Healthcare technology policy, especially rules impacting payers, are coming at us at a fast and furious pace coupled with new enforcement teeth. Executives and leaders in payer organizations face a pivotal decision — Do they simply fulfill regulatory compliance requirements, or do they seize the opportunity to drive innovation and create a brighter future for healthcare and their own organizations? In this blog post, we explore the various organizational approaches to compliance and provide a detailed overview of the critical regulatory changes on the horizon, tailored to the audience of health insurance executives and payer technology leaders.

As policymaking becomes increasingly synchronized across federal agencies and intertwined with standards development efforts, policymaking is about raising the floor for data exchange and the spirit of the rule is as important as the letter. And yet, we still see organizations approaching compliance in vastly different ways:

1. Compliance as a Checkbox: Some organizations view regulatory compliance as a mere box to be ticked, meeting the bare minimum requirements. Historically, this approach might have sufficed, but in the evolving healthcare landscape, it's imperative to assess whether this philosophy aligns with your organization's long-term goals. Approaches that worked for you before may not work in the future.

2. Large Organizations and Glacial Pace: Large payer organizations often move at a slower pace. While they may initially focus on compliance, they tend to iterate on technology slowly to maintain complex existing systems. This approach is driven by the need to serve a high volume of customers but can hinder the ability to innovate swiftly. Having a plan for iterative innovation on a longer glide path is still going to result in progress. But there may be ways to speed up the innovation with smart adjustments to process and a clear method for prioritization.

3. Dedicated Innovation Teams: Forward-thinking payer organizations of all sizes can and do adopt a proactive stance on compliance. They dedicate teams to innovate and pilot new standards and technologies, staying ahead and directly or indirectly informing regulatory requirements. These organizations position themselves as industry leaders and enhance user satisfaction by reducing administrative burdens and streamlining workflows for both providers and policyholders.

Regardless of your organization’s current philosophy on regulatory compliance, interoperability projects are coming and need to get started.

Partner Selection and Culture Consideration

Most interoperability projects require more than internal resources. Selecting the right type of vendor or partner is critical. This is an especially crucial step in the context of many of the upcoming interoperability projects that have a compliance overlay. When choosing partners, consider their current state, existing real-world experience, culture, and experience with the new standards mentioned in regulations. Ensure that your partners align with your organization's values and objectives, as they play a pivotal role in helping you achieve your strategic goals and compliance. We often help clients develop criteria they need to support request for proposal cycles to order the work that needs to be done and understand the different types of partners they need across the technical stack to ensure they are savvy in their partner selection process. Reach out so we can help your organization.

Overview of Regulatory Changes on the Horizon

1.    Info-blocking Policy Enforcement: The U.S. Department of Health and Human Services (HHS) has proposed disincentives for healthcare providers who have been deemed to be information blocking. This policy's implications are far from subtle, spelling out real consequences for those who don't adhere to the rules. It's a gentle reminder to revisit your compliance status, ensuring that healthcare providers do not unduly obstruct the access, exchange, or utilization of electronic health information, except as strictly mandated by law or protected by a regulatory exception. While the scope of impacted players is tight, it demonstrates the direction our federal partners are headed. A quick compliance check might be just what's needed before you "close the door" for the night. Learn more about it here.
2.    Interop 3 - Advancing Interoperability & Improving Prior Authorization (PA): The clock is ticking, and the "Advancing Interoperability and Improving Prior Authorization Processes" rule is nearing its finalization, expected by the end of this year. This rule is a game-changer, set to require base clinical data exchange, increased coverage transparency and simplified prior authorization processes, with a goal to slash administrative burdens and boosting efficiency for providers and payers alike. Payer organizations and technology leaders: take heed – staying informed and preparing for these requirements is a non-negotiable imperative. If you haven't already commenced your journey toward compliance following the earlier NPRM, consider this your urgent wake-up call; you may well be trailing behind on this critical road to interoperability. You can delve into the details in our overview blog or the full rule, here. 
3.    Health Data, Technology, and Interoperability Certification Updates: ONC is phasing the release of policies starting with the release of HTI-1 NPRM released April 2023 that have an impact on interoperability. While the proposed rule might get overlooked by many plans because of the “certification” factor, the rule is more than that, with a hard focus on “transparency in algorithms” and “decision support interventions”. The rule is focused on value, quality and ensuring that algorithms that are used to make determinations about patient care are “unbiased”. Think predictive AI and Generative AI. Expect a final HTI-1 rule shortly and then in the hopper is HTI-2.  HTI-2 is expected to advance EHI sharing through standards adoption; the certification of health IT to support expanded uses of application programming interfaces (APIs), such as electronic prior authorization, patient engagement, and interoperable public health exchange; and supporting patient engagement and other information sharing principles under the information blocking regulations. While the proposed HTI-2 rule has yet to be released, it is anticipated to quickly follow HTI-1. Both of these ONC rules are expected to broaden impact certification requirements including for payer organizations and technology vendors. Keep your eyes peeled for this new proposed rule and be sure to participate in the comment period to have your voice heard. 
4.    TEFCA Finalization: The Trusted Exchange Framework and Common Agreement (TEFCA) has lofty objectives toward achieving nationwide interoperability. Several QHINS have been named and there are more to be announced. Version 2 of the agreement is expected to be finalized by the end of the year, which will bring greater clarity to stakeholders about how to operate within the framework or with its participants. Understanding this pivotal change and how it impacts day-to-day operations will be critical for all healthcare stakeholders, especially payers. While TEFCA landscape still holds many unknowns, there is increasing clarity that QHINs will need to support both existing document-based delivery and increasingly FHIR based transactions and payloads. 

The healthcare IT industry is undergoing a transformative phase, with regulatory compliance and innovation becoming increasingly intertwined. Payer technology executives and leaders must carefully consider their approach to compliance and partner selection. With the enforcement of existing policies approaching and final rules expected soon, being prepared and proactive is essential. Regulatory requirements are no longer a checkbox; they represent milestones of industry change. Embrace these changes to ready your organization for a brighter future and to maintain a competitive position in the evolving healthcare IT landscape.

Are you ready for this wave of transformative change across payer technology? If you need help, we’re here for you. POCP works with clients to dig deep into new policies and help connect the dots on how your interoperability roadmap may need to shift to be ready for compliance deadlines including prioritizing resources, identifying the right implementation guides to pick up and when and what attributes to look for in partners for projects. Stay ahead of the curve, be prepared, and adapt to the evolving healthcare landscape. Let us help by reaching out to me or Brian Dwyer (brian.dwyer@pocp.com ) to set up an exploratory meeting.