Finalized Rule Gives Patients More Control Over Their Health Data

In March, the U.S. Department of Health and Human Services (HHS) finalized two rules that give patients unprecedented safe and secure access to their health data. The rules, issued by HHS Office of the National Coordination for Health Information and Technology (ONC) and Centers for Medicare and Medicaid Services (CMS), implement interoperability and patient access provisions of the 21st Century Cures Act and the MyHealthEData initiative.

The ONC final rule updates certification requirements for health information technology (IT) developers and establishes new provisions to ensure providers using certified health IT have the ability to communicate about health IT usability, user experience, interoperability and security, including (with limitations) screenshots and video that are critical forms of visual communication for such issues. It also requires electronic health records to provide the clinical data necessary, including core data classes and elements, to promote new business models of care. And, it advances common data through the U.S. Core Data for Interoperability (USCDI), a standardized set of health data classes and data elements essential for nationwide, interoperable health information exchange. The USCDI includes “clinical notes,” allergies and medications among other important clinical data to help improve the flow of electronic health information and ensure the information can be effectively understood when it is received. It also includes essential demographic data to support patient matching across care settings.

Building on the foundation established by ONC’s final rule, the CMS Interoperability and Patient Access final rule requires health plans in Medicare Advantage, Medicaid, Children’s Health Insurance Program (CHIP) and federal exchanges to share claims data electronically with patients. Beginning Jan. 1, 2021, Medicare Advantage, Medicaid, CHIP and plan years beginning on or after that date, as well as plans on the exchanges will be required to share claims and other health information with patients in a safe, secure, understandable, user-friendly electronic format through the Patient Access application programming interface (API). The Patient Access API will allow patients to access their data through any third-party application they choose to connect to the API and could also be used to integrate a health plan’s information to a patient’s electronic health record. To further advance the mission of fostering innovation, the CMS final rule establishes a new Condition of Participation for all Medicare and Medicaid participating hospitals, requiring them to send electronic notifications to another healthcare facility or community provider or practitioner when a patient is admitted, discharged or transferred to facilitate better care coordination and improve patient outcomes. Lastly, CMS is requiring states to send enrollee data daily beginning April 1, 2022, for beneficiaries enrolled in both Medicare and Medicaid to improve the coordination of care for this population.