Healthcare providers explore payer direct access to EHRs, but most are still awaiting the benefits

Healthcare providers are increasingly required to provide clinical data to payers to justify claims and get paid for the care they provide. In one recent study, nearly 15% of all claims submitted to payers for reimbursement were initially denied, including many that had been pre-approved through the prior authorization process. More than “half (54.3%) of denials by private payers were ultimately overturned and the claims paid, but only after multiple, costly rounds of provider appeals and extensive information sharing,” stated the study.^[1]

Some electronic health record (EHR) vendors now offer payer platforms that make it possible for providers to grant payers direct access to patient medical records, according to participants of an HFMA Executive Roundtable held in June and sponsored by clinical data exchange company MRO.

The roundtable brought together a number of healthcare industry leaders to discuss challenges and solutions for effectively sharing medical record data with payers. Roundtable participants also say they hope that offering insurers direct access to clinical information can potentially eliminate some of providers’ administrative burden of constantly responding to records requests, but that is yet to come to fruition. Many providers are leery of sharing such access to patient records with payers, whether for security, ethical, legal or other business reasons.

“There are inherent challenges with exchanging clinical information across the healthcare ecosystem without strict security and procedures in place,” said Matt Wildman, chief commercial officer at MRO. “We’re addressing the problems providers must solve in an effort to reduce their administration burden while providing payers with the clinical information they need.”

Do you give payers direct access to your EHR?

Sheldon Pink: We do provide direct access to Humana. I was somewhat apprehensive about it, but it’s too early to tell if there’s value in it. As we start giving more information, payers need to come to the table, with lower denial rates and faster responses. Payers need to make it beneficial for the hospitals. They have more people, analytics and technology. The challenge is that the more data we give them, they may find new reasons not to adjudicate claims.

Christopher Ballesteros: We provide direct access to two payers only in our multispecialty group practice and not the hospital system. We are pushing for payers to come to the table and have greater accountability. We want to see the true value of allowing EHR access, which is still unclear at the moment.

Sheila Augustine: We give UnitedHealthcare access to approve additional bed days. Before the pandemic, we had onsite nurses from payers looking at documentation, but they couldn’t do that during the pandemic. So, we gave more access to UnitedHealthcare, thinking that our denials after claim submission would go down, but they haven’t.

We’ve also tried bringing on Blue Cross Blue Shield, but we have no data to show that providing them with access to our EHR would help reduce denial rates either.

It’s tricky because you can’t lock down specific healthcare encounters. For example, if a patient wants to get Botox but wouldn’t want it billed to the payer, there’s no way to block their insurance company from seeing that service. We can restrict it so that United only sees United members’ data, but we can’t block access beyond that.

Brittany Roth: Our organization is in discussions with Anthem BCBS and UnitedHealthcare to evaluate giving access to records through [the] Epic Payer Platform. Our main focus in this evaluation is safeguarding patient information. It is my understanding that we would be able to utilize Epic to restrict access by record type, such as behavioral health, to ensure appropriate data sharing. Several factors will influence our decision to proceed, with IT resources being one of the key considerations. One must assess their IT capabilities and determine the necessary support to successfully implement and manage each payer.

Dolores Perez: We have allowed a few payers to have access to the EHR via the EPIC Payer Platform Clinical Data Exchange (CDE), but the information shared is not to be used for claims processing. It’s not to be used for any other purpose, but for risk adjustment, closing quality care gaps and things that help the payers. We looked at other systems that were providing access through the Epic Payer Platform. There’s no contract required with the payers, but everybody has to follow the rules of the road and the same process.

We went live with claims adjudication in May 2024 with UnitedHealthcare, so it’s too soon to tell if it’s actually working by reducing administrative burden. It was a manual process, but now they should be able to relieve our burden by pulling the information they need themselves. Hopefully, it will save us money, but it’s too soon to know if we’ve achieved any reduction in administrative burden.

A lot of the payers use CDE for their benefit only; quality care gaps or risk adjustment. They use it for the lines of business where it benefits them, Medicare and Medicaid, not for commercial purposes.

David Lombardi: We do not allow direct access into our EHR. We provide in-home, value-based care, and because we work with several different payers, we decided to avoid that level of sharing for security reasons.

Also, because patients switch between payers, we are concerned about ensuring that we’re only allowing the payer to see the documentation for the correct time period (when they had that member) and not before or after. In this day of security breaches, we must be cautious.

