February 2021 Newsletter

Welcome to 2021! It's a new year, and with the new year comes a new administration and some uncertainty about the future of recent healthcare regulations.

First of all, we'd like to congratulate our long time friend and colleague Micky Tripathi, formerly the CEO of Massachusetts eHealth Collaborative (MAeHC), on his appointment as the National Coordinator for Health Information Technology, head of the ONC. We think he's a wonderful choice for the position and look forward to working with him in his new role. Congratulations as well to other administration appointees and nominees including Dr. Rochelle Wollensky from Mass General as the new head of the CDC.

Also with the new administration comes a 60 day regulatory freeze and review of all recent proposed and final rules. We believe this includes quite a few interoperability and health IT rules, among them a new proposed rule with changes to HIPAA and the new CMS rule focused on prior authorization (but including other new interoperability requirements such as a Payer => Provider data exchange, or Provider Access API). These rules may end up going forward as-is, going forward with modifications, or being tabled. There are also a slew of new legislative activities affecting health IT covering privacy, anti-trust, telehealth, and much more.

Regardless of how all of that works out, we're certain there will continue to be many changes and challenges for MHDC to meet. We think we're well poised to succeed no matter what 2021 brings through our various services offered to our general membership, our analytics services, and our data governance services. We also hope to merge with the New England Healthcare Exchange Network (NEHEN) in April to further enhance our data governance strategy moving forward.

Be safe, and stay well.

Denny Brennan, Executive Director

Please let us know what you think of our newsletter at newsletter@mahealthdata.org and look for our next issue. Thank you for your continued support and participation!

MHDC and NEHEN Events

MHDC and NEHEN sponsored meetings this month:

  • CIO Forum Meeting featuring Dr. John Halamka: Feb 10, 8-10am
  • DGC Deep Dive: Diagnoses: Feb 3, 11am-12:30pm
  • DGC Steering Committee: Feb 10, Feb 24, 3-4pm
  • DGC Working Group: Feb 10, Feb 17, Feb 24, 11am-12:30pm
  • NEHEN Business Users Group: Feb 4, 9-10am
  • Spotlight Users Group: Feb 16, 2-3pm 
  • Webinar: ACT/The App Association on Privacy Law: Feb 2, 1-3pm 
  • Webinar: DWT on Information Blocking: Feb 23, 1-3pm

Want to learn more about any of these meetings? Email info@mahealthdata.org

MHDC Webinars

Join us for our upcoming webinar:

Title: Shifting Privacy Laws and Health Data: An Overview

Presenter: Graham Dufault, Senior Director for Public Policy, The App Association

Date: February 2, 1:00 - 3:00 PM

For more information or to register visit our event page.

Our next webinar is hot on its heels - Tackling the Operational and Cultural Challenges of the Information Blocking Rule by Adam Greene, Partner at Davis Wright Tremaine, LLC on February 23 from 1-3pm.

Did you miss our last webinar "Information Security Risk Management in the Face of a Crisis" by Change Healthcare. To learn more or to listen to our recording visit our content page.

Interested in participating in our webinar programming? Contact us at webinars@mahealthdata.org

DGC Update

The Data Governance Collaborative (DGC) at MHDC is a collection of payers and providers throughout the commonwealth exploring ways to better exchange health-related data incorporating industry standards and automation as much as possible.

The DGC has selected a preferred vendor for the code mapping system we plan to stand up later this year. We are still in negotiations, but making progress toward signing contracts and moving to the implementation phase. This system will be available to anyone (with a discounted rate for DGC members).

We have released an incremental update to the MHDC Quality Measures spec, v1.1.0. This version was focused on addressing issues that arose during the initial implementation projects including providing additional documentation in areas that needed it but also added a few small optional enhancements (mostly around the file upload process and file formats).

We have decided to approach the one pot of data project as an evolution of the quality measures spec and are now moving forward to determine the best way to achieve this. As part of this process, the DGC is initiating deep dive conversations during some of its working group meetings designed to learn about the workflows and related data for specific relevant topics.

