Health API Guy

Share this post

Health API Guy
Health API Guy
Interop Summer High
Copy link
Facebook
Email
Notes
More

Interop Summer High

The dog days have produced an outpouring of data exchange news and regulation, but are we done yet?

Brendan Keeler
Aug 08, 2024
12

Share this post

Health API Guy
Health API Guy
Interop Summer High
Copy link
Facebook
Email
Notes
More
1
1
Share

Tastes like dense reading
On a summer evenin'
To health tech wonks, like a song

I want more criteria
And that summer feelin'
Regulation so wonderful and warm

Read me in
Read me out
I don't know if I could ever go without
I'm just thinking out loud
I don't know if I could ever go without

Interop summer
High
Regulatory summer
High
All-time page count
High
Interop summer high
Regulatory sugar

- Harry “Health Tech” Styles, Interop Summer High, 2024

There’s a quaint tradition called “summertime” where people look outside, notice the weather is nice, and decide to enjoy it. As they are generally a steward of tradition, I stupidly assumed the government might, you know, take a break and go on vacation or something, so I went to France in late June and early July. I should have in fact listened to our friend Mr. Styles.

I’m not sure why I expected it to stop, as it's been a non-stop barrage of regulatory and interoperability guidance this summer. As a nice byproduct, my toddler is now partially fluent in not only French but also regulatory language (she’s dropping a lot of “I invite comment” responses). Here’s a quick recap.

The Summer That Has Been

April

While April is distinctly in the spring, journalistic duty demands that we start there. The Particle and Epic dispute that began in April has dominated the brain space of the industry, provoking deep questions and large amounts of continuing drama (to that extent, a new Politico article even came out this week).

While the ultimate result of the controversy remains to be seen, TEFCA has made good forward progress on some of the underlying issues (more on that below).

May

May was dominated by discussion and debate about the Particle and Epic situation, with articles from almost all news publications covering health technology dropping and the governance processes of Carequality kicking into gear.

Beyond that, the state of Tennessee passed legislation expanding the scope of payer patient access APIs. This initiative, in addition to a similar one in California, represents important steps in expanding coverage so that all Americans can access their claims data, as the CMS only has regulatory authority over Medicare, Medicaid, CHIP, and ACA plans.

To round out things for the month, interoperability made the headlines again when Oracle Cerner went full mudslinging mode in response to a critical Business Insider article, accusing Epic of being the main blocker to progress there. As noted on social media, the claim doesn’t seem to hold up under the weight of any quantifiable metric of data exchange, but it did make for some fun pot-stirring. For a deeper dive, check out the excellent discussion by John and Colin over at Health IT Today.

June

June was where things started to ramp up in intensity. Early in the month, a leaked questionnaire worried many people, in that it seemed that the definition of Treatment might be redefined in new TEFCA Standard Operating Procedures (SOPs) by a shadowy cabal the government, Recognized Coordinating Entity, and QHINs. The fear, uncertainty, and doubt were tangible in the air (and for somewhat good reason - many organizations felt their livelihood could be threatened by changes).

The Supreme Court struck down the Chevron Doctrine a week later, a case that launched a thousand pundits’ think pieces and sparked intense debate across the legal and political spheres as it ended four decades of judicial deference to federal agencies' interpretations of ambiguous statutes. As a heavily regulated industry, healthcare will certainly be affected by this as it opens up new pathways to litigation-oriented challenges. However, overall a more measured perspective is in order - litigation is expensive and takes time, and even after it is pursued, de facto deference will often be the case.

July

This month started with the release of the new TEFCA SOPs. While they did redefine Treatment, it proved to be much ado about nothing, as they largely codified the existing tribal knowledge definitions in Carequality:

A clear shared definition, rather than vague “look at HIPAA” handwaving, gives them a much better ability to arbitrate any future disputes (and to iterate the definitions).

The new SOPs also formalized several important concepts, like Delegation of Authority, TEFCA’s version of On Behalf Of. The framework clearly wants to mature this role, making the approval process clearer and more tightly controlled by covered entities. Overall, these changes seem to show that TEFCA has taken recent adversity in stride, using the drama as a catalyst to move things forward.

