Delivering on the Promise of Interoperability With the Patient Access API
By Jay Sultan
It is easy to be cynical. Value-based care, Merit-based Incentive Program System, meaningful use, health information exchange (HIE), Regional Health Information Organization (RHIO), and so many other initiatives have promised to do what seemingly cannot be done: enable the flow of health care data among stakeholders. But a new technology called the Patient Access application programming interface (API) is poised to change that.
Background — Electronic Data Interchange
While we commonly use the word “interoperability” now, the first effort to share data among health care stakeholders was the electronic data interchange (EDI), which focused on provider payments and was wildly successful because the federal government—the biggest payer in the world—mandated support of electronic exchange and detailed the needed standards, including coding.
A standards body called X12 worked with the government to create a family of standards called 4010, whose successors are still in use. The effect was to replace the tonnage of paper and fax records with electronic transactions, which are not only more efficient (reducing administrative time and cost), but also much more accurate. While the standards took years to put in place, EDI adoption was swift. Today, more than 90% of all claims auto-adjudicate and accounts payable systems are interoperable.
The Challenge of Siloed Data
While EDI addresses payment data, what about the much larger and more valuable data sets that are needed for the treatment and the management of health care?
The standards organization HL7, which enables interoperability, has faced an enormous challenge enabling the flow of data. Through the years, formats, including HL7 2.0 (CCDX) and HL7 3.0 (ADT, ORU, etc), have established standards, yet the data to treat and manage health care remain siloed. Despite this creation of standards, supported by armies of new “clinical informaticists,” enormous software changes, and the creation of an interoperability “industry” around them over the last 20 years, actual interoperability remains elusive. Why?
While there have been some successes, including clinical data access through an HIE and the adoption of EMRs, interoperability obstacles persist. Patients still fill out the same forms repeatedly at every physician’s office, and physicians seldom know about any health care services that their organization did not deliver.
Why have prior efforts at interoperability failed? Factors include the following:
• The lack of a sufficiently good format. Health care data require context and governance. The “old” data formats (still widely used today) either carried no context or lacked the metadata needed to understand or adapt the given context.
• Lack of access. EMR systems are rightly focused on privacy, but in a way that makes it nearly impossible to use and combine data from outside sources. Additionally, virtually all existing efforts have been business-to-business focused, ignoring the patient.
• Lack of an industrywide mandate. A government-driven mandate creates a universal standard for adoption at scale. RHIOs and HIEs exist, but they are voluntary and vary significantly in adoption and effectiveness.
• Lack of business value. Under the current interoperability methods, business value is limited due to lack of scale and how difficult it is to move data effectively.
The “New” Interoperability Effort Will Succeed
The 21st Century Cures Act, passed in 2016, brought a strongly bipartisan message to the health care industry: the data needed for the treatment and management of health care must flow.
The law is beginning to bear fruit; it is a very broad law with many aspects, including a new approach for HIEs called the Trusted Exchange Framework and Common Agreement that is only now being defined. But the most impactful parts of the new law are the new Patient Access API mandates.
Aside from the inarguable advantages of APIs over batch, a vital and disruptive aspect of the Patient Access API is its use of a new family of data formats called Fast Healthcare Interoperability Resources (FHIR). The FHIR formats (and the mandated specifics about which ones to use) bring much needed prescriptive requirements about the specific data elements to share, a new universal standard data set that is sufficiently broad and contextualized to deliver business value.
FHIR allows the creation of “implementation guides” that are intended to drive context into the data being shared. The government has also mandated a single workflow for applications, dubbed SMART on FHIR, which ensures privacy and security of the data movement in a standardized way. Finally, HL7 and public/private organizations have created a robust governance process to manage changes to these formats and the needed vocabulary over time.
Patients manage their privacy through authentication (they must prove who they are) and must consent to any sharing of their data; patient data moves only according to the patient’s wishes.
The government has mandated that insurance companies and health care providers must publish health care data with these APIs. In July 2021, insurance companies were required to publish both clinical and administrative data in these standard APIs for about 40% of insured Americans. The next deadline, January 2023, requires almost all hospitals and physicians to publish clinical data in these APIs.
This industrywide mandate will create an effective common format and deliver data accessibility at scale. This is partially because our modern technology, such as smartphones and the internet, work best when APIs are used, as they handle security, data standardization, and scalability. More importantly, the industrywide mandate and supporting standards follow the same successful path described above for EDI. The same critical elements are present in the current effort to make treatment data flow.
With the mandate in place, many businesses will go beyond compliance, making voluntary investments in accessing and using data, because the conditions are met to do so profitably.
Now Comes the Work
Importantly, the government will need to enforce compliance with the new requirements. It also needs to broaden coverage to the remaining 60% of the insured population, add additional data (such as social determinants of health), and create more prescriptive mandates of implementation guides. Finally, if additional patient consent approaches were standardized and mandated, it would allow for both broader and narrower data access to the benefit of patients.
API adoption will expand to all types of organizations. While insurance and health care technology companies will seek these data first, many other businesses in and out of health care will ask their customers for permission to access the data, using them to support their current business models and enabling new business models.
Finally, patients will access and use these data widely, far differently than what occurs today. While some will simply want to download and view their data on their phones, many patients will download new apps and access websites that can use these data to make their lives easier, help them make medical decisions, and have more ownership of their health care.
Consumers have used personal technology to completely transform how they shop (Amazon), how they travel (Travelocity), how they move (Uber), how they manage money, work, learn, etc. Do a person’s health care data need different security than their banking data? Are health care decisions more complex than investing decisions? Are health decisions any less momentous than choosing to enter a mortgage?
Our society has embraced the ability to change its habits and use software and data in ways at first unimaginable. It will be no different in health care.
As Bill Gates once said, “We always overestimate the change that will occur in the next two years and underestimate the change that will occur in the next 10.” This will be true for Interoperability, whose time has finally come.
— Jay Sultan is vice president of strategy at the health care business of LexisNexis Risk Solutions. A health care industry veteran with more than 20 years of experience, he leads strategy development, innovation, market planning, and strategic partnership initiatives to help scale the business for growth.