The first such deep dive will cover diagnoses and is scheduled for February 3. We are encouraging members to bring guests with relevant experience and knowledge; we would like to extend the same invitation to our membership at large - if you're an expert on the different ways diagnoses are entered into EMRs or how they get stored and are interested in participating please email datagovernance@mahealthdata.org for details.

We are also moving forward with the electronic prior authorization (ePA) project. We have begun discussions with participants and begun identifying early steps to take, but are still working on getting signed agreements in place. Once we do we'll announce the participants. We plan to keep everyone updated on the process so watch this space!

Membership in the DGC is open to any payer or provider with business in Massachusetts - big or small, general or specialist, traditional or alternative. Want to know more? Email datagovernance@mahealthdata.org

Spotlight Analytics Update

While we are waiting to receive the CHIA Emergency FY19 data, we are working on some enhancements and additions to Spotlight Business Analytics such as incorporating new data as well as gaining approval for New Hampshire data. We plan to provide more details about these and other topics in the upcoming meeting of the Spotlight Users Group on Tuesday, February 16, 2021 from 2 to 3pm. These meetings allow us to provide updates and highlight features on Spotlight as well as to learn how to better support each of our Spotlight users. Please save this date on your calendars - we encourage you to join us and participate. If you are able to join us you can register here to receive meeting details.

Our current status is:

Loaded and available for use:

  • Massachusetts Hospital Inpatient Discharge Data FY19 (HIDD)
  • Rhode Island Hospital Inpatient Discharge Data FY19
Expected very soon:
  • Massachusetts Emergency Department Discharges FY19
  • Massachusetts Outpatient and Observation FY19 

Future planned data:

  • New Hampshire Facility Discharge Data Sets
  • Maine Hospital Inpatient and Outpatient Data

Please feel free to drop us a line with any questions or comments at spotlight@mahealthdata.org. In the meantime, thank you for being a Spotlight Analytics user and a member of this community! Feel free to visit our Spotlight Business Analytics page or email us at the address above for more information.

Not currently using Spotlight Business Analytics? Visit the Spotlight Business Analytics page to find out how it can help your organization run custom analytics on health data such as analyses of market share, patient origin, disease prevalence, cost of care, and comparative costs and outcomes for every acute care hospital in Massachusetts and Rhode Island (and soon to include New Hampshire and Maine!).

Industry Events

Interested in webinars and online conferences through February? Here are some we recommend (they're free unless otherwise noted):

We do periodically post webinars we plan to attend on social media, so feel free to follow us on Twitter (@mahealthdata) and LinkedIn for more webinar ideas and for our take on interoperability, data, health equity, telehealth, APIs, and other topics of interest.

Have an upcoming event next month to suggest? Write us at newsletter@mahealthdata.org - no self-promotion please.

Payer => Provider Data Exchange: Why it's Important and What's Being Mandated

Editorial Note: The Biden Administration placed a hold on last minute Trump Administration regulations during our editorial process. As such, the final rule discussed below may be jettisoned, modified, or accepted as is later. It is our fervent hope that it will be adopted after some necessary cleanup.

When MHDC's Data Governance Collaborative started discussing data exchange between payers and providers we always knew we wanted it to be bidirectional. Providers have data payers need to perform basic function and to enhance their work and payers have data providers need to do the same. Further, with value based contracts and risk, having knowledge about care given at all providers not just those in the same facility or network as a primary care provider becomes more important. This includes care provided by payer care management programs and via other providers that may not have direct relationships with the provider needing to document that the care occurred (or needing the information to provide better care to the patient).

