The CMS Interoperability and Patient Access final rule has enabled key healthcare stakeholders – payers, providers, and health IT vendors – to realign their strategic goals and work toward enhancing member engagement and care delivery.
While interoperability in healthcare can deliver numerous benefits, complying with the rules can be complex and we are closely tracking this issue. In our earlier blog, we covered the evolution of interoperability over the years, the interoperability rule, and the challenges enterprises face in deciphering this regulation.
Read on for part two in our blog series that focuses on the data sets that need to be shared, steps involved in the data sourcing process, and the areas enterprises must focus on to navigate through the interoperability rule.
Which data gets shared as part of the interoperability rule, and what is the data sourcing process?
The interoperability rule has mandated payers to share across member- and plan-level information with the help of two Application Programming Interfaces (APIs) – patient access and provider directory. The rule also clearly identifies distinct data sets that need to be shared through both the APIs, as illustrated below.
Having discovered what data needs to be shared, the next big question for enterprises is understanding how to extract this data. To make the necessary data available to its members through open APIs, enterprises primarily have to perform these three key steps: source system identification, data mapping, and data transformation.
- Source system identification: As healthcare organizations store member information across multiple systems such as claims management system, Electronic Health Records (EHRs), etc., the primary objective is to identify the right source systems that house the information needed to be shared through the APIs
- Data mapping: Data elements mandated by CMS are populated across various Fast Healthcare Interoperability Resources (FHIR) profiles such as patient profile, practitioner profile, etc. These data elements must be mapped against the respective source systems by matching the fields from the source database to the target database
- Data transformation: FHIR profiles consist of data elements with attributes such as cardinality, data type, and binding value sets. The mapped data will have to be transformed into the FHIR recommended format by adhering to the data attributes (for example, translation of system codes into industry-specific codes, usage of industry- standard unique identifiers such as National Provider Identifier (NPI), Clinical Laboratory Improvement Amendments (CLIA) number, etc.)
How do enterprises navigate through the CMS interoperability rule?
Although the interoperability rule defines IT investments payers, providers, and Health Information Technology (HIT) vendors must make, enterprises also need to plan for other critical aspects such as infrastructure scalability and data security in parallel. These areas will be crucial given the increasing data volume and demand for more streamlined services around data access and utilization.
The exhibit below illustrates the key IT remodeling themes and corresponding transformation levers for interoperability implementation in a healthcare enterprise.
FHIR-based API ecosystem
The interoperability rule states that healthcare enterprises should establish API interfaces for all systems handling member/patient data and that the data transferred among healthcare entities – including the member/patient – should be in a standardized format. A robust API-led interoperability strategy can help healthcare enterprises curb the data liquidity issue within their ecosystems. The FHIR-based APIs will enable data format standardization between different endpoints, decrease development time, and save storage space on endpoint devices.
But just creating and establishing FHIR-based APIs will not suffice. Enterprises need to integrate and orchestrate formats other than FHIR. While connectivity with standard or off-the-shelf systems will be easier, homegrown/custom systems will be challenging to map to FHIR standards. In-house development teams and technology vendors will have to create workarounds to modify existing components that consider the potential variability in medical terminologies.
With the implementation of FHIR-based APIs, enterprises must assess scalability challenges within their existing infrastructures. To accommodate the upcoming member/patient data access requests and enable quick data retrieval, enterprises should start to manage their current data storage and compute capacities. Enterprises can approach the data scalability and infrastructure issue by either leveraging existing infrastructure to build an FHIR-based layer or partner with technology vendors to leverage their data, cloud, or FHIR platforms.
As healthcare enterprises will have access to multiple data sources, healthcare interoperability might open the door to security breaches and cybersecurity threats that may not have existed if the data resided within the enterprise. With the influx of data from other healthcare entities, current standard security checks might not be able to cross-reference and validate the identity of the entity requesting access, creating openings for data breaches. To manage these security challenges, added investment in particular focus areas (e.g., application penetration testing, consent management, member education) can help enterprises achieve sustainable data security.
The road ahead
While enterprises are complying with the CMS mandate, an increased focus must be put on how they can look beyond regulations to address some of the key pain points in the industry, such as patient experience, care management and outcomes, and total cost of care. With data flowing seamlessly across the healthcare ecosystem, enterprises should identify and invest in areas that would be crucial to creating long-term business value while also giving them a competitive edge.
As part of our third blog in this series, we will next cover how healthcare enterprises can approach the interoperability rule beyond the mandate to reap long-term benefits, key investment areas, value for enterprises, and an interoperability enablement framework that provides a view into the required IT components for regulatory compliance and what goes beyond regulation.
Please feel free to reach out to [email protected] to share your experience and ask questions.