Even after 10 years of regulatory investment in digital health, we have not solved the problem of sharing data seamlessly between health systems, health plans, and our patients.
Interoperability Rule in Healthcare
The new CMS Interoperability Rule in Healthcare is positioned to break down barriers using modern APIs to power the patient, healthcare providers, and health plans to quickly exchange data so they can act promptly and gain new insights.
CMS has set a vision to meet the quadruple aim: improving population health (outcomes), improving the patient experience, reducing the cost of healthcare while improving clinician satisfaction.
What’s groundbreaking about this is they are mandating Open APIs. Axway’s belief is that opening up systems break down the barriers between internal and external partners to bring innovation and efficiency.
The main things that are part of this compliance equation are privacy, security, and standards. There’s been much written about FHIR®; today, we focus on APIs and API security.
For example, the interoperability rule mandates that third-party applications (and providers and plans) use an Open API to share copies of a patient’s health records, claims, and pharmacy data.
The value of this to the patient and the community is that now third parties can build innovative apps, and the patient is finally entirely in charge of his health records, free to share with others as he sees fit.
With this rule, we can imagine specialists building care plans for mobile apps that guide patients through complex multi-physician and health facility encounters and appointments.
This makes a huge difference in a patient’s experience. It can help doctors review past records more quickly and prevent errors due to missing patient history.
This also takes out the regulatory barriers to get your information quickly. Before the Interoperability Rule, patients had to request manually copies of their records, typically wait a few days and then receive the data on a CD.
In the past, HIPAA privacy and security rules could be used as a reason to block data sharing; making it difficult for family members, partners, and others to get copies of records. Now, with the Interoperability Rule, we get to the beginning of real interoperability.
The question is, as a patient, how do you know that this is going to work well for you?
Does this mean you have to go through many administrative processes? The answer is no; this pulls healthcare into the new world.
OAuth 2.0 enables others to act on your behalf. A simple way to think of OAuth is that it creates a token that says I consent for my credentials to be used by another app.
This token can be shared between applications and organizations, ensuring that privacy and security are maintained without setting up new identities and authorization in multiple systems.
You have used OAuth if you used your Google, Facebook, or LinkedIn account to log in to another application. This is something millions of us already do every day, and it makes sense to use this in the complex world of healthcare.
This is beneficial for many health organizations because now they need not create and maintain security credentials in every system.
OAuth enables systems to ensure they have permission to take this action while reducing the administrative work to keep all the systems synchronized.
So, OAuth is critical to make interoperability work; it reduces the setup and maintenance costs, enabling patients to agree electronically to things without having to do separate log-ins, and reduces the complexity of managing identities separately in every system.
In today’s world, you go to a hospital or doctor’s office and each organization assigns you a different user ID and password.
Each organization has a URL (website) that you must use and remember to access your records. You tend to review your records, as it’s overwhelming and time-consuming, but now you could manage all your health records in one application of your choice.
Because the government is changing regulatory requirements to encourage interoperability based on Open API standards, health plans and providers can reduce costs, and patients can get to their data quickly.
If that’s not enough to convince you that the Interoperability Rule is going to open healthcare. Here is another example to help you understand the power and importance of the Interoperability Rule.
Imagine trying to assist your college-age child or your elderly parents navigate health systems, get second opinions, and transfer records from home to school or summer home to winter home.
The Interoperability Rule allows you to fast-track sharing information to the application of your choice.
A family member can now review and understand another’s care plans and records even if they don’t live in the same state. The patient is in control, and the patient determines who gets copies of their health records.
Access to data is at the heart of the most innovative ideas. Imagine how many new uses and tools can be created. This is a game-changer for health systems in the US.
Learn how to improve patient experience through digital healthcare initiatives.