Blog
Healthcare Regulatory Compliance Pivot to Innovation
As the healthcare landscape continues to evolve, payers have heightened their strategic focus on brand loyalty improvement, market expansion, revenue growth and margin expansion. They’re rethinking how to use evolving regulations as a necessary impetus to transform their business to address these strategic objectives.
In this article, we take a look at using the Centers for Medicare & Medicaid Services (CMS) interoperability regulations to drive digital transformation and innovation.
Purpose of CMS Regulations
The CMS Interoperability and Patient Access Final Rule from 2020 and the CMS Interoperability and Prior Authorization Rule finalized in March 2024, which is effective January 1, 2027, reaffirm a national emphasis on the need to improve processes and adopt secure technologies that:
- Improve health information exchange to achieve appropriate and necessary access to health records for patients, healthcare providers, and payers.
- Reduce overall administrative burden and breakdown barriers for payer, provider, and patients associated with processes that hinder delivery of the right patient-centric care in the right setting at the right time—all of which impact health and cost of care outcomes. CMS estimates $15B of estimated savings over 10 years in improving prior authorization processes.1
- Unleash innovation through an API economy by allowing third-party application developers to access information securely with required consent and create user-friendly and intuitive services that help patients, payers, and providers for better health and quality of care outcomes.
These Rules set healthcare regulatory compliance requirements for Medicare Advantage (MA) organizations, Medicaid and the Children’s Health Insurance Program (CHIP) fee-for-service (FFS) programs, Medicaid managed care plans, CHIP managed care entities, and issuers of Qualified Health Plans (QHPs) offered on the Federally Facilitated Exchanges (FFEs)—collectively referred to as “impacted payers.”
Based on payers’ experiences with and lessons learned from implementing the 2020 Rule, their approach to implementing the latest Rule is not to just tick a regulation compliance checkbox. Instead, they’re looking to build on an essential infrastructure that can be securely scaled to address the following imperatives to meet their strategic business goals:
- Enhance member experiences in their care journey—finding, accessing, and tracking their care holistically, thereby improving health outcomes and loyalty to the brand.
- Improve provider experiences with the brand by making it easy to do business with them, thereby encouraging more collaboration to drive better member health outcomes, reduce cost of care, and reduce costs associated with administrative burdens.
- Increase digital transformation and innovation agility to reduce operational costs, and improve revenue streams with newer products and digital service streams.

Technology Requirement Shift to Data Estate Management and Governance
The Rules require implementation of the enlisted APIs, primarily, adopting HL7® Fast Healthcare Interoperability Resources (FHIR) standard using prescribed profiles and data/value sets with an enforcement exception for the Prior Authorization API implementation to use FHIR or HIPAA X12 278 standard, or a combination of both.
Payers must contend with securely integrating, managing, and governing healthcare data being made available—within their enterprise as well as across the broad healthcare ecosystem—in various healthcare interoperability standards (such as HL7 V2 and V3, HIPAA X12, HL7 CCDA, HL7 QRDA to name a few) as well as custom formats (such as flat file, CSV, XML).
Further, members/patients are the owners of their data and have stringent privacy, security, and confidentiality protections under the Health Insurance Portability and Accountability Act (HIPAA) on use and exchange of their data. Payers and providers are custodians of their member and patient data. It then becomes imperative to ensure that this data is shared only when member/patient consent is provided to allow required exchange in the ecosystem. Then, there are Federal and State mandates around health record retention time periods.
Consequently, a technology infrastructure needs to address the acquisition, integration, and management of volume, velocity, variety, veracity of member/patient data while governing its security and quality dimensions before sharing it with members/patients, providers, payers and their allied partner communities—all through a suite of APIs.
Realizing their custodial responsibility of member/patient data and the total cost of ownership for building and maintaining the data estate in a compliant manner, simply to fulfill evolving CMS Interoperability Rule compliance, is no longer seen by payers as cost of doing business alone. Instead, they’re looking to monetize these data assets to meet their strategic business goals mentioned above in ways that power their digital and operational transformation initiatives.
Investment Approaches
To ensure healthcare regulatory compliance, payers have a choice to either build-from-scratch, buy/outsource, or integrate best-of-breed vendor solutions to create a secure and scalable data estate infrastructure.
With the explosion of investment in digital health solutions over the past few years, the opportunities to improve member and provider experiences in their care journey and derive meaningful insights from healthcare data have grown at an incredible pace. Alongside the ever-increasing number of innovative solutions, a tangled ecosystem of interoperability vendors has sprouted out of startup and big tech companies as complementary offerings. While many interoperability vendors claim to offer plug-and-play, one-size-fits-all, or easy-button solutions, our experience is that things are rarely as simple as a vendor claims.
To make sure payers are maximizing the value of investment, there are several critical considerations to deliberate on in alignment with strategic business goals. Leading payers are increasingly adopting the strategy of building the data and interoperability infrastructure using a best-of-breed vendor solution where the custodial relationship of data is owned, controlled, and governed by the payer at an optimized cost while maximizing the flywheel effect of this data estate infrastructure to power its larger strategic goals.
Example: Key Strategy Considerations
A large vertically integrated payer decided to build, maintain, and govern the data estate by using select tools for data integration and interoperability, cloud data stores, and API Management gateways. The critical considerations they deliberated before adopting this strategy were:

Monetization
How do we comply with regulations at a minimum (for fully insured health plan products) yet monetize them (for administrative services only / self-insured plans) through a data-as-a-service offering?

Scalability
How do we scale the reach and reuse of the data estate and interoperability infrastructure built to improve current digital experiences provided to members, network, and allied partners while driving better operational efficiencies?

Financial Model
What is the right financial model (with CapEx vs OpEx cost and revenue model criterion) and budget to support both considerations above in addition to accountability of significant risk (data security, cybersecurity, and non-compliance penalties included) with an emphasis on providing a predictable multi-year investment outlay to support: a) an initial build; b) ongoing sustenance with low, mid, and high utilization; and c) projected incremental monetization?
Reimagine Regulation Compliance Now
The healthcare ecosystem is in dire need of an operational transformation in its processes, data, and technology to deliver safe, timely, effective, efficient, and patient-centered care, while ensuring healthcare regulatory compliance.
When payers own the membership and, rightfully, become the custodian of member data across the healthcare ecosystem, they can become the ecosystem convener to power a higher level of collaboration with members/patients, providers, and allied partners in the ecosystem, and drive experiential, health, financial, and equity outcomes, i.e., Quintuple Aim objectives.
Investments to build and sustain a data estate to support such collaboration is a significant expense, but can be the flywheel to not only achieve the Quintuple Aim objectives, but also drive innovation to bring new sources of business value.
Having a front row seat to the healthcare member-patient-provider experience and payer back-office business operations, and extensive digital transformation success, Concentrix is ready to be your end-to-end partner in helping reimagine regulation compliance as a pivot to driving innovation with agility. Learn more about our healthcare industry solutions.
¹ “CMS Finalizes Rule to Expand Access to Health Information and Improve the Prior Authorization Process,” CMS.gov, January 17, 2024.

Ham Pasupuleti
Vice President, Healthcare Solutions