Healthcare Interoperability: Shifting the Focus to the Patient

By Brad Frazier

Key takeaways

  1. Historically, lack of interoperability across the entire US healthcare system has detracted from patient care, leading to poor health outcomes and higher medical expenditures.
  2. The Interoperability and Patient Access rule finalized by the Centers for Medicare & Medicaid Services (CMS) aims to put patients at the center of our healthcare system.
  3. Technology can help patient data flow efficiently and securely through the healthcare system by using standards-based platforms and third-party apps, reducing the burden on healthcare providers and payers while delivering patient-centered care.
  4. The CMS Rule will incite even more innovation in health care, but it is ultimately patients who stand to benefit the most.
  5. Achieving nationwide interoperability and providing patients with unprecedented access to their electronic health information amid the complexities and securities associated with our healthcare system will not be easy, to say the least, but we must work together to break down the barriers and develop technology-based solutions that truly facilitate portability of patient data appropriately.

Key definitions

Patient data: Information about an individual patient, such as medical history, diagnoses, and medications, that may be relevant to decisions about current or future health. This includes a patient’s clinical, encounter, and claims data. As it pertains to this article, “patient data” is used interchangeably with “personal health information” and “personal health data.”

Electronic health record (EHR): Also known as an electronic medical record (EMR), an EHR refers to a healthcare provider’s electronic record of patient data, which is typically managed by a clinician (eg, physician) and/or healthcare institution (eg, hospital).

Interoperability: The ability of different computer systems or software, including applications and devices, to access, exchange, integrate, and cooperatively use data in a coordinated manner to provide timely and seamless portability of information, such as patient data.

Application programming interface (API): A set of definitions and protocols for building and integrating application software. To put it in perspective, an API is the software running on a server that receives data requests and sends responses, otherwise acting as a computing interface between software components and/or systems.

Revenue cycle management (RCM) systems: An RCM system refers to a healthcare provider’s electronic record of financial transactions (eg, billing, coding, collection) that result from the medical encounters between a patient and a healthcare provider and/or healthcare institution (eg, hospital). RCM itself is the financial process that healthcare providers use to track patient care episodes and revenue from patients, from their initial appointment or encounter with the healthcare system to their final payment of balance. Utilizing medical billing software, RCM unifies the business and clinical sides of health care by coupling administrative data with patient data.

Placing the patient at the center of health care is widely accepted, but how we achieve this goal is frequently debated

The vision that patients should be at the center of health care is undebatable, but what is often debated is the means for achieving this vision. In the United States, myriad problems with access to quality care coupled with lack of seamless data exchange across the healthcare continuum frequently impede patients from being directly involved in their health. Technology holds the key to patient-centered care through interoperability. But ensuring the privacy and security of patients’ personal health information must be a top priority for information technology (IT) developers as well as healthcare providers and payers.

On March 13, 2020, the US Centers for Medicare & Medicaid Services (CMS) announced the Interoperability and Patient Access final rule (CMS-9115-F), herein referred to as the “CMS Rule” for brevity. The intention of the rule is to put patients at the center of our healthcare system, “giving them access to their health information when they need it most and in a way they can best use it,” according to CMS. The rule is centered around health information accessibility by liberating patient data through interoperability standards and technology-based solutions, using CMS authority to regulate payers under its governance. The CMS Rule finalizes several new policies that go into effect in 2020 and 2021, including two vitally important policies for application programming interfaces (APIs).1 Specifically, the final rule requires CMS-regulated payers to implement and maintain a secure Patient Access API using technical standards that allow patients to easily access their claims and encounter information, including cost, as well as a defined subset of their clinical health information through third-party apps of their choice. The rule also requires CMS-regulated payers to make healthcare provider information publicly available via a standards-based Provider Directory API, which must be accessible via a digital end point on the payer’s website.1,2 Government-funded payers are required to implement both the Patient Access API and the Provider Directory API by January 1, 2021. As an additional measure, beginning in late 2020, CMS will publicly report eligible clinicians and hospitals that may be information blocking, based on how they attested to certain Promoting Interoperability Program requirements.2 The CMS Rule contains provisions to penalize information blocking or anti-competitive behavior that hinders the exchange of patient information by these healthcare providers. On the horizon, the rule also has requirements for enforcing payer-to-payer data exchange and increasing the frequency of federal-state data exchanges for individuals dually eligible for Medicare and Medicaid.

