaccurate and mostly useless to patients. Patients who need to find a new provider or find a specialist that works nearby and accepts their insurance face a host of difficulties. I have discussed that problem in the past, and it seems that CMS is moving forward with its vision of accurate and usable information about providers. Patients can know who they can reach for care. The steps are moving forward — accountability, framework and human motivation might just come together to make it possible to use provider directories to help schedule care.

Policy at the Speed of Technology

Technology policy must build on previous successes and adapt to technology advancements. The speed of technological advancement and policy designed to allow for growth while protecting patients can create a mismatch. Consider this: ONC has been continuing work on the Trusted Exchange Network and Common Agreement (TEFCA), and CMS seems to be supporting the concept of trust in another proposed policy. TEFCA has been criticized as being overly complicated and potentially unnecessary, with free market self-regulation as trust networks such as Carequality and CommonWell align on their own volition. Indeed, the 21^st Century Cures Act specifically charged the ONC with tackling trust in a manner that leveraged existing trust networks, and some argue TEFCA failed to thoughtfully consider such existing networks.

This CMS proposal seems to support the more organic movements toward trusted exchange, though even this proposal seems as if it could become technically dated rather quickly, as APIs become increasingly more sophisticated and capable of demonstrating trust across networks without such cumbersome overhead governance structures.

Digital Endpoints and Information Blocking

Another wonky but potentially transformative proposal from CMS involves provider digital contact information. EHR vendors have long been criticized for information blocking, an issue that stirred conversations in 2015 that are still relevant today.

ONC has required direct functionality with EHRs for some time now (think secure email addresses capable of attachments containing care coordination information). However, most providers are unaware they have a direct address, and EHR developers are not tripping over themselves to reveal to their paying customers that a required mechanism exists in the EHR which may very well render some costly interfaces unnecessary.

The 21^st Century Cures Act made inroads into making these direct addresses — called digital endpoints — more accessible by updating the NPPES to house and display them. Now, CMS proposes levers for getting those direct addresses pushed out as a matter of regulatory requirements, thus getting EHR vendors to feel the pressure to stop hiding the addresses and already existing functionalities.

American Hospital Association Says No to Electronic Care Coordination

One aspect of the proposed regulation has had pushback. This is a new requirement that hospitals, as a condition of participation with Medicare, must electronically coordinate post-discharge care. The American Hospital Association argued this is a potentially onerous requirement in a letter dated Feb. 11, 2019. According to the letter, hospitals should not be subject to additional requirements.

“We cannot support including electronic event notification as a condition of participation for Medicare and Medicaid,” the AHA wrote. “We believe that CMS already has better levers to ensure the exchange of appropriate health information for patients. We recommend the agency focus on building this exchange infrastructure rather than layering additional requirements on hospitals.”

Discharge “alerts” seem to be a popular feature for clinicians and are supported by ONC’s existing certification requirements tied to HL7. Given the early data suggesting that such alerts reduce readmissions, the AHA should consider being a partner with CMS here in figuring out how to enact this policy thoughtfully and perhaps aggressively.

Our Data Looks Good

The proposed rule is also littered with rightfully aspirational requests for information around bold policy moves that CMS might employ to help solve patient matching, address the technical disparities in the costly post-acute care space and solicit ideas on how to encourage greater interoperability in CMS innovation models. The proposal also includes seemingly common-sense updates to policies around data-sharing between Medicare and Medicaid for dual-eligible patients.

Medicaid innovation and data are the topic of regulations and will be covered this week at the AHA annual meeting. Innovation in data and policy will meet our needs. We need our data to work for us. We need to be able to schedule care with ease. We need tests to assist in care. We need better communication in healthcare, and information technology is the foundation of this need.

Week Ahead: House @SpeakerPelosi, HHS @DepSecHargan, and Center for Medicare and Medicaid Innovation Director @AdamCMMi to speak at the American Hospital Association's annual membership meeting. @CMSinnovates @AHAHospitals https://t.co/T4qMK3sOND pic.twitter.com/Hqwa2Lcnxk

— Modern Healthcare (@modrnhealthcr) April 8, 2019

One point not touched upon in the proposed regulation is, of course, what we will see when we get our data. Anyone who has dug into their EHR data or insurance information, or those of a loved one, has no doubt turned up mistake upon mistake. All of these proposals could very well expose a mess of data and thus push greater accountability on plans and providers for fixing their own jumbled data on patient matching, medication reconciliation and erroneously billed services.

In such a case, sunlight is the best disinfectant. Although we may be aghast at what we see when we obtain our data, having made the mess visible is never the reason the mess exists. Honesty — and in this case, data transparency — is the best policy.

Get the best insights in digital health directly to your inbox.

More Health IT Insights

The Holocaust Survivor Who Forced Us to Face Burnout

Inadequate Health Records Are Failing Mothers and Providers

The Experience of Loss, Noise and Health IT