Under the CMS Interoperability and Patient Access Final Rule (CMS-9115-F), payers (health insurers) have several requirements for providing patients with easy access to their health information through a secure, online portal or app:

1. Secure Access: The portal or app must ensure that patient data is protected by robust security measures, including secure login processes and encryption to safeguard sensitive information.
2. Data Availability: Payers must provide access to a comprehensive set of data, including claims, encounter information, and clinical data. The portal should be updated regularly to reflect the most current information.
3. User-Friendly Design: The portal or app must be designed to be intuitive and easy to navigate. It should provide clear, accessible interfaces that allow patients to easily view, understand, and manage their health information.
4. Data Integration: The portal should integrate data from various sources, presenting a unified view of the patient’s health information. This includes claims, benefits, and clinical data.
5. Interoperability: The portal must use standardized APIs (Application Programming Interfaces) to ensure compatibility with other systems and to facilitate seamless data exchange with third-party applications if authorized by the patient.
6. Functionality: The portal should offer functionalities such as downloading health data, accessing historical records, and managing permissions for third-party apps. It should also support communication features for interacting with healthcare providers.
7. Compliance with Standards: The portal or app must comply with industry standards for health data sharing, including those set by the Health Level Seven International (HL7) Fast Healthcare Interoperability Resources (FHIR) and other relevant standards.
8. Support and Accessibility: Payers must provide support for users who encounter difficulties with the portal, and ensure the portal is accessible to individuals with disabilities, in compliance with accessibility standards.

These requirements aim to enhance patient engagement, promote transparency, and facilitate better management of personal health information.

What Data Needs to Be Included

Under the CMS Interoperability and Patient Access Final Rule (CMS-9115-F), payers (health insurers) must provide patients access to the following types of data:

1. Claims Data: Information about the healthcare services billed to and paid by the insurer, including details on procedures, dates of service, and associated costs.
2. Encounter Data: Records of interactions between patients and healthcare providers, including diagnostic codes, treatment details, and visit dates.
3. Clinical Data: Information related to the patient’s health status, including medical conditions, treatments, and clinical outcomes. This can encompass data such as lab results, medication lists, and care plans.
4. Provider Directory: Details of in-network providers, including their names, contact information, specialties, and locations.
5. Benefit Information: Information regarding the patient’s health insurance benefits, including coverage details, cost-sharing requirements (e.g., copayments, deductibles), and available services.

This data should be accessible through a secure, user-friendly online portal or app, allowing patients to view, manage, and use their health information effectively.

Under the CMS Interoperability and Patient Access Final Rule (CMS-9115-F), payers (health insurers) must adhere to specific accuracy and timeliness requirements when providing data to patients:

Accuracy Requirements

1. Data Accuracy: The data provided to patients must be accurate and up-to-date. This includes ensuring that all claims, encounter, clinical, and benefit information reflects the most recent and correct details.
2. Error Correction: Payers must have processes in place to correct inaccuracies in the data. Patients should be able to report errors, and insurers must address and rectify these issues promptly.
3. Consistent Information: The data presented must be consistent across various platforms and systems, avoiding discrepancies between different sources of information.

Timeliness Requirements

1. Real-Time Access: Payers must provide patients with real-time or near-real-time access to their health information. This means updates should be reflected in the portal or app as soon as they are available.
2. Data Refresh: Claims and encounter data should be updated regularly to ensure that patients have access to the most current information. The rule specifies a maximum timeframe for data updates, often requiring updates within one business day for certain types of data.
3. Provider Directory Updates: The provider directory must be updated regularly to reflect any changes in provider networks, ensuring that patients have access to accurate information about in-network providers.
4. Response Time: Payers should ensure that their systems are capable of providing timely responses to patient queries and requests for information.

These requirements are intended to enhance transparency, ensure patients have access to reliable information, and support effective management of their healthcare.