November 2021 Newsletter

Sometimes when I talk about consumers taking control of their health data, I feel a bit strident, idealistic, and unrealistic. It can seem like I'm holding up a sign at a rally protesting the status quo. Numerous friends and a few colleagues are unconvinced of the merits of being the stewards of their health data. Instead, they would leave it to their doctor or their hospital, their insurer, and their website(s) of choice. It is too confusing and complex. I understand these feelings but disagree with their conclusions.

For one thing, we're not the target demographic for the health data economy. For another, people increasingly want the healthcare system to work the way everything else does which increasingly means controlling their own data. Most importantly, it's now being baked into federal regulations and, simultaneously, both big tech and the government (mainly in the form of state legislatures) are asserting consumer control and ownership of their individually identifiable information - health and otherwise.

Take Apple's new privacy changes, which the technology giant rolled out this spring. IOS 14.5 requires apps to ask users if they want to be tracked. Many users have opted out of tracking by popular apps, including Facebook and Snapchat. As a result, those apps are getting less data on consumers' habits and interests, depriving ecommerce and tech companies (including Facebook and Snap) of the information they need to make money on personalized ads.

Despite the outcry from social media companies, Apple's change has been well received by consumers, particularly in the US. According to mobile app analytics provider Flurry, only 16% of US users allow apps to track them when given the option to prevent it from Apple. The outrage over mismanaged data driving this choice is legitimate and has generated legitimate cries for change, but it's also caused a shared schadenfreude among lawmakers, regulators, and privacy activists as they watch social media companies, especially Facebook, face multiple legal and legislative challenges worldwide. While enjoying anyone else's misfortunes is not typically admirable, it is clearly a factor feeding the ongoing changes to data usage, privacy, and ownership we're now experiencing.

Numerous bills at the state legislative level - both passed and pending - are increasing consumer protections against unfair or misleading data use practices, some of which give consumers direct control over their data. Some of them include:
  • California's privacy law (CCPA) gives consumers:
    • The right to know about the personal information a business collects about them and how it is used and shared;
    • The right to delete personal information collected from them (with some exceptions);
    • The right to opt-out of the sale of their personal information; and
    • The right to non-discrimination for exercising their CCPA rights.

  • Starting in 2023, Virginia will grant consumers the right to access, correct, delete, or obtain a copy of personal data and opt-out of personal data processing for targeted advertising.

  • Washington state has a new law integrating California's CCPA and the EU's General Data Protection Regulations (GDPR). It gives Washington state residents the right to request that companies delete personal data, access the categories of individual data companies collect, and opt-out of the processing of their data.

  • New York requires companies to disclose their methods of de-identifying personal information, place special safeguards around data sharing, and allow consumers to obtain the names of all entities with whom their information is shared. It also gives consumers the right to have their personal data deleted.

  • Oklahoma gives consumers the right to request, delete, and opt out of the use of their personal information. It also requires businesses that collect or sell consumers' personal information to notify the consumer, among other provisions.
These laws and more are in place or being passed in states all across the country controlled by Democrats and Republicans. Giving consumers control of their own data is a bipartisan effort with a growing momentum. We don't see it slowing down anytime soon.

So, I need not fear being the banner-waving idealist for the health data consumer. No one would notice me among the crowd.

Denny Brennan, Executive Director

Please let us know what you think of our newsletter at and look for our next issue. Thank you for your continued support and participation!

MHDC Events

Meetings this month:

  • CIO Forum: November 3, 8:15-9am
  • DGC Steering Committee: November 10, 3-4:30pm
  • DGC Working Group: November 3, 10, 17 11am-12:30pm
  • NEHEN Business Users Group: November 4, 9-10am
  • Webinar: Community Care Cooperative: November 2, 10am-12pm

Want to learn more about any of these meetings? Email


MHDC Webinars

Join us for our upcoming webinar: 

Community Care Cooperative’s Journey presented by Christina Severin of Community Care Cooperative on November 2 from 10am-12pm.

Missed any of our webinars in 2021? Click here to see what you've missed! 

Interested in holding an MHDC webinar or have an interesting topic you'd like to present? Contact us at


Spotlight Analytics Update

Spotlight Business Analytics helps healthcare organizations run custom analytics on health data including market share, patient origin, disease prevalence, cost of care, and comparative costs and outcomes for acute care hospitals.