During 2020 this coalesced into the idea we call "one pot of data", a set of clinical, patient, administrative, and other data that encompasses all of the data needed by all of the actors in healthcare (including patients) for all of their various programs. This data would be based on the CMS and ONC interoperability rules but go beyond the minimum required data set to a set that covers all sorts of use cases that add value for payer, providers, patients, pharmacies, and others. There will be constraints around patient consent and HIPAA rules, but as much as possible we want to encourage data exchange between all relevant players in healthcare and do so in a way that doesn't require everyone to send the same or nearly the same data to the same or different organizations in many different formats using many different exchange mechanisms. Do it once per organizational pair and then let the receiving organization parse out the received data as appropriate for their various programs and needs.

While this is a lofty goal, we are committed to moving in this direction with the hopes of eventually reaching some facsimile of a real one pot of data exchange process. In the meantime, we work toward improvements in collaboration, in data standardization, in use of APIs and other modern technology, in processes and workflows to support these changes, and in standing up the tools and services that will help all of our members reach these goals and meet regulatory requirements. We also continue to talk about the grand vision at each step to keep in mind our goals as we get closer to reaching them with each step forward.

We were gratified to see that the new CMS interoperability rule addresses the need for payer => provider data exchange including clinical data exchange and hope that our early steps in that direction will help our members meet those requirements and also understand how to use them to further their business goals.

This newest CMS rule surely broke all speed records for the time between initial proposal, comment period, and final rule release. Even before that, we had little advance notice of the proposed rule whereas normally these things are heralded well in advance of actual release. The entire process from proposed to final rule was less than a month long including the holidays, with a mere eight business days between the close of the comment period and the release of the final rule.

Indeed, we had intended this article to discuss the proposed rule and its discussion of a new Payer => Provider exchange, also known as the Provider Access API. Instead, we had to scramble to read and absorb the final rule.

With implementation mandated by January 1, 2023 or roughly two years from now, the Provider Access API builds on the requirements of the May 2020 interoperability rules and also incorporates features from other elements of the January 2021 rule (predominantly around prior authorization). It mandates a FHIR-based API exchange of the same data required for the Patient Access API and the Payer =>Payer data exchange (with cost information removed from claims and billing data) plus some additional prior authorization data also being added to those other exchanges in this rule, namely:

  • USCDI v1 clinical data
  • claims data (without financial specifics)
  • encounter data
  • formulary data including preferred drug lists
  • pending and active prior authorizations including related clinical data requested for adjudication

As with the Patient Access API, this exchange must support all patient data from January 1, 2016 onward and cannot limit exchange only to providers with a contract relationship with the payer. There is a requirement to show a care relationship with the requested patient but the specifics of what is and is not acceptable in this area have not been outlined.

The same technical standards, documentation requirements, and access/discontinuation requirements that apply to the Patient Access API also apply to the Provider Access API. The big change in this area is a requirement to also support bulk FHIR requests for requesting the data of more than one patient at a time (we think; there is some inconsistency in the final rule regarding whether bulk FHIR support is required or just recommended. Many comment replies from CMS indicate it is just a recommendation and payers are not required to implement it but other portions of the rule proper do seem to mandate bulk FHIR availability. We're giving the interpretation in the rule itself precedence for now).

Bulk FHIR requests are patient-centric, meaning that they do not allow requesting entities to indicate which supported data they want for a given patient but automatically send all available data associated with a patient's account. The specification currently indicates the ability to list included data at a resource level when requesting data for a group of patients, but despite this it was not supported the last time we investigated Bulk FHIR in any real way or heard anyone talk about how bulk FHIR works (which, admittedly, was months ago).

While individual requests provide real time data prior to a scheduled visit, procedure, or test, bulk requests can happen at scheduled intervals during lower use timeframe to grab data once a week, once a month, or on whatever schedule a provider organization deems appropriate should they want to do so to have somewhat up-to-date data always available, particularly for patients without frequent acute events. It can also be used for annual audits of data or for collection of data to fill in care gaps prior to annual quality measures scoring.