Identifying the right technical standards can help patient data flow securely and efficiently through the healthcare system, while reducing the burden on healthcare providers and payers2

In partnership with the Office of the National Coordinator for Health Information Technology (ONC), CMS has identified Health Level 7® (HL7) Fast Healthcare Interoperability Resources® (FHIR), release 4.0.1 (ie, V4), as the technical standard to support data exchange via secure APIs. CMS is adopting the standards for FHIR-based APIs being finalized by the US Department of Health and Human Services (HHS) in the ONC 21st Century Cures Act rule (45 CFR 170.215).2 In addition to HL7 FHIR, other technical standards being adopted by CMS include Substitutable Medical Applications and Reusable Technologies (SMART), which uses the OAuth 2.0 standard to provide secure authorization for a variety of app architectures and technology platforms, and OpenID Connect 1.0, which is an authentication layer built on top of the OAuth 2.0 standard to permit verification of end-user identities.

According to the agency, CMS is taking additional steps to protect personal data exchange and to provide payers and patients with opportunities for making informed decisions about sharing patient health information with third parties.2 These steps include adopting content and vocabulary standards for implementing the aforementioned policies and ensuring implementation guides and additional resources are freely available.1 Details of the standards and guides are provided in the announcement of the CMS Rule, and additional resources include Best Practices for Payers and App Developers and Patient Privacy and Security Resources, which are freely available in the public domain. Although a comprehensive discussion of these additional steps is beyond the scope of this article, a brief discussion of SMART on FHIR technical standards is provided below.

Use of SMART on FHIR and other technologies may help address the complexities of interoperable healthcare systems and patient access to health records

Different technology-based solutions may be able to help with finding much needed answers to the complexity of interoperability and patient access to electronic health information (EHI). In particular, SMART on FHIR allows independent third-party vendors to develop secure, innovative apps that interface with different healthcare systems, without having to be built in as part of electronic health records (EHRs) and while working within regulated guardrails.3,4 This technology enables patients and clinicians to easily and efficiently gain access to a library of healthcare system apps to securely access EHR data, which is comprised of clinical- and encounter-constructed information.4 The standards-based platform also permits patients to access their cost information, which is largely derived from claims data that is stored in revenue cycle management (RCM) systems, much like how clinical information is stored in EHRs. In totality, use of SMART on FHIR–based technologies will enable patients to access a suite of EHI, including clinical and cost information, which is the intention of the CMS Rule.

The SMART on FHIR platform utilizes resources that rely on standard ontologies and terminologies (eg, RxNorm, SNOMED CT).3 In doing so, this platform leverages the latest technologies to provide healthcare systems with a rigorous method for exchanging data between apps. The platform also has the capability of unifying healthcare data from multiple vendors. Thus, apps that use the SMART on FHIR platform could seemingly be used by any healthcare provider or payer equipped with these technologies, and conceivably all EHRs and RCM systems that are compatible with HL7 FHIR standards.4 Importantly, V4 provides the first set of normative FHIR resources. This normative designation means that future changes will be backward compatible,1 allowing apps on FHIR to speak a common language to account for version updates and uneven version adoption across platforms. Version 5 of FHIR is expected early next year, with even more content moving to normative resources as well as additional updates that can be used by IT developers to build standardized apps to further improve healthcare interoperability.

Breaking down barriers to patient access to electronic health information

Historically, lack of interoperability across the entire US healthcare system has detracted from patient care, leading to poor health outcomes and higher medical expenditures.2 The CMS Rule establishes policies that are intended to break down barriers in the nation’s healthcare system to improve interoperability and enable better access to patient EHI.1,2 Nonetheless, those opposed to the rule have criticized it for alleged shortcomings, citing concerns about data privacy as well as burdens on IT vendors along with healthcare providers and payers. On the other hand, those in favor believe there needs to be a regulatory push to spearhead greater interoperability and foster new opportunities for growth in the healthcare technology space.5 The table below (Table 1) summarizes the most commonly cited barriers (ie, cons) and enablers (ie, pros) to implementation of the CMS Rule, and a brief discussion follows. Additionally, we asked industry experts to weigh in on the topic.


Scott Dulitz
Scott Dulitz

There are certainly challenges to improving interoperability of healthcare systems and, ultimately, access to patient EHI. There are different types of healthcare providers and payers, hundreds of EHR platforms and RCM systems utilized across varying patient care settings, and a wide range of adopted technologies within these settings.6 Scott Dulitz, Chief Strategy Officer and Head of Corporate Development for TrialCard, a leader in patient access to care and technology-enabled market access solutions, reflected on these challenges, noting that there are a number of existing third-party solutions already on the market today that require healthcare providers to manually modify how they interact with EHRs, further adding to the complexity of widespread adoption. Dulitz added that the “CMS final rule will certainly put pressure on healthcare service providers to ‘open up’ their traditionally closed IT systems.” Amid these challenges, somehow patient data needs to be readily accessible and travel seamlessly and securely through a patient’s healthcare journey and throughout their lifetime. Let’s not pretend these challenges will be easy to overcome. Moreover, the barriers we all face might be even more formidable.