We are pleased to announce our partnership with the Lown Institute to add civic and care leadership measures to Spotlight. Augmenting Spotlight’s market share, disease prevalence, and demographic analyses with the Institute’s equity, value, and outcomes measures will provide Spotlight subscribers with a more comprehensive and relevant view of health system performance. We plan to have these new datasets incorporated into Spotlight and ready for use by the end of the year.

The current data status is:

Loaded & available for use:

  • Massachusetts Hospital Inpatient Discharge Data FY19
  • Massachusetts Emergency Department Discharges FY19
  • Rhode Island Hospital Inpatient Discharge Data FY20

Received & ready for use soon:

  • Massachusetts Observation Data FY19

Future planned data:

  • Massachusetts Hospital Inpatient Discharge Data FY20
  • Massachusetts Emergency Department Discharges FY20
  • Massachusetts Observation FY20
  • New Hampshire Facility Discharge Data Sets (Application pending)
  • Maine Hospital Inpatient and Outpatient Data (Application pending)

Please feel free to drop us a line with any questions or comments at In the meantime, thank you for being a Spotlight Analytics user and a member of this community! Feel free to visit our Spotlight Business Analytics page or email us at the address above for more information.

DGC Update

The Data Governance Collaborative (DGC) at MHDC is a collection of payers and providers throughout the region exploring ways to better exchange health-related data incorporating industry standards and automation as much as possible.

The DGC expects to move to the implementation phase of the code mapping service soon. This will support exchanging data from one location to another - either inside an organization or between organizations - via RESTful APIs as well as allow data to conform to USCDI, FHIR, and FHIR IG requirements. For example, it can be used to align data from a quality measures store to risk analysis management within a payer's organization or to provide information about an encounter to a patient app or send clinical data supporting prior authorization requests from providers to payers. DGC members get a discount, but this service will be available to anyone who wants to use it.

We held our latest deep dive on advance directives on October 28th. In our regular meetings we've been delving into the No Surprises Act quite a bit with our most recent meeting looking at the contents of the second Interim Final Rule in detail. We've also looked at diabetic eye care quality measures in detail, reviewed last month's ONC Tech Forum, and more. Upcoming meetings will look deeper at the discussions during the October 28th deep dive, review a recent FDA machine learning for medical devices forum, and explore what we learned at the recent WEDI National Conference.

Membership in the DGC is open to any payer or provider with business in Massachusetts - big or small, general or specialist, traditional or alternative. Want to know more? Email

NEHEN Update

NEHEN reduces administrative burden through the adoption of standardized transactions. It is a cornerstone service for payer and provider trading partners wishing to exchange industry standard X12, HIPAA compliant transactions in a real-time, integrated manner using APIs. Because of our unique governance, non-profit status, and membership-based model, NEHEN is able to offer very competitively priced services relative to the market.

Our vision for the future involves NEHEN on FHIR, but current regulations stand in the way. HIPAA currently requires the use of X12 message formats and the CAQH operating rules define the standard (Core Connectivity) connectivity methods used to exchange these X12 messages. EHR vendors and payer backend systems are built to these standards because they're required.

A move to FHIR based exchange is technically viable today. There are defined, standardized resources that can use secure RESTful APIs for exchange using servers that are relatively easy to stand up. Coverage eligibility leveraging CoverageEligibilityRequest and CoverageEligibilityResponse resources and other administrative tasks using other FHIR resources are ripe for use.

It is possible to apply for an exception to the X12 message requirements for testing, development, and advancement so what are we waiting for? Granted, such an exception comes with reporting and validation requirements and the exceptions are only good for 3 years, but we have to start somewhere. We are very interested in taking this leap toward NEHEN on FHIR by applying for an exemption for eligibility transactions and standing up a test project using FHIR to exchange this data between payers and providers. Interested? Let us know!

For information about NEHEN please contact us at

Electronic Prior Authorization (ePA) Initiative 

This project is a prototype implementation that automates prior authorization transactions using the industry standard, open platform methods developed by the HL7 DaVinci Prior Authorization workgroup. This project will be compliant with the three related implementation guides which utilize open, FHIR based API exchange methods. This will allow each payer and each provider to implement a single prior authorization process and format for exchange so long as all of their exchange partners adhere to the same standards.

