True Cost of Non-Compliance with CMS Interoperability Rules

October 14, 2022
Let's Go Back to School

It's time we had a talk about the consequences of non-compliance. But we’ll have to go back to middle school for just a moment—hopefully this isn't too painful for anyone—before returning to the topics of electronic health records (EHRs), Health Level 7 (HL7®) Fast Healthcare Interoperability Resources (FHIR®) and interoperability measures.

For many, the words "compliance" and "consequence" still dredge memories of homework, pop quizzes and final assignments. As students, we had two choices: comply with the curriculum through coursework, or face the consequences of a failing grade. Those who engaged with the material, adhered to deadlines and studied for tests often experienced better knowledge retention in class than their more negligent counterparts. In short, mandatory coursework encourages students to be more educated and well-informed.

In healthcare, mandates provide the same function: they force organizations to consistently refresh their knowledge on best practices and disincentivize negligence through imposing negative consequences. Healthcare organizations that grow and evolve their knowledge base will be more successful and competitive on the market while delivering improved quality care for their patients. Whether it’s school or business, doing the homework and studying ultimately pays off.

Both the Centers for Medicare and Medicaid Services (CMS) and Office of the National Coordinator for Health Information Technology (ONC) have recognized that holistic FHIR adoption is the best way to achieve these goals and have introduced several FHIR-centric mandates with the goal of elevating the efficacy of healthcare. 

However, despite the government mandates many payers and providers consciously ignore interoperability rules showcasing they fail to realize the true impact of non-compliance.

Word to the Wise: Don’t Hit Snooze on Compliance 

One of the main reasons organizations decide to steer away from mandate adherence is the perceived difficulty associated with achieving compliance. If it looks difficult, it’s not worth the trouble.

Many of the FHIR-centric rules required of payers and providers seem unsavory due to the financial impact attached to their enforcement. Payers and providers look at the cost for developers to rewrite code, designers to update websites and time to teach staff new methods and choose to ignore the rules or put off compliance as long as possible.

Payers and providers who are resistant to these changes often share the typical responses:

  1. Ignore mandates with hopes that they won’t be enforced
  2. Attempt to push back the enforcement day of mandates
  3. Pay the penalty thinking it's cheaper than complying with the mandate

That being said, unbeknownst to many payers and providers, these approaches actually increase the amount of time and money their organizations will forfeit in the long run.

Resistance Is Futile…and Expensive

Enforcing rules for middle schoolers usually means revoking significant privileges to the point where a student would weigh the cost of the consequences against the thrill of ignoring the rule. When it comes to businesses and organizations, enforcement takes the form of fines that chip away enough of the bottom line to be painful.

To realize the true impact of non-compliance it's important to understand that the advent of a FHIR-only framework is not a matter of if  but when. This is because governing entities are aware that for these rules and mandates to make a difference in interoperability, all players in the healthcare industry must comply: payers, providers and health IT vendors. 

That's why CMS is shifting from payer-specific mandates to those that apply and can be enforced more broadly across the industry. Soon, providers will have to comply with the same amount of mandates as payers. Furthermore, the mandates and fines will not stop until all of healthcare is united under a single data standard.   

As a result of the CMS’s and ONC’s resolve, choosing consequences over compliance is a short term solution, because this isn't the end of the mandates. Ignoring more mandates (or procrastinating compliance) will lead to increasing penalties, which will quickly compound to a net loss. 

Additionally, it's important to remember…

"These Rules Are for Your Own Good!"

The truth is, these rules were created for everyone's benefit, even if the process to reach compliance is a little painful and expensive at first glance. Interoperability and FHIR requirements, electronic prior authorizations (ePA) and patient access enablement are all designed to improve on the background operations required to give patients better access to better care. Together, they will "bring healthcare out of the stone age."

Non-compliance leads to operational inefficiencies, such as time consuming manual prior authorizations that cost millions of dollars each year, inadequate presentation of information, overworked staff and delays in care. Overworked staff eventually turns into poor performance and staff shortages. (Look no further than the shortages following the most intense months of Covid-19 for proof.)

Factor in the Cost of Low Star Ratings & Higher Security Risk

Adopting FHIR leads to a myriad of benefits, including a smoother path to achieving higher Star ratings. Star ratings favor value-based care metrics. FHIR helps providers report on these metrics and communicate with their patients, resulting in better care. Those who haven't adopted FHIR will receive lower Star ratings, leading to lost credibility and fewer patients.

Adding insult to injury, non-compliance and a lack of interoperability also place provider data at greater risk. Cyber attacks are increasing, affecting millions of patients every year. To counteract the heightened risk, healthcare organizations use dozens of cybersecurity tools. But they're built by different vendors that don't always talk to each other. Manual threat analysis of all these tools doesn't stand a chance against today's cyberattacks. Interoperability through FHIR, however, will give the organizations a fighting chance.

That being said, while improved security and star ratings are important, it’s also imperative to consider how non-compliance affects those on the patient side of healthcare.  

"Consider How Your Actions Affect Others"

Patients will naturally reap the rewards when providers and payers comply with the CMS proposed rules. However, it’s safe to assume that the opposite is true; when providers or payers ignore the rules, patients pay the ultimate price with their health.

The state of Prior Authorizations (PA) is a clear example of how the data exchange dynamic between providers and payers impacts patient care.

We already know that manual PA's burden providers and payers alike, often to patients' detriment. That's because PAs are costly, time-consuming, and result in delayed care or even abandoned treatment. The CMS Interoperability and Prior Authorization rule (January 2023) aims to solve that problem. Its intent is to streamline the process of submitting prior authorizations for health benefits, services, prescriptions and supplies by requiring payers to implement and maintain APIs using the FHIR standard. The APIs should give providers faster access to data, leading to faster decisions from the payer. The end result: better, faster, more informed patient care.

"Don't Ruin It for Everyone Else"

Pardon yet another middle school reference— but providers who refuse to adopt FHIR are like lab partners who won't follow directions or do their share of the work. Their distracting antics force the rest of the team to pick up the slack. While the group may eventually complete the project, it’ll take far longer than it should and result in a lower grade than deserved.

When payers or providers are unwilling to adopt FHIR, they hurt not only themselves and their patients, but also slow down healthcare's journey as a whole. You see, we're entering a new era of improved collaboration between payers and providers. Collaboration requires everyone to work together toward a shared outcome. So when a few lag behind, in hopes that mandates won't be enforced, or gambling that the fines are the lesser expense, everyone else pays the price.

Don't be the kid who ruins it for the rest of the team.

Adopt FHIR.

Meet compliance with the upcoming CMS/ONC rules.

In Conclusion: Intentional Non-Compliance Is Not Worth the Cost

If you're weighing the cost to hire compliance developers against the penalties of non-compliance, you're not taking into consideration the greater penalties that lurk in the not-too-distant future.

Non-compliance is costly for providers. They pay the price in:

  • Operational inefficiencies
  • Financial penalties
  • Poor Star ratings
  • Increased security risk

Additionally, non-compliance will broaden the data chasm between payers and providers, ultimately keeping an entire industry in the dark ages of siloed data.

But reaching compliance standards doesn't have to be costly. You can choose a partner who has done the heavy lifting for you, who is already an expert in all things FHIR. When you're ready, reach out to us here at Smile Digital Health. We know a thing or two about implementing FHIR.

(By the way, if you need some help choosing a FHIR vendor, this ebook will walk you through the basics of what to look for, how to interview potential vendors and how to identify deal-breaking red flags. We give the book 5/5 stars.)