Interoperability has always been a somewhat controversial issue in healthcare. Most providers and healthcare systems do not seamlessly exchange patient data or do not have the ability to, requiring patients to be responsible for manually transferring their data from one source to another.
Approximately 96 percent of hospitals and 78 percent of physician practices now utilize EHRs, but there still is a lack of accessible and interoperable patient data. Even though there are abundant benefits for providers and healthcare systems who share data, and research shows that there’s a strong desire from the patient community for that integration, data silos remain.
Although a key method for achieving this interoperability to promote expanded patient access is the development of application programming interfaces (APIs), until recently it was only a discussion for United States legislators. The Office of the National Coordinator for Health Information Technology (ONC) only required APIs to make the common clinical data set – i.e., patient problem and medication lists – available.
The ONC defines APIs as tools that support interoperability by allowing different software programs to easily communicate with one other and to share information. For the healthcare industry, they offer a cheaper and easier format of interoperability and enable benefits such as patient access to data, provider-to-provider exchange of information and the incorporation of clinical decision support tools, such as risk calculators or apps that provide recommendations for prescribing antibiotics.
Even though there is research that suggests countries that prioritize interoperability and data sharing rank higher in measures of healthcare quality, obstacles to the use of these APIs beyond a lack of government legislation have included access challenges, clunky technology and poor standards. Other challenges to the increased use of patient-facing APIs have included security concerns, a lack of business drivers and EHR vendor hesitation toward data sharing. Plus, as the ONC reports, there are low levels of consumer awareness that APIs and apps exist and are useful for accessing, using and sharing their data.
Understanding the Final Rule of the 21st Century Cures Act
Approximately one year ago, the ONC announced the Final Rule of the 21st Century Cures Act, which provides the United States Department of Health & Human Services (HHS) with broad authority to prohibit information blocking and protect the private information of patients. The Act requires the Secretary of HHS to establish Conditions of Certification requirements for the ONC Health IT Certification Program.
Under the final rule, health information technology (IT) developers are required to use open, standardized APIs, which encourage secure access to data. They must use Fast Healthcare Interoperability Resources (FHIR®) Release 4. The final rule also:
- Sets standards for transparency, allowable fees and appropriate business practices to encourage competition
- Calls on medical providers and device developers to promote patient data access using third-party apps and APIs
- Seeks to enable consumers to store, aggregate, use and share electronic health information (EHI) using APIs and apps of their choice by establishing access to health information “without special effort” and the ability to exchange EHI with third parties, including researchers
- Gives health IT developers, healthcare providers and app developers formal direction regarding on the content and transaction standards required for consumers to access their health information using standards-based (APIs and healthcare apps)
- Identifies and finalizes the reasonable and necessary activities that do not constitute information blocking while establishing new rules to prevent “information blocking” practices by healthcare providers, developers of certified health IT, health information exchanges and health information networks as required by the Cures Act
- Requires hospitals, psychiatric hospitals and critical access hospitals participating in Medicare or Medicaid to send electronic admission, transfer and discharge (ADT) notifications to other applicable providers when a patient is admitted, discharged or transferred
- Necessitates that certified EHR systems implement API capabilities required by the 21st Century Cures Act within 24 months of the rule’s publication
The Role of Third-party APIs
The Patient Access API from the Centers for Medicare & Medicaid Services (CMS) is designed to enable patients to access their data through any third-party application they select to connect to the API. Third-party, in this case, points to an app developer or user of health data who isn’t the developer of the health IT solution that serves as the originating data source.
The Patient Access API requires CMS-regulated payers to implement and maintain a secure, standards-based API for this purpose, and through it, claims data, used in conjunction with clinical data, can offer a broader and more holistic understanding of an individual’s interactions with the healthcare system. This leads to better decision-making and improved health outcomes.
Third-party APIs allow healthcare entities to achieve easy and secure access to data and add features that would be difficult for them to build their own. Through the final rule, healthcare providers are required to send medical information to third-party apps at a patient’s request. They also have the right to educate their patients about possible privacy risks from authorizing third-party apps to access their data.
The Effect of the Final Rule
The goals of the Final Rule of the 21st Century Cures Act are to advance interoperability for improved patient and provider access to data, expand the data elements, enhance communication between various health IT systems and mobile applications used to store and maintain health information, spur patient access to data via personal devices and promote patient control of their electronic health information (EHI) to enable apps to provide patient-specific price and product transparency. It’s designed to reduce the effort it takes to access, exchange and use EHI.
For patients, the Final Rule of the 21st Century Cures Act allows them to use the tools they want to shop for and coordinate their own care on their smartphones and better track and manage their health outside of their provider’s office. They can make more informed decisions about their health, procure the ability to take their medical data with them from provider to provider, create their own longitudinal health record and realize the potential of patient engagement via an emerging ecosystem of third-party apps.
- Alleviating the challenge of managing multiple portals tethered to each provider’s EHR to benefit consumers with multiple providers and conditions that require monitoring of a substantial quantity of information
- Assisting and managing data and addressing social isolation for consumers using long-term and post-acute care services
- Motivating patients with rare, hereditary or terminal diseases to access and exchange their health information to support and accelerate research exploring promising or new treatments.
On the provider side, the new legislation further facilitates the exchange of clinical data and allows for more effective use of patient data from EHRs for clinical decision-making. They can exchange only the information needed to inform care decisions and in a digital format, thereby mitigating the need to exchange full clinical documents. By improving the way providers communicate, the use of standard APIs has the capability to advance care coordination and reduce unnecessary testing, procedures and costs. For both patients and providers, the increased use of these APIs offers additional tools to access information and ensure high-quality, efficient, safe and value-based care.
Learn more about how Providertech is enabling patient access to data through FHIR APIs by scheduling a demo with our skilled team!