Making Sense of the Final Payer-to-Payer Rules for Data Exchange

Author:  Smile Digital Health |  Published:  October 18, 2021

After meeting the July 2021 deadline for the Interoperability and Patient Access final rule, how excited are you to meet the next two mandates for Payer-to-Payer data exchange? Piece of cake, right? It took a lot of hard work with our dev team pulling weeks of all-nighters, but we’re proud to say that the majority of Smile Digital Health’s payer customers were ready by July 1. 🎉😀

As we look forward to even greater interoperability in 2022 and 2023, we want to do all we can to help you get ready. Actually, we want you to be more than ‘ready.’ If you prepare strategically, you will not only have a long-term advantage, but you could also make the rush-to-compliance much easier than the last sprint.

Let's take a closer look at the Interoperability and Patient Access final rule (CMS-9115-F), the so-called final payer-to-payer rule (enforced January 2022), and the proposed enhancements to the payer-to-payer rule (January 2023). In a future post, we'll talk about the best strategy to meet both of those rules with less stress...and maybe a little Smile. (Hey, it's in our name, we can't resist.)

Brief History of Payer-to-Payer Interoperability Rules

The ultimate goal of healthcare interoperability is better care and higher efficiency. To that end, the rules put forth by the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC) are designed to give patients, providers, and payers better access to healthcare data. Ideally, this results in patients having the information they need to take charge of their health, providers getting a fuller picture of their patients' overall health, and payers having better information to monitor performance and improvements in population health.

Better care. Higher efficiency.

To do this, all of the stakeholders who are involved in managing the health of members need data to be transparent and capable of being exchanged more easily.

The interoperability and patient access rules that CMS and ONC introduced in March 2020 include: 

  1. Patient Access rule: It helps members see the claims and clinical data their Health Plans have collected. This rule is the start of the mandates helping to build a more complete clinical record for patients. Enforcement of this rule began July 1, 2021, for most states. (We see you, California!) Data does not yet have to be exchanged, but it does need to be in FHIR format. 

  2. Provider Directory rule: It gives the patients access to view a list of in-network providers and covered providers. This way, the patient can avoid receiving a “surprise, your provider was out of network” message when the bill comes. Enforcement of this rule was also July 1, 2021.

  3. Payer-to-Payer rule: This rule makes it possible for patients to request their data be transferred from their previous health plan to their new health plan. This is the beginning of many mandated data exchanges. There are two versions of this rule to be considered. Enforcement of the first version of this rule (ironically called The Final version) will begin in January 2022, the second version (the Proposed version) in January 2023. 

The first two rules (patient access rule and provider directory rule) were received well—it was obvious how they would improve interoperability. But the response to the third rule was a collective head-scratching moment. 

The final payer-to-payer data exchange rule that will go into effect in January 2022 was intended to be an incremental ("baby-steps") approach for payers to begin to accept interoperable data. However, in attempting to make it an incremental approach, the rule was deemed too vague to be useful by many. 

What Is Required in the Final Payer-to-Payer Rule (January 2022)

The rule states that MA, Medicaid, CHIP managed care plans, and Qualified Health Plans (QHPs) must be able to send the last five years of clinical (USCDI) data to current and former enrollees, up to five years after disenrollment.

  • Data exchange is only initiated if a health plan member or ex-member requests it. 

  • Former plan enrollees from as far back as 2016 may request this data.

  • Clinical data must be available, but it can be sent in any format. A FHIR-based format (USCDI) is recommended but not required.
  • Claims and Explanation of Benefits (EOB) are not required to be included.

  • Only FHIR formatted clinical data needs to be shown to the member.

Let’s break this down a bit further, so you can see where this rule misses the mark.

What’s Flawed (and definitely not final) about the Final Payer-to-Payer Rule

While it aims to increase health data exchange, the Final Rule does little to improve interoperability. 

  1. Initiation of the data exchange would only take place if a plan’s ex-member requested it, even if a member left the plan as long ago as 2016.
    The flaw: Creating a method for validating former members requires extra, largely unnecessary work. Most plans do not maintain log-ins of ex-members for 5 years because ex-members rarely visit their old health plans. Actual requests for this data would be limited, yet plans were being required to provide it. Additionally, there isn’t a required method for how plans will make this available to, or communicate with, their former members.

  2. FHIR is preferred, but data can be sent in any format. For example, a member’s record could be sent as an eFax or a PDF.
    The flaw: Data is only useful from an interoperability standpoint if it is in FHIR. Besides, the July 1, 2021, rule already required plans to make their data available in FHIR. Why not require that data be sent in FHIR?

  3. Data not in FHIR format is not required to be shown to members.
    The flaw: One of the goals of this rule was to provide a longitudinal picture of each member. Not including all of the data leaves significant gaps in this picture.

  4. The data payers are required to send is limited to clinical data. Claims and EOB were not included.
    The flaw: Most CMS plans include pharmaceutical claims data, but this important data was not required. Again, creating the full picture of a member’s health is not possible when significant sources of data are excluded.

This rule had so many oversights in its approach to interoperability that a second payer-to-payer rule has been proposed to clean up after the Final Rule. 

What Is Required in the Proposed Payer-to-Payer Rule (January 2023)
Also known as the FHIR-Only rule, this proposed rule is designed to address the interoperability flaws of the initial rule. It expands on the types of data that are exchanged and standardizes the method by which that data is exchanged.

  • Data exchange will be offered to all new members. New plans should initiate the data transfer with every new enrollment, whether this is over the phone, in person, or through an app. The transfer option could be made visible to all new members by using simple questions such as “do you want to transfer your data from your previous plan?”

  • Data is strongly encouraged to be exchanged using a FHIR-based Payer-to-Payer API

  • Payer-to-Payer APIs should conform with Payer Data Exchange Implementation Guides (PDex IG) (

  • In addition to clinical data, claims and EOB data in Blue Button FHIR format (minus any pricing information) must also be exchanged 

You Can Meet Both Rules Without Doubling Your Efforts

Payers who only adopt Patient Access and Provider Directory rules but do not prepare to meet the requirements of the proposed Payer-to-Payer data exchange rule should rethink their approach. If they take the ‘recommendation’ of data being FHIR-formatted by January 2022 too literally, payers could be left with a costly "rip and replace" situation in a matter of months.  

While it may be tempting to build various ways to handle this data, this workaround will face significant problems in meeting the new rules. For example, it will make member matching nearly impossible—putting payers at risk of easily preventable HIPAA violations if a member views another member’s data accidentally. 

That’s why we recommend creating a hybrid solution that will save you time by building a single implementation instead of two. 

Alex Mugge, Director and Deputy Chief Health Informatics Officer, CMS, appears to share our position. When asked by Smile whether working to the Proposed 2023 Payer-to-Payer rule for January 1, 2022 (handling FHIR data only), would be considered compliant, Mugge agreed. “If the payer implements the payer-to-payer data exchange requirements, using a FHIR-based API...that would certainly meet their requirements for exchanging data with other payers. ... I think if our clients only build towards the 2023 rule, they will still be compliant,” she said during a WEDI webinar on May 14, 2021.

Why Double the Work if You Don't Have to?

Contact a SMILE representative to learn how our strategic and flexible approach will help you meet upcoming data exchange requirements—not only the 2022 and 2023 rules but for all other interoperability rules to follow.

Check out the next blog article about how to gain a strategic advantage as you prepare to meet the upcoming payer-to-payer rules.