Posted: 19 Mar. 2020 16 min. read

Final interoperability rules are out, but many health stakeholders have already started

by Anne Phelps, principal, US Health Care Regulatory leader, Deloitte & Touche LLP

Watch our RegPulse blog for more information on the final rules.

In a blog post last summer, I used a personal experience to illustrate the promise of interoperability. My primary care physician, my ear, nose, and throat specialist (ENT), and my endocrinologist were able to electronically share information with each other (and with me) about a routine biopsy. I have a follow-up visit later this month with my ENT doctor who will continue to work with the other physicians to coordinate my care—even though they have no contractual relationship with each other. This scenario, which would have been unlikely just a few years ago, is becoming the new standard—driven by a combination of government regulations and consumer expectations.

On March 9, the US Department of Health and Humans Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) and the US Centers for Medicare and Medicaid Services (CMS) released final rules aimed at promoting interoperability. While the new rules go into effect in less than 10 months, many health care stakeholders have already taken steps to comply with the new rules (more about that later).

The regulations intend to make it easier for patients to access certain claims and encounter information (including cost) in a readily shareable format, and they establish new requirements for hospitals to send automated electronic notifications when an individual is admitted, discharged, and/or transferred to another facility. We see this as an important step in reaching Deloitte’s vision for the future of health where radically interoperable data empowers engaged consumers to sustain well-being and receive care in instances where well-being fails.

The White House has made the promotion of interoperability a major priority to help rein in health care costs, improve coordination of care, and enhance patient access and choice. In addition to interoperability, the administration called for increased price transparency within the health care system to help patients make choices about their care—armed with new pricing data and online tools. Over the last decade there has been an increased bipartisan push in Congress for improving digital health. Through a series of new laws, Congress highlighted three key goals for delivering health care in the future:1

1. Providers must share in the financial risk of care delivery

2. Financial risks and rewards must be tied to high-quality and cost-effective care

3. Providers must be able to communicate with each other and with patients to coordinate care—even when using outside contracted arrangements or networks—to create a truly interoperable health care system

While some stakeholders have touted the new rules as transformative, others were more cautious, citing concerns over the potential privacy risks to patient data and a fast-approaching compliance date less than a year away. Specifically, there were concerns that the earlier proposed guidance lacked privacy and security requirements for application-programming interfaces (APIs) and about making patient data available to third-party app developers. To address some of the privacy concerns raised in comments, the final rules include language that allows payers to ask third-party application developers to attest to certain privacy provisions, including whether the app developer’s privacy policy specifies secondary data uses. The final rule would allow health plans to tell members about such attestations from app developers.

The administration released its proposed interoperability rules in early 2019. They were expected to be finalized later in the year and go into effect on January 1 of this year. However, the volume of comments on the proposed rules delayed the final regulations and gave health care stakeholders a little breathing room. The new rules go into effect on January 1, 2021.

Will stakeholders be ready by January?

With an effective date less than a year away, there is no doubt that complying with the interoperability rules creates complex clinical, operational, and security challenges to health plans, hospitals, and health IT developers. These stakeholders will likely need to develop strategies to help maximize the benefit from these policies while also recognizing investment in—and commitment to—technical infrastructure, including cybersecurity. 

Few organizations have been sitting on their hands waiting for the final rules. Last spring, the Deloitte Center for Health Solutions surveyed 100 technology executives at health systems, health plans, biopharma companies, and medical technology companies to understand the current state of interoperability. According to our report on the proposed rules, 63 percent of health plan executives and 43 percent of health system leaders told us they planned to use the proposed rules as part of their broader strategy around interoperability.

In a follow-up report published last fall, we noted that our surveyed executives thought technology capabilities in health care were accelerating rapidly, and that the building blocks for interoperability are nearly in place. Nearly 80 percent said they have hired data architects to define their interoperability strategies, 73 percent have a dedicated and centralized team that oversees interoperability, and 57 percent have established an architecture strategy for interoperability across business functions.

Nearly half of these executives said interoperability would be “extremely important” to their organization in three to five years, while only about one-third of respondents said it was extremely important today. They acknowledged it is a long journey to reach systemwide interoperability and many challenges exist. However, they agreed that interoperability would be a linchpin in the future of health.

As I explained in my previous blog, the new rules are expected to make it easier for health plans, providers, and patients to coordinate care, analyze population health trends, manage benefits, and track health outcomes and costs more effectively. Today, our health care system is a collection of disconnected components (health plans, hospital systems, pharmaceutical companies, medical device manufacturers, etc.). In a world that is increasingly data driven, health care consumers are expecting information sharing that is seamless and instantaneous. We expect same-day appointments, that our records are available on-demand, and that our providers understand us and our medical history when we show up for an appointment. It is not about who owns medical information. It is about access, shareability, and transparency. It is about giving consumers more control over their health care. 


1. Patient Protection and Affordable Care Act (ACA), Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), 21st Century Cures Act of 2016.

Return to the Health Forward home page to discover more insights from our leaders.


Subscribe to the Health Forward blog via email

Get in touch

Anne Phelps

Anne Phelps


Anne Phelps is a Deloitte & Touche LLP principal in the Life Sciences and Health Care practice. As the US Health Care Regulatory leader for Deloitte, she manages the Health Care Strategic Regulatory Implementation Services practice. In this capacity, she helps clients navigate the complex world of health care regulatory changes to set their business priorities and strategic opportunities in the midst of a dynamic environment.