CMS released its much anticipated Interoperability and Data Blocking Rule last week in coordination with a companion rule from the ONC, timed with the start of the HIMSS conference in Orlando. Like the ONC, CMS did not disappoint.
CMS is proposing to use its broad and far-reaching programmatic authority to require all health plans under its jurisdiction – Medicare Advantage, Medicaid Managed Care, Medicaid FFS, CHIP Managed Care, CHIP FFS, and, most importantly, the Qualified Health Plans sold on the Federal Exchange – to meet certain patient access, interoperability and care coordination requirements. For readability we will refer to these health plans as federal jurisdiction plans.
Proposed Rule
Open API Requirement. In 2018, CMS completed a major upgrade of its Medicare Blue Button initiative. Four years of Medicare Fee-for-Service data are available via API. There are about 1500 developers that have signed up for the program and apps designed to manage care, select Part D plans, make appointments, connect to research and check symptoms have been developed.
CMS is now extending the Blue Button concept to include all federal jurisdiction plans. In the rule released last week, CMS is proposing to require these plans to implement, test and monitor openly published APIs accessible to third party applications. The scope and volume of information accessible through the plans’ open APIs would include:
- Adjudicated claims including cost
- Encounters with capitated providers
- Provider remittances
- Enrollee cost-sharing
- Clinical data including lab results
- Provider directories and formularies
In most cases, these data must be available within one business day after the triggering event like adjudication of a claim.
The API and data blocking standards established in this rule are the same as those in the ONC rule and subject to compliance with HIPAA. Clinical data would adhere to the USCDI standard established by the ONC rule.
A plan must, if requested by a beneficiary, forward his or her information to a new plan or other entity designated by the enrollee up to five years after disenrollment.
The open API requirement is also designed to permit data exchange between plans and provider. If both entities are covered by HIPAA, no patient authorization is required.
For data related to provider directories and formularies, the privacy standard is much lower as this information is generally available on plan websites.
Participation in Trusted Exchange. The rule requires federal jurisdiction plans to participate in Trusted Exchange Networks as health IT vendors do now. The intent of this provision is to enhance this type of information by adding payer related data such as encounter and claims.
Provider Digital Contact Information. CMS now requires that providers include in their NPPES record direct electronic contact information. In this rule it has reiterated that requirement and announced it will be publishing lists of providers who have not submitted their electronic contact information.
Revisions to Certificate of Participation. CMS has proposed that hospitals, as a condition of their participation in Medicare and Medicaid, provide electronic notice to other community providers of admissions, discharge and transfer of patients.
Effective Date. For QHP and Medicare plans the effective date is Jan. 1, 2020. For Medicaid plans, the effective date is July 1, 2020.
IMPACTS
APIs and Data Exchange. All of that which is proposed is pretty revolutionary. Much of the debate to date has centered on interoperability between providers. CMS has dramatically expanded the implications of interoperability by requiring plans to communicate a core set of clinical data and financial information with one another; with providers; and with enrollees. When taken with the ONC interoperability and data blocking rule, the same core data elements defined by the USCDI can travel from provider to provider, from provider to patient, from provider to plan, from plan to plan and from plan to provider.
In additional to the USCDI, new data elements will be introduced to the information flow on claims, encounters, remittances and cost-sharing. In requiring plans to share this information with enrollees, CMS is cracking open to public view reimbursement data for these plans.
With that visibility comes a reduction in friction as plans will now have to share data with each other on an enrollees’ health history. In addition to making plans more competitive, especially in Medicare Advantage, the plan to plan data sharing will address one of the core policy flaws associated with the ACA’s Medicaid expansion.
Individuals eligible for Medicaid under the expansion frequently shift between Medicaid coverage and exchange coverage due to income volatility. That churn creates care coordination challenges as claims history, encounter data and clinical information remain in silos at insurers and providers. What CMS is proposing would eliminate that policy and public health problem.
Another important aspect of the rule is the inclusion of the Qualified Health Plans sold on the FFE. Because identical plans are sold off and on the exchange, it is likely that, by including QHP plans, CMS is extending the interoperability requirements to all individual and small group market plans.
The rule also included an interesting harbinger of things to come. CMS indicates that they considered but did not include a requirement that enrollees be permitted to “write” information into their health record, like data collected from a continuous glucose monitor, for example. CMS did urge API developers to develop ways for patients to enter data themselves as the technology advances.
For you AMZN bulls imagining all sorts of DTC possibilities. Think again. CMS includes a clear warning that use of patient data to market and sell products would violate HIPAA and be subject to Federal Trade Commission action.
Changes to Conditions of Participation. CMS had hinted at using the heavy hand of the CoP certification – without which hospitals cannot accept Medicare and Medicaid patients – in the FY 2019 IPPS rule. The hospital industry was not thrilled. What CMS has proposed here is less demanding than their language in the IPPS rule suggested. However, hospitals are still not thrilled.
Presuming their EHR system had the technical capability, hospitals would be required to send electronic notification to other providers including community physicians of an admission, discharge and transfer. The American Hospital Association has made their objective known
CMS began the rule by noted it was the “first phase.” So, don’t get too comfortable. Looks like the opaque world of health care data may finally be getting a little sunshine.
Call with questions. After reading 975 pages of the Federal Register this weekend (it was raining), I am pretty sure I have answers.
Emily Evans
Managing Director – Health Policy
Twitter
LinkedIn
