CMS and ONC Release Interoperability and Patient Access Final Rules

Igor Gorlach, Elizabeth Han, Adam Solander
King & Spalding
Contact
LinkedIn
Facebook
X
Send
Embed

On March 9, 2020, CMS released its final rule creating certain interoperability and patient access standards (CMS Final Rule). On the same day, the ONC released a rule that addressed interoperability as well (ONC Final Rule), with a focus on technology developers. The interoperability provisions in both rules implement certain sections of the 21st Century Cures Act (Cures Act), creating a regulatory framework for the exchange of information among providers, patients and payers. The finalized policies in the CMS Final Rule include patient access application programming interface (API) to facilitate the retrieval of patient data from payers, and the public reporting of “information blocking” to make public the providers that do not attest to full compliance with certain interoperability requirements.

In the CMS Final Rule and ONC Final Rule, the agencies finalized the following policies described below.

Standards-Based Patient Access API

CMS regulated payers will be required to implement and maintain a standards-based Patient Access API and permit third-party applications to retrieve certain enrollee data with the approval and at the direction of a current enrollee.

The Patient Access API must meet the technical, content, and vocabulary standards in the ONC Final Rule (including Health Level 7 Fast Healthcare Interoperability Resources (FHIR) Release 4.0.1) as well as content and vocabulary standards provided in HIPAA regulations and Medicare Part D regulations. The Patient Access API must, at a minimum, make available adjudicated claims (including provider remittances and enrollee cost-sharing), encounters with capitated providers, and clinical data, including laboratory results. Such data must be available within one business day after a claim is adjudicated or encounter data are received. Beginning January 1, 2021, impacted payers must make available through the Patient Access API the specified data they maintain with a date of service on or after January 1, 2016.

This requirement applies to the following CMS regulated payers: Medicare Advantage organizations, Medicaid Fee-For-Service (FFS) programs, Medicaid managed care plans, CHIP FFS programs, CHIP managed care entities, and Qualified Health Plan (QHP) issuers on the Federally-facilitated Exchanges (FFEs), excluding issuers offering only stand-alone dental plans and QHP issuers offering coverage in the Federally-facilitated Small Business Health Operations Program.

Public Reporting and Information Blocking

The Cures Act defines “information blocking” generally as “a practice that is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information,” and, in the case of health care providers, the provider knows that such practice is unreasonable and is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information (EHI). The Cures Act authorizes the OIG to investigate any claim that a health care provider engaged in information blocking and impose penalties of up to $1 million per violation.

In the ONC Final Rule, ONC finalized eight exceptions for “reasonable and necessary activities” that would not be considered “information blocking.” Under these exceptions, certain interference with access, exchange, or use of EHI is permissible —

  • to prevent harm to a patient or another natural person;
  • to protect an individual’s privacy;
  • to protect the security of EHI;
  • due to infeasibility of the request; and
  • by an actor’s practice that is implemented to maintain or improve health IT performance.

The other three exceptions outline circumstances under which an actor may limit the content of its response, charge fees, or license interoperability elements.

Notably, the definition of EHI does not expressly include or exclude price information. However, ONC stated that, to the extent that protected health information includes price information and is included in a designated record set, it would be considered EHI.

Starting with data collected for the 2019 performance year, CMS will publicly report eligible providers that may be information blocking based on how they attested to certain Promoting Interoperability Program requirements. This policy will take effect in late 2020.

With respect to physicians, CMS will include an indicator on Physician Compare for the eligible clinicians and groups that submit a “no” response to any of the three prevention of information blocking statements for the Merit Based Incentive Payments System (MIPS). The statements inquire regarding the provider’s actions to restrict the compatibility or interoperability of certified electronic health record technology (CEHRT), implementation of technologies, practices, and agreements to ensure the CEHRT is connected and compliant with applicable requirements, and good faith response to requests to retrieve or exchange EHI from patients, providers, and other persons. With respect to hospitals and critical access hospitals, CMS will similarly post on its website the list of hospitals that submitted a “no” response to any of the three attestations related to the prevention of information blocking.

Starting in late 2020, CMS will also begin publicly reporting providers that do not list or update their digital contact information in the National Plan and Provider Enumeration System. This includes providing digital contact information such as secure digital endpoints like Direct Address and/or a FHIR API endpoint.

Admission, Discharge, and Transfer Event Notifications

CMS changed its Conditions of Participation to require hospitals to send electronic patient event notifications of a patient’s admission, discharge, and/or transfer to another healthcare facility or to another community provider or practitioner. Specifically, a hospital will be required to demonstrate that (i) its system’s notification capacity is fully operational and that it operates in accordance with all applicable laws pertaining to exchange of patient health information; (ii) its system sends certain notifications that include at least the patient name, treating practitioner name, and sending institution name; and (iii) its system sends notifications at the time of a patient’s registration in the emergency department or admission to inpatient services, and also prior to, or at the time of, a patient’s discharge and/or transfer from the emergency department or inpatient services to post-acute care services providers and suppliers and other providers identified by the patient as primarily responsible for the patient’s care, and which need to receive notification of the patient’s status for treatment, care coordination, or quality improvement purposes. The policy will take effect six months after the publication of the CMS Final Rule.

Payer-to-Payer Data Exchange

MA organizations, Medicaid managed care plans, CHIP managed care entities, and QHP issuers on the FFEs must coordinate care between payers by exchanging, at a minimum, the data elements specified in the content and vocabulary standard finalized in the ONC Final Rule. These payers will be required to send, at a current or former enrollee’s request, specific information they maintain with a date of service on or after January 1, 2016 to any other payer identified by the current enrollee or former enrollee. However, a payer will only be obligated to share data received from another payer in the electronic form and format in which the data was received. The payer-to-payer data exchange must be fully implemented by January 1, 2022.

Provider Directory API

CMS-regulated payers will be required to make provider directory information publicly available using a standards-based API. The directory must include, at minimum, provider names, addresses, phone numbers, and specialties. This policy goes into effect January 1, 2021.

Increasing the Frequency of Federal-State Data Exchanges

States will be required to participate in daily exchange of buy-in data, which includes both sending data to CMS and receiving responses from CMS daily. States will be required to begin submitting the MMA file data to CMS daily by April 1, 2022.

Trusted Exchange Network

CMS did not finalize its proposal to require payers to participate in a trusted exchange network, reasoning that the Trusted Exchange Framework and Common Agreement is not sufficiently mature.

The CMS Final Rule is available here, and CMS’s fact sheet on the rule is available here.

The ONC Final Rule is available here, and ONC’s corresponding press release is available here.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding
King & Spalding
Contact
more
less

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide