Skip to main content
Skip to footer

Cures Act Deep Dive: Electronically Accessible Health Information

Published on 11/22/2017

From Thursday, November 30 through December 1, the Office of the National Coordinator for Health IT (ONC) will hold its Annual Meeting in Washington, DC. One of the hottest topics will be the upcoming release of the draft of Trusted Exchange Framework and Common Agreement (TEFCA) that will lay the groundwork for nationwide interoperability between networks.

This work signals the beginning of the implementation phase of the 21st Century Cures Act (the Cures Act). Since it passed into law in December 2016, the relatively ambitious and occasionally ambiguous wording in the Cures Act has left the health IT community anxious about how provisions around interoperability will play out.

Now is the time for national discussion and active participation to ensure that we are on the right path to achieve nationwide interoperability.

Today, we will unpack one of the most debated terms of the Cures Act.

The Cures Act calls for “all electronically accessible health information” to be shared/accessible “without special effort on the part of the user.” The key question to emerge from this sweeping requirement: What is meant by “all electronically accessible data?”

This creates a challenge in responding to the goals of the Cures Act. There is no magic switch that makes all data available “now,” particularly if we are not clear on what that means. Rome was not built in a day, and we must be realistic. It will take time and will raise further discussion to gain consensus around how this should be clearly defined.

Here are five important questions that must be addressed before we can interpret what “all electronically accessible health information” means.

Question #1: What type of data needs to be accessible?

Use cases will drive the type of data that need to be exchanged. For example, consider a patient transitioning from ICU to long-term care. Only some of the monitoring data from the 10 days in the ICU would be relevant or necessary for a typical post-discharge referral. However, all the data must be accessible when it is needed and requested. Access should not be limited to clinical data either. For example, when exchanging data with the patient, certain administrative and financial data must be accessible as well. We recommend considering the designated record set as defined under HIPAA as the next target beyond the common clinical data set currently outlined in the 2015 Certification Edition.

Question #2: How much data should be exchanged?

There is a tendency to pursue sending all data always. However, we can prevent overwhelming providers with unnecessary data by sending only the data required based on the provider’s judgement and clinical context. The provider should also have the opportunity to request additional relevant data as needed. All data should be accessible and available for exchange, but not all data should be expected to be accessed or exchanged every time. This approach will also yield further opportunities to right-size the exchange of data, i.e., enable access and exchange of the relevant, right amount of data.

Question #3: When is the data exchanged?

This is all use-case driven. Data exchange could happen after discharge. It might be accessed from within a workflow during a patient visit. Certain events can automatically yield exchange of data based on clearly defined criteria. In other cases, data may not need to be accessed or exchanged until a user requests it. We must support a mix of push and pull, publish and subscribe methods (e.g., Direct messaging, APIs and others) to access and exchange data for workflows when and where they need it.

Question #4: What standards do we use for transport, format and content to enable both computer and human consumable data?

If we do not define a standard means for how granular, structured and narrative the data needs to be, we will continue to map the full spectrum of data across providers for both the longitudinal health record and for population health. This creates expensive point-to-point solutions with limited aggregate value. One standard will not fit all, so a combination of standards will be required to meet the various use cases for access and exchange. Use of document exchange standards such as IHE Cross-Community Access for Imaging (XCA) should not be discounted, while data element level APIs that can further right-size data access and exchange from within the workflow should be aggressively pursued.

Question #5: What are the infrastructure requirements?

The necessary network capabilities must be in place to exchange data, whether through query-based networks like CommonWell Health Alliance or a secure email via Direct. National directories will be necessary to connect to the right party using the relevant access or exchange method (e.g., what is a provider’s direct address or the URL of a FHIR-based API endpoint?).

As we come together around the definition of all information, we should focus on the clinical and financial data directly associated with a patient for both direct patient care and population health. It should also include data necessary to support the reportable quality measures for federal, state and commercial payer reporting.

This will also be a careful balancing act. We must keep in mind use cases where existing laws constrain which types of data that can be included without a patient’s consent, and other examples where data should not be in the scope of the Cures Act’s references to all and complete.

There are many areas where we need to come together as an industry – and defining all information is only the start.

Our open business approach for interoperable technologies helps organizations advance patient care by securely exchanging and accessing information across the health care ecosystem. Learn more about our open and interoperable solutions.