The ONC’s newest rule regulating health information technology, HTI-2, came out, extending the capabilities that EHRs need to make available, regulating new types of products such as public health and payers, and refining policies around information blocking and TEFCA. This was a monumental piece of regulation, but you can read the thousands of words breaking it all down here already.

To spice things up, the ONC merged with another office of the HHS, changing its name to Assistant Secretary for Technology Policy (ASTP/ONC). With this nominal update comes both an increase in their authority to pursue sweeping change in health technology and a restructuring that creates interesting new career positions in the office.

PointClickCare, the largest skilled nursing facility EHR in the country, was sued over the use of anti-bot tactics that prevented screen scraping by applications, with a preliminary injunction against PointClickCare on July 29th. While seemingly a minor vendor spat, it has major interoperability repercussions - given that PointClickCare recently decided to certify their product, they are now an actor subject to information blocking provisions, which were cited heavily in the injunction. Depending on how the case and subsequent challenges are finalized, screen scraping (and possibly other techniques like direct-to-database reads) could be legitimized for use with other EHRs and information-blocking actors. Additionally, as HTI-2 makes EHR certification more challenging and expensive and information blocking actor status opens up vendors to litigation such as this, vendors such as PointClickCare may choose to forego it in the future.

Firmly in the category of “interoperability announcements I think are cool but I might be the only one” - Epic announced the first International Patient Summary implementation, a way for EHRs and other entities to exchange patient information across borders. While cross-border record exchange volume is low at best right now, if you build it (the foundational data standard), they will come.

A Look Ahead

Folks, keep your seat belts on, as the ride has not ended and this season’s narrative arc still has a few loose threads to tie off. Regardless of your politics - an election in November means that there is the potential for an administration change. Leadership roles in the ONC and CMS are appointed positions, so if that administration change happens, we could expect changes to those agencies, which will, at the bare minimum, slow progress and may reverse course on other areas and priorities. So there’s a real incentive to ship regulation and move the ball forward as much as possible on initiatives before that may occur. While anything proposed now may mean it’s subject to the Congressional Review Act when finalized, my best guess is that the government isn’t done and there’s still gas left in the tank.

Thus, here’s a loose prospective view of what might come in the remaining months of summer and the year:

TEFCA is real

This is less of “things in the future” and more “things happening right now as we speak that will continue to unfurl”, but TEFCA has made more progress this summer than the rest of the years since the Cures Act combined.

Micky Tripathi (the head of ASTP/ONC) is an industry man. He is a health information exchange man. He’s also a person who gets shit done. If he does nothing else, he will get TEFCA done. If nothing else happens, we will see additional TEFCA news before the year is out.

To recap a little, as we saw in “The Gang Explains Information Blocking: HIPAA”, providers are far from the only organizations and entities involved in healthcare:

There are legitimate reasons for all these groups (and more) to need to interact with one another, completing cross-organizational workflows and exchanging patient data. Facilitating digital workflows between all these entities with well-defined rules (building the paved paths) is critical for preventing abuse and misuse of networks’ active infrastructure, which is today geared for only Treatment exchange between providers.

In the Particle v. Epic dispute, missing paved paths were the flash points for Epic blocking access to several of Particle’s customers:

  • Integritort was blocked because they were accused of using Treatment to serve law firms, a non-HIPAA entity, and not providing actual patient care. Access to health data by non-HIPAA entities is protected under the HIPAA right of access and would be an example of Individual Access Services

  • MDPortals (as well as their recent acquirer, Reveleer) was blocked because of accusations of using the Treatment purpose of use to help health plans (based on marketing and messaging such as this). This could be misuse if true, given that health plans themselves can never claim treatment purpose of use, although they may have been using the principles of secondary use or On Behalf Of as workarounds.

