March 2020
Katie Devlin
The Office of the National Coordinator (ONC) the principal federal entity charged with coordination of nationwide efforts to implement and use the most advanced health information technology and the electronic exchange of health information, released its final rules this week around interoperability.
What are the implications for the use of electronic health data for underwriting and claims adjudication in the insurance industry?
A few key takeaways:
The rules are complex, and the proposed changes are large. Even as enacted, aspects of the new rules roll out in 2021 and will not be fully implemented until 2023. Using history as a guide, there are no guarantee that even these timelines will be met and that there will not be additional changes made in the interim.
Importantly though, the general tenor of the new rules are very positive for the insurance use case – the quantity and quality of data available in electronic health records should only improve and there are strict prohibitions against not providing access to data where appropriate controls are being met.
The focus of the final rules is to empower the patient, putting them in control when it comes to directing who can access their health data. While there is a significant amount of information to digest, there are a few areas for insurance carriers to focus on:
Interoperability
EHRs now must use the USCDI as the standard for interoperability, which is replacing the CCDS. The USCDI includes components such as clinical notes, allergies, meds and other data that helps to ensure information is easily interpreted when exchanged (you can find all elements here). Many of these elements are available in the documents carriers get electronically today, but the quality can vary from provider to provider. Quality of data should improve given the expected increase in consistently available structured data elements spelled out in the new regulations.
Clareto continues to aggressively grow our network and connect to as many data sources as possible. Our core competency of connecting to existing systems and national networks remains our primary focus given how critical this will be to advance utilization of EHD by insurers. Clareto is currently connected to eHealth Exchange and Carequality and is looking at opportunities to leverage Commonwell when it becomes available for non-treatment (insurance) use cases.
Information Blocking
One of the conditions for EHR certification now includes attestation that developers do not engage in information blocking and prohibits them from using EHR contracts as an excuse to limit communication around usability, security and interoperability. This allows providers and healthcare organizations to more openly communicate around these issues and will improve the way that data is shared. It will hopefully promote competition among the EHR developers and make for better products.
This also means that when health information (anything within the USCDI) is requested by a patient or with a valid authorization, the provider or healthcare organization must be able to export that data electronically. There are 8 exceptions called out for when information blocking is considered reasonable and they involve patient safety, privacy/security, and certain business practices (you can find all 8 exceptions here). As an industry, we must continue to push for fewer special authorizations and seeing more organizations move to an auto-release state
For EHR developers, the timeline for attestation is April 2021; providers have until 2023 to get the technology in place to export the data electronically. In the future, this may be helpful for streamlining the process and improving the way information is released to carriers…
Today, Clareto is fortunate to have some participating HIEs already auto releasing the data, with several others already working on it. Being part of Veradigm’s TPP program, Clareto is able to get Allscripts, Next Gen and Practice Fusion records auto-released as well. There’s also been an uptick in the Epic providers that implemented auto-release functionality and will likely continue trending this way.
Patient Access
With the goal of the rule being to increase patient access to their data without special effort (ie., technology or development), they are now able to choose any third-party application to share or manage their health data. Developers of Health IT apps will be required to use FHIR version 4 as the API standard. They’ll also have to meet certification criteria and also publish the APIs.
There will likely be an increase in the use of apps to manage certain conditions and get more involved in their healthcare. Patients will need to be cautious in choosing apps, ensuring that their data is protected properly. This includes paying more attention to End User License Agreements and understanding the repercussions of sharing their data. Once it is out of the healthcare organization and in the patient’s hands, it no longer has the same protections as it does under HIPAA.
Overall, the effort needed to get new capabilities in place will take time but will likely benefit the insurance industry in the long-term. Key takeaways include:
- Patient use of portal/apps – Carriers will still need to be cautious of getting partial data from a portal-type solution. For example, if the applicant is providing their data from a portal/ app that is only linked to a specialist or specific condition, the carrier runs the risk of missing other providers and critical information.
- Reduction of special authorizations– If a patient is using a valid HIPAA authorization to direct their information to a carrier, the provider risks the perception of information blocking and not complying. If a provider is found to “information block”, there are civil monetary penalties involved.
- Increase in automated release of records– Carriers may see more providers move to a model where they are no longer manually reviewing each authorization, and instead doing a post-transaction audit.
- Access to data via national networks– Providers are already exchanging data for patient care/treatment today. Carriers will be able to leverage these networks through Clareto as they become available.
With the introduction of the final rules being beneficial to the life and disability industry, carriers should continue to move forward with their electronic health strategy knowing the quality and availability of electronic health data will improve. Clareto will monitor the implementation of these new rules, providing relevant updates to carriers as they pilot and operationalize electronic health data.
Carriers interested in learning more about Clareto or this interpretation of the final rules should contact Katie Devlin at kdevlin@clareto.com.
Wondering how your insurance operations could be improved with electronic health data? Download our white paper.
Learn more. Send us a message
Dave Dorans has over 30+ years working for numerous industry leading companies in the insurance and financial services sector. A consistent theme in his experience is a focus on the transformation of the antiquated processes in the life insurance sector with the goal of making industry products more accessible to consumers. 
Steve Leighty is a 20+ year veteran in information technology and software development, with over 10 years focusing on healthcare innovation and interoperability. Steve has served as a software engineer, an architect, and in several managerial roles. He is the VP of IT and Operations and also serves as the Chief Information Security Officer for Clareto. 
Katie is an experienced leader, with a passion for driving digital health transformation. Prior to joining the Clareto team, Katie was Director of Electronic Health Strategy at MassMutual, where she had a proven track record for developing innovative strategies and solutions to acquiring electronic health data. 
