AGENCY:

Centers for Medicare & Medicaid Services (CMS), Department of Health and Human Services (HHS).

ACTION:

Notification of enforcement discretion.

SUMMARY:

This notification is to inform the public that CMS is exercising its discretion in how it enforces the payer-to-payer data exchange provisions. As a matter of enforcement discretion, CMS does not expect to take action to enforce compliance with these specific provisions until we are able to address certain implementation challenges.

DATES:

The notification of enforcement discretion is effective on December 10, 2021.

FOR FURTHER INFORMATION CONTACT:

Alexandra Mugge, (410) 786-4457; or Lorraine Doo, (443) 615-1309.

SUPPLEMENTARY INFORMATION:

On May 1, 2020, we published the CMS Interoperability and Patient Access final rule (85 FR 25510) to establish policies that advance interoperability and patient access to health information. The rule required Medicare Advantage (MA) organizations, Medicaid managed care plans, Children's Health Insurance Program (CHIP) managed care entities, and Qualified Health Plan (QHP) issuers on the Federally-facilitated Exchanges (FFEs) (collectively referred to as “impacted payers”), to facilitate enhanced data sharing by exchanging data with other payers at the patient's request, starting January 1, 2022, for:

• MA organizations (42 CFR 422.119(f)); or
• Medicaid managed care plans (42 CFR 438.62(b)(1)(vi)); and CHIP managed care entities (42 CFR 457.1216).

For plan or policy years beginning on or after January 1, 2022, for QHP issuers on the FFEs (45 CFR 156.221(f)), as applicable. We also required these impacted payers to incorporate and maintain the data they receive through this payer-to-payer data exchange into the enrollee's record, with the goal of increasing transparency for patients, promoting better coordinated care, reducing administrative burden, and enabling patients to establish a collective patient health care record as they move throughout the health care system (see applicable regulations at (§ 422.119(f) for MA organizations; § 438.62(b)(1)(vi) for Medicaid managed care plans (and by extension under existing rules at § 457.1216, to CHIP managed care entities); and § 156.221(f)(i) through (iii) for QHP issuers on the FFEs). These policies are collectively referred to as the payer-to-payer data exchange requirement.

To provide payers with flexibility to support timely adoption and rapid implementation, CMS did not require an application programming interface (API) or any a specific mechanism for the payer-to-payer data exchange. Rather, we required impacted payers to receive data in whatever format it was sent and to send data in the form and format it was received, which ultimately complicated implementation by requiring payers to accept data in different formats.

Since the rule was finalized in May 2020, multiple impacted payers have indicated to CMS that the absence of a required standard or specification for the payer-to-payer data exchange requirement is creating challenges for implementation and may lead to differences in implementation across industry, poor data quality, operational challenges, and increased administrative burden. For example, payers expressed concerns about receiving volumes of portable document format (pdf) documents and files from other payers using a variety of technical approaches—from file transfer protocols (FTP), to email, to Fast Healthcare Interoperability Resources (FHIR). Payers explained that differences in implementation approaches may create gaps in patient health information that conflict directly with the intended goal of an interoperable payer-to-payer data exchange.

After listening to stakeholder concerns about implementing the payer-to-payer data exchange requirement and considering the potential for negative outcomes that impede, rather than support, interoperable payer-to-payer data exchange, CMS published three frequently asked questions (FAQs) on the CMS and HHS Good Guidance websites ^[1] to announce that it would be exercising enforcement discretion for the payer-to-payer data exchange requirement. In one of the FAQs, CMS encouraged payers that have already developed FHIR-based application API Start Printed Page 70413 solutions to support the payer-to-payer data exchange to continue to move forward with implementation. The FAQ noted that for those impacted payers that are not capable of making the data available in a FHIR-based format, we believed that this policy of exercising enforcement discretion would alleviate industry tension regarding implementation; avoid the risk of discordant, non-standard data flowing between payers; provide time for data standards to mature further; and allow payers additional time to implement the more sophisticated payer-to-payer data exchange solutions. We are now announcing that we expect to extend this exercise of enforcement discretion of the payer-to-payer data exchange requirement until we are able to address the identified implementation challenges through future rulemaking. We anticipate providing an update on any evaluation of this enforcement discretion notification and related actions during calendar year 2022. We continue to encourage impacted payers that have already developed FHIR-based API solutions to support payer-to-payer data exchange to continue to move forward with implementation and make this functionality available on January 1, 2022, or for plan or policy years beginning on or after January 1, 2022, in accordance with the CMS Interoperability and Patient Access final rule policies. However, for those impacted payers that are not capable of making the data available in a FHIR-based API format, we believe this exercise of enforcement discretion will alleviate issues regarding implementation; avoid the risk of discordant, non-standard data flowing between payers; provide time for data standards to further mature through constant development, testing, and reference implementations; and allow payers additional time to implement more sophisticated payer-to-payer data exchange solutions.

While the policy in this notification may result in temporary delay of some enrollees' ability to bring their data with them from one payer to the next, we believe this decision could ultimately lead to more standardization and cohesion of data about enrollees as CMS provides additional implementation guidance through future rulemaking.

Finally, our decision to exercise enforcement discretion for the payer-to-payer policy until future rulemaking is finalized does not affect any other existing regulatory requirements and implementation timelines finalized in the CMS Interoperability and Patient Access rule finalized on May 1, 2020.

Chiquita Brooks-LaSure, Administrator of the Centers for Medicare & Medicaid Services, approved this document on October 15, 2021.

Footnotes