New Policies

This rule finalizes new policies that help liberate health information and move the healthcare system toward greater interoperability.

Patient Access API:

CMS-regulated payers, specifically MA organizations, Medicaid Fee-for-Service (FFS) programs, Medicaid managed care plans, CHIP FFS programs, CHIP managed care entities, and QHP issuers on the FFEs, excluding issuers offering only Stand-alone dental plans (SADPs) and QHP issuers offering coverage in the Federally-facilitated Small Business Health Options Program (FF-SHOP), are required to implement and maintain a secure, standards-based (HL7 FHIR Release 4.0.1) API that allows patients to easily access their claims and encounter information, including cost, as well as a defined sub-set of their clinical information through third-party applications of their choice. Claims data, used in conjunction with clinical data, can offer a broader and more holistic understanding of an individual’s interactions with the healthcare system, leading to better decision-making and better health outcomes.

These payers are required to implement the Patient Access API beginning January 1, 2021 (for QHP issuers on the FFEs, plan years beginning on or after January 1, 2021).These payers are required to implement the Patient Access API beginning January 1, 2021 (for QHP issuers on the FFEs, plan years beginning on or after January 1, 2021).

Provider Directory API:

CMS-regulated payers noted above (except QHP issuers on the FFEs) are required by this rule to make provider directory information publicly available via a standards-based API. Making this information broadly available in this way will encourage innovation by allowing third-party application developers to access information so they can create services that help patients find providers for care and treatment, as well as help clinicians, find other providers for care coordination, in the most user-friendly and intuitive ways possible. Making this information more widely accessible is also a driver for improving the quality, accuracy, and timeliness of this information.

MA organizations, Medicaid and CHIP FFS programs, Medicaid managed care plans, and CHIP managed care entities are required to implement the Provider Directory API by January 1, 2021.

QHP issuers on the FFEs are already required to make provider directory information available in a specified, machine-readable format.

Payer-to-Payer Data Exchange:

CMS-regulated payers are required to exchange certain patient clinical data (specifically the U.S. Core Data for Interoperability (USCDI) version 1 data set) at the patient’s request, allowing the patient to take their information with them as they move from payer to payer over time to help create a cumulative health record with their current payer. Having a patient’s health information in one place will facilitate informed decision-making, efficient care, and ultimately can lead to better health outcomes.

These payers are required to implement a process for this data exchange beginning January 1, 2022 (for QHP issuers on the FFEs, plan years beginning on or after January 1, 2022).

Improving the Dually Eligible Experience by Increasing the Frequency of Federal-State Data Exchanges:

This final rule will update requirements for states to exchange certain enrollee data for individuals dually eligible for Medicare and Medicaid, including state buy-in files and “MMA files” (called the “MMA file” after the acronym for the Medicare Prescription Drug, Improvement and Modernization Act of 2003) from monthly to daily exchange to improve the dual-eligible beneficiary experience, ensuring beneficiaries are getting access to appropriate services and that these services are billed appropriately the first time, eliminating waste and burden.

States are required to implement this daily exchange starting April 1, 2022.

Public Reporting and Information Blocking:

Beginning in late 2020, and starting with data collected for the 2019 performance year data, CMS will publicly report eligible clinicians, hospitals, and critical access hospitals (CAHs) that may be information blocking based on how they attested to certain Promoting Interoperability Program requirements. Knowing which providers may have attested can help patients choose providers more likely to support electronic access to their health information.

Digital Contact Information:

CMS will begin publicly reporting in late 2020 those providers who do not list or update their digital contact information in the National Plan and Provider Enumeration System (NPPES). This includes providing digital contact information such as secure digital endpoints like a Direct Address and/or an FHIR API endpoint. Making the list of providers who do not provide this digital contact information public will encourage providers to make this valuable, secure contact information necessary to facilitate care coordination and data exchange easily accessible.

Admission, Discharge, and Transfer Event Notifications:

CMS is modifying Conditions of Participation (CoPs) to require hospitals, including psychiatric hospitals and CAHs, to send electronic patient event notifications of a patient’s admission, discharge, and/or transfer to another healthcare facility or to another community provider or practitioner. This will improve care coordination by allowing a receiving provider, facility, or practitioner to reach out to the patient and deliver appropriate follow-up care in a timely manner. This policy will be applicable 6 months after publication of this rule.

To view the CMS Interoperability and Patient Access final rule, visit
To view the ONC 21st Century Cures Act final rule, visit,

Last modified: March 26, 2020



Leave a Reply