For most patients, it has always been extremely difficult to their personal health and medical data electronically. However, with the CMS Interoperability and Patient Access Final Rule, consumers, specifically Medicaid members, there is a greater push to give access to, and ownership of, this data.
With this move towards interoperability comes new requirements healthcare organizations must meet and adhere to under the rule. To meet many of these federal interoperability requirements, and ultimately deliver on the promise of interoperability, health organizations must implement specified application programming interfaces (APIs) to transfer the data they store internally and build the technical infrastructure needed to support the consumer-facing apps.
With these pillars of technology and infrastructure in mind, health organizations will be able to give consumers the data they need and meet new federal standards.
Keys to a Successful Interoperability Ecosystem
First and foremost is simply accessing the data itself. The recent federal guidelines give healthcare organizations the opportunity to utilize tools to support consumer-facing apps and portals to deliver data to patients, which means healthcare organizations must be able to deliver that data to the consumers. Implementing specified APIs can help with accessing the necessary information, this information being claims data, clinical information, formulary data, and so on. Multiple, often disparate, systems such as Medicaid Enterprise Systems (MES), immunization registries, health information exchanges, and pharmacy benefit manager systems all carry the data that the consumers want and need access to. Once that data is obtained, the previously inaccessible information should be loaded into a Fast Healthcare Interoperability Resources (FHIR) repository.
Taking the data from the source systems, organizations can map that data into the FHIR format and once it has been loaded into an FHIR data repository, the data can then be published in the required API format. After all the reformatting, consumer-facing apps and portals can access these APIs from the data repository to collect the desired, necessary information and can then transform the data into personalized healthcare knowledge for consumers.
It is crucial that there are security measures in place while increasing the availability of data. To ensure that APIs are disclosing such sensitive data to the correct people in a safe, HIPPA-compliant manner, organizations need to enlist help from third-party vendors and their solutions for support. Through external technology partners and solutions, organizations can ensure consent management by leveraging things like compliance monitoring and comprehensive security services, which include virus and vulnerability scans and penetration testing, to reduce any potential security breach. Due to the complex nature of Medicaid organizations, the lack of existing member portals with usernames or passwords for members, and complicated patient relationships, consent management can also be a challenge. Organizations, specifically Medicaid organizations, must strategically utilize industry-leading vendors and solutions to navigate these challenges to prioritize authentication to mitigate potential security concerns.
Alongside accessing and securing data, a third-party developer ecosystem is also required for interoperability. Healthcare organizations must register app developers and give them access to the API endpoints. With the help of patient access and interoperability solutions, the third-party app developers can do end-to-end testing with APIs, all while being tested in a safe environment. Although API support for interoperability can be a challenge to navigate due to multiple stakeholders, the coordination between consumers, third-party developers, and API developers may still be necessary.
Satisfying Federal Standards
Until recently, patients have had little to no visibility into their personal medical data due to a disparate and siloed ecosystem. Now that the CMS Interoperability and Patient Access Final Rule has put a structure and timeline around how we actually achieve interoperability it is up to healthcare organizations to satisfy the new federal standards and deliver on the promise of interoperability – beginning with data transformation to developing and publishing APIs. Interoperability represents a fundamental shift that puts consumers in control of their healthcare journeys, and health organizations must evolve to support the movement.
About Kristin Ballantine
Kristen Ballentine is the VP of Government Relations at Gainwell Technologies, a healthcare technology company focused on improving public health outcomes, where she oversees Gainwell’s state and federal legislative, policy, and regulatory agendas.