What is the ONC Cures Act Final Rule and the CMS Interoperability and Patient Access Final Rule?
On March 9th the Office of the National Coordinator (ONC) and the Centers for Medicare & Medicaid Services (CMS) finalized two rules focused on interoperability.
The ONC Cures Act Final Rule’s purpose is to support ‘seamless and secure access, exchange, and use of electronic health information.’ This rule is focused on defining the requirements for certified Health IT Products used by providers, but also has important information blocking provisions targeted at providers, developers of certified health technology, payers, and other health information networks.
The CMS Interoperability and Patient Access Final Rule is intended to complement the ONC Final Rule, requiring CMS regulated payers to implement and maintain a set of secure standards-based Application Program Interfaces (APIs) over the course of the next two years. This timeline consists of payers hitting important milestones as a condition for administering plans such as Medicare Advantage (MA), Medicaid, Children’s Health Insurance Program (CHIP) and qualified plans on the federally-facilitated exchanges.
The first major milestone is January 1, 2021, which requires two APIs be made available for consumption to the public – a Patient Access API and a Provider Directory API. The Patient Access API will allow members to easily access their claims and encounter information, including costs, as well as a defined sub-set of their clinical information through third-party applications of their choice. The Provider Directory API will require payers to make their provider directory information available to the public, so that members can find providers offering appropriate care, treatment, and care coordination services.
Finally the next milestone, which goes into effect January 1, 2022, is designed to enable payer-to-payer data exchange using the data classes outlined in United States Core Data for Interoperability (USCDI). This milestone will provide access to a wider set of a member’s encounter data (at the member’s request) allowing members to take their information with them as they move from payer to payer over time.
Why were these new rules implemented?
According the Department of Health and Human Services (HHS), the new ONC and CMS rules are intended to give patients unprecedented safe and secure access to their health information. To achieve this goal, HHS needed to implement requirements across providers, payers, and HIT vendors in order to ‘free the data’ and overcome interoperability obstacles – hence the reason for the two rules. By putting the member in charge of their health records, they’ll be relying on 3rd party application developers to deliver on innovation while also striking the balance of privacy, consent, and comprehension.
What do the new rules mean for healthcare organizations?
The new rules are great for patients; however, they place a major burden on payers, providers, and health IT vendors with each rule outlining specific timelines and compliance dates. For providers, the burden falls on their certified HIT vendors (think EHRs) to meet the majority of their compliance requirements. For payers, they’ll need to develop a strategy to hit these milestones over the next two years – a strategy that will need to take into account not just the near term goals of the Patient and Provider Directory APIs, but how their organization will manage and share data beyond 2021. This strategy will require key IT investments to ensure compliance requirements are met while also balancing consent, privacy, and comprehension on behalf of their members.
Implementation in a time of pandemic
However, since the announcement on March 9th the past seven weeks have been a blur for the entire world, especially healthcare organizations. The novel coronavirus has shifted the focus of hospitals, health plans, and health IT vendors on mitigating the COVID-19 pandemic. As a result, both CMS and the ONC delayed the publication of the final rules on the Federal Register until May 1st, and also announced a period of enforcement discretion after the two rules become effective.
Don Rucker, M.D., National Coordinator for Health IT, stated “During this critical time, we understand that resources need to be focused on fighting the COVID-19 pandemic. To support that important work and the information sharing efforts we are already seeing, ONC intends to exercise enforcement discretion for 3 months at the end of certain ONC Health IT Certification Program compliance dates associated with the ONC Cures Act Final Rule to provide flexibility while ensuring the goals of the rule remain on track.”
Seema Verma, CMS Administrator, stated "in a pandemic of this magnitude, flexibility is paramount for a healthcare system under siege by COVID-19. Our action today will provide hospitals an additional 6 months to implement the new requirements."
Delayed but not dead
For many of our readers this announcement comes with a sigh of relief as internal resources and budgets are stretched due to the pandemic, making it a concern of stakeholders to meet the implementation timelines. However, even with the delay, health plans need to start putting in motion their compliance plans to meet the January 1, 2021 deadline. If you’re interested in learning more, read our latest summary on the Interoperability and Patient Access Final Rule to learn about the deadlines established by CMS.
Stay tuned as we will continue to publish new information on how we can help your organization meet the new interoperability rules to comply with the ONC and CMS final ruling.
Where are you in the planning process, and how are you dealing with the balancing the response to COVID-19 and the compliance dates outlined by CMS and ONC? Leave your comments below.