BLOG. 7 min read
Freeing Health Plan Data Using Trusted Exchange Networks
September 26, 2019 by Adele Allison
“Data is the new oil. It’s valuable, but if unrefined it cannot really be used,” Clive Humby[1]
That’s a valid thought, but what happens if you can’t get the oil out of the ground to begin with? The U.S. invested over $35 billion in electronic health record (EHR) incentives, achieving adoption rates of 86% by physicians and 96% by hospitals, and creating massive amounts of data. The oil is there, but we have to free it. This is the very nut the Center for Medicare and Medicaid Services (CMS) and the Office of National Coordinator (ONC) are trying to crack in the two proposed rules that add interoperability to the list of compliance requirements for health plans.[2] [3]
The foundation of interoperability begins with understanding the purpose for data movement. What are you trying to solve? We often refer to these answers as the use case, business case, epic, scenario, or storyboard. In health IT interoperability, use cases will define the data, technology, transport, steps and logic necessary to achieve a specific result. No matter where you are in your journey, you’ll be required to understand interoperability and how to implement the necessary steps to get there.
Think of interoperability as a 3-step process. First, you must package up the right data based on the need or use case. To learn about what data health plans are expected to make available to consumers, visit Richard Popper’s blog post. Second, you must transport the package from one system to another, which is what we’re going to focus on today. Third, when receiving the package, you must be able to unpack it and consume the data, which we will cover in the next post in this series. Today, let’s examine step 2, transporting the data from one system to another by connecting to a health information network (HIN) for trusted exchange.
Connectivity to a Trusted Exchange Network
Open APIs will be used to push data out from technology or data stores to HINs to facilitate transport. For this reason, the CMS-proposed rule is asking health plans to connect to a framework to achieve nationwide exchange of data using a trusted exchange network, thereby expanding data liquidity beyond a local market.
What is a trusted exchange network? Think of it as a system of national highways to which exchange vendors have on and off-ramps. Just as there are speed limits and safety rules on a highway, there should be rules to make health data exchange “trusted and secure.” This technical and governance structure is known as a trusted exchange framework. By connecting to this information superhighway, payers, providers and patients can communicate with each other as well as other payers and providers.
An HIN is an entity that establishes the policies, agreements, conditions and requirements for the exchange of electronic health information (EHI); manages the technology or services to enable exchange; and influences or even controls access, exchange and use of EHI. As an example, New York operates Healthix, an HIN that serves 28 million people across the state. Done right, exchange of information should be completely underwhelming for the end-user. The data is easily and securely available. By linking these HINs together, stakeholders have access to a nationwide roadway of networks.
So how could you use this roadway? There are 2 types of queries available to obtain information: direct (targeted) query and broadcast (untargeted) query. Direct queries are used when specific information for a known and identified source is needed. As an example, a new member in your health plan has moved across the country for his job and is leaving his legacy plan. You need information for risk management, enrollment, population health, or other reasons. In this direct query example, a network of HINs could provide the necessary transport for securing the EHI you need from a specific source. A broadcast query could be used when a provider needs EHI for a patient who came into the emergency department and is clinically unknown to that provider. A broadcast query could be sent out to the network for anyone who has information on the patient.
Keeping Data Secure and Private
CMS is proposing that health plans connect to such an information highway for secure exchange with, and use of, EHI from other disparate IT systems, and identifies three criteria networks must meet to be considered “trusted”:
- Enables exchange of personal health information (PHI) in compliance with all applicable state and federal laws across jurisdictions
- Connects both inpatient and ambulatory EHRs
- Supports secure messaging or electronic query by and between patients, providers and payers
HIPAA has always been the anchor for securing and keeping health information private. However, HIPAA was created in 1996, over two decades ago, before the advent of smartphones and mobile devices. Although the CMS-proposed requirements will mandate compliance with federal and state laws, the ONC is charged with broadening the scope of these requirements under the 21st Century Cures Act (Cures). [4] Cures tasks the ONC with the development of a comprehensive trusted exchange framework (TEF) and a common agreement to be adopted by HINs nationally. The result is the Trusted Exchange Framework and Common Agreement (TEFCA),[5] which seeks to achieve three goals:
- Provide a single “on-ramp” for connectivity nationwide
- Enable secure EHI availability whenever and wherever needed by the patient
- Support nationwide scalability
While voluntary at this time, HINs that choose to adhere to TEFCA[6] will be deemed “Qualified” HINs (QHINs). These QHINs can then be linked together to form a nationwide trusted exchange network, so that information is available to the patient anywhere, anytime it’s needed; much like you can access your checking account through an ATM. QHINs will be overseen by an ONC-contracted Recognized Coordinating Entity (RCE), which will enforce and govern their responsibilities. Likewise, your organization will want to have a contractual agreement in place with their interoperability partner(s) just as you have documents governing business associates.
In Summary
While your interoperability strategy will need to include wide use of open APIs to facilitate use cases, you will also need to ready your plan to connect to a trusted exchange network. TEFs promise to create the national infrastructure necessary to solve and support better care, improved health, and greater efficiency. As TEFCA is finalized, you will want to make sure you are plugging into an HIN with the highest level of integrity; one that is qualified using these principles and common agreement—a QHIN.
Our next blog in this series will cover the third step, the development of a business use case to implement these regulations and benefit health plans, providers and patients, including consuming data.
Look to SS&C Health
SS&C Health has been continually monitoring these expanding interoperability initiatives for years. We recognize that innovation will be required to overcome a number of barriers that have been identified, including the lack of a unique patient identifier (UPI), lack of standardization and consistent use of computing and content standards, information blocking, and lack of health IT use among some stakeholders, as well as privacy and HIPAA concerns. We already incorporate enumerable APIs across our health plan customers for access to member, benefit, provider, group, claims and other health plan information, and will continue to innovate as the use of digital health transforms patient care.
Contact us today to learn more about how our solutions can enable your strategies.
[1] Palmer, CMO News, “Data is the New Oil,” Nov. 3 2006, https://ana.blogs.com/maestros/2006/11/data_is_the_new.html
[2] 84 FR 7610, CMS Proposed Rule, Mar 4 2019, https://www.federalregister.gov/documents/2019/03/04/2019-02200/medicare-and-medicaid-programs-patient-protection-and-affordable-care-act-interoperability-and
[3] 84 FR 7424, ONC Proposed Rule, Mar 4 2019, https://www.federalregister.gov/documents/2019/03/04/2019-02224/21st-century-cures-act-interoperability-information-blocking-and-the-onc-health-it-certification
[4] 21st Century Cures Act, https://www.congress.gov/114/bills/hr34/BILLS-114hr34enr.pdf
[5] ONC, Trusted Exchange Framework and Common Agreement (TEFCA), Draft 2, April 19 2019, https://www.healthit.gov/sites/default/files/page/2019-04/FINALTEFCAQTF41719508version.pdf
[6] TEFCA remains in draft, version 2 as of Jul 24 2019.
Written by Adele Allison
Sr. Director of Economics and Digital Health Strategy