From the September 2022 issue of HealthCare Business News magazine
By Jonathan Shannon
The 21st Century Cures Act mandated new interoperability standards that enable patients to access their own health data more easily at no cost. Additionally, the rule calls on innovators in healthcare to adopt standardized application programming interfaces (APIs), so patients can securely and easily access, exchange, and use structured health information without special effort, namely through smartphone applications. If executed optimally, this patient-focused model prioritizes the flow of information to improve clinical care and outcomes.
The goal of electronic health information (EHI) interoperability in healthcare is not new. In fact, it traces back nearly two decades to the implementation of HIPAA’s version 4010 electronic transaction standards guidance. More recently, Meaningful Use rulemaking has made efforts to improve the sharing of EHI across providers. However, complying with interoperability Fast Healthcare Interoperability Resources (FHIR) API standards and regulations is proving challenging for many providers amid tightening reimbursements, staffing challenges, and the global pandemic.
Similarly, many payers have struggled to implement Patient Access APIs for data extraction and provider directory access into broad usage. Although many of them complied with the letter of the law, an interoperable utopia is still not here due to the challenge of internal consolidation and orchestration of this and the fact that many plans are concerned about breaches in light of this novel flow of sensitive health information. The security concern, voiced by AHIP in 2020, is rationale, particularly considering the involvement of third-party app developers that are not included under HIPAA’s requirements. As such, some payers are installing meaningful hurdles to access these APIs to protect their members’ privacy or because they simply are not ready to offer the data—or both.
When LexisNexis Risk Solutions surveyed 110 health plan professionals about their readiness and concerns about the Cures Act, 38 percent of respondents said they were primarily focused on the need to protect patient privacy and adhere to security standards. Another driver of feeling unprepared is that some health plans are still working to stand up technology to provide access to databases to comply with new interoperability rules. Among questions about API requirements, payers wonder what specific applications (e.g., wellness trackers, personal health records) will request their members’ health data and the duration that the authorization to share will be active.
