Skip to content

Knowledge Center

Episode 178: Pitfalls But Promise. The State of Healthcare Cybersecurity with Scott Mattila, COO & Chief Security Officer, Intraprise Health

February 29, 2024

In the ever-evolving world of health care, keeping up with regulations can be very complex. The recent CMS Interoperability and Prior Authorization final rule is a case in point, sparking discussions across the health care spectrum—from large EMR vendors like Cerner and Epic to smaller players still gauging the landscape.

During a recent Emerging Tech meeting, a diverse group of industry professionals, discussed the intricacies of these new regulations and their potential impact on everyone involved: payers, providers, and most importantly, patients.

The core issue at hand? Prior authorization processes. This administrative procedure, while crucial, is notorious for its time-consuming nature, often leading to delays in patient care. The meeting underscored a universal need for more efficient, transparent processes facilitated by technology.

One of the standout solutions from the discussion is the integration of API-based approaches to interoperability across health care platforms. These APIs could streamline communication between providers and payers, ensuring that vital information is shared swiftly and securely. One of the Emerging Tech Subworkgroup Co-Chairs, Ed Hafner, shared his experience with health plans, and emphasized the importance of seamless data flow, which could revolutionize patient care by cutting down unnecessary delays.  Particularly impactful is requesting if a prior authorization is even needed.   If not, the provider can immediately schedule their patient.

But with new solutions come new challenges. The implementation guides are evolving to cover many business exceptions with complex interactive bi-lateral communications; however, it is making the full implementation difficult. The group recognized the complexity of implementing these APIs, the need for robust data maintenance, and the trust issues surrounding the sharing of clinical data. A member from a smaller organization voiced concerns about the steep learning curve and the potential resource drain, highlighting the diverse readiness levels across the industry.

The group discussed the challenge of providers utilizing their EMR functions to capture their clinical data into structured form.  Today, many providers enter clinical data within their notes.  Without this diligence, it would be nearly impossible to pull the data into the FHIR server in the required USCDI format.   Several people mentioned that correcting this process is a critical success factor.

In an interesting twist, a hybrid model was proposed as a transitional solution: allowing providers to upload supporting documents through a web portal. This pragmatic approach could serve as a bridge while the industry works towards full API integration.   It was suggested that if the clinical data is non-structured, it would be difficult for the health plan to automate.

Another game-changer discussed was the prior authorization API's subscription capability. Imagine a world where health care providers receive immediate notifications about changes in prior authorization status—a member shared that their system has already turned this into reality, showcasing the tangible benefits of technological advancements.

However, automation is a double-edged sword. While it promises efficiency, the challenge lies in ensuring that medical policies keep pace with rapid medical advancements and that health plans can maintain up-to-date digital policies. The discussion also touched on the potential of artificial intelligence and natural language processing to manage unstructured data—a glimpse into the future of health care IT.

The meeting wrapped up with reflections on the transparency rule, requiring plans to disclose all their procedures publicly, and the critical role of patient access plans. The conversation painted a picture of a health care landscape on the cusp of a technological revolution yet grappling with the practicalities of implementation.

Discussion addressed the complexity for payers to digitize their policies.   The payers will need to modify the required documentation of many of their manual policies to accommodate the FHIR data profile requirements.   This adds a higher level of complexity to this process.

A comment was made regarding the Final Rule itself that encourages the provider to initiate queries for prior authorization responses taking more than seven days.   It was suggested to recommend to CMS that this communication be initiated by the payer via the subscription status exchange.

In summary, while the road ahead is paved with challenges, the dialogue between different stakeholders continues to foster innovative solutions. As the industry navigates these changes, the ultimate goal remains clear: improving patient care through more efficient, transparent, and interconnected processes.

Scroll To Top