19 May, 2022 | 3 min read

A Beginners Guide to Interoperability in Healthcare - Part 1

  • Joy Rathnayake
  • Associate Director/ Solutions Architect - WSO2

Photo by National Cancer Institute on Unsplash

Individuals around the world have visited hospitals, clinics, and other medical centers at some point during their lives. As a result, they often need to provide their healthcare information in the course of their visits. This brings us to the problem. 

The Problem

Consider these common issues faced by patients:

  • How often do patients fill the same sets of forms when visiting one or several medical institutions?
  • How often do patients provide similar information repeatedly to insurance providers, even when they change to a different provider?
  • In an emergency, do patients have readily available access to their past medical records, across several providers or even just one healthcare organization?

The answers to these are often a resounding “no”. Currently, all medical intuitions store/own all their patients’ health records. However, as this information currently resides in silos, it is of no value to patients themselves.

Now, consider the following. What if:

  • Patients could fill the required information once and could pull that information repeatedly without having to fill the same forms again, regardless of the number of medical institutions?
  • Patients could provide the required information to a single insurance provider once, and could share it across other insurance providers, clinics, hospitals, pharmacies, and more?
  • Patients could easily access and share past medical records including health conditions, treatments, clinical records, etc. across different medical institutions seamlessly?

If this sounds too good to be true, it's not. This is where Interoperability in Healthcare comes in. This is not just about being compliant with the US Centers for Medicare & Medicaid Services (CMS) regulations. This is about transforming the industry. However, interoperability can be risky as security and privacy must be present as the information is extremely sensitive. Having the right balance between interoperability, security, and privacy will lead the way towards Digital Healthcare Innovation. This is shown by Figure 1.

Figure 1: Digital Healthcare Innovation = Interoperability + Security & Privacy

This leads us to the solution. 

The Solution

As part of the Trump administration’s “MyHealthEData” initiative, the Interoperability and Patient Access final rule (CMS-9115-F) was introduced. This focuses on driving interoperability and patient access to health information by liberating patient data using CMS authority to regulate certain health plan issuers.

As part of this rule, the US government introduced new policies that give patients access to their health information and move the healthcare system toward greater interoperability. These new policies are the Provider Directory API policy, Patient Access API policy, and Payer-to-Payer Data Exchange policy, which are illustrated by Figure 2 below.

Figure 2: CMS-9115-F regulations and timelines | Source: WSO2

As a result, insurance providers, hospitals, pharmaceuticals, medical equipment providers, and other institutions that deal with patient and other healthcare information, must adhere to the above policies. This interoperability aims to provide patients with a seamless, integrated experience in the healthcare industry.

The Challenge

While CMS-9115-F (CMS in short) looks promising for patients, it causes multiple challenges to other stakeholders as shown below.

  • Health data are stored in several data sources including Electronic Medical Records (EMRs)/Electronic Health Records (EHRs), databases, file shares, etc. All these must connect with each other to provide meaningful information about the patient. Thus, an integration platform is necessary to connect these different data sources.
  • CMS mandates that all stakeholders adhere to a set of standards such as Health Level 7 Fast Healthcare Interoperability Resources (HL7 FHIR ®) and OpenID Connect. Thus, these different data sources must convert their data into HL7 FHIR® to be interoperable. Additionally, CMS mandates using OpenID Connect to provide security, which will take time and effort.
  • CMS mandates all stakeholders provide the right privacy by introducing consent management; there must be a platform in place to provide privacy on patient details.
  • CMS mandates that all information must be exposed as APIs/services so they can be consumed via third-party applications. This means we need a suitable API Management solution in place to expose, govern, and secure those services.

As such, there is plenty to be done to become CMS compliant. Stakeholders in healthcare will require a team of engineers and a set of products to build a solution to cater to these interoperability, privacy, and security requirements. These are shown by Figure 3, and involve:

  • Using a first-class Integration platform to connect all the different data sources to bring data together.
  • Using an Identity Management platform for security and privacy.
  • Using an API Management platform to expose this information as APIs/services with qualities of services (Qos) such as governance, management, security, etc.
  • Teams of skillful engineers to develop/convert the multiple data formats to HL7 FHIR ® standards and build APIs to expose them.

Figure 3: Challenges faced in Healthcare Interoperability

In our next article, we will focus on how these open healthcare systems enable interoperability.