Knowledge Center
Episode 178: Pitfalls But Promise. The State of Healthcare Cybersecurity with Scott Mattila, COO & Chief Security Officer, Intraprise Health
February 15, 2024
In a recent discussion by the WEDI Emerging Technology Subworkgroup, professionals discussed the challenges and opportunities associated with the new payer-to-payer data exchange requirements included in the Centers for Medicare & Medicaid Services (CMS Interoperability and Prior Authorization final rule. The conversation provided valuable insights into the evolving landscape of health care data exchange and the regulatory requirements impacting it.
A significant point of discussion revolved around the dynamics between payers required to adopt the requirements of the final rule and those payers that are not mandated. It was clarified that while non-impacted payers, such as those with commercial lines of business, are not obligated by the rule to provide data via API, they are strongly encouraged to respond to requests from impacted payers, like Medicaid agencies. This necessitates a collaborative approach where the requesting payer initiates a query to access the target payer's API, underlining the need for scalable authentication and identification mechanisms to facilitate this process.
The challenges of payer identification and the manual registration process for consumer apps and payers were also highlighted by the Subworkgroup participants. They discussed the inefficiencies present in the current system and the urgent need for automated registration processes that ensure trust and efficiency. The idea of a standardized, trusted system for dynamic client registration was proposed to overcome these hurdles, along with the suggestion of a marketplace or sandbox for API testing to normalize API implementation and address potential variations.
The group also discussed the upcoming requirement for plans to notify members about the new payer to payer API by January 2027, stressing the importance of early implementation and adherence to implementation guides. The challenges associated with handling and using mass exchange data once it's in the payer system were also deliberated, with insights offered on how to effectively manage new regulations on prior authorizations and data usage.
The conversation took a deep dive into the complexities of plan identification and prior authorization decisioning. The group explored how to navigate changes in plan names and the necessity of exposing claims and encounter data without financial details. The requirement for making unstructured data available for prior authorization determinations sparked discussions on this data exchange challenge, emphasizing the importance of structured and unstructured data in payer communications.
To address these challenges, the Subworkgroup discussed a series of potential industry actions: advocating for the use of recommended schemas, coordinating approaches with typical payer communities, and the importance of pre-connecting to many payers before compliance dates. They also discussed opportunities for the federal government to be more prescriptive on data use through payer-to-payer exchanges and reflected on the potential value of refreshing patient data quarterly for at least four quarters. The development of testing API sandboxes and certifications were also discussed as tactics to drive implementation.
The discussion underscored the complexity of health care payer-to-payer API-based data exchange and the collaborative efforts required to navigate these challenges. By leveraging technology and standardizing processes, and encouraging stakeholder collaboration, the goal of achieving efficient data flow and improving health care outcomes can be realized. The insights from this discussion offer a roadmap for forthcoming implementations and the continuous evolution of healthcare IT.