Interoperability – the ability of different systems, devices, and applications to work together within and across the healthcare industry – is closer to becoming a reality.

On March 9, the U.S. Department of Health and Human Services (HHS) issued two revolutionary rules related to interoperability and patient access. The goal? Providing people safe and secure access to their health data so that, in turn, they can make more informed healthcare decisions.

Here’s a brief overview of changes:

  • Prevents information blocking practices while identifying reasonable activities that aren’t considered information blocking.
  • Allows patients to access their electronic health data at no cost.
  • Enables providers using certified health IT to communicate with screenshots and videos, subject to rules and limitations.
  • Improves the flow of necessary electronic health information by using standardized data classes (e.g. allergies, clinical notes, and immunizations).
  • Institutes secure application programming interface (API) requirements so that patients can access and control their electronic health information.

Patient control is the foundation of value-based care, so this step towards healthcare interoperability is a big one.

Or is it?

Polarized industry?

Interoperability is a welcome concept in the healthcare community, which is understandable.

Who wouldn’t want patients to have easy access to their health data?

But that doesn’t mean everyone agrees with how we’re going to get there. Proponents of the two new rules say we’re headed in the right direction.

Alex Azar, HHS Secretary, had this to say: “These steps will dramatically improve American patients’ experience in health care. This is truly a major milestone and historic day in health care.”

But not everyone echoes that sentiment – specifically hospital representatives. Rick Pollack, the American Hospital Association President and CEO, thinks these new rules won’t adequately protect patient data:

“Today’s final rule fails to protect consumers’ most sensitive information about their personal health. The rule lacks the necessary guardrails to protect consumers from actors such as third-party apps that are not required to meet the same stringent privacy and security requirements as hospitals. This could lead to third party apps using personal health information in ways in which patients are unaware.”

It’s still an ongoing conversation. As important as patient access and control are, data security and privacy are right up there too.

For now, we’re still a long way away from successfully implementing interoperability. These final rules just pave the initial legislative path. There are still plenty of infrastructural hurdles to overcome and additional regulatory measures to enact.