New rules from the US Department of Health & Human Services on patient data interoperability – including the Interoperability and Patient Access final rule – are set to usher in a new era in healthcare where patients are allowed to safely access and share their data with providers and third-parties as they see fit. This will not only enable a more seamless care experience for patients, but will also allow providers and third-parties to more easily access and share critical information, ultimately helping to foster new healthcare services never before thought possible.
With these new mandates coming into play, opportunities to truly integrate digital health tools into traditional healthcare settings are increasingly emerging. Apps, for example, will be able to fully harness patient data without roadblocks to offer new mechanisms for advanced care, allowing providers to remotely monitor patients and alert them when medical tests and appointments are overdue. With the data shackles removed, healthcare can be transformed – leading to better access to patient data, improved interoperability and increased innovation.
As healthcare systems determine how to most effectively navigate the Interoperability and Patient Access final rule, there are a few key best practices to keep in mind. But first, it’s important to understand why this ruling is significant to begin with when it comes to meeting key compliance and making the most of data.
What It Means for Healthcare
Over the last five years or so, the broader healthcare industry has held data close to the chest in order to protect their ability to monetize it, limit liability and defend exposing their model to increased disruption. In the instances where organizations actually sought to share data, easy access, high utility, and accurate interpretation have been major challenges. Data challenges and data hoarding have, in turn, severely limited opportunities for data to be analyzed and put to good use.
In many ways, the Interoperability and Patient Access Final Rule is the first step toward realizing true healthcare transformation. It’s helping to change the operating paradigm by challenging us to reexamine and optimize patient care under the goals of what the Institute of Health Improvements terms the Triple Aim – which is to improve the healthcare experience, improve patient health and outcomes, and reduce the per capita cost.
Data is a foundational component of modern healthcare, whether it is ensuring that crucial information is in the right place at the right time and in the right hands for interpretation or acting as a building block to improve delivery of care. We need it for things like establishing vaccine efficacy, especially as the Covid-19 vaccines continue to be rolled out, and to answer questions such as what level of immunity is achieved against which virus variants and are there genetic markers that correlate to lower immunity levels post-vaccination.
Data will continue be a fundamental piece of understanding what healthcare is effective and what is not, and to define what quality healthcare is today and where it could, or should, be tomorrow. This extends to how data is shared among the many parties in the ecosystem, including payers, providers, patients, innovators, governments, and more. The data sharing mandate is a critical beginning for us to improve and deliver more informed healthcare, as well as a fuel to continue to feed disruption and greater patient-centricity.
How to Plan and Take Action
To understand how to best meet the new mandate’s requirements, there are several considerations healthcare organizations should keep in mind as they prepare for July 1, 2021, when the Centers for Medicare & Medicaid Services begin enforcing the rule.
First and foremost, there should be the commitment to a “do no harm” approach, with risk management and consumer privacy being critical drivers of this ethos. It will be imperative that healthcare systems strike a balance between governance and security that enables greater value delivered at individual, population, and system levels. One might consider a parallel in hospital patient safety initiatives: they aim to limit, or prevent, adverse and sentinel events without negatively impacting quality care. Similarly, organizations must find harmony between their security protocols, governance frameworks, and complying with mandates. The goal of the policy is to achieve a better overall healthcare system; one must comply with the specific requirement, but one should design for its intended result. Appropriate data should be accessible and shareable for, and to, authorized parties.
A second consideration – and one that acts as a pressure factor in this scenario – is time. Meeting the requirements while also protecting patient information is crucial so it’s important to remove any unnecessarily complicated processes and complex variables that may hinder or delay moving forward in the given timeframe. For starters, stick to already-effective security foundations and policies that are in place. Resist the urge to re-write and re-think the security and governance plan from scratch. Rather than large-scale creation of new policies, aim for an augmentation and evolution of what you are already doing successfully today. Conduct an impact assessment of new vulnerabilities to zero in on what matters and what needs to be addressed, and then combine that with current practices to more quickly navigate the mandate.
It’s also important to accept, and prepare for, the fact that the system may be resistant to change. There are always entrenched and competing interests at play within healthcare. Many may feel threatened by the mandate that strives for greater openness. Some organizations will remain reactive to legislation while others will embrace the intent. Which is why, ultimately, healthcare providers must sit down to have the hard conversations that are tactical on technical execution of compliance and strategic on business transformation. They will need to determine the solutions and pace of change that works best for their current business model and a patient centric, data democratized future. The goal should be to ensure no harm and achieve progress, while upholding the overall charter that ensures patients and members obtain data sharing rights, not just data privacy rights, truly exercising them in their best interest.
Potential to Transform Healthcare for the Better
The Interoperability and Patient Access final rule not only challenges us to think outside of the four walls of the healthcare system and explore what is possible with true patient interoperability, but it also pushes us to question the status quo and evolve from being closed-data organization-centric to become open data patient-centric.
With patients being granted easier access to their data, and thus greater and more informed agency over their health, we are finally opening the door for insights to be derived and refined on their behalf, which means we can better serve them and in the long-term, the overall effectiveness of our healthcare system.
Photo: LumineImages, Getty Images