New CMS rules on interoperability for provider and patient data via FHIR-based APIs are forcing health plans to work quickly to meet a 2021 deadline. Much of the industry discussion to date focuses on the task of converting a plan’s data into FHIR standard format. While this is an important part of meeting the mandate, we can’t forget about who will be using these APIs. Interoperability is about helping the consumer with better health outcomes, smarter decisions and better industry collaboration by providing easier access to their data.
The interoperability rules allow people to access their data from their health plan on the device and app of their choosing. For covered entities accustomed to keeping data secure under HIPAA, this is a major change. Health plans need to prepare for securely sharing consumer data with apps from entities not covered by HIPAA—and help provide the right consumer experience in the process.
Supporting consumer access by third-party applications
Today, consumer access to their health data might be with a plan or provider app. Now, new apps will come knocking and plans need to be prepared to securely share data without running afoul of ONC information blocking rules. This means plans need to careful not to discriminate. They need the same requirements for all consumer apps.
Plans can refer to the CARIN Alliance Code of Conduct for consumer information sharing principles and practices. This provides insight on interoperability community work group-driven efforts for guidance. Many vendors of interoperability solutions can help a plan put a process in place for app attestation and registration, since SMART on FHIR doesn’t specify a standards-based app registration process.
Helping members understand what’s at stake
When it comes to consumer access to data, not everyone understands what that really means nor the risks involved with sharing data on apps. In addition to app attestation and securely managing member access to their own data in accordance with HIPAA rules, plans need to do a few things to help with member education.
While the mandate requires a health plan’s rules for app attestation be shared with their members, people may need more information to make decisions. It is important to provide that from an easily accessible location, such as a public-facing health plan website, or other channels used for regular member communication. Since consumers aren’t tech experts, use non-technical, simple, and easy-to-understand language around what’s involved. Finally, provide the following information:
- Explain general steps consumers can take to protect the privacy and security of their health info
- Highlight that organizations/individuals that may get access to their data from a third-party app are NOT likely to be HIPAA-covered entities
- Share that their data will not be covered by HIPAA once accessed by the third-party app and that data comes under the oversight of the Office of Civil Rights (OCR) and Federal Trade Commission (FTC) and how a consumer can submit a compliant to them
- Outline what consumer apps need to attest to, in order to access their data from the health plan
Clear and present need for industry collaboration around app attestation
While plans can put solutions in place themselves for consumer app attestation and registration, there is no question work is involved. Given the large number of consumer apps you would expect to come on the market, there is an opportunity for broader collaboration and standards, such as the CARIN Alliance Trust Framework. If the industry comes together on this front, it will help provide consistency, reduce the burden on the plan and help consumers keep their data safe and secure.
Interoperability promises great improvements to help consumers access and navigate care, to improve their health and lower overall health care costs. By remembering that consumers are at the center of interoperability means we can create experiences that help them access data and maintain trust. If the industry works together, health plans can reduce the administrative burden of consumer app attestation.
To learn more on this topic, watch our webinar and hear what interoperability leaders are saying about current solutions and what the industry can do to improve future efforts around app attestation and registration.
