Web Exclusive

MyHealthEData and Patient Information Blocking
By Chris Byers

Providers of HIPAA-compliant, open application programming interface (API) solutions offer multiple platforms across the health care industry to keep you engaged with patients, while being able to securely share data. These types of solutions are becoming increasingly popular as national health care organizations continue to emphasize interoperability.

At HIMSS 2018, Centers for Medicare & Medicaid Services (CMS) Administrator Seema Verma announced an initiative for MyHealthEData Interoperability. The MyHealthEData initiative aims to “empower patients by ensuring they control their health care data and can decide how their data is going to be used, all while keeping that information safe and secure.” CMS hopes to do this by breaking down existing barriers to health data access, like information blocking, and by granting patients access to their own EHRs through the application of their choice.

Similarly, the day before HIMSS 2019, Health and Human Services announced a new patient access and interoperability rule proposal, which capitalizes on Americans’ smartphone use and grants patients access to their EHR data electronically without charging a fee.

What Is the New Rule?
The new patient access and interoperability rule will help loosen constraints around information and data sharing, as well as draw on the vision of the 21st Century Cures Act. The rule will allow CMS to disclose providers participating in “information blocking,” or those who are limiting the availability, disclosure, and use of electronic health information.

The rule also requires the following:

• better coordination for Medicare-Medicaid eligible beneficiaries through submitted buy-in data for the CMS;

• more resources provided by payers on privacy, security, and EHRs; and

• provider compliance with the electronic notification requirements.

In support of the MyHealthEData Initiative, CMS hopes health care organizations working with Medicare and Medicaid will be required by 2020 to share claims and health information with patients electronically through an open API. This will allow patients to have more control over the information they are submitting and to capture all of their health information should they decide to change plans.

Who Is Impacted?
These requirements could impact various providers, hospitals (both psychiatric and critical hospitals), Medicaid-managed care plans, Medicare Advantage organizations, Children’s Health Insurance Program (CHIP) agencies operating fee-for-service systems, Medicaid state agencies, and CHIP-managed care entities.

This rule also has the ability to impact payers that offer Qualified Health Plans through and outside of the federal marketplace. Alternatively, it would not impact insurers offering stand-alone dental plans or employer-sponsored health insurance.

How Do I Know if I Am Compliant?
To ensure compliancy, agencies will need to grant access to patients. This means patients will need to be able to retrieve certain information through a HIPAA-compliant, open API. Additionally, patients may need access to the following:

• formularies;
• pharmacy directories;
• provider directories;
• administrative data; and
• claims and encounter data.

Following claim processing or data receipts, data must be made readily available to patients after one business day. As for provider directory data, the initiative requires access within 30 calendar days after the entity receives updated information or initial changes are made.

The new rule is expected to go into effect toward the end of 2019; comments will be fielded by the Federal Register.

— Chris Byers is CEO of Formstack.