CMS Interoperability & Patient Access Final Rule 2025

New rules from the US Department of Health & Human Services on patient data interoperability – including the Interoperability and Patient Access final rule – are set to usher in a new era in healthcare where patients are allowed to safely access and share their data with providers and third parties as they see fit.

This will not only enable a more seamless care experience for patients but will also allow providers and third parties to more easily access and share critical information, ultimately helping to foster new healthcare services never before thought possible. With these new mandates coming into play, opportunities to truly integrate digital health tools into traditional healthcare settings are increasingly emerging.

Apps, for example, will be able to fully harness patient data without roadblocks to offer new mechanisms for advanced care, allowing providers to remotely monitor patients and alert them when medical tests and appointments are overdue. With the data shackles removed, healthcare can be transformed – leading to better access to patient data, improved interoperability, and increased innovation.

RELATED: #1 GUIDE TO CMS RULE TOWARDS HEALTHCARE INTEROPERABILITY

Why is interoperability is important to providers?

Historically, health plans and providers have been understandably reluctant to share information both for competitive and regulatory reasons. However, as the new rule is implemented, consumers will exercise increasing control as to how and with whom their EHI is shared. This will usher in unprecedented risk, including risk to privacy, as third-party developers can directly access patient data, and risk to monetization of data with the rise of new applications that circumvent traditional regulatory gatekeeping policy. Understandably, the costs to establish, maintain, audit, and retain EHI will be borne by health plans, providers, and potential patients.

To stay relevant, health plans will need to embrace this new reality via a consumer-focused strategy and not just check the box. Survival requires not only getting on board with these newly defined needs but getting in front of them by putting the member at the center of value creation while transforming how data is tracked and managed. This may take some deep, authentic introspection, and asking questions such as:

• How do we seamlessly identify and capture member consent for data exchange so that we can remain viable for members and have the information to support high-quality care?
• Where do members and their families most often get stuck trying to navigate care and advocate for themselves — both within and outside our clinical network — and how can we help?
• How do we safely and securely support the right level of transparency for members to get the right care at the right time?
• What customer-experience tools and incentives can we provide members and group plans to help us prioritize and better target our population health programs?
• How can we use the new rule to build a relationship with providers that put the patient at the center and moves us away from being at odds?

Why is interoperability is important to patients?

At its core, this rule is about transparency and giving individuals the ability to move across health plans and providers and have both their clinical and administrative information move with them and be accessible throughout their journey. Bottom line certified IT developers will empower individuals to actively engage in their health care in an unprecedented way, through a seemingly limitless set of new use cases, such as these, at the highest level:

• Before patients decide where to buy insurance coverage, they can see if their doctor is in a health plan’s clinical network, and they will have a better way of comparing health plans offered by a variety of payers.
• Through a single application, patients can access current and historical health insurance data, and clinical data from all visits, regardless of a doctor’s EHR. The patient can see things such as scheduled appointments, lab results, diagnoses, referrals, prescriptions, authorizations, deductibles, and copays.
• When a patient arrives for a new specialist appointment, they do not need to fill out the same paperwork yet again. Five-plus years of cumulative EHI can be instantly transmitted through an authentication process between their phone and the specialist’s EHR.
• Patients, providers, and health plans will have better information to navigate the health care system and reduce the risks to the patient that come from incomplete information.

The Right Time To Take Action

To understand how to best meet the new mandate’s requirements, there are several considerations healthcare organizations should keep in mind as they prepare for July 1, 2021, when the Centers for Medicare & Medicaid Services begin enforcing the rule.

First and foremost, there should be a commitment to a “no harm” approach, with risk management and consumer privacy being critical drivers of this ethos. It will be imperative that healthcare systems strike a balance between governance and security that enables greater value delivered at the individual, population, and system levels.

A second consideration: Meeting the requirements while also protecting patient information is crucial so it’s important to remove any unnecessarily complicated processes and complex variables that may hinder or delay moving forward in the given timeframe. For starters, stick to already effective security foundations and policies that are in place. Resist the urge to re-write and re-think the security and governance plan from scratch. Rather than large-scale creation of new policies, aim for augmentation and evolution of what you are already doing successfully today.

It’s also important to accept, and prepare for, the fact that the system may be resistant to change. There are always entrenched and competing interests at play within healthcare. Many may feel threatened by the mandate that strives for greater openness. Some organizations will remain reactive to legislation while others will embrace the intent. The goal should be to ensure no harm and achieve progress while upholding the overall charter that ensures patients and members obtain data sharing rights.

Final Thoughts

The Interoperability and Patient Access final rule not only makes the providers think about achieving patient interoperability. Apart from that, it also pushes to step towards delivering patient-centric care. With patients being able to access their health data easier, healthcare providers can better provide an effective healthcare system in the long term.