Becoming CMS/ Healthcare compliant at the speed of thinking with WSO2 Open Healthcare Platform

Health is the greatest Wealth…!!! Yes, this has been proven again by the current COVID-19 pandemic we are struggling with.

I’m sure you all have visited a clinic, hospital, or any form of a medical center in your life. If the answer is NO, then you are one of the luckiest people on the planet. The reason is, the COVID-19 pandemic made almost all of us visit clinics, hospitals, or any form of a medical center at least once. You can guess what for?

The Problem

Let’s get into the real problem:

• How many times you have filled the same set of forms when you are going through an encounter? Even if it’s the same medical institution?
• How many times you have provided the same information over and over again to your insurance provider when changing your insurance providers?
• In an event of any urgency, do you have access readily available to your past medical records? Across different medical institutions or even if it's the same medical institution?

The answer to the above is a big “NO” up until the recent past and it’s still a NO for the majority of the cases. Currently, all the medical intuitions store/ own all our health-related information and it has become a big asset to them. However, as this information is sitting in silos, they don't add any value to us as patients.

What if:

• We fill in the required information once and be able to pull that information again without having to fill the same set of forms again? Even across different medical institutions?
• We provide required information to one insurance provider and share them across different insurance providers? Even across different clinics, hospitals, and other medical institutions including the pharmacies?
• Being able to share and have access readily available to all our past medical records including health conditions, treatments, clinical records, etc. across different medical institutions?

If the answer is “YES” to all the above, then it would have been a seamless experience for all of us. It’s all about bringing Interoperability into the healthcare industry. It’s not just being compliant with CMS regulation and it’s in general, making the healthcare industry a better place for everyone. However, being interoperable leads to a few other new risks such as maintaining the right level of security and privacy across our personal health information. So, having the right balance between interoperability and security/ privacy can lead us to a Digital Healthcare Innovation.

Source: WSO2

How do we achieve digital healthcare innovation by having the right balance between interoperability and security/ privacy?

The Solution

As part of the Trump Administration’s “MyHealthEData” initiative, the Interoperability and Patient Access final rule (CMS-9115-F) was introduced. It is focused on driving interoperability and patient access to health information by liberating patient data using CMS authority to regulate certain health plan issuers.

As part of this rule, the US government introduced new policies that give patients access to their health information and move the healthcare system toward greater interoperability. These new policies include:

• Patient Access API (applicable January 1, 2021, enforced July 1, 2021)
• Provider Directory API (applicable January 1, 2021, enforced July 1, 2021)
• Payer-to-Payer Data Exchange (applicable January 1, 2022)

CMS-9115-F regulations and timelines | Source: WSO2

As you can see above, if you are an insurance provider, hospital, pharmaceutical provider, medical equipment provider, or any other institution that is dealing with patient and other healthcare information, has to adhere to the above compliance. This interoperability will provide patients with a seamlessly integrated experience in the healthcare industry.

The Challenge

While CMS-9115-F (CMS in short) looks promising for patients/ members, it has multiple challenges to the other stakeholders involved here. To name a few:

• Health data are stored in a variety of data sources including EMRs/ EHRs, Databases, File Shares, etc. and all of them have to be connected with each other to provide some meaningful information. It means there has to be an integration platform in place to connect all different data sources.
• CMS mandates all the stakeholders to adhere to a set of standards such as HL7 FHIR and OpenID Connect. It means, all the different data sources have to convert their data into HL7 FHIR format in order to make them interoperable. Also, it mandates using OpenID Connect for providing required Security
• CMS mandates all the stakeholders to provide the right Privacy by having Consent Management. It means there has to be a proper consent management platform in place to provide required privacy on the patient/ member details
• CMS mandates that all the information has to be exposed as APIS/ Services so others can consume them using 3rd party applications. This means we need a proper API Management solution in place to expose, govern and secure those services
• And much more …

Looks like there are a lot of challenges and work to be done for being CMS compliance and unfortunately, the answer is YES. If you are an insurance provider, hospital, pharmaceutical provider, or medical equipment provider, then you will need a team of engineers and a set of products to build a solution to cater to all the interoperability and security requirements. This involves:

• Using a first-class Integration platform for connecting all the different data sources to bring data together
• Using an Identity Management platform for providing security and privacy
• Using a first-class API Management platform for exposing all the information as APIs/ Services with all the quality of services such as governance, management, security. etc…
• Team of skillful engineers to develop/ convert all the different data formats to HL7 FHIR standards that are defined in http://hl7.org/fhir/resourcelist.html and build APIs to expose them

Challenges faced in Healthcare Interoperability

WSO2 Open Healthcare to the rescue

WSO2 Open Healthcare solution is a turnkey solution for achieving U.S. CMS and ONC regulatory compliance. It’s built on WSO2’s world-recognized, leading platforms such as API Manager, Enterprise Integrator and Identity Server hence it can be leveraged beyond just being CMS and ONC regulatory compliance.

