The electronic health record (EHR) was introduced with a view to improving access to patient data, ensuring timely delivery of optimal patient care, and ensuring interoperability to improve collaboration among the healthcare providers. The EHR also facilitates medical record retrieval and medical chart reviews that are vital processes for the healthcare and legal sectors. Ease of access for patients is another major objective of introducing the EHR, so that patients can play an active role in their healthcare.
On Monday, the 9th of March, federal officials released new rules that will allow patients to download their electronic health records and other healthcare data onto their smartphones. These rules implement interoperability and patient access provisions of the bipartisan 21st Century Cures Act (Cures Act) and support the federal government’s MyHealthEData initiative. This initiative aims to empower patients around a common objective, namely, giving every American access to their medical information so they can make better healthcare decisions. According to the Health and Human Services Secretary Alex Azar, the new rules are the beginning of a new chapter in how patients experience American healthcare. It would provide patients with numerous new opportunities to improve their own health, locate the providers who meet their needs, and drive quality via greater coordination. Undoubtedly, these rules will provide patients a greater say in their healthcare decisions. In addition, doctors and hospitals who resist handing over the complete medical chart to patients upon demand, will not be able to continue doing so. The provisions are set to be effective in 2021 – 2022. The CMS does not want to keep patients in the dark regarding their health records and the two transformative rules will provide patients safe, secure access to their medical data. It is expected that when patients are put in charge of their health records, they will be more responsible and careful about their health and medications.
Patients can share their health information with health app developers, hospitals, and doctors’ offices. App developers can request clinical data such as lab test results or medications through standard APIs (application programming interfaces). Claims data including those of health insurers (both private and government) will also be revealed to find the various procedures and test that have been billed to a patient’s insurance.
Let us look at the new policies.
- Patient Access Application Programming Interface (API): Applicable January 21, 2021, this will allow patients to access their health data via any third-party apps they choose to connect to the API, and could also be used to integrate a health plan’s information to a patient’s EHR. The advantage is that patients can take their relevant health information including their claims as they move from one health plan to another, and from one provider to another across the healthcare system.
- Provider Directory API: Applicable January 1, 2021, under this policy, MA organizations, Medicaid FFS programs, CHIP FFS programs, Medicaid managed care plans, and CHIP managed care entities are required to make provider directory information available through the Provider Directory API. The API must be accessible through a public-facing digital endpoint on the insurer’s website.
- Payer-to-Payer Data Exchange: This is applicable from January 1, 2022 onwards. Under this rule, CMS-regulated payers are required to exchange certain patient healthcare data (specifically the U.S. Core Data for Interoperability (USCDI) version 1 data set) at the patient’s request, which allows patients to carry their data with them as they move from one insurer to another over time. This will help create a cumulative health record with their current payer. When a patient’s health information is available in one place, it will facilitate informed decision making, efficient care, and better health outcomes.
- Public Reporting and Information Blocking: This is applicable late 2020, and CMS will publicly report hospitals, eligible clinicians, and critical access hospitals or CAHs that may be blocking information based on how they attested to certain Promoting Interoperability Program requirements. Patients can choose providers that are more likely to support electronic access to their health information once they know which providers may have attested.
- Admission, Discharge, and Transfer Event Notifications: Applicable late 2020, CMS will be modifying CoPs or Conditions of Participation to require hospitals, including psychiatric hospitals and CAHs, to send electronic patient event notifications of a patient’s admission, discharge, and/or transfer to another healthcare facility or to another community provider or practitioner. This is expected to enhance care coordination by allowing a receiving provider, practitioner, or facility to reach out to a patient and provide appropriate follow-up care in a timely manner. This policy will come into effect 6 months after publication of this rule.
- Digital Contact Information: This policy will be applicable late 2020, when CMS will start publicly reporting providers who do not list or update their digital contact information in the National Plan and Provider Enumeration System (NPPES). Providers are also required to provide digital contact information such as secure digital endpoints like a Direct Address and/or an FHIR API endpoint.
- Increasing the Frequency of Federal-State Data Exchanges to Improve the Dually Eligible Experience: This final rule will be applicable April 1, 2022 and will update requirements for states to exchange certain enrollee data for individuals dually eligible for Medicare and Medicaid including state buy-in files and MMA files (abbreviation for the Medicare Prescription Drug, Improvement and Modernization Act of 2003) from monthly to daily exchange. This will improve the dual-eligible beneficiary experience and also ensure that beneficiaries are getting access to appropriate services. Also, that these services are properly billed the first time, thereby eliminating waste and burden.
For more details on these new rules, you can visit the CMS website here
There are concerns regarding patient privacy once the medical records are made freely accessible. Attorneys handling medical-legal cases, medical review companies assisting them in retrieving and analyzing medical records, and other entities that need to handle sensitive patient data understand the importance of strong safeguards to prevent medical data abuse. The major concern is that healthcare apps do not provide patients clear details regarding how their data will be used. However, the health department’s technology coordinator Dr. Donald Rucker says that the new rules do take patient privacy into account. When patients start the data-sharing process with an app, their providers will be able to inform them about the privacy risks involved.
