Notice of May 2024 Security Incident
Need help with record requests?
Datavant Connect Login
Health Data & Analytics
Life Sciences
Government & nonprofits
Blog
/
Real-world data

Why the New Interoperability Rules Don’t Yet Mean the Death of the Fax Machine

Author
Publish Date
Read Time
Travis May
April 27, 2021
5 Minutes
Table of Contents
1. The Power of SDOH Data with Providers and Payers to Close Gaps in Care
2. SDOH data holds immense potential in transforming healthcare and addressing health disparities. 

In a 2018 piece on why American medicine still runs on fax machines, Vox explained why the last decade of US government efforts to automate health data exchange had shown limited results. Earlier this month, new rules from ONC and CMS went into effect focused on making it easier for patients to access their health information and to exchange data across electronic health record systems and payers. Here, we explain why the fax machine continues to be such a formidable opponent.

Getting access to your health information isn’t easy

To understand the great staying power of the fax machine, consider the experience of a patient Jane Doe, who decides that she would like to access her health data. Like most of us, Jane changes jobs every few years, and as a result she’s been on a number of different health plans, each of which stores her records in their own systems independently. She has also moved around a few times for school, then work, and then to be closer to family. In each of those locations, she had a primary care provider, but also had a couple hospital visits and had to see a number of different specialists, from her gynecologist to her ENT.

Jane’s first option is to pull the records herself. To the best of her recollection, she compiles a list of all the encounters she has had with the healthcare system over the years. She then decides to see what’s available online and is pleased to find that her current primary care provider is affiliated with a health system that offers an online patient portal. However, several of the specialists she is seeing aren’t in the same portal, and she can’t find a way to log in to similar portals for providers she’s seen in the past. She knows that she’s on a Blue Shield plan now and used to be on United, but she can’t remember before that.

Jane decides to start working the phones. She calls her gynecologist’s office, who tells her that they can export a PDF and send it over to her in a few days. She has a few similar calls, with some people offering to send her PDF exports, others offering to scan in documents, and others asking her for a fax number. Others are non-responsive or have a formal request process, which might require Jane to send a written request letter or, in extreme cases, to go to the provider site to make the request. Months later, what Jane is left with is not a unified set of her medical records, but an incomplete mix of login credentials for different portals and PDFs in her email that she will have to organize and categorize herself.

And of course, every individual interaction with the healthcare system touches lots of different data repositories, few of which are integrated:

And making information requests easier is a big operation

In practice, this process is laborious enough that patients and their representatives (lawyers, insurers, etc.) work with specialized companies to go pull medical records, and providers work with other companies to ensure they are fulfilling the requests promptly and in a compliant way. A number of companies exist to solve for different parts of the process:

  • Intake. Requesters need a simple way to make a request. While a number of companies streamline this part of the process, requesters still have to provide a version of the initial list that Jane compiled so that the company knows where to look for records.
  • Fulfillment. As Jane found when she tried to pull her records herself, getting access to records will require a mix of logins, emails, calls, letters, and even onsite visits. Companies that want to fulfill Jane’s request need to provide not only a portal and application programming interface (API) to pull information automatically where possible; they also must have call centers and employees embedded full-time at provider sites. Those employees might enable a request to be fulfilled by logging into the EHR on the provider’s behalf and printing, scanning, and faxing or uploading the necessary records.
  • Quality Control. Part of the challenge for providers is ensuring that they are providing the right records to the right requester. Sending out the wrong patient’s records can result in privacy violations and fines for the providers. Companies that facilitate this process have trained specialists checking that they have pulled and are providing the right records, and that all necessary authorizations are in place.
  • Distribution. Once the records have been pulled and gone through a quality process, they have to be served back up to the requester.

Who is trying to fix the problem

There are four major classes of companies working to solve the problem of pulling patient medical information in a timely and compliant way:

  • Patient-facing portals seek to make the intake process easier for patients. They offer one streamlined way of making requests and on the back-end, fulfill certain requests themselves and work with others to fulfill the rest. Portals may be affiliated with a specific provider organization or EHR, or seek to allow patients to pull all of their medical information in one place (e.g., Ciitizen, Picnic Health).
  • API companies build application programming interfaces (APIs) that enable integrations with electronic health record and payer systems and allow data to be pulled automatically by patient or, more frequently, other developers building applications for patients. The two challenges are (i) developing APIs that can pull enough information to satisfy requests (including clinical notes and other unstructured information), and (ii) hooking them up, which involves convincing electronic health record vendors and provider organizations to use the API. The new ONC rules require the proliferation of APIs and many companies are working to solve the problem (e.g., 1UpHealth, Commure, Health Gorilla, Moxe, Redox).
  • EHR companies are increasingly making data exchange easier between different organizations that use their systems, but a typical health system runs more than ten different EHR systems. There are different standards bodies and organizations focused on making it easier to exchange data directly between EHR systems (e.g., CareQuality, CommonWell), and most large EHRs belong to one or more of these organizations (including Epic, Cerner, AllScripts, etc.). However, we’re still a long way from a patient accessing their information in one EHR system and having that seamlessly pull in complete, corresponding records from other EHR systems.
  • Record retrieval companies focus on filling in all of the remaining gaps. These companies may offer their own APIs, but they are also the organizations that will embed on-site personnel and run call centers if that is what it takes to pull patient medical records. While many startups frame this as the legacy way of doing things, the startups themselves are also highly reliant on these companies to do the high-touch last-mile operational work of fulfillment (e.g., Ciox, Change, Inovalon, MRO, Verisma).

