The 21st Century Cures Act rolls out significant changes that will transform how the healthcare industry exchanges data at a fundamental level. The act will take advantage of new standards and technologies to empower the patient while modernizing clinical and administrative initiatives amongst payers, providers, public health agencies, vendors, and healthcare information exchanges and networks.
Because the act was so general in it's scope upon initial publication, the Office of the National Coordinator (ONC) took steps to clarify rules surrounding interoperability and patient information blocking. This resulted in the development of the Final Rule which went into greater detail around the technical implementations needed for companies to remain compliant to the new rule.
As a result, it will be important for covered entities and business associates to evolve their current IT infrastructure or risk having to play an expensive game of catchup once the deadlines for the requirements have arrived – or worse, face heavy fines or even lose customers.
Because many of the requirements in the Final Rule are complex in terms of how they should be implemented according to each organization, companies should not look at Final Rule compliance as something they just have to implement only once but rather as an evolving effort that keeps up to date with policy changes as more technology is adapted in the marketplace.
While there is no “checkbox” list of requirements to fulfill the 21st Century Cures Act, there are technical considerations that should be implemented by an organization’s health IT program.
In this blog, we will summarize the major considerations of the Final Rule in regards to interoperability and information blocking and the impact they may have on your infrastructure. Along the way, we’ll include some excerpts from the Final Rule itself and some interpretations that can give you more clarity on how to solve the problem moving forward.
One of the major requirements for compliance with the 21st Century Cures Act in regards to interoperability is the API condition of certification.
“The API Condition of Certification requirement in Section 4002 of the Cures Act requires health IT developers to publish APIs that allow “health information from such technology to be accessed, exchanged, and used without special effort through the use of APIs or successor technology or standards, as provided for under applicable law.” The requirement also states that a developer must, through an API, “provide access to all data elements of a patient's electronic health record to the extent permissible under applicable privacy laws.” (85 FR 25739)
This condition from the Final Rule can help organizations determine how data is to be consolidated within the organization. For far too long, healthcare data has been spread out from many different sources and siloed out in many different environments. By consolidating the data, organizations can begin to normalize data formats for use across the entire IT infrastructure.
SMART on FHIR API access across all systems will lead to better data standardization and interoperability. It will then become easier for patients to access their data while organizations remain compliant to the Final Rule.
The push for interoperability as defined by the Final Rule is driving data standardization across the healthcare industry. Current standards are both technical and content-driven in scope and include:
We have adopted the HL7 FHIR US Core Implementation Guide STU 3.1.0 (US Core IG) implementation specification in § 170.215(a)(2). We note that we adopted the latest version of the US Core IG at the time of the final rule publication. The US Core IG defines the minimum conformance requirements for accessing patient data using FHIR Release 4 (adopted in § 170.215(a)(1)), including profiled resources, operations, and search parameters for the Data Elements required in the USCDI implementation specification (adopted in § 170.213).(85 FR 25740)
By having the ability to standardize EHR data, organizations will be able to assess what data is actually useful for the patient and then pull this data into a central repository for further transformation and analysis.
One of the more challenging aspects of The Final Rule is finding the right balance between patient access and information blocking.
In addition, we clarified that under our proposed definition, EHI includes, but is not limited to, electronic protected health information (ePHI) as defined in 45 CFR 160.103. We noted that EHI may also be provided, directly from an individual, or from technology that the individual has elected to use, to an actor covered by the information blocking provisions. (85 FR 25803)
Because patients make the final decision on what applications obtain access to their healthcare, having a clear communications workflow present during attestation can help prevent information blocking while adhering to HIPAA’s Privacy Rule.
Right of access. Except as otherwise provided in paragraph (a)(2) or (a)(3) of this section, an individual has a right of access to inspect and obtain a copy of protected health information about the individual in a designated record set, for as long as the protected health information is maintained in the designated record set, except for:
(i) Psychotherapy notes; and
(ii) Information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding.
If your organization is not yet ready to comply with The Final Rule, you’d better move quickly because the deadline is July 1st, 2021. However, there are a few things to keep in mind when considering a solution:
Given the difficulties and expenses associated with integration engines, a cloud-based solution is the only viable path forward to meet the deadline. Unlike traditional solutions, a cloud-based solution is:
To learn how Cloudticity Healthcare DataHub, our cloud-native integration and analytics solution, can help you quickly comply with the Final Rule, read the full white paper. Or schedule a free consultation to learn how you can meet the ONC Final Rule requirements in days instead of months.