Who We Help
Case Studies
About Us
Insights
About
Pricing
Feature [CMS]
Feature Details [CMS]
Integration
Team
Blog [CMS]
Blog Details [CMS]
Contact v1
Contact v2
FAQ
Privacy
Terms
404
Who We Help
Case Studies
About Us
Insights
About
Pricing
Feature [CMS]
Feature Details [CMS]
Integration
Team
Blog [CMS]
Blog Details [CMS]
Contact v1
Contact v2
FAQ
Privacy
Terms
404
The CMS Interoperability and Patient Access Rule [Explained For Labs]
The CMS Interoperability and Patient Access Rule [Explained For Labs]
The CMS Interoperability and Patient Access Rule [Explained For Labs]
What is the Interoperability and Patient Access Final Rule?
More importantly for our purposes, how does this new regulation apply to diagnostic labs?
And how can you ensure that your lab remains compliant?
That’s what we’re talking about in this guide.
What is the Interoperability and Patient Access Rule?
The Interoperability and Patient Access Rule was created by the Centers for Medicare & Medicaid Services (CMS) and set forth new requirements for healthcare organizations — including diagnostic laboratories — to share patient health information electronically.
Historically, inefficient and poor data exchanges in healthcare have caused worse patient care, higher healthcare costs, and troubling health outcomes.
The purpose, then, of this final rule is to speed up the data-sharing process between healthcare providers so that doctors and healthcare professionals can make better-informed decisions about patient care. It will also give patients faster and better access to their own healthcare information.
Several of the requirements within the Interoperability and Patient Access Rule apply to diagnostic laboratories. We’ll go over these requirements in more detail later in this article.
Fines can be as much as $1 million per violation record if the Interoperability and Patient Access Rule is broken.
Here’s the rule as explained by CMS…
CMS recently introduced new interoperability mandates for health plans that must be implemented by July 1, 2021. This rule is designed to make health information more easily available to patients by implementing new industry standards like HL7 FHIR APIs and by deterring information blocking.
How Does the Interoperability and Patient Access Rule Impact Diagnostic Labs?
Now you have a basic understanding of what the Interoperability and Patient Access Rule is… but let’s get specific.
How does this apply to diagnostic labs?
There are five interoperability and patient access final rule requirements that apply to clinical laboratories. These are…
The ability for your laboratory to send results electronically when you get a message from another lab or healthcare organization.
The ability for the sender of an electronic health information (EHI) message, such as sending test result data, to know if the laboratory receiving the message has the ability to accept and use that information.
The ability for laboratories to receive and understand messages from other healthcare organizations.
The inclusion of certain clinical lab test results in patient summaries.
The designation of a single, interoperable health information exchange (HIE) infrastructure for exchanging EHI among all types of healthcare organizations.
These requirements, as well as what’s now required by the No Surprise Billing Act, are why interoperability is so important for laboratory IT.
How Diagnostic Labs Can Stay Compliant With The Interoperability and Patient Access Rule
Next, let’s talk about what exactly laboratories like yours can do to remain compliant with these new regulations.
Here are some of the main actions you’ll want to take.
Review Current IT Infrastructure — Clinical laboratories will need to ensure that their IT infrastructure is in compliance with all requirements if they want to avoid hefty fines. The Interoperability and Patient Access final rule mandates substantial modifications to data access and sharing. People employed at organizations that must follow the new rules should not wait too long to establish or enhance the structure that will allow them to meet the imposed timetables.
Work With Your EHR Vendor — Your EHR vendor should be aware of these new regulations and they should have a plan in place to remain compliant. Contact them to get clarity on this.
Plug Into Your Local HIE — Reach out to your local HIE (Health Information Exchange) and ask how you can be included in their network.
Stay Up-To-Date on Interoperability News & Regulations — Stay up-to-date on the latest interoperability news and regulations so that you can ensure that your lab is compliant with all requirements.
Additional Questions on The Interoperability and Patient Access Rule
Here are answers to some additional questions you might have about the Interoperability and Patient Access Rule.
What About Security Concerns?
The interoperability and patient access final rule requires healthcare organizations to take steps to ensure the security of PHI in transit.