Working through the details of the participation agreement with the payer and provider participants has been an ongoing process and we are truly in the last steps of that work. Once completed, we have an engaged and ready technology partner and exciting participant members to get us up and going quickly.

Taking a slightly broader perspective, MHDC and NEHEN are working with NEHI (Network for Excellence in Health Innovation) on recommendations, barriers, and incentives for the broader adoption of electronic (automated) prior authorization. Massachusetts has always been a leader in health innovation and adoption of technologies to advance healthcare. As CMS and ONC rules are promulgated and finalized we hope to continue this trend and stay well ahead of the industry as a whole. Prior authorization remains one of the few areas yet to be automated in a significant way throughout the industry. This is the opportune time to take that step and MHDC is committed to making it happen.

For more information email us at

Industry Events

Interested in webinars and online conferences through November? Here are some we recommend (they're free unless otherwise noted):

We do periodically post webinars we plan to attend on social media, so feel free to follow us on Twitter (@mahealthdata) and LinkedIn for more webinar ideas and for our take on interoperability, data, health equity, telehealth, APIs, and other topics of interest.

Have an upcoming event next month to suggest? Write us at - no self-promotion please.

2021 WEDI National Conference

The 2021 WEDI National Conference took place from October 18th through October 21st. The four day conference focused on a different theme each day: health equity on Monday, federal regulations on Tuesday, the new app economy on Wednesday, and future considerations on Thursday. While the sessions did not have perfect alignment to the themes each day, they were definitely followed fairly closely and it gave the conference more structure and predictability than most.

Day 1 - Health Equity

Health equity day started with an excellent keynote address from John Baackes, the CEO of LA Care. He talked about some of the racial disparities found within their system usage (one example: a 13% gap between black and white new mothers receiving post-partum care), the need to design plans for the intended members and to not assume all plans will be more-or-less the same, how plans are uniquely situated to address social determinants of health (SDOH) but that it might require dipping into their reserves to do so, the role that governmental structure plays in keeping medical and social services siloed from each other, and attitude changes needed to make value-based care work (most centrally, a switch from "I have X beds, how do use them to maximize revenue" to "I have Y money, how do I best use it to meet a patient's needs"). It was a very interesting, wide-ranging conversation providing a lot of food for thought.

Another notable session on day 1 was a session on how data and culture can drive health equity with several folks from Cerner. While the beginning of this session did feel a bit like a sponsored session (it wasn't), as we settled in they started talking about an issue we discuss a lot here at MHDC - that technology isn't enough; culture and process are just as important if not more so. They also made some interesting comments about how the definition of diversity changes over time and the populations that must be included when considering diversity are always expanding. They then segued into data discussions, particularly highlighting two related points: providing provenance for data to end users - where it comes from, how it was tested, and how it's used - is necessary for accountability and the need to ensure everyone from patient to provider to researcher and beyond assigns the same meaning and context to the same piece of data when they see it.

Other interesting takeaways came from a session on addressing health disparities in the LGBTQ+ community and a session on baking SDOH into everything we do as an industry. The former session was led by Dr. Elizabeth Petty of the University of Wisconsin who heads up an LGBTQ+ health initiative for the AMA and made two points that particularly stood out: that we can't collect [accurate] data about status until everyone is comfortable coming out and that we should never assume pronouns or force legal names on people. On the first point, the director of a new transgender-focused clinic in Northampton was on television the weekend after the conference indicating that only 40% of trans patients are out to all of their medical providers. That's an abysmally low number and something to consider as we move toward more automatic exchange of patient demographic data. The second point also offers several challenges across healthcare from the tendency of provider offices to use formal address (although this is loosening a bit in our experience) to the need to capture alternate names and which of the plethora of available pronouns particular patients use in the captured and exchanged patient data.

