This month, the 21st Century Cures Act goes into effect, which will give patients greater control over their data but also introduce new standards that will facilitate data sharing and integration through the use of APIs. This will lead to faster and better services for the end-user and more innovation opportunities for developers.

Compliance headaches

Developing applications that manage healthcare data is a delicate business in the United States given strict compliance regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), which stipulate stringent privacy and security safeguards for protecting how health information is used.

Meeting compliance regulations has been among the biggest challenges Making Sense has had to navigate when working with clients in the health insurance and law enforcement industries.

HIPAA compliance measures have to be built into the software and regulators regularly run audits with insurance providers.

The compliance required depends on the service provided. For example, a data base hosted in AWS cloud may have to be displayed in a specific way and with a certain level of encryption. Security protocols also have to be adhered to for the transmission of data to the server where it will be stored.

Legal protocols are required regarding patient authorizations for sharing their data with other healthcare professionals.

All of this can put certain limitations on the level of creativity an application developer can exercise when building a solution for a client.

The problem with carriers

In the healthcare insurance industry, data integration is fundamental. There has to be fluid communication of patient data between hospitals and the insurance carriers. Some 90% of files are shared using a standard electronic format called Electronic Data Interchange (EDI). This data is required, for example, for patient matching and demonstrating which insurance plans a person is eligible for.

The complications for integration occur when carriers diverge from the EDI standards, which is common practice. If a column is out of place or there is a misspelling in a name, this requires considerable amount of time and effort to correct.

New legislation

But there is good news. The 21st Century Cures Act, which goes into effect this month promises a whole new chapter of innovation in this industry, in particular in the area of interoperability.

The legislation, which was passed by US Congress in 2016, and is being implemented by the Office of the National Coordinator for Health Information Technology (ONC), will require the adoption of the Fast Healthcare Interoperability resources (FHIR) Release 4 standard in order to improve interoperability of healthcare data using APIs.

The old form of managing data using EDI is called batch processing, which requires processing information line by line and takes a long time. When this is shifted to APIs, data will flow back and forth in real time and workloads will run simultaneously.

Using an API architecture known as RESTful API, communication will flow much better, there will be fewer errors and meeting compliance requirements will be faster and easier.

The end-user also benefits by being able to contract insurance solutions more quickly and using mobile devices that are increasingly more powerful.

Giving the data back to the people

The 21st Century Cures Act will also put ownership of electronic health records (EHR) back into the hands of patients. It will prohibit patient information blocking and promote interoperability and exchange of patient data using third-party apps and APIs, which will mean opportunities for developers.

This should ultimately lead to more rapid services when dealing with patient health care data.

Covid-19 has accelerated a trend toward tele-medicine. However, while many on-line patient portals offer appointment scheduling and bill paying, access to patient health records has often been limited or hard to access.

The updated legislation will allow patients to have their personal health information sent to another party, be that a family member or another care provider, by simply signing a request.

Security and Transparency

As APIs are built on open-source protocols, the information shared is of public knowledge which means more transparency.

As for the data that needs to be secure and private, that’s where the HIPPA compliance comes in, given that it forces you to follow strict and specific procedures in the process of software implementation. Regulations like HIPAA are very specific on how and where data should be stored.

In security there is always shared responsibility and one has to assume that those who have access to the data do not misuse it.

Academic HealthPlans (AHP)

Making Sense has been working with Academic HealthPlans (AHP), one of the largest student health insurance management companies, nationwide.

After a discovery process, Making Sense detected that AHP needed to automate processes. Data about each student was being collected from schools and being uploaded manually each year, which was slow and ran the risk of human error.
AHP was seeking to double the number of clients while maintaining the same number of employees.

Making Sense deployed a mobile-first strategy for students and a web-based portal for university managers in a drive to improve UX and customer satisfaction.

The solution includes a system of applications integrating what were previously separate user experiences for two key functions: enrolling in health insurance; and waiving the need for health insurance. The system is also highly customizable, scalable, and automated.

Other industries

Smooth integration of sensitive data is also important in other industries, like law enforcement.

Making Sense previously worked on building an interoperable solution for COPsync Mobile, an application, now owned by Kologik, that gives law enforcement agencies the power to access and share data by eliminating departmental and bureaucratic barriers.

Working from a license plate number, COPsync Mobile searches hundreds of databases around the country in real-time to merge results and check for criminal backgrounds of a vehicle’s owner.

Previously, law enforcement officials were limited in their ability to act on felonies committed by criminals that had moved to another state or jurisdiction due to the slowness in accessing criminal records.

COPsync Mobile has advanced messaging capabilities to allow officers to communicate efficiently and securely. It also allows them to complete incident, arrest and crash and accident reports online.

Blue skies ahead

So, with new legislation on the horizon, the future looks bright for data integration in the healthcare industry. Not only will the 21st Century Cures Act require the use of APIs, meaning faster and more accurate communication between healthcare insurance carriers and hospitals, but patients will have more control over their data, which will ultimately lead to innovation in this industry.