ONC & CMS Interoperability Regulations: Part 3 – HIEs & Patients


By John D’Amore, MS, President and Chief Strategy Officer

This is Part Three of a four-part series that will cover major implications of the March 2020 ONC and CMS regulations for interoperability. Each segment of the series highlights the impact of the regulations on one stakeholder group in the healthcare ecosystem and this installment is on Health Information Exchanges (HIEs) and Patients. We’ve grouped these two parts of the ecosystem since they are both vested participants in the creation of a longitudinal record.

The Paradox of Health Information Exchange

HIEs are often missed in the market research and reports about health IT. They don’t have large purchasing power in healthcare, but that measure underestimates their importance. HIEs  represent critical national infrastructure for the effective operations of healthcare and make meaningful improvements to patient care every day.  They generally operate as non-profit entities on a regional or state basis. The largest group of HIEs are represented by the Strategic Health Information Exchange Collaborative known as SHIEC. Here is a graphic of their reach nationwide and which ones are collaborating on a model of data exchange (“patient centered data home” or PCDH) between HIEs.

It’s important to consider the business models of HIEs when evaluating the impact of ONC and CMS regulations. Since HIEs are funded through provider payments, payer revenue and state grants, they don’t easily fit into federal regulations. HIEs are not required to use certified health IT software like providers. HIEs cannot be forced into data sharing of member data through portals and APIs like payers. So, when the government regulation pushes the adoption of new standards and information exchange, they are generally mandating changes by HIE participants, but not any HIE directly.

This is the paradox of health information exchange. We know data sharing is critical. We know interoperability is hard, but HIEs are often not fully incorporated into federal regulation. This has been the motivation behind a federal initiative known as Trusted Exchange Framework and Common Agreement, known as TEFCA. TEFCA outlines a common set of principles, terms, and conditions to  help enable nationwide exchange of electronic health information (EHI) across disparate health information networks (HINs).

No Agreement on Trusted Exchange Framework and Common Agreement

TEFCA was proposed for inclusion in both the ONC and CMS regulations, but the decision was to not finalize any participation at this time. Specifically, from the CMS regulation:

“We agree that trusted exchange networks can play a positive role, but given the concerns commenters raised regarding the need for a mature TEFCA, and appreciating the ongoing work on TEFCA being done at this time, we are not finalizing this policy at this time” (Page 225)

So rather than add requirements around TEFCA, the federal government punted. This means that HIE activity will largely continue as-is in the short-term. The new requirements from the CMS regulation that requires hospital event notifications may spur some activity for HIEs, although many health systems are already far down the road of how to share alerts among physicians. The new standards for the adoption of FHIR for information exchange, as covered in other installments, should be on the dashboard of every HIE business executive, but remains at least 2 years out for providers. Inadvertently, the critical national infrastructure of HIEs are one of the least affected groups by major federal regulations for interoperability. The rationale behind this represents a new directional focus for the federal government, which has turned toward patient access to data.

Are Patients the new HIE?

While it’s never explicitly stated that patients are an alternative for HIEs or formal data sharing between healthcare participants, there are clear undercurrents of it in the federal regulation.

[The federal government] believe[s] there are numerous benefits associated with individuals having simple and easy access to their health care data under a standard that is widely used. Whereas EHR data are frequently locked in closed, disparate health systems, care and treatment information in the form of claims and encounter data is comprehensively combined in a patient’s claims and billing history. Claims and encounter data, used in conjunction with EHR data, can offer a broader and more holistic understanding of an individual’s interactions with the health care system than EHR data alone. (Page 50)

The federal regulations are placing intense focus on patient access hoping that it will solve many of the complaints about interoperability. This agenda of patient access has strong advocates. The CARIN alliance has a vision of rapidly advancing the ability for consumers and their authorized caregivers to easily get, use, and share their digital health information when, where, and how they want to achieve their goals. Their board members and alliance members include industry heavyweights like Apple, Microsoft and Google. As mentioned in Part Two of the series, the CARIN alliance has led development of some of the standard for claims information sharing as part of the federal regulations.

Your Phone as Health Record

So, will this work? Recent data regarding the utilization of patient portals is not encouraging. Research from the GAO shows only a small minority of people engaged and they may not be the most costly or complex patients. Also, past experiments like BlueButton offered by Medicare have not reached a broad audience. Ask your friend, parents or colleagues on Medicare whether they ever tried to access their data through . The vast majority of people I’ve asked have not.

That said, people have used their computers and phones for many aggregator services, like Mint for financial data.  The theory is that pairing required APIs by health plans and providers with smartphones will substantially lower the barrier to adoption. However, many industry participants voice concerns about this. Remember once an app has your health data on your phone, HIPAA no longer applies! Epic, the largest vendor for EHRs, expressed a serious concern that these apps may not meet the privacy or security expectations of patients. They caught some blowback for those comments, but there are serious concerns. Here is what the American Health Insurance Plans (AHIP) group said recently:

“We remain gravely concerned that patient privacy will still be at risk when health care information is transferred outside the protections of federal patient privacy laws. Individually identifiable health care information can readily be bought and sold on the open market and combined with other personal health data by unknown and potentially bad actors. Consumers will ultimately have no control over what data the app developers sell, to whom or for how long.” – Official Response from AHIP

There’s risk here but there’s also going to be a need for services to make this highly fragmented, inconsistent, duplicated and disorganized data into something that can make sense to a patient. That’s where we come in.

Don’t Panic. Help Is Here

As your organization works through the implications of these regulations, Diameter Health will be sharing our know-how with you through this series. But it’s not just about know-how. Our software engineers and clinical informaticists have been relentlessly focused on unlocking the value of clinical data via interoperability standards and have already demonstrated support for FHIR.

Diameter Health has worked with millions of patient records and dozens of HIEs nationally to make information more usable and actionable to a wide variety of constituents. Now is the time to get the conversation rolling given the importance of this rule.  For more information, please reach out to Diameter Health (use the “Sign Up” form at the top right of this page and we’ll alert you to future posts) or listen to our virtual HIMSS 2020 sessions here:

Go to Part 1

Go to Part 2

Go to Part 4

Sign Up

  • This field is for validation purposes and should be left unchanged.
® Diameter Health is a trademark registered in the US Patent and Trademark Office.