FHIR-Based Regulations are Just Around the Corner

October 2, 2020
FHIR-Based Regulations are Just Around the Corner

Due to COVID-19, CMS has delayed enforcement of the Patient Access and Provider Directory APIs of its FHIR-based CMS-9115-F final rule by six months, from January 2021 to July 2021. So, while there’s a little more breathing room, don’t wait – those six extra months will go by fast. You really need to address the deadline – now.

You already know this…but we’ll repeat it

Just before the pandemic hit, the Centers for Medicare & Medicaid Services (CMS) released final rule CMS-9115-F that covered Interoperability and Patient Access. A major requirement of the final rule – Patient Access – says that Medicare healthcare payers holding patient information must do the following:

  • Make patient data available to patients via third-party apps using FHIR APIs.
  • Provide publicly accessible directories of their network providers using FHIR APIs.

Failure to do the above could be construed as “information blocking” – and could open payers up to hefty civil monetary penalties.

People really like having access to their health data. CMS created the “Blue Button” in 2010 for Medicare beneficiaries to download their claim data. Since then, patients have pressed the Blue Button more than one million times. CMS’s new, improved Blue Button 2.0 is an API that contains four years of Medicare data for 53 million people.

But all of this isn’t required until July. Wait…that’s not far off.

You’re right. It’s almost here. CMS adopted the HL7 Fast Healthcare Interoperability Resources (FHIR) data API standards framework into its Interoperability and Patient Access final rule – and it comes into force July 1, 2021.

Unfortunately, we’ve seen the payer industry fall into two general categories:

  • Those that are medium/smaller, with fewer and/or swamped IT resources unable to take on the requirements of the Interoperability and Patient Access final rule.
  • Larger organizations in which bureaucracies and approval levels haven’t fully come to terms with the immediacy of CMS-9115-F (or believe that market forces will result in another delay).

In either case July 1, 2021 is coming fast. Did we mention hefty potential civil monetary penalties?

Okay – we know the deadline is approaching. Do we panic?

No – not just yet. As with many business solutions, you will generally have the “build or buy” scenario. As far as building, at a minimum you’ll need to know if your swamped IT staff can do the following (sorry, it’s a bit techy):

  • Become technical experts on FHIR V4 API and resource specification, including resource profiles
  • Determine which of the more than 140 FHIR APIs and dozens of resource types you need to implement for mandate compliance
  • Design an appropriate consent model for your patients and tie that in with your web properties and OpenID/OAuth-based security infrastructure
  • Design and deploy an audit infrastructure that you can use to defend against potential “information blocking” complaints
  • Determine how you are going to deal with data quality issues that propagate from your existing data sources
  • Deal with bi-directional data synchronization of data in a multi-source data scenario
  • Create all the mappings for all the FHIR APIs and Resources that you’re going to need to map/transform to/from HL7

Given the complexity and the time frame, perhaps buying is the way to go.

What to ask about if you’re buying

There are a number of FHIR-related solutions that can meet your compliance needs out there, so be sure you know what you’re getting into. Some questions to ask a potential provider:

  • Is it tech-vendor neutral? That is, is it viable on the platform that works best for you, or is the provider locked in? For example, AWS versus IBM Cloud or Azure.
  • Can you migrate the solution easily between cloud, on-prem and hybrid models?
  • Can one deployment function for multiple backend health record systems?
  • Will is work securely through the Internet on its own, versus requiring you to buy into expensive VAN-like infrastructure?
  • Will it scale as your needs change?
  • Will it work with the technology you already have?
  • Can it be tailored towards broader FHIR usage, or is it just an “out-of-the-box” solution for CMS-9115-F compliance?
  • Does it have data quality capabilities to deal with data quality issues before those issues are propagated outside of your data perimeter?
  • Will it audit your end-to-end FHIR data flows as a defense against potential “information blocking” complaints?
  • If you want, will the provider run it for you as a managed service?

So, there’s a lot to think about – and get implemented – by July 2021. Don’t wait – the CMS deadline is on its way.

Prolifics can help

Prolifics offers you our Quick FHIR solution that will jumpstart your FHIR initiative and CMS compliance. Our solution is built on leading technology that accelerates FHIR adoption. Quick FHIR deployments are end-to-end solutions built to each unique client’s requirements, from CMS-9115-F compliance to FHIR as the backbone of your organizations data strategy. We’ll guide you in a rapid, comprehensive implementation across your enterprise. You can start your Quick FHIR journey with a no-cost workshop. Learn more from our brochure, Quick FHIR for CMS Mandate Compliance, and email solutions@prolifics.com to get going.

[For complete information, check out Prolifics guide to FHIR.]

Talk with us

You have a vision for your organization – don’t let your technology slow you down. Our Quick FHIR solution and experience will get you there. Sit down with us – let’s talk about your challenges, review and reevaluate your plans and get you started where it makes the most sense. Vision to Value. Faster. It’s not just our tagline, it’s what drives us. It’s how we deliver solutions and services. It’s our commitment to you – and it’s needed today more than ever. Visit www.prolifics.com or email solutions@prolifics.com.

Resource