Key highlights:

• A turnkey solution with a lot of flexibility — it allows stakeholders to become CMS and ONC regulatory compliance in weeks, not in months. Its modular, cloud-native, hybrid architecture allows an enterprise to extend it further to suit their unique requirements
• Connect multiple healthcare systems fronted by standards-based (HL7 FHIR) APIs discoverable on a healthcare API marketplace — in-built FHIR accelerators including pre-built healthcare APIs, FHIR and HL7 transformation, EHR connectors, Async FHIR repository, and FHIR server
• Built on market-leading API, Integration and Identity Access Management platforms — full lifecycle API Management with API Gateway and API monetization, rate limiting, and QoS and healthcare API marketplace
• Integrated OIDC based API Security and User Consent Management and support for Consumer Identity Access Management
• No-code, low-code, or full-code integration with advanced data mapping and FHIR modules to support backend integration
• Zero or low operational overhead — hosted in the cloud depending on customer’s choice (Azure, AWS, GCP) and responsibility of managing and maintaining will be done by the vendor — WSO2

Below is the high-level solution overview of the WSO2 Open Healthcare solution:

WSO2 Open Healthcare Platform | Source: WSO2

Let’s break this into further high-level pieces and try to understand how it can help us to easily become CMS and ONC regulatory compliance in lesser time.

Source Systems | Source: WSO2

This is where all the different stakeholders store their healthcare-related information and they are stored in a variety of data formats including EMRs/ EHRs, relational or non-relational databases, flat files or file shares, cloud storage, etc. The very first challenge is to connect with these different data sources. For that WSO2 Open Healthcare platform provides a set of Connectors that abstracts the complexities and simplifies the communication between them.

Connectors | Source: WSO2

There are already connectors available for all the popular EMRs/ EHRs such as Cerner, Epic, athenahealth, etc., and in the event, we come across a new data source, the WSO2 platform provides a toolset that will generate a Connector automatically by reading the underlying API specification.

Data Transformation | Source: WSO2

Once it’s connected to the underlying data sources, it requires converting different data formats into HL7 FHIR formats. This takes a considerable amount of development effort/ time and this can easily be achieved by the integration and data transformation accelerators provided by the WSO2 platform.

This data transformation includes things like converting differing healthcare-related data formats such as X12, HL7v2 to FHIR and converting custom XML/ JSON to FHIR. Also, validating outgoing schema to conform to FHIR schema using FHIR Validators.

Once we connect to different data sources and transform the required data into the required FHIR format, there has to be a uniform/ managed way of exposing them as APIs/ Services. This requires either building an API Management layer from the scratch or integrating with a 3rd party API Management platform. The WSO2 Open Healthcare platform takes away the development effort/ time and complexity of bringing an API Management layer by leveraging its inbuilt API Management layer.

API Manager | Source: WSO2

The built-in API Management layer provides both FHIR Server and API Gateway features allowing us to expose APIs in a managed, governed, and secured way. The WSO2 Open Healthcare platform’s inbuilt API Publisher/ Designer allows us to onboard APIs very easily. Platform’s inbuilt API Marketplace allows App Developers to discover APIs and this brings people, processes, and technology together. These API Management capabilities are not limited to healthcare use cases and they allow onboarding any other type of APIs as well providing an API-led Integration platform beyond CMS regulation.

API Publisher/ Designer

API Marketplace

Another challenge we are facing is that the time it takes to onboard HL7 FHIR specific APIs. It takes a considerable amount of effort/ time to study the existing HL7 FHIR specifications. It requires developers to spend a lot of time going through the documentation, understanding them, and then starting their own implantation. This is the same for even common healthcare APIs.

FHIR API Definition Hub

The WSO2 Open Healthcare platform provides an FHIR API Definition Hub with all the APIs related to all the different international and US-specific CMS standards. The platform autogenerates the APIs and their OpenAPI Specification 3.0 and Swagger 2.0 definitions which allows us to easily download them and onboard them into our platform.

The FHIR API Definitions Hub is an evolving component and it will have all the other regulations that are coming in the future covering all the different continents. It will act as a common Healthcare API Marketplace where we can grab the required APIs and onboard them into our platform with zero or less effort.

Last but not least, the ability to enforce the right privacy settings is a key feature when both complying with CMS and ONC regulatory compliance or implementing any other healthcare use case.

Consent Management

WSO2 Open Healthcare platform provides a very powerful Consent Management Workflow engine that can be configured to enforce the right balance of security/ privacy on the information being shared with 3rd party applications.

Implementing consent management in the WSO2 Open Healthcare Platform will be done in multiple stages and they are:

• Consent Administration — where platform Administrators defines organizational consent policies using the Admin Portal
• Consent Requestions — where App Developers associate required consent policies with the Applications
• Consent Collection — where patients/ members can login to User Sefl-care Portal and add/ update/ revoke consents for each application or login to the Application and add/ update/ revoke consents during the login process
• Consent Enforcement — where Application filter response/ payload based on the user consent already provided

Conclusion

While a lot of other enterprises are moving towards digital transformation, enterprise integration, and connected systems, the healthcare industry was busy taking care of our day-to-day wellness. They were busy improving their internal people, processes, and technology and as a result, ended working in a closed environment. It is the right time to break the walls and interoperate with other entities and for that, they need the right set of tools/ technologies to stay ahead of the game.

While the entire health industry is busy with various other invaluable initiatives for human betterment, the WSO2 has introduced a platform — WSO2 Open Healthcare Platform that will help all different stakeholders in the healthcare industry to jumpstart their digital transformation journey.

Why don't you give it a try?

Resources

• WSO2 Healthcare vertical page: https://wso2.com/solutions/healthcare/
• Open Healthcare — Demo and Tryout: https://wso2.com/solutions/healthcare/
• Introductory session on WSO2 Open Healthcare: https://wso2.com/library/summit-2020/americas/towards-greater-interoperability-with-a-proven-integration-platform-and-FHIR
• Whitepaper on Healthcare API Interoperability — An Implementation Guideline: https://wso2.com/whitepapers/healthcare-api-interoperability-an-implementation-guideline/