The mandate
Under CMS’ Interoperability and Patient Access Final Rule, payers offering government-purchased or subsidized plans must make members’ personalized health data available to them via third-party apps by July 1, 2021. In order to enable access, payers must build and implement Application Programming Interfaces (APIs), or standardized data transfer structures. Once implemented, patients can request personal clinical and claims data through third-party apps, introducing a new player to the health data ecosystem.
The problem
While interoperability gives members the opportunity to engage with their own health data, it also makes patient information more vulnerable to privacy risks. On top of apps having access to personalized health information (PHI), data that’s transferred to apps is no longer covered by HIPAA. This removes restrictions on how apps can collect and share PHI, creating opportunities for bad actors to aggregate and use patient data in ways that members are not aware of or did not intend.
The takeaway
While the Interoperability and Prior Authorization rule is not yet finalized, CMS has added a provision requiring payers obtain attestation from apps guaranteeing they follow certain privacy protocols. However, CMS has not specified what privacy protocols should be included and has not amended the circumstances in which a plan can deny apps access to their APIs. To fill this gap in federal guidance, industry groups have stepped in to create their own codes of conduct that cover three key elements of data privacy: disclosure and consent, data management and breach response. Plans must build off of these guidelines to educate their members on how to protect their PHI.
Create your free account to access 1 resource, including the latest research and webinars.
You have 1 free members-only resource remaining this month.
1 free members-only resources remaining
1 free members-only resources remaining
You've reached your limit of free insights
Never miss out on the latest innovative health care content tailored to you.
You've reached your limit of free insights
Never miss out on the latest innovative health care content tailored to you.
This content is available through your Curated Research partnership with Advisory Board. Click on ‘view this resource’ to read the full piece
Email ask@advisory.com to learn more
Never miss out on the latest innovative health care content tailored to you.
This is for members only. Learn more.
Never miss out on the latest innovative health care content tailored to you.