Your healthcare company is expert at managing an enormous amount of data. After all, your business operations depends on your ability to accurately process and track thousands of patients’ clinical and claims records. But with the recent passage of the Centers for Medicare and Medicaid Services’ new Interoperability and Patient Access rule (CMS-9115-F), everything about the way you expose member data publicly is about to change.
The new CMS interoperability rule is intended to give patients complete control of — and access to — their own healthcare data. That’s a good thing. Functionally, however, this means that healthcare companies must now adopt strict standards for how they structure and share their data.
All healthcare providers and payers that partner with government programs must comply with the CMS’s regulations by July 1, 2021. However, these new requirements are sure to become the industry standard (extending beyond Medicaid and Medicare). In order to compete moving forward, your healthcare company must start preparing for these major changes now.
But how? Healthcare companies like yours currently use a smorgasbord of data infrastructures, interfaces, and formats to store and share data. Bringing these disparate data structures into alignment is a huge task, one that is sure to be riddled with technical and logistical problems. Here’s what you need to know about the major roadblocks ahead — and how to get started in the right direction.
Anticipating the Challenges of Implementing the Healthcare Interoperability Standards
The first step in successfully adopting the CMS’s Interoperability and Patient Access standards is to anticipate the challenges that will inevitably arise during the transition. By identifying the main obstacles, you can build a plan that takes them into account — and skillfully guide your organization in bypassing them.
Aggregating and restructuring data
From clinical data and lab results to claims information, healthcare payers collect data from a variety of different sources. And all that data is stored separately; it doesn’t reside in a single, unified database. With data dispersed across different systems, the first major challenge is to locate all of the required data, pull it into a central repository, and mold it into a coherent structure. (The required data includes clinical data and lab results, provider encounter data, and claims data.)
This challenge is especially daunting given that different databases structure and store information in completely different ways, permit different loads tolerances, access rates, and data relationship. Without a neat one-to-one correspondence from one database to the next, the level of complexity can quickly skyrocket.
Addressing data quality issues
Any one database is bound to have some degree of data quality issues, including missing, duplicated, and corrupted data. But when you attempt to join together multiple, disparate databases — as healthcare companies must now do — those errors will be multiplied. In order to comply with the new interoperability guidelines, healthcare companies must compile a full set of complete, accurate data for each patient.
Inevitably, however, as you seek to compose a comprehensive data picture for each of your members, you’ll find that you have missing, conflicting, and corrupted data to contend with. For example, what will you do about duplicative data — that contains different values?
Your siloed data sources (and the teams that use them) may have been fully functional on their own, perhaps with a few workarounds. But bringing your individual databases into alignment will be far more complex than simply combining them together.
Security concerns
Security represents another major concern in adhering to the new interoperability guidelines. In particular, you’ll need to address the security of your API’s as you pass data out of your database. As you know, your data is regulated by HIPAA’s privacy laws. Those requirements are much easier to adhere to currently, with your members’ data secured in your own closed-loop infrastructure. Now, however, the interoperability requirements will mean opening up your data to, well, the entire world. Suddenly, you’re in the same realm as Facebook when it comes to the fluidity of your data. Only the data is much, much more sensitive.
As soon as your members request that you release that data to a third party, it’s technically out of your hands. Technically, patients are in charge of their own data. Where they say their data should go, you must generally send it. But there are some exceptions, such as black market entities and obviously insecure third parties. In any instance where your organization provides the API, it’s on you to determine whether third-party developers fall under any of these exceptions.
You and your IT leadership will need to think carefully about how to craft a data access policy that includes some level of third-party vetting. For example, if your members want you to send their data to well-known third party, such as an Apple fitness app, you’d probably be confident in the receiving party’s security standards. But what about a smaller, third-party developer with an unproven track record? Further, if the patient allows access to their data, do they want the third-party developer to access all of their data? Or just certain categories? It’s your responsibility to figure out how to manage patient data-sharing responsibly, while also allowing maximum flexibility for your members.
Delivering on-time data
The interoperability rules mandate that healthcare organizations must make all adjudicated claims and clinical data (including lab results) available on the API within 24 hours of a member’s request. To do that reliably, you’ll need to optimize your IT suite to quickly retrieve and deliver on-time data. With data stored in different systems that sync on different timeframes, you run the risk of delivering incorrect data because some parts have yet to be updated.
What’s the best way to handle that, keeping in mind that all clinical data needs to come in a standardized United States Core Data for Interoperability (USCDI) format? The right solution is probably to build a single “source of truth” database that collects data in a structured way, which can then be used as the API’s donor.
In essence, you would create a funnel from your disparate data sources through ETLs (extract, transform, load) into the unified database and finally out through your API. This centralized data lake or structure would be responsible for managing data timestamps and synchronizations between the disparate systems, as well as the hierarchy of the data itself.
That’s no small feat — but one you’ll need to accomplish in order to meet the new turnaround time requirements.
Getting Started: First Steps Toward Healthcare Interoperability Compliance
The challenges associated with meeting the new interoperability requirements may seem daunting. That makes sense. Use the following tips to start preparing for this major shift today.
- Understand your data sources. Start gathering references on the three types of data you will soon be responsible for managing differently. What are your sources for each type of data, where do they currently reside, and how are they structured?
- Conduct an interoperability readiness assessment. How prepared is your organization today to adopt the new interoperability regulations? Which pieces of the puzzle are already in place, and what are the gaps?
- Incorporate your findings into a product development plan. The interoperability regulations really only address the administrative side of the new requirements in detail. While they do prescribe a few technologies, the full weight of developing the product still resides with your actual developer. Once you understand what you need from your interface (and which pieces you are currently missing), your next step is to go through a traditional product development exercise. What project milestones, deliverables, and overall timeline will you need to successfully build a compliant interface before the 2021 deadline? What skill sets might you need that your team doesn’t already have?
Finding a way to comply with the CMS’s Interoperability and Patient Access rule will be a major undertaking for everyone in healthcare. But with a clear understanding of the risks and a robust plan, you can make the leap seamlessly — and better serve your customers in the process.