Why the new interoperability rules don’t yet mean the death of the fax machine

  • Intake. Requesters need a simple way to make a request. While a number of companies streamline this part of the process, requesters still have to provide a version of the initial list that Jane compiled so that the company knows where to look for records.
  • Fulfillment. As Jane found when she tried to pull her records herself, getting access to records will require a mix of logins, emails, calls, letters, and even onsite visits. Companies that want to fulfill Jane’s request need to provide not only a portal and application programming interface (API) to pull information automatically where possible; they also must have call centers and employees embedded full-time at provider sites. Those employees might enable a request to be fulfilled by logging into the EHR on the provider’s behalf and printing, scanning, and faxing or uploading the necessary records.
  • Quality Control. Part of the challenge for providers is ensuring that they are providing the right records to the right requester. Sending out the wrong patient’s records can result in privacy violations and fines for the providers. Companies that facilitate this process have trained specialists checking that they have pulled and are providing the right records, and that all necessary authorizations are in place.
  • Distribution. Once the records have been pulled and gone through a quality process, they have to be served back up to the requester.
  • Patient-facing portals seek to make the intake process easier for patients. They offer one streamlined way of making requests and on the back-end, fulfill certain requests themselves and work with others to fulfill the rest. Portals may be affiliated with a specific provider organization or EHR, or seek to allow patients to pull all of their medical information in one place (e.g., Ciitizen, Picnic Health).
  • API companies build application programming interfaces (APIs) that enable integrations with electronic health record and payer systems and allow data to be pulled automatically by patient or, more frequently, other developers building applications for patients. The two challenges are (i) developing APIs that can pull enough information to satisfy requests (including clinical notes and other unstructured information), and (ii) hooking them up, which involves convincing electronic health record vendors and provider organizations to use the API. The new ONC rules require the proliferation of APIs and many companies are working to solve the problem (e.g., 1UpHealth, Commure, Health Gorilla, Moxe, Redox).
  • EHR companies are increasingly making data exchange easier between different organizations that use their systems, but a typical health system runs more than ten different EHR systems. There are different standards bodies and organizations focused on making it easier to exchange data directly between EHR systems (e.g., CareQuality, CommonWell), and most large EHRs belong to one or more of these organizations (including Epic, Cerner, AllScripts, etc.). However, we’re still a long way from a patient accessing their information in one EHR system and having that seamlessly pull in complete, corresponding records from other EHR systems.
  • Record retrieval companies focus on filling in all of the remaining gaps. These companies may offer their own APIs, but they are also the organizations that will embed on-site personnel and run call centers if that is what it takes to pull patient medical records (e.g., Ciox, Change, Inovalon, MRO, Verisma). While many startups frame this as the legacy way of doing things, the startups themselves are also often reliant on these companies to do the high-touch last-mile operational work of fulfillment.
  • API Access: Over the next few years, health insurers and EHR vendors need to make the electronic health information that they hold available via an API according to commonly accepted data standards.
  • No Information Blocking: The new rule also prohibits discouraging or impeding the exchange of electronic health information (a practice known as “information blocking”). The concern is that providers and EHR vendors have a commercial incentive to restrict access to patient data because having data only within their systems makes it harder for patients to switch organizations.
  • Patients can log into an application of their choosing and seamlessly pull their complete health information from across insurers, providers, labs, genetic testing companies, and health and wellness applications within minutes.
  • Physicians can pull data from one electronic health record system to another, and have that data summarized and synthesized so that the most salient information is easy to locate and process.
  • Research organizations and life sciences companies can rapidly build new patient registries on top of de-identified data, accelerating our understanding of disease and the pace of drug development.
  • Risk-bearing entities and provider organizations can frictionlessly exchange patient data to design systems of quality control and value-based care.
  • Entrepreneurs and technologists no longer see access to patient data as a constraint, and focus on value-added capabilities on top of patient data, giving patients the same number of choices that they have for budgeting or dieting applications.
  • Patient consent, compliance and privacy are built programmatically into all of these health data flows, offering a secure, federated architecture for the exchange of patient data and reducing the risk of privacy breaches across the industry.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Travis May

Travis May

Founder & President of Datavant. Fmr CEO of LiveRamp.