The session on baking SDOH into what we do as an industry was led by Jay Sultan of LexisNexis Risk Solutions and also covered a lot of ground. It provided one of the better distinctions between SDOH and health equity we've seen: SDOH are driven by a particular aspect or issue a specific person has; interventions are directed to that person directly while health equity is a group characteristic that isn't individual and interventions require direct changes to the healthcare system. It also stressed one of the points MHDC is quick to raise in SDOH discussions - that not all SDOH issues are related to health equity issues or poverty; using a variation on one of our favorite examples, he pointed out that a white person with money can have legitimate transportation issues but those likely aren't equity issues. He also discussed the dangers of self-reported data, particularly given the stigmas some people may feel, and the dangers of using population-level data (even at its most granular such as census blocks) to make assumptions about individual people which ties back to the differences between SDOH and equity. He also talked about the need to understand the specific drivers of a particular patient need in order to address it and the lack of measurement in all areas related to SDOH - the needs, the interventions, what's working, what isn't working, and more.

Day 2 - Federal Regulations

Day 2 started with morning keynote addresses from National Coordinator Micky Tripathi and Director Mary Greene of the Office of Burden Reduction & Health Informatics at CMS. The afternoon features a variety of sessions on specific new or potentially upcoming regulations including on attachments and price transparency. Dr. Tripathi's keynote did not tread a lot of new ground, but rather reminded us what existing requirements mean and upcoming deadlines. He particularly made a point of indicating several times that USCDI is meant to be a minimum and not the end goal of exchanged data and to point out that information blocking rules apply to all providers ranging from small physical therapy offices and single doctor offices to the largest hospitals and health systems in the country - it even applies to dentists.

Dr. Greene's talk broke more new ground, at least in terms of the topics and points covered by CMS in public talks. She discussed using AI and machine learning to turn data into actionable insights while still keeping privacy and security in mind, the importance of improving interoperability in post-acute care, that provider directories and interoperability of provider directories is an area they're particularly focusing on, and that they're looking at HIPAA administrative simplification (including things like use of virtual credit cards, rules around electronic transfer fees, and, to a lesser extent, adoption of ICD-11). It was much more future-looking than most CMS talks and gave a good sense of their current thinking and focus on a wide range of topics.

One of the more interesting sessions of the day was given by our board member John Kelly of Edifecs and his colleague Sherry Wilson of Jopari. While technically focused on making a case for getting a final rule covering attachments now, it was an interesting discussion about how the industry works with and without regulation more generally. They pointed out that regulation is often needed to accelerate the industry and ensure continued adoption of attachments or anything else and that some people are afraid to implement attachments (or other things) before regulation because they're likely to change once regulation does happen. They also point out that inertia is strong and more often rules drive innovation than the other way around. While we at MHDC (and particularly the DGC) believe in innovation as a driving force and that it's good to be ahead of the regulations rather than trailing them, we definitely understand these points and thought the discussion well worth having.

The final session of the day covered the No Surprises Act, another area our Data Governance Collaborative spends a lot of time exploring. Given by WEDI's Vice President for Federal Affairs Robert Tennant, this was one of the better sessions we've attended on this topic (and we've attended a lot). Focused mainly on the price transparency components of the bill, it clearly laid out some of the basic rules and both expected and announced enforcement dates and enforcement delays (such as an enforcement delay for provider requirements to send good faith estimates to payers for insured patients until after regulations for that aspect of the bill are released) and also drove home some of the specific requirements that get the most pushback (such as the requirement that patients can choose the format of their advanced explanations of benefits and payers cannot force them to use a specific method like their portal). One of the most interesting areas of discussion was on a topic near and dear to our hearts - standardized data and exchange formats for the myriad of data needed to make No Surprises work. WEDI made it clear that they expect specific requirements around data exchange to be part of upcoming regulations. This came up particularly in the context of the provider to payer workflows but answers to audience questions made it clear that this is a general expectation for at least most aspects of the bill.

Day 3 - New App Economy

Day 3 was mostly focused on the new app economy. It opened with a panel that unexpectedly focused on apps to verify vaccination in a variety of ways for a variety of purposes (it was billed as covering the infrastructure of trust; it did this primarily by example). This was interesting and raised issues that can be more generally applied (like trust frameworks, an idea central to the CARIN Alliance identity management proposals) but much of the conversation was quite specific to the use cases discussed so we won't delve into it further here.

An Edifecs-sponsored session on lessons learned about interoperability was very interesting, pointing out that initially many organizations weren't capable of processing the amount of data they were receiving when the FHIR spigot was turned on, that de-duplicating records proved difficult and some sort of record matching solution is needed when data comes in from multiple sources, and capturing and managing user consent proved challenging (particularly in terms of designing useful UIs, managing granular consent, and the need to incorporate expiration into the system).

