Collaboration across the C-suite key to implementing data blocking, interoperability rules

More than a year after their release, a set of long-awaited regulations designed to make it easier to share data between healthcare organizations and with patients went into effect in early April.

The federal regulations, released by HHS’ Office of the National Coordinator for Health Information Technology and CMS in March of last year but subsequently pushed back amid the COVID-19 pandemic, have required substantial preparation from executives at hospitals and health systems. That’s included clinical and health information management staff who have retooled workflows, IT staff who have deployed new technology capabilities, and marketing staff who have helped alert patients about the changes, not to mention involvement from compliance leads.

So with that backdrop, who are the healthcare executives charged with implementing the wide-ranging interoperability and information-blocking regulations?

It varies by organization.

The most successful hospitals and health systems have taken a multidisciplinary approach, said Andrew Truscott, managing director for health and public service at consulting firm Accenture. “While this was seen initially as a technical series of regulations, they actually have implications across the broader organization,” he said.

Truscott is also a member of the federal advisory committee that gives policy recommendations to ONC, dubbed the Health IT Advisory Committee, where he previously co-chaired an information-blocking task force.

While a chief information or technology officer might commonly be the executive overseeing implementation, the task may also fall to a compliance or medical officer.

Either way, the executive-in-charge will be closely collaborating across multiple disciplines—information technology, health information management, legal and compliance, privacy and information security, clinical, quality and safety, finance, and patient experience.

It can help to set up a project management office or work group with representatives from such departments, to coordinate and ensure their perspectives are heard as needed.

“What’s been interesting about this exercise is these are not necessarily departments that are regularly coordinating together,” said Samantha Burch, director of health IT policy at the American Hospital Association. “This is certainly an instance where it’s required for those viewpoints to come together.”

At Newport News, Va.-based Riverside Health System, Lisa Salsberry is one of the executives heading up implementation as the health system’s chief compliance and privacy officer.

The first step—a major one—was parsing the ONC’s 320-page rule to assess where there were gaps between the system’s current data practices and the new requirements.

Under the rule, healthcare providers, health information exchanges and developers of health IT software certified by an ONC program are required to comply with a set of regulations that prohibit them from preventing data exchange. Such organizations are required to share data with one another and with patients as requested, unless they meet one of eight exceptions.

“It’s a different way of thinking about information and disclosing information,” Salsberry said.

So Riverside had to establish new policies for release of information and request for records that align with the regulations. That included Salsberry’s compliance team identifying possible access points where a patient might request to see their records, as well as processes for when a physician decides not to release a piece of information—such as if doing so would cause harm to a patient—and how to document why they think that reasoning aligns with ONC’s exceptions.

Like many regulations, the information-blocking and interoperability rule is also full of details that can be difficult to break down—its pages are plagued by acronyms like APIs (application programming interfaces), FHIR (Fast Healthcare Interoperability Resources), USCDI (U.S. Core Data for Interoperability) and more. That can be a particular challenge when discussing compliance with board members, who often don’t have a deep technical expertise or healthcare backgrounds.

To ensure the board is still up to date on compliance plans, while not getting too deep in the weeds, it can be helpful to stay focused on high-level goals, plans for change management and how the changes will support existing priorities—rather than the technical details.

Still, most hospitals and health plans are approaching the new interoperability regulations from a compliance perspective, with only 24% of healthcare executives surveyed by consulting firm PwC indicating they view the rules as a strategic opportunity. But the move to share data more freely could support priorities like value-based care, coordination between different sites of care and patient engagement.

Gurpreet Singh, U.S. health services leader at PwC, suggested executives should “identify growth levers” that build on and align with the interoperability changes. That additional motivation will “achieve better results than just trying to comply,” he said.

A focus on innovation and supporting patient experience can help engage clinical staff, as well, said Dr. Hank Capps, executive vice president and chief information and digital officer at Marietta, Ga.-based Wellstar Health System. That way, workflow changes feel like they’re part of the system’s mission and not just a “box check” for regulatory purposes.

In his roles, Capps directs technology, innovation and consumer experience at Wellstar. That made him a perfect fit to oversee the regulations, given the emphasis on letting patients one day download their health data with mobile apps.

“It’s that intersection of technology and consumer experience,” Capps said of the regulations.

That meant taking the time to ask patients how they prefer to access health data through surveys and discussions with the system’s patient and family advisory council. “It really is an opportunity to ask: How do our patients want to experience their healthcare?” he said.

