Skip to main content

New CMS Data Interoperability Rule Takes Effect July 1

Analysis  |  By Scott Mace  
   June 22, 2021

The rule aims to free data from silos to promote interoperability between payers and providers.

On July 1, a final rule by the Centers for Medicare & Medicaid Services (CMS) takes effect, and aims to continue, as CMS says, "to build on its roadmap to improve interoperability and health information access for patients, providers, and payers." When implemented effectively, health information exchange (interoperability) can also reduce the burden of certain administrative processes, such as prior authorization. We have issued regulations that will drive change in how clinical and administrative information is exchanged between payers, providers and patients, and will support more efficient care coordination."

To understand the impact of the rule, HealthLeaders reached out to two technology companies working on enabling healthcare organizations to meet the requirements of the rule. We posed identical questions in separate interviews to Don Searing, PhD, vice president of solutions architecture at HGS Healthcare Technology, a consulting organization deploying people, process, and technology platform improvements; and Minal Patel, president and CEO of Abacus Insights, which provides a data integration and interoperability platform that enables health plans and their providers to create a more personalized healthcare experience for consumers

HealthLeaders: What does the CMS mandate beginning in July mean for payers, providers, and patients?

Don Searing: At its root, the new rule means data should be released from its current proprietary silos to facilitate the healthcare journeys of members and patients.

Today, most patients are familiar with going from one provider to the next (e.g., from your PCP to a specialist or lab), and having to: 1) carry information from one doctor to the other, 2) explain their symptoms repeatedly, and 3) be responsible for coordinating their own care across the providers. Additionally, many have health or wellness apps that do not have access to their provider health data and that cannot provide data to their doctor.

The goal of the rule is to knock down these barriers—some technical, some regulatory, some procedural—and to provide a system for providers and applications to communicate with each other and allow data to move seamlessly between all the tools and providers a patient or member interacts with.

For patients, this is great news. But with this power comes a lot of additional responsibility, as each member must manage the access to their data as it moves through this system.

The payers and providers will have a heavier initial lift as they modify or upgrade existing systems to ensure the APIs (FHIR, etc.) are enabled and provide a way for their members and patients to authorize the usage of their data in a secure and auditable way. Most payers and providers are focused on opening these gateways right now and have not even scratched the surface of what they plan to do with the data they may now gain access to.

Minal Patel: The Centers for Medicare & Medicaid Services mandate gives consumers free electronic access to their structured and unstructured healthcare information by requiring health plans to make that data interoperable and shareable with consumers, providers, and other health plans.

For patients, the mandate represents a step forward in being able to access insightful, actionable healthcare data in a timely fashion, so they can make better decisions about their health. Patients can also incorporate new sources of data, for example from wearable devices, into their health history for a more comprehensive picture. They will also be able to learn more about the healthcare providers in their area so their choices will be better informed.

Providers, with the necessary patient consent, will be able to access claims data, electronic health records, and other information that can better inform treatment decisions for their patients leading to better health outcomes.

Payers can use the trove of valuable information they have about patients, physicians, and the efficacy of various treatment courses to improve the member experience and help improve health outcomes. Healthcare data—if analyzed and used properly—can help insurers keep their membership healthier, better understand risk, and run their businesses more efficiently and cost-effectively.

HL: What new obligations or responsibilities does this place on each party?

Searing: Patients are now the owners of all their data and are responsible for providing access to it. Groups like the CARIN Alliance have been working to try to standardize this process and make it easier to provide access to various providers and health applications. I foresee this will be an area of confusion for patients as they understand their new role.

Payers and providers will have to update or even rebuild their systems to ensure they are compliant with the specified access rules and the required APIs. However, just making these ports accessible and open does not mean that anyone will know what to do with the new data and access. That will come down the road as those of us in the industry develop the use cases.

Payers have a unique opportunity to play the role of data aggregator as they currently have the best view of member health due to all the claims they receive from providers and pharmacies. Look to insurers expanding their care management services to incorporate more health and wellness/fitness data as some of their first forays into expanding capabilities.

