What do states need to know from the CMS and ONC NPRMs?
In two Notices of Proposed Rulemaking (NPRM), the Centers for Medicare and Medicaid Services (CMS) and the Office for the National Coordinator for Health IT (ONC) have shown a commitment to two major issues: increased portability of patient data and decreased reporting requirements for providers. These two issues are as deeply intertwined with each other as they are with delivery system and payment reform, which relies on the discrete data being reported by providers and, sometimes, patients.
To focus on this complex problem, CMS and ONC set about addressing the portability of data and the provider burden issue by using application programming interfaces (API), essentially database portals. APIs can help make patient electronic health information (EHI) portable and more easily exchanged between parties. They also build some opportunities for provider efficiencies by creating a portal to existing stores of data, rather than requiring providers to reenter or duplicate efforts. For example, prior to this NPRM, CMS has been building API capabilities for the National Plan and Provider Enumeration System (NPPES), the database that tracks National Provider Identifiers (NPIs), but keeping the content more current and reliable is something they are considering from an enforcement angle in this NPRM.
Some of the proposed strategies in this rule put the patient (and, by proxy, third party software application vendors) in the driver’s seat, where other strategies keep the providers and EHR vendors in control. CMS aims to continue building on some of the early success they have had with the Blue Button API, which allows for limited claims portability for the patient. In the NPRM, there are several requirements for claims and administrative-related APIs from managed care entities in Medicare, Medicaid, and the Children’s Health Insurance Program (CHIP), as well as state Medicaid and CHIP agencies for the fee-for-service portions of the programs. CMS and ONC clearly envision a third-party marketplace enabled by claims and administrative data where patients can choose to securely download their records to an application and then securely transmit them to a provider, overcoming the frustrating issue of new providers not having records from another provider.
Both NPRMs strongly promote the Fast Healthcare Interoperability Resources (FHIR, pronounced “fire”) standard for APIs to securely transmit sensitive healthcare data. Each NPRM discusses the technology and why the government wants to require this. It is important for a singular standard to be used so any entity building a repository for the data feeds can do so with these clear standards in place. Entities sending and receiving data through APIs for these purposes will appreciate a singular set of clearly defined standards.
There is also a substantial portion of each rule dedicated to addressing the issue of information blocking, which is the process of preventing someone’s EHI from being transferred to another provider. Blocking happens through electronic protocols, fees, interoperability issues, contract challenges, competition conflict, and other issues. Both rules set about identifying it, limiting when it is and is not allowed, and describing how each agency will address it.
States should also note the new proposed requirements for changing the frequency at which states make data available on individuals dually enrolled in Medicare and Medicaid (“duals”). CMS is seeking to increase the frequency of buy-in data and the Medicare Modernization Act (MMA) duals file from monthly to daily, beginning April 1, 2022, as well as seeking comment on any other ways CMS should further leverage data to improve care for duals.
Finally, patient identification is one issue CMS and ONC seek to address through a Request for Information (RFI). This issue is critical to solving patient EHI portability, provider burden, and data needs for value-based purchasing. There is a long history to this issue, which CMS lays out in the background of the NPRM. Since states have been spending vast amounts of time and resources on establishing individual patient identifiers, states may be interested in responding to the RFI on this issue.
See our detailed analysis of the rules here.