On March 9, 2020, the U.S. Department of Health and Human Services (HHS) finalized two rules (now released for publication in the Federal Register, as of April 21, 2020) intended to give patients additional access to their health data. The rules, issued by the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC), implement interoperability and patient access provisions of the 21st Century Cures Act as well as the Administration’s MyHealthEData initiative. The heart of CMS’ rule is to support data flowing freely and securely between payers, providers, and patients, and to truly achieve coordinated care, improved health outcomes, and reduced costs.
This rule finalizes new policies that give patients access to their health information and moves the healthcare system toward greater interoperability. These new policies include:
Patient Access API (applicable January 1, 2021)
Provider Directory API (applicable January 1, 2021)
Payer-to-Payer Data Exchange (applicable January 1, 2022)
Improving the Dually Eligible Experience by Increasing the Frequency of Federal-State Data Exchanges (applicable April 1, 2022)
Public Reporting and Information Blocking (applicable late 2020)
Digital Contact Information (applicable late 2020)
Admission, Discharge, and Transfer Event Notifications (applicable fall 2020)
Rather than focus on the rule in its entirety, we would like to highlight some privacy and data security concerns under Patient Access API that immediately stand out.
Under the new interoperability rules, Medicare Advantage (MA), Medicaid, Children’s Health Insurance Program (CHIP) health plans, and plans sold on Affordable Care Act exchanges will be required to make patient requested data available to third party software applications of the patient’s choice unless a security analysis determines the app poses a security risk to protected health information in transit or in the plan’s network.
Payers may also provide information to educate its members about sharing their health information with third parties, and the role of federal partners like the Office of Civil Rights (OCR) and the Federal Trade Commission (FTC) in protecting their rights and how to file complaints if their information has been breached by the third party apps. As COVID-19 continues to overwhelm the health care system, it is likely that health IT developers and health plans may struggle to meet the proposed compliance deadlines.
https://ncbarblog.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.png00Securityhttps://ncbarblog.com/wp-content/uploads/2018/06/Blog-Header-1-1030x530.pngSecurity2020-04-23 12:30:142020-04-24 11:43:18Hey Health Plan, I Want _______ App to Have My Health Data!