The best session in the entire conference featured app developers Jennifer Blumenthal of OneRecord and Kristen Valdes of B.Well ostensibly talking about how to drive value from data. However, their main topic was actually the challenges of getting useful data and, in particular, some of the barriers third party app developers have working with payers and getting payer data via the Patient Access APIs. Some of the points they raised were the difficulty of combining data that comes in via FHIR with data that doesn't (like eligibility data), inconsistency of the data being sent by each payer (both generally and specifically how they send IDs), lack of test data  from payers (particularly test patients), and the inability to get data from vendors about which payers they support (this included a plea for payers to tell their vendors that it's okay to tell app developers that they're using that vendor's FHIR services). They also discussed a desire for centralized authentication and identity services so patients don't have to authenticate multiple times and a desire to add price transparency features to their apps (with a caution that it's not clear how feasible this will be for the foreseeable future).

Day 4 - Future Considerations

Day 4 - billed as covering future considerations - was a bit of a mixed bag. It started with a keynote from Accenture that level set a bit on where things stand today. That was followed with sessions on security, automation and self-service, WEDI work on claims and prior authorization, and ended with vendor demos from Edifecs, SmileCDR, and Axway. Some of the more interesting points from the Accenture session include noting that some of the traditional barriers between the technology and business sides of healthcare organizations are breaking down (we see this as a necessary and good thing), that despite the increase of telehealth driven by the pandemic the overall use of digital health in all channels has hit a plateau over the last several years, and 37% of consumers indicate that they've limited their use of digital health because of privacy and security concerns.

The session on automation and self-service - led by Ruby Raley and Ravee Chintha of Axway - was also quite interesting. They discussed how the amount of effort required to use (or develop with) a product or system drives customer loyalty and how automation and self-service can drive improvements in this area. They also discussed challenges including how existing waterfall processes of designing programs for 18 months then running them for 5 years before making changes just doesn't work in the modern world where new regulations come out several times per year (MHDC and the DGC heartily agree and promote more agile processes as part of moving to a more interoperable, data driven industry). They also talked about efficiently solving for the need to send data (like status messages) to multiple places and users at once and suggested using pub-sub queues that allow interested parties to subscribe to published updates on particular topics for things like updating claims status.

The demos were generally engaging, with some particular comments of interest coming in the SmileCDR session by Drew Hannah and Adam Cole. According to them, 75% of payers aren't complying with Patient Access API requirements yet, often because they run into issues with FHIR facades (this is a mechanism for sending data via FHIR by gathering it from a variety of internal sources on the fly). They also talk about how attestation from a new plan that a member has given consent for the Payer to Payer exchange coming online in January 2022 isn't sufficient; a model for validation is needed as part of the process.

We weren't able to attend every single session of the WEDI conference, but those we did were generally interesting and informative. We learned a lot and hope you've learned something from our comments and takeaways outlined in this article. DGC members can look forward to deeper discussion on some of these topics in coming meetings, but anyone reading this article should feel free to email us at with any questions or comments.

Native American Heritage Month

Native American Heritage Month started as American Indian Day in NYC in 1916. Like many minority groups, Native Americans and other indigenous people have been hit hard during the pandemic and encounter other health equity issues and health disparities. You can learn more about some of their specific concerns at the following pages:

You may also want to explore Indigenous perspectives on the pandemic and climate change at this Johns Hopkins Center for American Indian Health webinar on Nov 17 at 12pm:

And learn more about the Native American medical school experience at this American University of the Caribbean webinar on Nov 11 at 6pm:

Wrapping Up

Before we go, here's a reminder of upcoming data exchange deadlines from ONC and CMS (including the CMS rule that's currently frozen, as noted by *):

And that's it, folks. Loved it? Hated it? Have an idea for next time? Send us feedback and suggestions about this newsletter at or send us feedback and suggestions about anything else at

Massachusetts Health Data Consortium
460 Totten Pond Road | Suite 690
Waltham, Massachusetts 02451

For more information,
please contact us at

join our mailing list

© Massachusetts Health Data Consortium