Who’s in Charge of Healthcare Interoperability?

Interoperability in healthcare involves making it easy to exchange medical records...

…And that’s where it gets complicated. The healthcare system is full of competing, highly-regulated participants with urgent needs. 

Different pharmacies, hospitals, and doctors have their own conflicting software. Researchers, insurers, and patients want interoperability too. Everyone has to agree on processes to share and update information reliably, without dangerous mistakes.

So despite decades of electronic health records, interoperability progress has been slow. Sometimes whole sectors of healthcare ignore the rules. Which begs the question - who’s in charge here?

Regulatory Agencies

ONC (Office of the National Coordinator for Healthcare Information Technology)

By the turn of the century, officials recognized that interoperability wouldn’t happen on its own. Creating a government agency was seen as the only way to make national progress in healthcare IT. ONC was established in 2004 with bipartisan support.

Their full name is a mouthful, but their initials signify interoperability. The ONC is the nation’s chief standards-setter, coordinator, and vendor certifier for healthcare information technology.

ONC’s mission has generally been some form of making health IT easy and valuable for clinicians, and incentivizing healthcare developers to build consumer-friendly services. ONC accomplishes this in a number of ways.

Developers might know ONC from their:

• Oversight of the Certification of Health IT, a set of expectations (including information sharing) that critical healthcare tools have to meet.
• Ownership of healthcare data standards - ranging from the United States Core Data for Interoperability (USCDI), to the Interoperability Standards Advisory, to the Electronic Clinical Quality Measures, to documentation for acute care.
• Assistance and input into standards like FHIR and C-CDA, and programs for opioid drug monitoring.
• Overseeing research into the infrastructure that underpins data-informed precision medicine.

Meanwhile, policy specialists can thank ONC for:

• Funding regional health information exchanges,
• Housing the Health Information Technology Advisory Committee, which submits annual reports to Congress,
• Comprehensive education around rules like anti-information blocking for providers, developers and patients.

ONC also writes federal health IT standards that align with best healthcare data practices. Other government agencies, including SAMHSA, frequently require healthcare organizations to meet ONC guidelines in order to receive funding.

ONC does it all on $87 million, a fraction of the $1.7 trillion 2022 federal healthcare budget.

CMS (Center for Medicare and Medicaid Services)

If ONC is specialized, CMS is generalized. CMS oversees the Medicare program, which serves over 63 million beneficiaries. CMS sets broad standards that apply to organizations which work with Medicare patients, effectively regulating most of the healthcare system.

CMS wasn’t created to advance interoperability. However, because interoperability improves care outcomes and population healthmonitoring, CMS has been heavily invested in promoting it.

CMS has taken actions to advance interoperability by:

• Running the Promoting Interoperability Programs, which pay hospitals and other care organizations based on their escalating use of EHR software. While technically voluntary, some healthcare organizations rely on these payments.
• Developing additional payment models, including value-based care, that incentivize real-time and historical knowledge of patient health histories.
• Requiring insurers to be able to export a patient’s clinical data for transfer to another insurer, in a USCDI-compatible format.
• Requiring insurers to create standards-based APIs for claims data and provider lists.
• Building or requiring APIs that use FHIR, the consensus open source data standard.
• Reporting on certain providers that attempt information blocking.

OCR (Office of Civil Rights)

The OCR has a number of health policy enforcement roles to play.

Most importantly, OCR enforces HIPAA, the most well-known law that patients can use to get their clinical information. Providers that make it difficult to receive, access or transfer records electronically could run afoul of HIPAA, just as if they’d be violating other anti-information blocking rules. In-person and telehealth organizations are both covered by HIPAA, as are many other entities.

OCR also has technical expertise, as they take the lead on handling healthcare cybersecurity.

OIG (Health & Human Services Office of the Inspector General)

Currently, the OIG is responsible for investigating most reports of information blocking, even though these claims are initially collected by ONC. 

OIG also decides whether or not to issue the penalties, including fines, for information blocking. Whether or not it will do so after October 6, 2022 - the first day it’s allowed to do so - is an important question.

HHS (Department of Health & Human Services)

This is a cabinet-level department, meaning that the head of the department has a direct line of contact to the President. HHS generally oversees federal healthcare efforts, and has direct oversight of ONC, CMS, OCR, and OIG.

Facilitatory Organizations

These groups don’t make the rules, but they’re still worth mentioning when it comes to medical data sharing.

HL7 (Health Level 7)

HL7 is a global standards development organization that created the major health data frameworks adopted by the US, including C-CDA and FHIR.

Sequoia Project

This group was designated by the ONC to develop TEFCA, a set of policies for healthcare data exchange over networks.

HIEs/HINs (Health Information Exchanges)

HIEs are networks, usually nonprofit organizations, that do local heath records exchange and in turn connect nationally (if you can find records).

Particle Health

Particle makes it easy for digital health companies to integrate with multiple HIEs using a single API, allowing them to build new tools with their patients' data.

By definition, interoperability will continue to be a collective effort between multiple agencies and organizations. All of us have a role to play in making interoperability happen.