What the HHS Final Interoperability Rule Means for Patient Health Data

Written by Lacey Jackson on March 11, 2020

Posted in Healthcare, IT + Security

Over the last year, healthcare professionals and informed patients have been highly anticipating two final rules that will change how providers, insurers, and patients exchange and access health data. In fact, you may have noticed a few posts from us over the past year discussing what these rules might mean for patient empowerment. Well, on March 9, 2020, Health and Human Services (HHS) and the Office of the National Coordinator (ONC) finally released Final Rule: 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program.

A major component of these two rules, which regulate the interoperability of patient health data, will allow patients to access and download their health records with third-party apps. Here’s how ONC opened their press release:

“The U.S. Department of Health and Human Services (HHS) today finalized two transformative rules that will give patients unprecedented safe, secure access to their health data. Interoperability has been pursued by multiple administrations and numerous laws, and today, these rules finally deliver on giving patients true access to their healthcare data to make informed healthcare decisions and better manage their care. Putting patients in charge of their health records is a key piece of giving patients more control in healthcare, and patient control is at the center of the Trump administration’s work toward a value-based healthcare system.”


What does this mean?

ONC’s rule could be a major win for patient empowerment. With secure, standards-based application programming interface (API) requirements, patients could have access to and control over their health information.

This rule was initially proposed at HIMSS19, and over the last year, the rule has been open to public comment. Amid concerns around COVID-19, HIMSS20 was cancelled. So, Alex Azar, Secretary of HHS; Seema Verma, CMS Administrator; and Donald Rucker, M.D., National Coordinator for Health IT, made the announcement by phone.

During the press call, Rucker described the policy as “an unprecedented rule allowing the safe and secure access of health information.” He continued, saying “Americans will now have electronic access to their health information on their smartphone if they choose.”


What is the public opinion about this rule?

On the call, Rucker noted that HHS and ONC had received over 2,000 public comments regarding the rule. Clearly, people had something to say. There are primarily two opinions when it comes to this rule.

Opponents—such as the EHR system, Epic—have voiced concern that there are not enough provisions protecting patient privacy and worry that the timeline for implementation is too aggressive. On the other hand, a number of major companies—including Apple, Cerner, and Microsoft—are vocal supporters. These companies see the rules as a positive push toward interoperability for the U.S. healthcare system.

For HHS, the ultimate goals of these final rules are to make healthcare data accessible to patients at no cost and to make pricing information more transparent. Regardless of opinion, these rules will certainly impact the American healthcare landscape and how providers use technology.


Who is affected?

Primarily, these rules apply to all hospitals, physicians, and health plans that receive any reimbursement through Medicare or Medicaid. These organizations, according to Rucker, will be required “to provide software access points to their EHR databases.” Additionally, there will also be some impact on certified health IT developers and health information networks/health information exchanges.

Organizations reimbursed through Medicare or Medicaid should be aware of three key pieces of the interoperability rule:

1. Information Blocking

ONC and HHS want to incentivize against information blocking. Information blocking is defined as any practice that might interfere with, prevent, or discourage access, exchange, or use of electronic health information. Starting in late 2020, CMS will begin publicly reporting clinicians and hospitals that may be information blocking. Ultimately, this could create a blacklist of violating facilities that providers will want to avoid getting on.

Read More: Check out this blog post where we dive deeper into the implications of information blocking.

2. Price Transparency

A core part of the rule is price transparency. According to CMS Administrator Seema Verma, “The days of patients being kept in the dark are over. In today’s digital age, our health system’s data sharing capacity shouldn’t be mired in the Stone Age.” This continued push for price transparency follows President Trump’s 2019 Executive Order on Improving Price and Quality Transparency in American Healthcare, which requires pricing information be made publicly available.

Read More: If you’re interested in a better understanding of price transparency, check out this blog post.

3. Compliance

Not all hospitals and providers have made strides toward interoperability over the last 10 years. Many organizations may not have the resources to address the requirements of this rule at the same pace. Rural hospitals, for example, have a lot of work ahead of them. Time will tell how CMS and ONC will address these concerns and support struggling organizations. When is this happening?

Here’s a look at a few key dates gathered from this final rule. Hospitals, physicians, and health plans will need to start meeting requirements as soon as six months following the publication of the final rule.


Late 2020

Public Reporting

In late 2020, CMS will publicly report clinicians, hospitals, and critical access hospitals that may be information blocking.

Digital Contact Information

Also in late 2020, CMS will begin publicly reporting providers that do not list or update their digital contact information in the National Plan and Provider Enumeration System.

ADT Event Notifications

Six months after the publication of the final rule, hospitals will need to be electronically sharing patient admissions, discharge, and transfer (ADT) event notifications with patients’ primary providers


Jan. 1, 2021

Patient Access

CMS-regulated payers will be required to implement and maintain a secure, standards-based (HL7 FHIR Release 4.0.1) API that allows patients to easily access their claims and encounter information, including cost, through a third-party app of their choice.

Provider Directory

By January 1, 2021, CMS-regulated payers will need to create a publicly available provider directory via a standards-based API.


January 1, 2022

Payer-to-payer data exchange

Payers will have to implement a process to exchange certain patient clinical data, specifically the U.S. Core Data for Interoperability, at the patient’s request.


The Bottom Line

These final interoperability rules call for healthcare organizations to give patients better access to their personal health data and clearer information about cost, empowering them to make informed decisions about what care they receive and where. It’s clear that in the coming years, the U.S. healthcare system will continue to incorporate more technology that promotes interoperability and patient empowerment.


Want more information on healthcare interoperability, but not sure where to start? Check out our free healthcare interoperability guide for a history of healthcare interoperability legislation, tips on achieving interoperability, and more.