CMS is also bringing additional standards for more secure ways to share protected health information and to allow patients to have more visibility into how their own data is being shared. This is required to operate through Health Level 7 International’s Fast Healthcare Interoperability Resources (FHIR) Release 4.0.1 as the foundational standard to support the exchange of data through an application programming interface, or API.

While the purpose of the final rule is to bring more visibility and standardization to medical data sharing, there is a cost to the payers, providers and health systems to have the technology and process in place. As they get started on compliance efforts, healthcare organizations should focus on communication, security and identifying the tools that best meet their needs. HealthTech spoke with professionals in the healthcare industry about best practices to help organizations bolster their compliance efforts.

Communicate Effectively About Implementation of Software Changes

“Providers and hospitals will have to bear the financial and resource requirements to build out their electronic medical record and health information exchange environments in compliance with the final rule,” says Donna Morrow, vice president of clinical operations and client success at Noteworth, a comprehensive virtual care delivery platform. “The impact will reach beyond the providers into vendor partners, IT and development teams to meet the needs of the development, testing and implementation of software changes and API connections.”

LEARN MORE: Here’s how to create an effective security regulation compliance strategy.

Implementation should start with a communication plan for providers and support staff on the requirements of the changes for information sharing and up-to-date provider contact information, Morrow says. Patients also need to understand the improvements to data sharing in safe and secure ways, she adds.

“First, start by holding the EMR and other health IT vendors accountable for the role they play in supporting the necessary interoperability,” she says. “Second, support full adoption of your EMR and other clinical documentation environments to support the quality and integrity of the patient data.”

Morrow, who is also a registered nurse, notes that it’s important to always put the patient at the center of any financial and technology decisions, and build an environment of trust to support complete health information exchange.

Build Multiple Security Layers in the EHR Infrastructure

Deepak Sadagopan, senior vice president of value-based care and population health informatics at Providence St. Joseph Health in Renton, Wash., says the initial set of interoperability deadlines that providers are confronted with, such as sharing admissions, discharge and transfer (ADT) data, do not pose a significant challenge. Most providers have been working on this for years through efforts to support meaningful use and promote interoperability.

“The EHRs we use are all able to exchange that information,” Sadagopan says. “The challenge for providers with the initial set of deadlines relates to administration.”

CMS has asked healthcare providers to register all interoperability contact information through the National Plan and Provider Enumeration System (NPPES).

“That’s an incredibly manual activity,” he says. “We’d love some tools to help with that, but at this point, it is a more human-overseen process.”