Healthcare News & Insights

What’s new with patient information blocking and MyHealthEData

While attending HIMSS 2018, an administrator from the Centers for Medicare & Medicaid Services (CMS) announced the MyHealthEData Interoperability Initiative, which aims to “empower patients by ensuring they control their healthcare data and can decide how their data is going to be used, all while keeping that information safe and secure.” In this guest post, Chris Byers, CEO of a company that offers online forms and a data-collection platform, explains what MyHealthEData is, what it requires and the best way to ensure compliance.


The purpose of MyHealthEData is to provide patients with improved control of their data in electronic health record (EHR) systems. This can be accomplished through the removal of existing barriers that limit patients’ access to their information, such as information blocking techniques. By introducing MyHealthEData, CMS plans to provide patients with greater access to their own EHRs using the device of their preference.

This year, CMS didn’t wait for the support of the Healthcare Information and Management Systems Society (HIMSS) to announce their latest initiative and continued push toward nationwide interoperability. Instead, the day before the conference was set to start, the Department of Health and Human Services (HHS) announced their proposals for new interoperability and patient access rules. These rules aim to capitalize on the amount of time Americans currently spend on their smartphones to grant greater, mobile access to EHR data, free of charge.

Proposed rules

HHS laid out their proposed rules specifically, outlining the most critical components of interoperability, such as participation in health information exchange networks and overall data exchange. This vision stems from the 21st Century Cures Act, which aimed to decrease the constraints around data and information sharing.

The following requirements would be enforced within the new rule:

  • additional resources on EHR, privacy and security provided by payors
  • compliance from providers with new electronic notification requirements, and
  • better coordination between states for Medicare-Medicaid dually eligible beneficiaries through regularly submitted buy-in data.

In support of the initiative, including MyHealthEData and interoperability, CMS proposed by 2020 all healthcare organizations that do business with Medicare and Medicaid be required to share claims and other healthcare-related information with patients through electronic systems and an open application programming interface (API). This initiative will provide patients with more control over their healthcare information, as well as allow them to take any health data with them when they change plans. In addition to an open API, providers would be required to comply with new electronic notification standards. Any organizations not complying with regulations and partaking in information blocking should be publicly exposed.

The impact

The main groups impacted by the new requirements include CHIP-managed care entities, CHIP agencies using fee-for-service systems, Medicaid-managed care plans, Medicare Advantage organizations, Medicaid state agencies, hospitals and providers.

However, this rule also applies to any payors who offer Qualified Health Plans (QHP) through the federal market, but it doesn’t extend to insurers who offer employer-sponsored health insurance or stand-alone dental plans.

Best way to ensure compliance

Within this new HIPAA compliant, open API platform, what information should be granted to ensure all requirements are met? Here’s an overview:

  • administrative data
  • formularies
  • provider directories
  • claims and encounter data, and
  • pharmacy directories.

It’s important to keep in mind there are requirements around sharing this information with patients – specifically, time restraints. For example, data must be made available within one business day, and provider directory data should be updated within 30 calendar days after any changes are received.

This proposed rule is approaching finalization later in 2019, but CMS has already placed it in the Federal Register. Patient access and information sharing is shifting the healthcare landscape, and it’s important for providers and other organizations to embrace and comply with the new requirements.

Chris Byers is the CEO of Formstack, an Indianapolis-based company offering online forms and a data-collection platform.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.