Why the fax machine will outlive the new interoperability rules

There are a number of new interoperability rules currently being proposed and implemented, but the rules that went into effect on April 5th have two specific requirements:

  • API Access: Over the next few years, health insurers and EHR vendors need to make the electronic health information that they hold available via an API according to commonly accepted data standards.
  • No Information Blocking: The new rule also prohibits discouraging or impeding the exchange of electronic health information (a practice known as “information blocking”). The concern is that providers and EHR vendors have a commercial incentive to restrict access to patient data because having data only within their systems makes it harder for patients to switch organizations.

The new rules will make retrieval of some patient data more automated, and will make it much easier to develop new patient-facing applications that require access to patient’s data. However, the data that must be made available under the standards (the United States Core Data for Interoperability standards, or USCDI) is limited. The standards include structured data points like patient vitals, prescriptions, tests performed and lab results, but don’t include other valuable information, including much of the unstructured data that exists in a patient record.

Many valuable uses of patient data require access to the full record. Below is a brief summary of how many necessary elements the data standards cover for different use cases:

To take one example, risk adjustment (the process of determining what payment should be made to a Medicare Advantage plan for taking care of high-risk or high-cost patients) requires access to scans and test results, which won’t be available through an API.

The new interoperability rules will undoubtedly have positive impacts across the industry, and it is a good start. The change will improve patient access to health information, and allow patients to play a more direct role in their care. But because so much critical health information exists outside the data standard, we will continue to use scanners, call centers, and – in extreme cases – have people knocking on the door of a provider in order to obtain their records. And we will continue to fax.

What the future looks like

Today, the fragmentation of health data is the single biggest bottleneck to realizing the power of health data and technology to improve patient outcomes. Ten years from now, each of the following things should be easy and fast to do:

  • Patients can log into an application of their choosing and seamlessly pull their complete health information from across insurers, providers, labs, genetic testing companies, and health and wellness applications within minutes.
  • Physicians can pull data from one electronic health record system to another, and have that data summarized and synthesized so that the most salient information is easy to locate and process.
  • Research organizations and life sciences companies can rapidly build new patient registries on top of de-identified data, accelerating our understanding of disease and the pace of drug development.
  • Risk-bearing entities and provider organizations can frictionlessly exchange patient data to design systems of quality control and value-based care.
  • Entrepreneurs and technologists no longer see access to patient data as a constraint, and focus on value-added capabilities on top of patient data, giving patients the same number of choices that they have for budgeting or dieting applications.
  • Patient consent, compliance and privacy are built programmatically into all of these health data flows, offering a secure, federated architecture for the exchange of patient data and reducing the risk of privacy breaches across the industry.

The new rules are helping to point the way and resolve some coordination problems across entities, but it is up to the broader healthcare community to relentlessly pull this future forward.

***

Many thanks to Niall Brennan and Quinn Johns for their thoughts & feedback on this write-up.

Spotlight on AnalyticsIQ: Privacy Leadership in State De-Identification

AnalyticsIQ, a marketing data and analytics company, recently adopted Datavant’s state de-identification process to enhance the privacy of its SDOH datasets. By undergoing this privacy analysis prior to linking its data with other datasets, AnalyticsIQ has taken an extra step that could contribute to a more efficient Expert Determination (which is required when its data is linked with others in Datavant’s ecosystem).

AnalyticsIQ’s decision to adopt state de-identification standards underscores the importance of privacy in the data ecosystem. By addressing privacy challenges head-on, AnalyticsIQ and similar partners are poised to lead clinical research forward, providing datasets that are not only compliant with privacy requirements, but also ready for seamless integration into larger datasets.

"Stakeholders across the industry are seeking swift, secure access to high-quality, privacy-compliant SDOH data to drive efficiencies and improve patient outcomes,” says Christine Lee, head of health strategy and partnerships at AnalyticsIQ. 

“By collaborating with Datavant to proactively perform state de-identification and Expert Determination on our consumer dataset, we help minimize potentially time-consuming steps upfront and enable partners to leverage actionable insights when they need them most. This approach underscores our commitment to supporting healthcare innovation while upholding the highest standards of privacy and compliance."

Building Trust in Privacy-Preserving Data Ecosystems

As the regulatory landscape continues to evolve, Datavant’s state de-identification product offers an innovative tool for privacy officers and data custodians alike. By addressing both state-specific and HIPAA requirements, companies can stay ahead of regulatory demands and build trust across data partners and end-users. For life sciences organizations, this can lead to faster, more reliable access to the datasets they need to drive research and innovation while supporting high privacy standards.