Patel: Health plans must make data available to patients in a form that is easy to use. Health plans need to also ensure that the data is protected, secure, and in an environment that is essentially direct-to-consumer. Individuals that decide to use third-party applications to access their health data or connect it to other third-party applications, such as wellness applications, need to understand the privacy and security rules of those applications so that they are not unknowingly distributing their health data to outside sources.

HL: Consent rules vary by state. How does this affect the ability of the new regulation to perform as lawmakers intended?

Searing: I think that as patients—and the apps that represent them—start to run into challenges in varying consent rules, we will see further guidance from CMS. We will either see the industry move quickly to set a common denominator and reduce variation in the system (like how California’s more stringent privacy laws have become the common approach across all states), or we will see organizations lobbying CMS to push for a federal consent standard.

Patel: Health plans that operate in multiple states will need to be knowledgeable about the possible, and likely, differing rules for consent. The onus is on the health plan to ensure that health data is protected, and this adds a layer of complexity that goes well beyond the addition of a FHIR server. Health plans will need to have a strategy in place to meet various state requirements, appropriate security safeguards, and technical expertise to ensure that PHI is not released to unauthorized entities.

HL: If agencies merely comply with the mandate, without matching its spirit of improving appropriate data sharing and disclosure, will anything really change?

Searing: Previously, CMS was very specific in putting all industry players on notice that a) this data was the property of the patient and 2) no barriers could be put in the way of patient access to it. These statements were directed at companies who traditionally limited access to the data within their systems. CMS has made clear that these principles are not negotiable, and that information blocking will not be allowed.

Many of these organizations struggle to even share information between their internal departments. So, while the information may be available, I would not expect it to be of very high quality.

Patel: Patients will have access to their data, but the real change comes when plans use the mandate to transform their businesses.

At Abacus Insights, we believe this will be transformational across our industry. The mandate requires investment in strong data infrastructure platforms. A strong data infrastructure is rapidly followed by the adoption of analytics. Health plans today can use compliance with federal data-sharing requirements to transform their operations and improve health outcomes. By fully upgrading their systems for analyzing and sharing data, plans can make data available to doctor’s offices, hospitals, urgent care clinics, pharmacies, dialysis centers, and labs along with digital health innovators. With a complete health picture and access to data, providers and patients can make better decisions, leading to better health outcomes.

HL: What are the crucial standardized interfaces (such as FHIR) enabling this interoperability, and what role do they play in giving all participants measurable results?

Searing: Any rule demanding interoperability that is going to have a chance at implementation must have a set of APIs and an underlying, open technical architecture that all participants can buy into. FHIR is a fantastic start at laying the groundwork for these kinds of services, making it easy for developers and product companies to add them to their standard integration libraries. It is critical that these remain open and active as we move forward and start to iterate on the new solutions that will come to market. Just as EDI allowed many companies to standardize a lot of transactions (enrollment, purchasing, payment, etc.), I expect that the FHIR standard, and the HL7 it is based upon, will be critical to implementing this rule—just as standards have created entire other industries like Wi-Fi and the internet.

Patel: Until a few months ago, the standard for how data would be shared among healthcare entities was not established. As a result, health plans were building to a moving target. Earlier this year, ONC issued guidance that FHIR would be the describing data formats and elements and a standard API for sharing data. FHIR builds on previous data format standards from HL7. Even with the FHIR standard in place, health plans and other entities need to ensure that they are implemented in a standard way. This has been one of the most challenging aspects of meeting the mandate. If the APIs are not aligned, it’s possible that data will not be able to be shared with patients as well as posing possible security risks.

The FHIR standards are foundational to how data is accessed and shared among entities. Taking the guesswork out of what to expect means that organizations can now focus on data quality and data analytics to drive better insights and outcomes.

Scott Mace is a contributing writer for HealthLeaders.


The goal of the rule is to knock down barriers to providers and applications to communicate with each other and allow data to move seamlessly.

The mandate represents a step forward for patients being able to access insightful, actionable healthcare data in a timely fashion, so they can make better decisions about their health.

State variation on patient consent means the industry must quickly set a common denominator and reduce variation, or organizations will lobby CMS to push for a federal consent standard.

Get the latest on healthcare leadership in your inbox.