Jeff Patton, MD
Jeff Patton, MD

Perhaps at the top of the list of barriers are encryption and security concerns. With greater access to patient data comes higher risk of security breaches, each time users exchange EHI. Jeff Patton, MD, Chief Executive Officer, OneOncology, put it quite simply by stating that “sharing while protecting privacy” is the foremost barrier to interoperability. Some key opinion leaders in the EHR space also have raised concerns about liability and patient data being used without express permission from either the patient or their designated surrogate.7,8 Additionally, many health IT companies as well as healthcare provider and payer organizations are very concerned about the rapid implementation timelines imposed by the CMS Rule, which may not allow time for building the necessary security infrastructures to adequately protect patient information.5 However, given the current evolving COVID-19 pandemic, federal policy makers are evaluating whether to push back the timeline for implementing the CMS Rule.9 On the other hand, during a recent Health IT Advisory Committee (HITAC) meeting, Donald Rucker, MD, National Coordinator for Health IT, said the COVID-19 pandemic highlights the “urgent need” for better data sharing in health care and the importance of implementing the rules from CMS and HHS.5,9


Our experts provided key insights for breaking down barriers to enable healthcare system interoperability, ultimately ensuring patient access to EHI. Scott Dulitz highlighted that the technical standards being adopted are the “right tools” to facilitate implementation of the CMS Rule. According to Dulitz, SMART on FHIR is the open architecture platform that software engineers need in order to apply standards and consistency to the solutions they are developing. “One of the fastest pathways to ensuring a consistent approach to interoperability is through the development of a standardized approach,” said Dulitz. Furthermore, the technology infrastructure afforded by SMART on FHIR will allow healthcare providers and payers to verify authorization for an EHI request, while each entity simultaneously secures this data. Jeff Patton reiterated this point by indicating that it is imperative for healthcare providers and payers to work closely with third-party IT vendors on user authentication and data security.

When asked about suggestions to ensure the spirit of the CMS Rule is acted upon in a meaningful way and to derive maximum benefit from improving data sharing of health information, Dulitz pointed out that it will be critical to get testimonials from early adopters within the healthcare provider and payer industry segments to share how adhering to the new rule enhanced patient experience and drove better outcomes. “Technology companies and software engineers that capture requirements and develop real-world user stories through feedback from large healthcare provider and payer groups will be well positioned to overcome [these] barriers,” said Dulitz. He further added, “Healthcare consumerism is more than just a fad; patients now have an expectation of cost transparency at point of prescribing, and the spirt of the rule is focused on providing that [transparency].” With that said, this article closes by sharing a technology-based approach that supports the spirit of the CMS Rule and truly facilitates appropriate portability of patient data across the healthcare continuum.

Security breachesThe rule, as currently written, may not have enough provisions to adequately protect patients’ privacy.7
Liability issuesThe rule could result in app developers having access to patients’ data without their consent.7 The rule also may have the unintended consequence of sharing family members’ health data without their consent.8
IP protectionsSome of the requirements proposed by the rule could infringe upon intellectual property (IP) protections, such as algorithms and screenshots, for EHR vendors in particular.8
TimelinesThe timelines to implement interoperability regulations may not allow health IT companies and healthcare provider and payer organizations sufficient time for building security guardrails.5
Consumer demandsAs with many other facets of life, consumers (ie, patients) want information, choice, and competition when it comes to their health care. As consumer demands for access to their EHI gains traction, through software solutions like Apple Health Records and Health Companion®, EHR vendors will need to be interoperable.
OpportunitiesGiving patients access to their health data, on their smartphones and other electronic devices, will open up new business models of health care and will create a technology-connected healthcare app economy.5 The rule also unleashes IT innovation by allowing third-party app developers to create services that help patients find healthcare providers for care and treatment, as well as help clinicians find other healthcare providers for care coordination.2
TechnologiesSMART on FHIR provides a universal API platform that allows EHRs to operate more like apps than static software. These technical standards also are a driver for improving the accuracy, quality, and timeliness of information exchange, while reducing the burden on healthcare providers and payers and ensuring privacy and security of patient information are top priorities.
Best practicesRecognizing that the EHR and RCM marketplaces are highly fragmented, it will be critical for developers to identify best practices across these disparate platforms to ensure consistency of adoption.