As life sciences companies increasingly rely on SDOH data to drive insights, the need for privacy-preserving solutions grows. Data ecosystems like Datavant’s, which link real-world datasets while safeguarding privacy, are critical to driving innovation in healthcare. By integrating state de-identified SDOH data, life sciences can gain a more comprehensive view of patient populations, uncover social factors that impact health outcomes, and ultimately guide clinical research that improves health. 

The Power of SDOH Data with Providers and Payers to Close Gaps in Care

Both payers and providers are increasingly utilizing SDOH data to enhance care delivery and improve health equity. By incorporating SDOH data into their strategies, both groups aim to deliver more personalized care, address disparities, and better understand the social factors affecting patient outcomes.

Payers Deploy Targeted Care Using SDOH Data

Payers increasingly leverage SDOH data to meet health equity requirements and enhance care delivery:

  • Tailored Member Programs: Payers develop specialized initiatives like nutrition delivery services and transportation to and from medical appointments.
  • Identifying Care Gaps: SDOH data helps payers identify gaps in care for underserved communities, enabling strategic in-home assessments and interventions.
  • Future Risk Adjustment Models: The Centers for Medicare & Medicaid Services (CMS) plans to incorporate SDOH-related Z codes into risk adjustment models, recognizing the significance of SDOH data in assessing healthcare needs.

Payers’ consideration of SDOH underscores their commitment to improving health equity, delivering targeted care, and addressing disparities for vulnerable populations.

Example: CDPHP supports physical and mental wellbeing with non-medical assistance

Capital District Physicians’ Health Plan (CDPHP) incorporated SDOH, partnering with Papa, to combat loneliness and isolation in older adults, families, and other vulnerable populations. CDPHP aimed to address:

  • Social isolation
  • Loneliness
  • Transportation barriers
  • Gaps in care

By integrating SDOH data, CDPHP enhanced their services to deliver comprehensive care for its Medicare Advantage members.

Providers Optimize Value-Based Care Using SDOH Data

Value-based care organizations face challenges in fully understanding their patient panels. SDOH data significantly assists providers to address these challenges and improve patient care. Here are some examples of how:

  • Onboard Patients Into Care Programs: Providers use SDOH data to identify patients who require additional support and connect them with appropriate resources.
  • Stratify Patients by Risk: SDOH data combined with clinical information identifies high-risk patients, enabling targeted interventions and resource allocation.
  • Manage Transition of Care: SDOH data informs post-discharge plans, considering social factors to support smoother transitions and reduce readmissions.

By leveraging SDOH data, providers gain a more comprehensive understanding of their patient population, leading to more targeted and personalized care interventions.

While accessing SDOH data offers significant advantages, challenges can arise from:

  • Lack of Interoperability and Uniformity: Data exists in fragmented sources like electronic health records (EHRs), public health databases, social service systems, and proprietary databases. Integrating and securing data while ensuring data integrity and confidentiality can be complex, resource-intensive and risky.
  • Lag in Payer Claims Data: Payers can take weeks or months to release claims data. This delays informed decision-making, care improvement, analysis, and performance evaluation.
  • Incomplete Data Sets in Health Information Exchanges (HIEs): Not all healthcare providers or organizations participate in HIEs. This reduces the available data pool. Moreover, varying data sharing policies result in data gaps or inconsistencies.

To overcome these challenges, providers must have robust data integration strategies, standardization efforts, and access to health data ecosystems to ensure comprehensive and timely access to SDOH data.

SDOH data holds immense potential in transforming healthcare and addressing health disparities. 

With Datavant, healthcare organizations are securely accessing SDOH data, and further enhancing the efficiency of their datasets through state de-identification capabilities - empowering stakeholders across the industry to make data-driven decisions that drive care forward.

Featured resources

Sort

Tokenizing clinical trial data in the development lifecycle allows earlier access to real-world data. Validate populations prior to marketing authorization.

Read more
Black arrow pointing right
Ebook

The Utility of Data Tokenization in Clinical Trials

10/20/2023

Specialty drugs drive the majority of prescription drug spending. Learn about capabilities unlocked by connecting SP data, first party data, and RWD.

Read more
Black arrow pointing right
Ebook

Linking Specialty Pharmacy Data for Commercial Success: The New World of Commercial Analytics

9/14/2023
White paper

Datavant Connect: Matching patients across healthcare datasets

1/29/2022

Address the need for highly accurate privacy-preserving record linkage and patient matching solutions to unlock research and innovation.

Read more
Black arrow pointing right

Blog post topics

See all blogs
Real-world dataHIPAA privacyElectronic health recordsClinical researchRevenue cycle managementInternational PrivacyMedical codingRisk adjustment

Achieve your boldest ambitions

Explore how Datavant can be your health data logistics partner.

Contact us

Datavant is a health data platform company. We make the world’s health data secure, accessible, and actionable.

Datavant drives data connectivity into action by offering a proprietary platform and network that deliver critical solutions across the healthcare ecosystem. Datavant enables more than 60 million healthcare records to move between thousands of organizations, more than 70,000 hospitals and clinics, 75% of the 100 largest health systems, and an ecosystem of 300+ real-world data partners.

© 2025 Datavant. All Rights Reserved.
Privacy PolicyEEO