For example, they must use encryption methods when sending messages via email or text message. They should also require two-factor authentication for users who log into their interoperable health information exchange (HIE) portals.
The CMS made the following promises to protect payers who submit and exchange data via APIs and USCDI data sets in the final rule:
If a payer reasonably believes that granting access to the Patient Access API would pose an unacceptable level of risk to the security of PHI on its systems based on objective and verifiable criteria, it may deny access.
Payers must offer enrollees information on risk factors and practical ways to protect their privacy and security, as well as how to file complaints with OCR or the FTC.
Payers may request that 3rd-party apps attest to having specific data included in their privacy policy and notify patients about this attestation.
When a third party or the patient to whom the PHI has been released by the Payer breaches a PII, payers are not responsible for notification obligations. The regulation also makes clear that privacy concerns outside of HIPAA's scope are handled by the FTC under section 5 of the FTC Act.
What is a patient access API?
The FHIR API is free, open-source software that app creators can use to access their patients' own personal medical data. The patient access API is one of the ways that the interoperability and patient access final rule will be enforced. This API will allow patients to view their lab test results, medication history, and other health information in a user-friendly format.
What is the FHIR standard?
The interoperability and patient access final rule require healthcare organizations to utilize the FHIR standard. This is a set of standards for building APIs that may exchange health data among systems securely (without breaching privacy or security regulations).
Who are CMS-regulated payers?
CMS-regulated payers are health plans, Medicare Advantage organizations, and certain third-party administrators that contract with CMS to provide or administer Part A or B of the Medicare program. These include:
Blue Cross/Blue Shield
Group Health Plans
Managed Medicaid Organizations
What types of payers are exempt from interoperability and patient access?
CMS has stated that many smaller organizations will be excluded from this rule. These include:
Health care providers with fewer than 50 employees.
Pharmacies or retail establishments without insurance claims processing capabilities.
Providers of laboratory tests who only send orders to laboratories, do not receive test results, and do not have an interoperable patient portal
Final Thoughts on The Interoperability and Patient Access Rule
The Interoperability and Patient Access Final Rule was introduced to improve the efficiency and effectiveness of patient healthcare.
It aims to do that by increasing the speed and security with which data is transferred between payers, providers, and patients.
Hopefully, this article has helped you gain a better understanding of how these regulations apply to your laboratory.
For more information, visit CMS Patient Access Rule.
The CMS Interoperability and Patient Access Rule [Explained For Labs]
The CMS Interoperability and Patient Access Rule [Explained For Labs]
What is the Interoperability and Patient Access Final Rule?
More importantly for our purposes, how does this new regulation apply to diagnostic labs?
And how can you ensure that your lab remains compliant?
That’s what we’re talking about in this guide.
What is the Interoperability and Patient Access Rule?
The Interoperability and Patient Access Rule was created by the Centers for Medicare & Medicaid Services (CMS) and set forth new requirements for healthcare organizations — including diagnostic laboratories — to share patient health information electronically.
Historically, inefficient and poor data exchanges in healthcare have caused worse patient care, higher healthcare costs, and troubling health outcomes.
The purpose, then, of this final rule is to speed up the data-sharing process between healthcare providers so that doctors and healthcare professionals can make better-informed decisions about patient care. It will also give patients faster and better access to their own healthcare information.
Several of the requirements within the Interoperability and Patient Access Rule apply to diagnostic laboratories. We’ll go over these requirements in more detail later in this article.
Fines can be as much as $1 million per violation record if the Interoperability and Patient Access Rule is broken.
Here’s the rule as explained by CMS…
CMS recently introduced new interoperability mandates for health plans that must be implemented by July 1, 2021. This rule is designed to make health information more easily available to patients by implementing new industry standards like HL7 FHIR APIs and by deterring information blocking.
How Does the Interoperability and Patient Access Rule Impact Diagnostic Labs?
Now you have a basic understanding of what the Interoperability and Patient Access Rule is… but let’s get specific.
How does this apply to diagnostic labs?
There are five interoperability and patient access final rule requirements that apply to clinical laboratories. These are…
The ability for your laboratory to send results electronically when you get a message from another lab or healthcare organization.
