The Centers for Medicare and Medicaid Services (CMS) released the final version of major patient health data standards regulations Monday — amidst a blizzard of emergency notices related to efforts to contain and fight the Covid-19 pneumonia outbreak.
Matt Eyles, the president of America’s Health Insurance Plans (AHIP), said in a statement that he believes the new CMS Interoperability and Patient Access could make patients’ health records too accessible to private technology companies.
- Resources related to the final CMS Interoperability and Patient Access regulations are available here.
- An article about Trump administration medical records access goals is available here.
Those companies operate beyond the reach of the Health Insurance Portability and Accountability Act (HIPAA) health information privacy and data security rules, Eyles said.
“We remain gravely concerned that patient privacy will still be at risk when health care information is transferred outside the protections of federal patient privacy laws,” Eyles said. “Individually identifiable health care information can readily be bought and sold on the open market and combined with other personal health data by unknown and potentially bad actors. Consumers will ultimately have no control over what data the app developers sell, to whom or for how long.”
The Final Regulations
CMS has posted a preliminary version of the final regulations on its own website and is preparing to post the true final version in the Federal Register soon.
One provision, for example, requires all ealth plans regulated by CMS, such as Medicare plan issuers, to make health care provider directory information available through a standardized connector called an API. Plans must provide public access to the provider directory information by Jan. 1, 2021.
“Making this information broadly available in this way will encourage innovation by allowing third-party application developers to access information so they can create services that help patients find providers for care and treatment, as well as help clinicians find other providers for care coordination, in the most user-friendly and intuitive ways possible,” officials say in a CMS fact sheet summarizing the new final regulation. “Making this information more widely accessible is also a driver for improving the quality, accuracy, and timeliness of this information.”
Another provision, which also takes effect Jan. 1, 2021, requires carriers to provide a patient access API that the patients can use to get to their own health insurance claims information.
CMS developed the regulations in an effort to force U.S. health care system players to adopt compatible patient health information systems, to make health records available to the patients, and to make it easy for patients to move electronic health records from one entity to another.
Congress included health record standardization provisions in HIPAA, which became law in 1996.
But patients, providers and others have complained bitterly about U.S. health system players’ ongoing failure to give health record systems the ability interact with other health record systems.