While there has not been a formal announcement of the outcome of the dispute, it highlighted that paved paths for Individual Access Services and Operations were needed. The RCE and ASTP answered this call (all since I started writing this article):

  • The country’s largest EHR, Epic, is enabling the initial version of Individual Access Services. Savvy pundits will note that patient apps could easily access Epic sites already via Cures Patient Access APIs. They will also comment that this does not make IAS entirely frictionless yet, as it still requires a username and password. However, it represents progress, solving the problems of endpoint discovery and patient record location. More importantly, other EHRs will follow this adoption, accelerating TEFCA

  • The RCE announced another drop of new SOPs. The highlight was a path for Operations, including more granular “Level 2” use cases of Care Coordination, HEDIS Reporting, and Quality Measure Reporting. This use case notably is not required to start, has a mixture of FHIR and non-FHIR options, and also allows for responding parties to charge for the release of information.

  • For good measure, the CDC and ASTP announced that Public Health use cases for electronic case reporting and more were live and transacting at a high volume already. While this doesn’t plug any workarounds, it does create a more vibrant ecosystem, mature the overall infrastructure, and add even more justification for organizations to join TEFCA.

The paths have been built and can be iterated, but they matter little if no one drives on them. For that reason, the focus now shifts to adoption, which remains opaque aside from one-off sites like Epic’s page here. Whereas Carequality has an openly accessible tool to understand participation, TEFCA does not yet. The RCE and ASTP need to start visibly sharing who is participating and how transparently - this encourages network effects, in that organizations can understand that their trading partners are live.

It’s worth noting that in the event of a change in administration, a Republican government may prioritize that work less as a “big public infrastructure” project. Dr. Rucker, the leader of the ONC under the last Trump administration, let TEFCA-related deadlines slip repeatedly and since leaving office has penned some of the most vocal condemnations of TEFCA:

While I personally imagine progress might slow in that particular bifurcation of the multiverse, an outright unwinding of TEFCA would now be nearly impossible given investment from the public and private sectors, barring an act of Congress revoking the mandate to the ONC. However, simultaneously, there’s absolutely an incentive for the RCE and ASTP to cement TEFCA even more before November.

The one takeaway from this summer of TEFCA progress should be that, in one way or another, the gaps in today’s health information networks will be plugged, building paved paths and delegitimizing the workarounds of secondary use and On Behalf Of. Other use cases may be announced. Progress will continue. So it is time to get on the TEFCA train or be left behind.

Claims Attachments

This is decidedly unsexy, but we at Health API Guy cover all interoperability, not just the parts that make Vogue Fierce Healthcare! CMS-0053-P, the “Administrative Simplification: Adoption of Standards for Health Care Attachments Transactions and Electronic Signatures, and Modification to Referral Certification and Authorization Transaction Standard” is a proposed rule with a slightly ironic titling (very verbose yet trying to simplify) that aims to define the CMS standard for claims attachments.

This rule proposes to use two older standards, X12 275 and use case specific HL7 CDAs, to provide additional clinical context to payers alongside a claim (or for other use cases, like prior authorization). The verbiage of the rule suggests they’d be very excited to use FHIR, but that they do not see a viable implementation guide or industry support for that path.

While this was proposed in December 2022 alongside the CMS Prior Authorization Proposed Rule (CMS-0057), it’s still stuck in limbo whereas the latter was finalized in January of this year. If I had to guess, I imagine that it’s hard to put forth a rule requiring payers to support these older standards at the same time as they ask payers to support more modern FHIR standards in CMS-9115 and CMS-0057. Perhaps they are choosing to punt so they can focus their efforts on CMS-0057’s higher leverage use cases (prior authorization, payer-to-payer data exchange, and provider access to claims data). It’s something worth tracking as a provider, payer, or clearinghouse.

Advanced Explanation of Benefits (AEOB) Rulemaking

The stop-and-go movement toward price transparency is simultaneously extremely motivating and infinitely frustrating. For those who have not fully tracked it previously, price transparency is a fascinating example of competitive bipartisanship. The Affordable Care Act amended the Public Health Service Act via Section 2718(e) to require each hospital to publicly list its standard charges for items and services. Because the ACA was so controversial, the left and right had other pieces to focus on and we went 9 years without really any attention to this clause. In 2019, though, we saw the CMS issue the Hospital Price Transparency Rule under Trump which significantly expanded on the original ACA provision. This rule required hospitals to publish not just their chargemaster rates, but also payer-specific negotiated rates, discounted cash prices, and de-identified minimum and maximum negotiated charges.

