Health plans and providers have traditionally operated in almost complete segregation, exchanging claims and authorization transactions but little else. Some of this separation stems from the adversarial relationship between “plans that pay” and “providers that cost.” This inherent division was expanded 20 years ago by the Health Insurance Portability and Accountability Act (HIPAA), shielding patient health information and demanding only the “minimum necessary” be exchanged between plan and provider trading partners.
Over the years, government initiatives under Medicare Advantage and Medicaid managed care have attempted to incentivize sharing of data between providers and plans. For example, quality programs requiring tracking of HEDIS measures for Medicare Five-Star ratings and Medicaid quality payments and comparisons compelled plans to collect clinical lab and vital sign data from providers to boost their revenue and competitive ranking. In addition, care coordination initiatives targeted to high-cost individuals, such as those with HIV-AIDS or who are dually eligible for Medicare and Medicaid, have required plans and providers to develop joint care plans authorizing arrays of services, which require regular coordination meetings to track progress.
These initiatives had some peripheral effects increasing the exchange of clinical data between plans and providers. However, foundational obstacles are separate data structures and functionality of care management systems used by plans, and the electronic health record (EHR) systems used by providers. Although these two structures collect similar patient (or member) assessment and care plan information, they are not used in the same way. Health plan care-management systems focus on medical necessity, treatment authorization and utilization management, usually focused on high-cost enrollees or conditions. Provider EHR systems track observations, diagnosis and treatment alternatives for clinical decision making.
These separate, stovepipe systems often rely on cutting-edge 1980s technology to communicate with each other: the fax machine. Not because faxes are the better mousetrap, rather because fax transmissions are cited as a secure transmission vehicle under the security requirements of HIPAA. While consumer retail, travel reservation, entertainment and package-delivery status data now move between multiple technology chains almost seamlessly, health plan and provider care systems can be stuffed full of PDFs and fax images, requiring staff to review, discern and manually transpose.
This Berlin Wall separating plan and provider data is almost tragic, since both stakeholders could benefit from data only visible to either party. Diagnosis, lab and vital sign data that providers have are of tremendous value to plans in meeting quality goals. Meanwhile, providers could make great use of the variety and history of claims data documenting patient encounters with other practitioners.
Only in recent years has our government begun to recognize that regulations were a major factor in sustaining this 35-year-old technology separating payers and providers from efficiently exchanging data. Thanks to emerging interoperability data standards, particularly the Fast Healthcare Interoperability Resource (FHIR) standard, which takes a modern, internet-based approach to connecting different discrete elements through query retrieve standards, regulators have a new medium to mandate the exchange of data between plan and provider systems.
In December 2020, two proposed federal regulations prescribed the first nationwide, multiple-program mandate for the sharing of clinical data between plans and providers.
U.S. Department of Health and Human Services (HHS) Revisions to HIPAA: The first rule, released on December 10 by the Department of Health and Human Services, would allow individuals to:
- Direct their health plan to request a provider to transmit electronic personal health information (PHI) back to the requesting plan.
- Authorize their provider to request PHI data from their health plans.
- Remove the “minimum necessary” standard for data requested for care coordination/case management purposes.
Provider Access API: The second rule, released on December 11 by the Centers of Medicare and Medicaid Services (CMS), builds on the agency’s Patient Access API Interoperability regulation finalized in March 2020. It requires an additional Provider Access API for Medicaid, Children’s Health Insurance, and Federal ACA Exchange programs and plans. The rule has a two-fold implication:
- New API (to begin in January 2023) would make individual claims and clinical data maintained by the health plan available to providers on demand; data would be transferred via FHIR to be ingested into EHR systems maintained by medical groups and facilities.
- Rule would also allow providers to have access to a Prior Authorization API to exchange care requests with plans, starting in 2024.
These proposed rules would unlock larger data flow from “plans to providers” (via the Provider Access FHIR API), since plans would have to make their data available. However, the HIPAA modification allowing patients to direct their plan to request PHI data from providers is a small but first mandate on providers to share data with plans.
The Biden Administration and its appointees to HHS and CMS will eventually decide on the finalization of both proposed regulations. In testimony to the Senate Committee on Health, Education, Labor and Pensions (HELP) during his confirmation to be HHS Secretary, Xavier Becerra discussed his commitment to health cost and data transparency when pursuing legal cases as State Attorney General against major California health systems. This is a promising sign that these proposed rules could be finalized in some form.
SS&C Health has solutions to allow plans to efficiently send and receive these new streams of data sharing with providers. Through our partnership with Edifecs, we are implementing our FHIR Server solution for a variety of plans offering government program coverage, to administer the Patient Access API by July 2021. A securely administered Provider Access API (to distribute member PHI to their caregivers) is also available using this same solution. In addition, our HEDIS quality and analytics include FHIR intake functionality to ingest provider clinical data, including Logical Observation Identifiers Names and Codes (LOINC) and Systematized Nomenclature of Medicine (SNOMED) diagnostic data utilized in EHR systems. These FHIR intake features meet NCQA standards.
Integrated health coverage data is finally upon us, and we are ready to help our clients take advantage of opportunities that are sure to follow.
Written by Richard Popper
Director, Government Programs Strategy