We certainly have gotten requests from payers. We’ve worked through that by providing securely delivered SFTP [Secure File Transfer Protocol] flat files with the documentation they need. Payers can either pull out the data from an SFTP or we can develop an API application programming interface for them to get the same level of information they want. They just can’t receive direct access, and we control the medium in which it’s being delivered.

Amy Hayes: We are not providing direct EHR access to payers. Our question is, ‘Will there be any benefit to us?’ The payers are going to have to come to the table and offer something that makes it mutually beneficial, such as reducing denials and helping our staff be more efficient.

Another challenge is the staff that send additional information to the payers don’t always have the clinical knowledge to submit the correct records. There’s a huge risk of human error and incorrect insurance information entered, which could allow payers to view records they shouldn’t view.

Juliet Santos: Our use is very different. I oversee the execution of our value-based care contracts. Value-based care is a very high-touch, high-resource demanding program. You’re either all in or it’s difficult to be successful. We opted to reduce our employees’ manual labor by granting EHR access to our value-based care payers. Without this access, we are required to provide supplemental data, which we used to submit manually. The submissions included clinical notes, lab results and other data that proves our patients received the services we’re billing for. 

To provide proof, my team reviews patient records and manually sends files to several value-based care payers on a regular basis. It is a time-consuming and tedious process. When we transitioned to Epic a year ago, it was our corporate decision to grant payers access to pull the data they required for submission to CMS. All payers with EHR access are restricted to accessing their own member population only.

We manage all payer login information. We track 16 different categories (name, date of birth, email, last four digits of Social Security number, etc.) of the payers’ staff information who will be accessing the records. Our IT department tracks this on their end, and my team attests and confirms regularly that the payer should still be given access to pull the required data for CMS submission. 

What would be the key performance indicators that would show there’s value in providing payers with direct access to your EHR?

Pink: It would be a release of administrative burden placed on facilities. If I’m negotiating with a payer and providing additional access, I should never receive an 835 denial that’s requesting data because the payer has access to [the data]. If I’m going to do all this work to make sure the payer has all the information just so they can deny the claim, what’s the point?

They talk about this being free, but there are fees through Epic that you have to pay for. This is not completely free.

Augustine: My company and HFMA did a research study that showed there has been a significant overall increase in denials since before the pandemic. It’s difficult to correlate whether this is due to payer access. You have to look at the denials, because you could get a denial for missing a modifier. If you update the modifier, then the payer might request medical records. Even after the pandemic, Blue Cross Blue Shield of Nebraska would pay a clean claim within five days, but that’s unheard of anymore. It’s like denials are used as delay tactics.

Perez: Sometimes we wait six months for a payment on something they should have paid the first time. Payers have complex algorithms for denying claims. In many cases, they are just testing providers to see if we’ll push back, fight a denial, send the record and push for payment or just give up.

Lombardi: For our value-based organization, we receive payment upfront, but for us, the concern was security. There is a substantial amount of sensitive information, so we’ve figured out other ways to provide the data.

Santos: I feel the pain in terms of privacy and security. But in the end, CMS [Centers for Medicare and Medicaid Services] is requiring this information. Payers are simply complying with CMS requirements for data elements as part of their payor audit. Payers are likely audited by CMS as well and could face fines for not confirming services rendered. 

Matt Wildman: The point around indemnification is really interesting because a provider might give payers access to the EHR, but if something falls flat, the provider is on the hook for that. It’s important to think about how providers can safeguard the data access they’re giving to payers.

Perez: Our revenue cycle has developed KPIs [key performance indicators]. Number one is reducing the AR [accounts receivable] and the number of medical records requests because that’s a serious administrative burden. Our staff is spread thin, and somebody has to stop their work, go pull the data and review it monthly to see if there is any impact. Anthem went live in January, and we don’t have enough people to look at those KPIs to see if the data sharing is successful.

There are no KPIs or metrics built into Epic. We asked payers to share their KPIs, but we never got a response. UnitedHealthcare gave us their first scorecard this month, which was based on quality care gaps and nothing related to access to the records.

Pink: Another concern is that payers have changed their denial patterns over the past years, so I don’t want to give them more information about potential denials. Every time, operations must adjust to address a new denial pattern, and adjusting clinical operations due to revenue cycle issues is difficult.

Which departments within your organization manage payer requests for records?

