The DNA of Healthcare

Visit Corporate Site

Not Ready, but Getting There: Payers Prepare for Data Exchange

data exchange
Associate Vice President Healthcare Strategy

The 21st Century Cures Act has been laying the groundwork since it was signed into law in December of 2016, and this year we find ourselves in a watershed moment for healthcare data exchange. On July 1, 2021, the Office of the National Coordinator for Health Information Technology (ONC) mandated that payers must provide access to publicly facing APIs to offer up Provider Directory and Patient Access data.

It cannot be understated how much effort was required on the part of health plans to prepare to meet this requirement. Payers needed to orchestrate their internal data, deploy open APIs based on FHIR standards and make claims, clinical, administrative and drug formulary information available to third-party apps at the request of enrollees. Needless to say, many plans were sprinting to meet these requirements as they were laid in the Final Rule in May of this year.

Why Payers Are Struggling to Meet Data Exchange Deadlines

We surveyed 110 health plan professionals about their readiness and concerns associated with this 21st Century Cures Act mandate. As you may imagine, based on the narrative above, only 33% of these individuals felt fully or very prepared to meet the requirements.

data exchange

Many health plans needed to engage with third-party vendors (44%) to address the cost and effort to meet the implementation deadlines. Almost as many had to hire additional staff (40%) to support these efforts. Overwhelmingly, our survey indicated that plans understood that this rule required them to present clean, high-quality data (68% of respondents marking as a top response) via these APIs, and with the volume of data now available for access, this effort was tremendous and will be ongoing.

Addressing Security Concerns when Sharing Data

The survey also captured some of the apprehensions that these individuals had about this new world of data exchange. The primary driver of concern was protecting patient privacy and adhering to the security standards. This is very much in line with the AHIP statement for April of 2020: “We are seriously concerned that patient privacy will still be at risk when health care information is transferred outside the protections of federal patient privacy laws.”

However, in this rule, ONC has laid out explicit guidance around data access using the SMART on FHIR protocol to ensure that members authenticate their identity and provide consent for their data to be shared. There will always be bad actors trying to access healthcare data, but by employing robust security policies at both payers and app developers, we believe this concern is more a “hangover” from the legacy approach to healthcare data which created data silos and removed patient access.

data exchange

Soon payers will overcome challenges and data will flow freely. This is the time to plan for the future of data exchange: how it can meet additional business needs and generate greater value.

Read this study to learn how payers have worked toward compliance, what concerns them most and what capabilities would be most helpful to have.

The DNA of Healthcare

At LexisNexis Risk Solutions, our goal is to provide the healthcare industry with insights and innovations to improve outcomes, grow market share, reduce fraud and increase compliance.

Related Articles

These blogs are published for information purposes only and can be statements of opinion. Although we LexisNexis rigorously check the accuracy of all information at the time of publishing the blogs, no representations or warranties are expressed or implied as to the blog, its contents and any accompanying materials and it should not be relied upon for acting in specific circumstances. Although links to external websites on any blog posts are tested and deemed accurate at the time of the blog posting, we LexisNexis accept no liability for such links to external websites and do not endorse or warrant in any way any materials available through such links or any privacy or other practices of such sites. In addition to this blog disclaimer, access and use of the blogs is governed by the LexisNexis website.