Ready or not, it's time to implement the Interoperability and Patient Access Rule. While this will require investment in new ways to govern access to electronic health information, it also presents a unique opportunity to build on current work to educate and empower patients to take control over their health. 

What is the Interoperability and Patient Access Rule and why does it matter?

The Centers for Medicare & Medicaid Services (CMS) initiated the Interoperability and Patient Access final rule to break down silos in the U.S. health system to improve patient access to their health information, improve interoperability and unleash innovation, while reducing burden on payers and providers.

The rule gives individuals the ability to take greater ownership and accountability for a broader and consolidated set of electronic health information (EHI) and, with individual consent, share that information with their health plan and providers. This will be supported by the creation of a system of regionalized data brokers who arbitrate the exchange of electronic health information with and from CMS-regulated health plans, providers, and IT developers according to defined patient consent parameters. This new approach – the Trusted Exchange Framework and Common Agreement (TEFCA) – is still being considered by regulators but will likely follow the National Information Exchange Model (NIEM), a proven federal approach for the exchange of data within and across industries, including Homeland Security. As a result, providers, payers, technology developers and public health will have access to a significantly higher volume of usable data, that is, actionable information, generated from a combination of operational, financial, clinical, social determinant and patient reported sources.

What does it mean for provider organizations?

In his book Unlocking the Customer Value Chain: How Decoupling Drives Consumer Disruption, Thales Teixeira asserts that “Technology doesn't drive disruption—customers do. Disruptors sell what customers want and let competitors sell what they don’t.” In our industry, as technology developers learn what information patients want and how to make it simple for them to get it, patients will exercise increasing control as to how and with whom their EHI is shared.

Like retail or banking, where we’ve seen this pattern of customer empowerment, a patient’s care journey is, by definition, personal. Where healthcare diverges from these other industries is the role of the care provider, a relationship that can feel intimate for the customer – as a knowledge holder, influencer, and sometimes, gatekeeper, this role is where trust is built and lost. For this reason, how provider organizations choose to react to this new regulation, from the exam room workflows to the cultural center of their organizations, has the potential for a profound influence on customer retention.

Once the new rule is implemented, by today’s standards, the breadth and sheer volume of data transaction with third-party entities and patients will be like nothing we’ve seen before. This will usher in unprecedented risk, including risk to privacy as third-party developers are able to directly access patient data and risk to monetization of data with the rise of new applications that circumvent traditional regulatory gatekeeping policy. Coupled with the existing vulnerability of patient safety in the era of “Dr. Google,” the individual patient-provider relationship is that much more important in risk mitigation. It will therefore be incumbent on provider organizations to build the organizational capacity to detect risk quicker, respond and efficiently integrate learnings into existing policies and procedures.

The silver lining to all this is that it creates an opportunity and immediacy for patient engagement to take a truly central role in the success of a healthcare organization. Like in the retail and banking industries, customer retention is paramount to your financial success – more so than the individual sale of a product or service. From the exam room to other interactions with the care team, provider organizations can reimagine how to create value in every interaction. For example, rethinking value-based contracting models that create more time and opportunity to educate patients on how to access, use and protect their health data.

What to Expect

There will be operational pressure for providers to comply with the new rule. They’ll need to do so by developing policies to adhere to information blocking regulation, adopting new technologies, workflows, governance and training models, and making  new investments in  third-party developer solutions  to prototype, test and market these products.

Longer term impacts will see:

  • Incremental improvements in patient access to EHI and provider directory data leading to a higher level of discernment in customer product choice
  • Higher precision in matching patients to clinical history, medical needs, social determinants of health and physical/digital location; significant data security risks ​and more reliance on strategic partnerships and trusted health information networks/exchanges for reliable sharing of EHI
  • Increased market competition stemming from a need for digital products and strategies to attract and retain patients and networks​
  • Improved care coordination, continuity and quality of care resulting from a portable, digital patient health record, better data standardization and improved B2B interoperability ​
  • Accelerated adoption of value-based payment models resulting from a growing cumulative patient record, great data fidelity and corresponding ability to more accurately measure patient outcomes medical, behavioral and social determinants)
  • Voluntary commercial insurance adoption of standards and rules
  • Further industry consolidation

How Should You Respond?

To ensure readiness, you need to embrace change. Recognize that you need a data governance model that empowers patients and an approach to risk management that integrates with what you’ve already built for continuous quality improvement. Going beyond the regulatory requirements to the intent of the interoperability and patient access rule, build on the trust you have with your customers by enabling them to safely use their EHI for better decision making and improved health outcomes.

This will all necessitate some strong self-reflection:

  • To what extent have you historically reverse-engineered the use of EHI to benefit your regulatory, operational, and financial needs, with no clear value for your customers?
  • At a cultural level, what adjustments must be made to accommodate true patient-centeredness in the exchange of EHI?
  • How can you seize the moment to further educate and empower your customers to take control of their health?
  • What resources must be shifted to enable your care model to gain customer consent to access their data, while supporting the wellness of your providers and staff?
  • What population health people, process and technology do you have to convert an increasing volume of data to actionable information?
  • How mature are you as an organization to execute a value-based model of care that will leverage the change that is coming from the new rule?

The Bottom Line

This new rule will have significant impacts on providers’ practices and operations. If you’re unprepared to go it alone, be sure to seek out help as you work to implement the proper tools, technology and strategies.

Learn more about how to move beyond compliance and build a consumer-centric approach to healthcare interoperability here.