The ability for the sender of an electronic health information (EHI) message, such as sending test result data, to know if the laboratory receiving the message has the ability to accept and use that information.
The ability for laboratories to receive and understand messages from other healthcare organizations.
The inclusion of certain clinical lab test results in patient summaries.
The designation of a single, interoperable health information exchange (HIE) infrastructure for exchanging EHI among all types of healthcare organizations.
These requirements, as well as what’s now required by the No Surprise Billing Act, are why interoperability is so important for laboratory IT.
How Diagnostic Labs Can Stay Compliant With The Interoperability and Patient Access Rule
Next, let’s talk about what exactly laboratories like yours can do to remain compliant with these new regulations.
Here are some of the main actions you’ll want to take.
Review Current IT Infrastructure — Clinical laboratories will need to ensure that their IT infrastructure is in compliance with all requirements if they want to avoid hefty fines. The Interoperability and Patient Access final rule mandates substantial modifications to data access and sharing. People employed at organizations that must follow the new rules should not wait too long to establish or enhance the structure that will allow them to meet the imposed timetables.
Work With Your EHR Vendor — Your EHR vendor should be aware of these new regulations and they should have a plan in place to remain compliant. Contact them to get clarity on this.
Plug Into Your Local HIE — Reach out to your local HIE (Health Information Exchange) and ask how you can be included in their network.
Stay Up-To-Date on Interoperability News & Regulations — Stay up-to-date on the latest interoperability news and regulations so that you can ensure that your lab is compliant with all requirements.
Additional Questions on The Interoperability and Patient Access Rule
Here are answers to some additional questions you might have about the Interoperability and Patient Access Rule.
What About Security Concerns?
The interoperability and patient access final rule requires healthcare organizations to take steps to ensure the security of PHI in transit.
For example, they must use encryption methods when sending messages via email or text message. They should also require two-factor authentication for users who log into their interoperable health information exchange (HIE) portals.
The CMS made the following promises to protect payers who submit and exchange data via APIs and USCDI data sets in the final rule:
If a payer reasonably believes that granting access to the Patient Access API would pose an unacceptable level of risk to the security of PHI on its systems based on objective and verifiable criteria, it may deny access.
Payers must offer enrollees information on risk factors and practical ways to protect their privacy and security, as well as how to file complaints with OCR or the FTC.
Payers may request that 3rd-party apps attest to having specific data included in their privacy policy and notify patients about this attestation.
When a third party or the patient to whom the PHI has been released by the Payer breaches a PII, payers are not responsible for notification obligations. The regulation also makes clear that privacy concerns outside of HIPAA's scope are handled by the FTC under section 5 of the FTC Act.
What is a patient access API?
The FHIR API is free, open-source software that app creators can use to access their patients' own personal medical data. The patient access API is one of the ways that the interoperability and patient access final rule will be enforced. This API will allow patients to view their lab test results, medication history, and other health information in a user-friendly format.
What is the FHIR standard?
The interoperability and patient access final rule require healthcare organizations to utilize the FHIR standard. This is a set of standards for building APIs that may exchange health data among systems securely (without breaching privacy or security regulations).
Who are CMS-regulated payers?
CMS-regulated payers are health plans, Medicare Advantage organizations, and certain third-party administrators that contract with CMS to provide or administer Part A or B of the Medicare program. These include:
Blue Cross/Blue Shield
Group Health Plans
Managed Medicaid Organizations
What types of payers are exempt from interoperability and patient access?
CMS has stated that many smaller organizations will be excluded from this rule. These include:
Health care providers with fewer than 50 employees.
Pharmacies or retail establishments without insurance claims processing capabilities.
Providers of laboratory tests who only send orders to laboratories, do not receive test results, and do not have an interoperable patient portal
Final Thoughts on The Interoperability and Patient Access Rule
The Interoperability and Patient Access Final Rule was introduced to improve the efficiency and effectiveness of patient healthcare.
It aims to do that by increasing the speed and security with which data is transferred between payers, providers, and patients.
Hopefully, this article has helped you gain a better understanding of how these regulations apply to your laboratory.
For more information, visit CMS Patient Access Rule.