The 21st Century Cures Act has been laying the groundwork since it was signed into law in December of 2016, and this year we find ourselves in a watershed moment for healthcare data exchange. On July 1, 2021, the Office of the National Coordinator for Health Information Technology (ONC) mandated that payers must provide access to publicly facing APIs to offer up Provider Directory and Patient Access data.
It cannot be understated how much effort was required on the part of health plans to prepare to meet this requirement. Payers needed to orchestrate their internal data, deploy open APIs based on FHIR standards and make claims, clinical, administrative and drug formulary information available to third-party apps at the request of enrollees. Needless to say, many plans were sprinting to meet these requirements as they were laid in the Final Rule in May of this year.
Why Payers Are Struggling to Meet Data Exchange Deadlines
We surveyed 110 health plan professionals about their readiness and concerns associated with this 21st Century Cures Act mandate. As you may imagine, based on the narrative above, only 33% of these individuals felt fully or very prepared to meet the requirements.
Many health plans needed to engage with third-party vendors (44%) to address the cost and effort to meet the implementation deadlines. Almost as many had to hire additional staff (40%) to support these efforts. Overwhelmingly, our survey indicated that plans understood that this rule required them to present clean, high-quality data (68% of respondents marking as a top response) via these APIs, and with the volume of data now available for access, this effort was tremendous and will be ongoing.
Addressing Security Concerns when Sharing Data
The survey also captured some of the apprehensions that these individuals had about this new world of data exchange. The primary driver of concern was protecting patient privacy and adhering to the security standards. This is very much in line with the AHIP statement for April of 2020: “We are seriously concerned that patient privacy will still be at risk when health care information is transferred outside the protections of federal patient privacy laws.”
However, in this rule, ONC has laid out explicit guidance around data access using the SMART on FHIR protocol to ensure that members authenticate their identity and provide consent for their data to be shared. There will always be bad actors trying to access healthcare data, but by employing robust security policies at both payers and app developers, we believe this concern is more a “hangover” from the legacy approach to healthcare data which created data silos and removed patient access.
Soon payers will overcome challenges and data will flow freely. This is the time to plan for the future of data exchange: how it can meet additional business needs and generate greater value.
Read this study to learn how payers have worked toward compliance, what concerns them most and what capabilities would be most helpful to have.