Building on this momentum, the Trump administration followed up in October 2020 with the Transparency in Coverage Rule, targeting health insurers and group health plans. This rule complemented the hospital-focused rule by requiring insurers to disclose in-network provider rates, out-of-network allowed amounts, and prescription drug pricing.

In a related effort to protect patients from unexpected healthcare costs, Congress passed the No Surprises Act in December 2020 as part of the Consolidated Appropriations Act of 2021. This bipartisan legislation aimed to protect patients from surprise medical bills for emergency services and certain out-of-network care at in-network facilities. While not directly a price transparency measure, the No Surprises Act intersects with transparency efforts by requiring providers to give uninsured or self-pay patients good faith estimates of expected charges before providing services.

The Biden administration, upon taking office, inherited these rules and the No Surprises Act, choosing to continue their implementation, albeit with some adjustments. While they didn't create new transparency rules, they have worked on strengthening enforcement. In July 2021, the administration proposed increasing penalties for non-compliance with the Hospital Price Transparency Rule and adjusted the implementation timeline for parts of the Transparency in Coverage Rule. They also focused on implementing the No Surprises Act, which went into effect on January 1, 2022.

This bipartisan legislation aimed to protect patients from surprise medical bills for emergency services and certain out-of-network care at in-network facilities. The NSA introduced several new requirements, including:

  1. Good Faith Estimates (GFEs) for uninsured or self-pay individuals.

  2. Insured Good Faith Estimates (insured GFEs) from providers to health plans.

  3. Advanced Explanations of Benefits (AEOBs) from health plans to patients.

The Biden administration inherited these rules and the NSA, continuing the implementation of both with some adjustments. In 2021, the Department of Health and Human Services (HHS) issued regulations on GFEs for uninsured (or self-pay) individuals, which are currently in effect. However, the CMS has to date struggled with making a plan here due to the complex technical challenges involved, deferring the implementation of insured GFEs and AEOBs pending future rulemaking. However, the Davinci Patient Cost Transparency implementation guide is fairly solid and mature, so I’m optimistic they propose something.

This ongoing narrative of price transparency in healthcare illustrates how bipartisan efforts, spanning multiple administrations, can gradually reshape a complex system. It also highlights the challenges inherent in implementing sweeping changes in an industry as intricate as healthcare, where the interplay of providers, insurers, and patients creates a web of competing interests and technical hurdles.

Conclusion

As we've seen throughout this summer of regulatory fervor, the health tech world marches on - sometimes to the beat of its own drum. From TEFCA's steady progress to HTI-2's ambitious scope, from heated debates over data access to the nuanced dance of privacy protection, the rhythm of change in health tech is both relentless and captivating.

As we close this chapter of our Interop Summer saga, it's clear that the industry's transformation is far from over. And it’s an exciting time, as the foundations laid this summer - in policy, in technology, in industry practices - will reverberate for years to come.

In the spirit of the season that's been equal parts grueling policy work and unexpected industry drama, let's end as we began - with the sweet sounds of Mr. Styles:

TEFCA
and HTI-2
Baby, you're the talk of June

I want your standards
And that summer feelin'
Getting lost in all these rules

Read me in
Read me out
I don't know if I could ever go without
I'm just thinking out loud
I don't know if I could ever go without

Interop summer
High
Regulatory summer
High
FHIR adoption
High
Regulatory sugar
High

Thanks for reading Health API Guy! Subscribe for free to receive new posts and support my work.

12

Share this post

Health API Guy
Health API Guy
Interop Summer High
Copy link
Facebook
Email
Notes
More
1
1
Share

Discussion about this post

Marissa Moore, CFA
Aug 8Liked by Brendan Keeler

Best song of the summer!!!

Expand full comment
Reply
Share

No posts

Ready for more?

© 2024 Brendan Keeler
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More