Policies and Technology for Interoperability

January 17, 2023

Health information is exchanged and used by two or more systems when they are interoperable.

Once information is received, it is available for use. To be fully interoperable, all types of health IT will need to be developed over time. To promote interoperability across the healthcare system, HHS looks for opportunities to accelerate the development of interoperability.

Interoperability of Healthcare Systems

The interoperability of healthcare systems and the widespread exchange of information will lead to an improved ability to provide value-based, patient-centered care that lowers costs while improving outcomes.

In an ongoing effort to improve patient, provider, and payer access to health information, CMS continues to advance its roadmap. Similarly, health information exchange (interoperability) can also reduce administrative burdens associated with specific managerial procedures, such as prior authorization.

Through their regulations, payers, providers, and patients will exchange clinical and administrative information more efficiently, thereby facilitating better care coordination.

According to CMS regulations, payers are required or encouraged to use Application Programming Interfaces (APIs) to facilitate the electronic exchange of healthcare data - either between payers and patients or between payers and providers.

Through integration with mobile apps, electronic health records (EHRs), and practice management systems, APIs facilitate a more seamless way to exchange information.

In addition, the regulations provide policies that encourage improvements in procedures and policies so that decision-making and communication are simplified with the goal of reducing the burden of prior authorizations.


CMS issued two critical rules related to interoperability and burden reduction.

CMS Interoperability and Patient Access Final Rule

Interoperability and Patient Access rule (CMS-9115-F) is a rule that takes patients' needs into account and ensures they have access to their medical records as needed.

Under this final rule, CMS will be required to supervise Medicare Advantage (MA), Medicaid, Children's Health Insurance Program (CHIP), and Qualified Health Plans (QHP) issuers on Federally-facilitated Exchanges (FFE).

Due to the public health emergency caused by COVID-19, the CMS decided to enforce the policies regarding APIs for patients and the Provider Directory API for MA, CHIP, Medicare, and QHPs providers on the FFEs from January 1, 2021, to July 1, 2021. The new requirements became effective on July 1, 2021.

Provider Directory APIs are not required for QHP Issuers on the FFE; this rule does not apply.

CMS Interoperability and Prior Authorization Proposed Rule

As part of the proposed rule for interoperability and prior authorization (CMS-9123-P), the policy is built on the final CMS rule for interoperability and patient access. The proposed rule emphasizes that health information exchange is necessary for patients, medical professionals, and payers to obtain the appropriate access required to complete health records.

In addition to improving prior authorization processes through policies and technology, this proposed rule will ensure that patients remain in control of their care.

The CMS rule suggests enhancing specific policies from the CMS policy on interoperability by improving the prior authorization process. It also offers several new provisions the would foster data sharing as well as reducing payer, healthcare provider, and patient costs.

A proposed regulation by the Desk of the National Coordinator for Health Information Technology (ONC) under the 21st Century Cures Act:

CMS approved the ONC 21st Century Cures Act’s final rule, including technical, content, and vocabulary standards developed by the Department of Health and Human Services (HHS). Providers, payers, and prior authorization APIs are also available as HL7 Ingenuity Groups, though they are not yet mandatory.

By using them, payers help limit burdens while advancing our mutual goal of an interoperable healthcare system. CMS is also continually working with HL7 and other industry partners to ensure payers have free access to IGs and other resources if they so choose.

Interoperability and Patient Access Fact Sheet

The Interoperability and Patient Access final rule (CMS-9115-F) performs on the Administration’s agreement to put patients first, providing them access to their health information if they need it most and in a way they can use it. Due to Trump Administration’s My Health EData initiative, this final rule is concentrated on encouraging interoperability and patient access to health information by liberating patient data using CMS authority to regulate Medicare Advantage (MA), Medicaid, CHIP, and Qualified Health Plan (QHP) issuers on the Federally-facilitated Exchanges (FFEs).

The absence of seamless data exchange in healthcare has detracted from patient care, driving to poor health issues, and higher costs. The CMS Interoperability and Patient Access final rule sets policies that break down boundaries in the nation’s health method to facilitate better patient access to their health information, improve interoperability.

Privacy, Security, and Standards

Securing the privacy and security of patient information is the highest preference for CMS. Recognizing the right standards can improve data flow securely and efficiently. CMS, in cooperation with the Office of the National Coordinator for Health Information Technology (ONC), has recognized Health Level 7® (HL7) Fast Healthcare Interoperability Resources® (FHIR) Release 4.0.1 as the foundational model to promote data exchange via secure application programming interfaces (APIs). 