Under the ONC’s rule, developers of health IT software that receive agency certification will be required to make application programming interfaces that meet specific standards available to customers by December 2022. APIs are protocols that connect various types of software to one another. They are ubiquitous in almost every other aspect of a consumer’s mobile and app-driven life.

ONC leaders have suggested that implementing APIs so patients can move data from providers’ EHRs to an app of their choice will spur a new market for apps that aggregate and manage health information.

Working with software vendors to ensure they’ll be ready to comply with the regulations has been a core focus for Aaron Miri, chief information officer at Dell Medical School in Austin, Texas, and UT Health Austin.

Miri, one of the executives at the health system charged with implementing the regulations, is responsible for making sure UT Health Austin’s software is set up in a way that doesn’t inhibit patients’ ability to access their health data.

That also means figuring out the cost of such technology.

Some technology companies will likely charge to connect their software to a third-party app via API, according to Miri, who also serves as a co-chair of the federal Health IT Advisory Committee. Under the regulations, tech companies can’t charge fees that create barriers to data access, but they are allowed to charge costs related to developing, deploying and upgrading the APIs and for various API uses outside of patient access.

“We don’t want to pass that to the patient,” Miri said. “How do we do this in a way that doesn’t break the bank?”

Epic Systems Corp. won’t charge to connect individual apps to a provider’s EHR, according to Stirling Martin, a senior vice president at the company. APIs are licensed for a flat subscription rate, under which providers or their patients will be able to hook up an unlimited amount of connections to other apps.

Cerner Corp. plans to create a tool set that providers would use to manage API connections, according to Dick Flanigan, Cerner’s senior vice president of regulatory affairs. Larger hospitals and health systems will pay Cerner a one-time set-up fee of $10,000 and an annual fee of $20,000 for the first 100 million transactions in a calendar year, with additional fees if they surpass that. Smaller rural and community access hospitals don’t pay a one-time set-up fee, but pay an annual fee of $3,000 for the first 5 million transactions in a calendar year.

Hospitals also need to account for how process changes will affect physicians’ workflows.

That’s one of the areas Dr. Paul Sternberg Jr. oversees at Nashville-based Vanderbilt University Medical Center as chief patient experience and service officer. He splits executive responsibility for implementing the regulations with the system’s CIO for health IT and the executive chief nursing officer.

A major revamp involved the process for releasing laboratory results to patients.

Previously, some lab results were released immediately to patients via patient portal, while others would be delayed to allow the physician time to review and interpret the results. But to ensure the health system is aligned with the new rule—which requires that providers share data without delay once a patient requests it—they’ve adjusted the process to release all results immediately.

It would be too complicated to implement a system that allows patients to request immediate access to results that would otherwise have a delay, according to Sternberg.

“Creating an infrastructure to do that … was too steep a hill to climb,” he said.

Moving to automatic release for lab results was partially an IT project, since it required retooling how data is shared in the patient portal. But there’s also a patient engagement component.

If a patient receives their lab results before a physician has had a chance to add notes on what the data means, the patient could become confused—leading to a bad patient experience.

Vanderbilt opted to add a note to the lab results when they’re released, explaining that the physician has not yet reviewed them and will add an interpretation of the results later, as well as encouraging physicians to discuss the process change with patients, so patients know what to expect when they initially receive results.

Releasing information is even more complicated for adolescents—posing additional challenges, particularly for pediatric hospitals.

Figuring out how to balance sharing health data with pediatric patients and families while also protecting the privacy of adolescents has been a “major concern” and point of discussion at Stanford Children’s Health, said Dr. Natalie Pageler, the Palo Alto, Calif.-based health system’s chief medical information officer.

Pageler leads implemention of the regulations at Stanford Children’s, working closely with the CMIO at Stanford Health Care, so that policies are aligned across Stanford Medicine.

California has “robust minor consent and confidentiality laws,” Pageler said, including the right to confidential treatment related to birth control, pregnancy and sexually transmitted infections.

The EHR doesn’t yet have the technological capability to separate such protected adolescent information from other data held in patient records. So if a patient’s family requests a record that includes sensitive health data, health information management staffers will have to manually redact the information.

Stanford Children’s plans to call on information-blocking exceptions related to “infeasibility” and “content and manner” to justify possible delays, as it works with its in-house informatics team and with its EHR vendor to figure out a process to more easily share non-sensitive data with adolescents and their parents as requested.

“It’s not just about releasing this data,” Pageler said. “It really is about thinking through: How do we educate our patients and families, and help them take charge of their own health as they transition from childhood, to adolescence, to adulthood?”


Liked Liked