HHS Delays Enforcement of New CMS Interoperability and Information Sharing Rules

The Department of Health and Human Services (HHS) has announced that it will exercise enforcement discretion with respect to compliance with new CMS interoperability and information sharing rules. The CMS interoperability and information sharing rules were finalized and issued on March 9, 2020. HHS has announced that the COVID-19 pandemic should be the primary focus of healthcare providers.

Why Were the New CMS Interoperability and Information Sharing Rules Developed?

The new CMS interoperability and information sharing rules were instituted to address the difficulty encountered by patients in attempting to access their protected health information (PHI). These rules promote interoperability. Interoperability is defined as the ability of different information technology systems and software applications to communicate, to exchange data accurately, effectively, and consistently, and to use the information that has been exchanged. To be considered “interoperable,” technology must have these abilities, while at the same time, not constitute information blocking. Information blocking is a practice by a health IT developer of certified health IT, health information network, health information exchange, or health care provider, that is likely to interfere with access, exchange, or use of electronic health information. Examples of information blocking include practices that restrict authorized access, exchange, or use under applicable state or federal laws of electronic health information for treatment and other permitted purposes.

Would you pass a HIPAA audit? Take this quiz to find out!

What Do the New Rules Require?

The new rules require (among other things):

  • Patient access: Medicaid fee-for-service programs and Medicaid managed care plans must implement and maintain a secure, standards-based (HL7 FHIR Release 4.0.1) API (Application Programming Interface) that allows patients to easily access their claims and receive information, including cost, through a third-party app of their choice. 
  • Provider directory: CMS-regulated players, including Medicare Advantage (MA) organizations, Medicaid Fee-For-Service (FFS) programs, Medicaid managed care plans, and CHIP managed care entities, must make provider directory information publicly available via a standards-based API. 
  • Admission, discharge and transfer event notifications: CMS now requires hospitals, including psychiatric hospitals and critical access hospitals, to send electronic patient event notifications of a patient’s admission, discharge and/or transfer to another healthcare facility or to another community provider or practitioner. 
  • Payer-to-payer data exchange: Payers will have to exchange certain patient clinical data, specifically the U.S. Core Data for Interoperability, at the patient’s request. This will allow the patient to take their information with them as they move from payer to payer over time to help create a cumulative health record with their current payer, according to CMS.
  • Public reporting and information blocking: CMS will publicly report clinicians, hospitals and critical access hospitals that may be engaged in information blocking.

Why Has HHS Delayed Enforcement of the New CMS Interoperability and Information Sharing Rules?

The decision to delay enforcement is due to the COVID-19 pandemic. The CMS believes that during a pandemic of the magnitude of COVID-19, healthcare organizations need to be given some flexibility with complying with the new interoperability and information sharing rules. As a result, CMS is giving healthcare organizations an additional 6 months to comply with its rule. “Now more than ever, patients need secure access to their healthcare data. Hospitals should be doing everything in their power to ensure that patients get appropriate follow-up care,” said CMS Administrator, Seema Verma. “Nevertheless, in a pandemic of this magnitude, flexibility is paramount for a healthcare system under siege by COVID-19. Our action today will provide hospitals an additional 6 months to implement the new requirements.”