CMS is using the standards for FHIR-based APIs being settled by HHS in the ONC 21st Century Cures Act rule at 45 CFR 170.215. These conditions maintain the secrecy and safety of patient information.

CMS is using extra steps to give payers and patients opportunities and information to protect patient data and get educated choices about sharing patient health information with third parties.

New Policies

This rule achieves new policies that help release a health information and lead the healthcare system to more comprehensive interoperability.

Patient Access API: 

CMS-regulated payers, especially MA organizations, Medicaid Fee-for-Service (FFS) programs, Medicaid controlled care plans, CHIP FFS programs, CHIP led care entities, and QHP issuers on the FFEs, excluding issuers allowing only Stand-alone dental plans (SADPs) and QHP issuers giving coverage in the Federally-facilitated Small Business Health Options Program (FF-SHOP), are expected to achieve and manage a secure, standards-based (HL7 FHIR Release 4.0.1) API that allows patients to quickly access their rights and encounter data, including cost, as well as a defined sub-set of their clinical data through third-party applications. Claims data, used help in better understanding of an individual’s communications with the healthcare system, driving to more reliable decision-making and more helpful health results. These payers are expected to complete the Patient Access API beginning January 1, 2021.

Provider Directory API:

CMS-regulated payers noted above (except QHP issuers on the FFEs) are needed by this rule to make provider directory data publicly obtainable via a standards-based API. Making this data broadly available in this way will promote change by allowing third-party application developers to obtain data so they can build services that help patients find providers for care and treatment. This will also help clinicians, locate other providers for care coordination, in the most user-friendly way. Making this data more broadly available is also a driver for improving the quality, efficiency, and timeliness of this information. MA organizations, Medicaid and CHIP FFS programs, Medicaid controlled care plans, and CHIP managed care entities are needed to implement the Provider Directory API by January 1, 2021. QHP issuers on the FFEs are now expected to make provider directory data available in a specified, machine-readable format.

Payer-to-Payer Data Exchange:

CMS-regulated payers are expected to replace certain patient clinical data (specifically the U.S. Core Data for Interoperability (USCDI) version 1 data set) at the patient’s appeal, enabling the patient to take their data with them as they move from payer to payer. Keeping a patient’s health data will promote informed decision-making, effective care, and eventually can drive to better health results.

Improving the Dually Eligible Experience by Increasing the Frequency of Federal-State Data Exchanges:

This final rule will refresh demands for states to change some enrollee data for individuals dually eligible for Medicare and Medicaid, including state buy-in files and “MMA files” (called the “MMA file” after the acronym for the Medicare Prescription Drug, Improvement and Modernization Act of 2003) from monthly to daily exchange to promote the dual-eligible beneficiary experience, guaranteeing recipients are getting access to relevant assistance and that these services are billed properly the first time, reducing waste and burden. States are required to implement this daily exchange starting April 1, 2022.

Public Reporting and Information Blocking:

Starting in late 2020, and rising with data obtained for the 2019 performance year data, CMS will publicly report qualified clinicians, hospitals, and critical access hospitals (CAHs) that may be data blocking based on how they attested to certain Promoting Interoperability Program requirements. Identifying which providers may have attested can assist patients to choose providers more likely to promote electronic access to their health data.

Digital Contact Information:

CMS will start publicly reporting in late 2020 those providers who do not register or update their digital contact information in the National Plan and Provider Enumeration System (NPPES). This involves giving digital contact information such as secure digital endpoints like a Direct Address and/or an FHIR API endpoint. Making the list of providers who do not give this digital contact information public will help providers to make this important, secure contact data needed to facilitate care coordination and data exchange easily accessible.

Admission, Discharge, and Transfer Event Notifications:

CMS is changing Conditions of Participation (CoPs) to require hospitals, including psychiatric hospitals and CAHs, to conduct electronic patient event notifications of a patient’s admission, discharge, and/or transfer to another healthcare facility or another community provider or practitioner. This will enhance care coordination by enabling a receiving provider, facility, or practitioner to stand out to the patient and give proper follow-up care immediately. This policy will be applicable 12 months after the publication of this rule.

Latest articles.

Article headline