AssistPoint®: a technology-based solution to improve access to care

As in many fields of health care, there is a crucial need in oncology to improve access to financial assistance in order to increase patients’ access to needed treatments. Patients with cancer who either do not receive or experience delays in accessing the treatment prescribed by their oncologist have a higher likelihood of diminished health outcomes, including greater risk for death. Oncology providers are also impacted by patient access issues, increasingly incurring bad debt resulting from unpaid financial obligations or payment delays. Although life sciences and charitable foundations offer financial assistance, accessing these programs can be extremely challenging for patients and healthcare providers alike.10 For various reasons, patients oftentimes cannot access information about financial assistance on their own,11,12 and healthcare providers frequently lack the necessary resources to sufficiently navigate these programs on behalf of their patients.10

Developing technology-based solutions to improve patient access to care is an imperative for Annexus Health. As a healthcare technology company, we developed AssistPoint®, which is a digitally connected, cloud-based enterprise platform that seamlessly connects healthcare providers with life science– and foundation-supported financial assistance programs for their patients. This software as a service (SaaS) enables secure, bidirectional data exchange that innovatively accelerates patient access to financial assistance through the healthcare provider–based platform. With AssistPoint®, healthcare providers are able to overcome many of the barriers to financial assistance cycle management and, ultimately, enable more patients with cancer to access the oncology treatment they need throughout their care journey.10 For life sciences and charitable foundations, the technology-driven solution simplifies access to their financial assistance programs for patients by digitally connecting within healthcare providers’ workflows. Since 2018, Annexus Health has enabled patients to gain access to financial assistance, with now over $308 million in total awards processed through AssistPoint®.


New federal regulations around data sharing intend to give patients unprecedented access to their healthcare information, much the way Americans already manage electronic information in other facets of life, such as managing their finances. The CMS Rule, specifically, will allow patients to access and download their EHI with third-party apps. To make this happen, healthcare providers, payers, and health IT vendors will need to adopt or further their API capabilities. Undoubtedly, the CMS Rule will change how we all exchange health information. Like any disruptive innovation, there will be barriers that must be overcome to embrace change and, more importantly, achieve success. Working together, sharing best practices, and adopting technical standards—as a healthcare community—are critical to the success of interoperability and patient access.

About the contributor

Brad Frazier

Brad Frazier leads the Engineering, Product, Customer Success, and Corporate Operations teams at Annexus Health. His background includes over twenty years of experience with diverse roles in the life sciences and healthcare technology industries. As Co-Founder, President, and COO of Annexus Health, Brad assists in setting the overall vision and strategic direction for the organization, with a focus on connecting patients to the care they need.

References: 1. Policies and technology for interoperability and burden reduction: CMS interoperability and patient access final rule. Centers for Medicare and Medicaid Services. 2. Interoperability and patient access fact sheet. Centers for Medicare and Medicaid Services. March 9, 2020. 3. Mandel JC, Kreda DA, Mandl KD, Kohane IS, Ramoni RB. SMART on FHIR: a standards-based, interoperable apps platform for electronic health records. J Am Med Inform Assoc. 2016;23(5):899-908. doi:10.1093/jamia/ocv189 4. Sinha S, Jensen M, Mullin S, Elkin PL. Safe opioid prescription: a SMART on FHIR approach to clinical decision support. Online J Public Health Inform. 2017;9(2):e193. doi:10.5210/ojphi.v9i2.8034 5. Landi H. ONC’s Rucker: interoperability puts American consumers in control of healthcare. Fierce Healthcare. March 18, 2020. 6. Sullivan T. Why EHR data interoperability is such a mess in 3 charts. Healthcare IT News. May 16, 2018. 7. Farr C. Epic’s CEO is urging hospital customers to oppose rules that would make it easier to share medical info. CNBC. January 22, 2020. 8. Landi H. Epic’s Judy Faulkner: ONC data blocking rule undermines privacy, intellectual property protections. Fierce Healthcare. December 9, 2019. 9. Landi H. HHS may delay implementation of data-sharing rules due to COVID-19 outbreak. Fierce Healthcare. March 19, 2020. 10. Baffone J. A technology-based solution to relieve financial toxicity. OBR Green. September 2019. 11. Choudhry NK, Lee JL, Agnew-Blais J, Corcoran C, Shrank WH. Drug company-sponsored patient assistance programs: a viable safety net? Health Aff (Millwood). 2009;28(3):827-834. doi:10.1377/hlthaff.28.3.827 12. Chisholm MA, DiPiro JT. Pharmaceutical manufacturer assistance programs. Arch Intern Med. 2002;162(7):780-784. doi:10.1001/archinte.162.7.780