Two HHS health IT interoperability rules, issued by CMS and ONC, are in effect and support the MyHeathEData Initiative and 21st Century Cures Act. But hospitals and health systems have some additional time to prepare since enforcement of the rules is delayed until 2021 due to the COVID-19 pandemic.
During a Nov. 9 session at the Becker's CEO + CFO Virtual Event, sponsored by Change Healthcare, two experts outlined five ways to prepare for the rules, which require CMS-regulated payers to implement and maintain an HL7 Fast Healthcare Interoperability Resources standard application programming interfaces by July 2021 and prohibit health IT developers from participating in information blocking, or activities that will interfere with access, exchange or use of electronic health information.
Presenters were:
- Genevieve Morris, senior director of clinical interoperability strategy at Change Healthcare
- Steven Lane, MD, practicing primary care physician and clinical informaticist at Sacramento, Calif.-based Sutter Health
Their five recommendations to prepare:
1. Ensure an action plan for information blocking. Ms. Morris recommended collaborating with internal and external legal team members, the health system's compliance team and the health system's technology groups to ensure a plan is in place to prevent and respond to charges of information blocking. Questions to ask during these talks: Have we documented our safety procedures? Have we documented our privacy and security procedures? Do we have training programs in place like we do for HIPAA?
"You need to talk to those teams and make sure they are aware of information blocking," Ms. Morris said. "The rules came out right when COVID was hitting us hard, and a lot of your teams probably aren't super aware that this is going on. Make sure they're aware of it and that they're starting to plan."
2. Ensure protocols, policies and training for providing patients/proxies easy access to data – and document everything. Rules related to parental access to adolescent data differ by state, but in the final information blocking rule, state laws are not an excuse to withhold data, Ms. Morris said. Therefore, she encourages health systems to identify data they can share and ensure they share this data when possible. She also recommends policies and protocols for providing patient access with whatever app the patient has while also helping educate patients about what certain apps do with their data.
3. Assess your data use agreements. Ms. Morris said it's clear that information blocking can't supersede HIPAA or the existing business associate agreement structure or data use agreement structure. But she noted ONC also said there are ways to develop data use agreements that will constitute information blocking if the agreements include prohibitions considered not appropriate by ONC.
"They gave some very limited examples in the regulations but this is definitely an area that you need to look at if your data use agreements purposefully keep data from your competitors but not from your friends and partners, [the Office of the Investigator General] is not going to look favorably upon that," Ms. Morris said, adding that hospitals and health systems should ensure their data use agreements align with ONC requirements.
4. Be prepared to absorb the financial/operational costs. Ms. Morris recommends being prepared to absorb financial costs around patient access with third-party apps. That could mean renegotiating reimbursement from payers or modifying copays. Dr. Lane said organizations should also think about costs related to any stakeholder that has a valid HIPAA-appropriate request for access.
"I think a lot of our organizations have been declining to participate in various arrangements where folks come to you and request access to your data and we just say, 'It's not a priority. It's not part of our strategy,'" he said. "And we've just walked away. Now, we're going to have to look at all of those [compliance] requests that are coming from the state."
5. Explore new data-driven services. Dr. Lane said it is important to realize patient data is valuable to healthcare organizations as well as other stakeholders, but especially to patients. And as more comprehensive patient data is available, he sees it as an opportunity for hospitals and health systems to provide more robust services in disease management and prevention and care coordination.
"Brick and mortar hospital services have never been hugely lucrative and they're probably going to become less lucrative in the future," Dr. Lane said. "As you become part of other arrangements and work with other providers to deliver more comprehensive services, having ready access to data and the ability to utilize it is really going to be important for your ongoing success."
To learn more about Change Healthcare, click here. To view the full session on-demand, click here.