Statement of ACAP CEO Margaret A. Murray on Proposed Interoperability Health Care Regulations

FOR MORE INFORMATION: Jeff Van Ness, (202) 204-7515,


WASHINGTON—Margaret A. Murray, Chief Executive Officer of the Association for Community Affiliated Plans (ACAP), made the following statement on proposed regulations recently promulgated by the Centers for Medicare & Medicaid Services and the Office of the National Coordinator for Health Information Technology, which pertain to interoperability of health care claims data and health IT certification:

“We applaud the general aim of the Administration in working to facilitate the transfer of data between organizations and to support consumer use of personal health information. However, when it comes to implementation, it’s clear that these regulations aren’t quite ready for prime time. ACAP has several concerns with the way HHS proposes to move forward and, from our perspective, the timelines set forth in these regulations would pose risks to the safety and security of the data involved.

“First, the data standards set forth for plans were designed to support electronic health record data. Health plans incorporate several data elements, including non-health care transactions, that go outside the realm of EHR data. Although health plans capture clinical information such as diagnosis and test results for payment and quality measurement purposes, these data may not be useful for other purposes. We feel that there needs to be a more careful review of operational and policy implications – including how these Federal requirements would work with those of states – before going forward.

“Security is also a foremost concern. These standards would require the use of application programming interfaces, which provide hackers with multiple venues to access an organization’s data. While health plans have undertaken considerable efforts to secure their data, the development of a robust API security strategy and control architecture is evolving for most industries, including health plans. Implementing the proposed rules requires substantial investment of time and resources; the timelines set forth are inadequate. Plans would need to assess the costs associated with compliance and account for them in the framework of actuarially sound rates.

“These proposed regulations represent big changes, and set aggressive goals. While we are supportive of the principles animating these goals, the devil is in the details. Those details suggest that meeting the aggressive timelines open health plans and their members up to unacceptably high levels of risk.

“We look forward to providing further constructive feedback so that these can be refashioned in a way so health plans can successfully and securely comply.”

About ACAP:
ACAP represents 66 health plans which collectively provide health coverage to more than 20 million people in 29 states. Safety Net Health Plans serve their members through Medicaid, Medicare, the Children’s Health Insurance Program (CHIP), the Marketplace and other publicly-sponsored health programs. For more information, visit