One area we felt needed additional clarification in the proposed rule was patient consent. What level of patient consent is required for payer => provider data exchange and does it vary by type of data? We felt it was more in keeping with the stated goals and previous actions of the CMS to require some level of patient consent for clinical data exchange and hoped some indication of such would be part of a final rule. Unfortunately the final rule chose to go in the other direction.

Not only is patient consent not required (unless mandated by some other rule or law, such as is the case for behavioral health data), the exchanged data is not subject to minimum necessary standards and thus all data for requested patients may be exchanged with impunity. While in general MHDC is in favor of open exchange of data, we feel the current healthcare data economy is moving in a patient-centric direction and this decision does not match others made in the past and we believe consistency across all of the rules should be a goal and would make implementation significantly easier. Further, it may cause considerable problems for patients looking for independent second opinions. Exposure to visit notes and reports filled with the opinions of other practitioners can spoil the independence of someone asked to draw their own conclusions from raw data and perhaps direct evaluation alone. Hopefully our fears in this area are unfounded and patients will be able to get true, unbiased second opinions in the future.

It is this patient consent posture that makes bulk FHIR viable, though, or at least significantly easier to manage. Bulk FHIR is a blunt force instrument that does not allow you to specify what data you want for a specific patient. Rather, it automatically sends all of the available data associated with a patient when data for that patient is requested. All filtering must happen behind the scenes on the payer side without any direct input or direction from the request asking for that data. With the final rule the only data that must be filtered out is the cost portion of claims and billing data and data restricted by other laws (such as the aforementioned behavioral health data). Adding in any type of fine-grained consent data would significantly increase the complexity of fulfilling requests sent via Bulk FHIR. Who knows, though - perhaps inclusion in the CMS rule will encourage further work on the Bulk FHIR Implementation Guide to allow for more fine-grained requests.

We must caution that there is some inconsistency in the final rule regarding patient consent in a general sense via a single opt-in or opt-out switch. There are several mentions of an optional opt-in process which CMS eventually indicates they decided not to implement, but in doing so they still talk about their goal to "increase the number of patients who choose to request their data be shared" which would indicate that some level of patient consent is, indeed, intended to be part of the process.

The final rule also forcefully outlines that, since the intended purpose of the rule is data exchange and not requesting or receiving payments or reimbursement rate information, HIPAA does not apply to the transaction data - no attempt need be made to meet any data format or transaction standards outlined in that rule. In particular, X12 is not in play and there are no conflicts in providing data solely over FHIR in FHIR-specific formats. We'll explore this contention further at a later date.

As you can tell from this article, the CMS interoperability rule finalized on January 15 has some inconsistencies. Unfortunately, several of these are in areas we feel are central questions about the rule implementation, particularly in the areas of consent and of requirements around bulk FHIR usage. We hope further clarifications comes in the form of future guidance, FAQs, talks, and workshops from and by CMS. MHDC intends to collate some of our concerns around these inconsistencies and send an inquiry to CMS asking for such clarification, but it will almost certainly not arrive in time for us to update this article prior to publication. We will publish a later update or otherwise clarify the rules on an ongoing basis as we learn more. In the meantime, despite some frustration with the initial presentation of the Provider Access API in the final rule, we are still very glad that CMS recognizes the need and the benefits of such an exchange.

Black History Month

Black History Month is a time to celebrate Black achievements. This year we also need to reflect on how recent events have shone a light on the inequalities and injustices faced by the Black community, including the disproportionate impact of Covid-19. Here are some free events to join the conversation: 

A Catalyst for Humanity: A Conversation with Isabel Wilkerson and Don Lemon: Feb 1, 1pm

Four Hundred Souls: A Community History of African Americans, 1619-2019: Feb 5, 7pm (EST)

Racism, Medicine, and Bioethics: Learning from the past to ensure a healthier future:(series) Every Wednesday in February at 5pm

Massachusetts Health Data Consortium
460 Totten Pond Road | Suite 690
Waltham, Massachusetts 02451

For more information,
please contact us at info@mahealthdata.org

join our mailing list

© Massachusetts Health Data Consortium