CMS and ONC Release New Interoperability Rules

The Centers for Medicare & Medicaid Services (CMS) and Office of the National Coordinator for Health Information Technology (ONC) have finalized two highly anticipated rules that are intended to give patients “unprecedented safe, secure access to their health data.”

ONC will establish a certification process for application programming interfaces (APIs) that will meet certain interoperability and security standards and will give patients remote access to their health information. Federally funded health plans, including Medicare, Medicaid and managed care plans, will be required to make patient claims data and their provider directories available electronically through a certified API. Clinicians will also be required to connect their electronic health records systems to a certified API and will be expected to use the API to give patients access to their health records and to coordinate care among other providers.

APIs will have connectivity with third-party applications. By downloading an application of their choice on smartphones or other electronics, patients will have access to not only their personal data, but also other information that can assist them in managing their care and making informed healthcare decisions. Patients will be able to search for providers and will have transparency on cost of care through the applications. As explained by Don Rucker, M.D., the National Coordinator for Health Information Technology: “Delivering interoperability actually gives patients the ability to manage their healthcare the same way they manage their finances, travel and every other component of their lives.”

The new rules also implemented a new condition of participation in federally funded health plans,  which will require hospitals to send electronic notifications to another community health care facility or provider when a patient is admitted, discharged or transferred to ensure that providers are coordinating patient care in a timely manner, which results in better patient outcomes.

Finally, the new rules also prohibit certain “information blocking” by providers, health information exchanges and networks, and IT developers. Practices that restrict access, exchange or use of electronic health information are considered anti-competitive and will not be permitted. There are certain exceptions to this rule under which information blocking may be considered reasonable and necessary, including: (1) preventing harm to a patient or other person; (2) protecting a patient’s privacy; (3) protecting the security of the information; (4) when it is infeasible to fulfill a request for access, exchange or use of information; (5) temporary unavailability of information due to IT upgrades and other activities; (6) when information is made available but is limited to what fulfills the request at hand; (7) when information is made available but a reasonable access fee is charged to the person requesting the information; and (8) licensing of interoperability elements of electronic health information.

Providers, payors and other parties affected by the new rules will have six months to comply with the requirements.