Final CMS Interoperability Regulation: What You Need to Know

A healthcare professional standing in a patient room holds a digital tablet.

On Monday, March 9, the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health IT (ONC) publicly released their final regulations related to driving more interoperability and data exchange across the entire healthcare ecosystem. The government intends the combined regulations to provide patients with timely access to their health data to make informed healthcare decisions and better manage their care. The Department of Health and Human Services (HHS) expects the regulations to place patients at the center of care delivery and provide them more control, which is the centerpiece of the Trump Administration’s work toward a value-based healthcare system.

The CMS Interoperability and Patient Access Final Regulation builds on the MyHealthEData Initiative, which was originally announced at the HIMSS18 Conference. The CMS Regulation is focused on liberating patient claims data so patients can be more informed decision makers leading to better-informed treatment.

The ONC Interoperability and Information Blocking Final Regulation implements key provisions of the 21st Century Cures Act focused on advancing interoperability; supporting the access, exchange, and use of electronic health information (EHI); and, addressing occurrences of information blocking. ONC’s regulation also establishes application programming interface (API) requirements using the Fast Healthcare Interoperability Resources (FHIR®) standard, including for patients to use APIs to be able to electronically access all of their EHI, structured and/or unstructured, at no cost. More information on the ONC Regulation can be found online.

The Key Parts of the CMS Final Regulation include:

Patient Access API

Beginning January 1, 2021, CMS is requiring Medicare Advantage, Medicaid, Children’s Health Insurance Program (CHIP), and Qualified Health Plan (QHP) issuers on the federal exchanges to share claims and other health information with patients in a safe, secure, understandable, user-friendly electronic format through its Patient Access API. This Patient Access API must meet the technical standards finalized in the ONC Final Regulation, which currently includes HL7® FHIR® Release 4.

At a minimum, CMS is requiring that the Patient Access API make available adjudicated claims (including provider remittances and enrollee cost-sharing); encounters with capitated providers; and clinical data, including laboratory results (when maintained by the impacted payer). Data must be made available no later than one business day after a claim is adjudicated or encounter data are received.

CMS is enabling patients to access their data through any third party application they choose to connect to the API and better integrate a health plan’s information to a patient’s EHR. The idea underlying the CMS Regulation is that patients can take this information with them as they move from plan to plan, and provider to provider throughout the healthcare system.

Admission, Discharge, and Transfer (ADT) Event Notifications Part of Conditions of Participation (CoP)

CMS modified the Medicare and Medicaid Hospital CoP to require hospitals, psychiatric hospitals, and critical access hospitals (CAHs), which utilize an EHR, to send notifications of a patient’s ADT to certain providers. These providers include the patient’s established primary care practitioner or group; post-acute care service providers and suppliers with whom the patient has an established care relationship; and, other practitioners, groups or entities, identified by the patient. The notifications are intended to focus on sending information to the providers that need to receive notification of the patient’s status for treatment, care coordination, or quality improvement purposes. CMS is not specifying a standard for the content, format, or delivery of these notifications.

It is important to note that if the hospital and patient cannot identify a provider to share the notification with, the hospital is not required to send a notification for that patient. Moreover, CMS emphasized that, at the time of this applicability date, this provision is limited to a hospital that currently possesses an EHR system with the technical capacity to generate the basic patient personal or demographic information for electronic patient event notifications.

This policy will be applicable six months after publication of this Final Regulation to allow adequate time for these institutions, especially small and/or rural hospitals as well as CAHs, to be able to comply with the new requirements.

Provider Directory API

CMS is requiring MA organizations, Medicaid and CHIP fee-for service (FFS) programs, Medicaid managed care plans, and CHIP managed care entities to make standardized information about their provider networks available through a Provider Directory API. At a minimum, these payers must make available via this Directory provider names, addresses, phone numbers, and specialties. Access to the Provider Directory must be fully implemented by January 1, 2021.

Payer-to-Payer Data Exchange

At a patient’s request, CMS is also requiring MA organizations, Medicaid managed care plans, CHIP managed care entities, and QHP issuers on the FFEs to coordinate care between payers by exchanging, at a minimum, the data elements specified in USCDI v1 that ONC just finalized. Patients have up to five years after their coverage ends to submit a request to a payer to share their information. This payer-to-payer data exchange must be fully implemented by January 1, 2022.

Participation in a Trusted Exchange Network is Not Required

CMS is not requiring MA organizations, Medicaid managed care plans, CHIP managed care entities, and QHP issuers on the FFEs to participate in a trusted exchange network given the concerns commenters raised regarding the need for a mature Trusted Exchange Framework and Common Agreement (TEFCA) to be firmly in place before mandating such a requirement.

Public Reporting and Information Blocking

The Final Regulation requires Physician Compare to note the eligible clinicians and practice groups that submit a “no” attestation response to any of the three prevention of information blocking statements in the Promoting Interoperability Program of Merit-based Incentive Payment System (MIPS) reporting. This public reporting will be noted on profile pages or in the downloadable database of Physician Compare, starting with 2019 performance period data, which will be available for public reporting starting in late 2020. In addition, similar information will be publicly available on a CMS website to indicate that an eligible hospital or CAH attesting under the Medicare Promoting Interoperability Program had submitted a “no” response.

Moreover, CMS will now publicly report the names and National Provider Identifier (NPI) of those providers who do not have digital contact information included in the National Plan and Provider Enumeration System (NPPES) system beginning in the second half of 2020.

Continue to stay connected with HIMSS over the coming days as we provide further analysis on the impact of the Final CMS and ONC Interoperability Regulations.

Discover the Power of Interoperability

Help advance interoperability and standards-based health IT systems that lead to meaningful health information exchange.

Join the Interoperability & HIE Committee

Published on