Roth: Payer requests are typically managed by our patient financial services (PFS) and managed care departments in collaboration with Health Information Management (HIM). Requests first go through our PFS office for review to ensure they are appropriate. If approved, they are sent to HIM to process and send records. If not approved, the requests are forwarded to managed care to address with the payer.

Ballesteros: Currently all requests are managed between our CBO centralized business office and HIM departments, collaboratively they will manage requests that pertain to submitted claims. We often have payers request the records before they even process the claim to validate everything we put on the claim. Then once they process the claim and we get a denial for the record, we’ve already submitted everything.

We want to submit the minimum necessary amount of information because we don’t want to give them more ammunition, but it’s difficult to manage that.

There’s not enough accountability for payers. As a smaller hospital system, we have little leverage to hold them accountable for anything.

What role, if any, does your health information exchange (HIE) play in sharing information with your payers?

Santos: We’ve had trouble finding an HIE partner that can provide us the timely documentation once patients are discharged from external facilities. The FMC [Follow-Up After Emergency Department Visit for People With Multiple High-Risk Chronic Condition] measure requires us to follow up with patients with chronic conditions within 48-72 hours after discharge. HIEs play a critical role in our organizational success in this measure, but they need to be more reliable and consistent. We should be able to receive medical records from HIEs in near real time by encouraging all healthcare organizations to make their data available in a timely manner consistent with CMS requirements.

Perez: We work with the HIE that gives us access to information about patients attributed to our system for admissions, encounters and inpatient stays at other hospitals. Payers also have access to this information. They want to see that data and it helps meet our metrics. We turned it on as this was a state requirement.

Conclusion

The roundtable conversation demonstrates the challenges of providing payers with the right level of access to EHRs. While offering direct access to payers attempts to alleviate some administrative burdens for providers, the results have not borne out as of yet. It also presents challenges including security, patient privacy, increased payer scrutiny and a lack of benefits to the health system.

Providers who can determine how to offer payers access in a way that limits payer visibility, but eases provider administrative burden, have the potential to successfully share patient information through a direct access model. However, those providers are not reaping the promised benefits.

“It’s clear to me that we must create an environment in which our providers can dictate the right, minimally necessary, clinical information to share with their payers with an assumption of reciprocity,” Matt Wildman said. “That will be critical for strong payer-provider collaboration and eliminate some of the friction that exists today.”  

Panelists

SHEILA AUGUSTINE, FHFMA, MHA, CRCL,
is director of revenue cycle at Nebraska Medicine in Omaha, Neb.

CHRISTOPHER BALLESTEROS
is executive director, revenue cycle at Peterson Health in Kerrville, Texas

AMY HAYES, MBA, CCS, CCS-P,
is senior director of revenue cycle at Great Plains Health in North Platte, Neb.

DAVID LOMBARDI
is CFO at Emcara Health in Franklin, Tenn.

DOLORES PEREZ
is director of managed care contracting at Inova Health System in Fairfax, Va.

SHELDON PINK FHFMA,MBA, LSSBB,
is vice president, central business office at Methodist Health in Dallas

BRITTANY ROTH, CHFP, CRCR, CSMC,
is director of managed care contracting and provider enrollment at Phelps Health in Rolla, Mo.

JULIET SANTOS, MSN, APRN, FNP-BC,
is director of population health and care navigation at AdventHealth Mid-America in Kansas City, Kan.

MATT WILDMAN
is chief commercial officer at MRO in Norristown, Pa.

About MRO

MRO is accelerating the exchange of clinical data throughout the healthcare ecosystem on behalf of providers, payers, and users of clinical data. By utilizing industry-leading solutions and incorporating the latest technology, MRO facilitates the efficient management and exchange of clinical data for all stakeholders. With a 22-year legacy, MRO brings a technology-driven mindset built upon a client-first service foundation and a relentless focus on client excellence. For more information on how MRO is empowering healthcare organizations with proven, enterprise-wide solutions to exchange clinical data of every type and scale, visit www.mrocorp.com.

_{This published piece is provided solely for informational purposes. HFMA does not endorse the published material or warrant or guarantee its accuracy. The statements and opinions by participants are those of the participants and not those of HFMA. References to commercial manufacturers, vendors, products, or services that may appear do not constitute endorsements by HFMA.}

---

^[1]. Trend alert: Private payers retain profits by refusing or delaying legitimate medical claims, Premier, March 10, 2024.