Why Wait-and-See: Individual Access Services (IAS) 

Forward

At Clareto, we’re receiving a growing number of inquiries from colleagues, clients, and partners regarding new health IT buzzwords like TEFCA, QHIN, and IAS. And if you’re reading this, you’ve likely already been promised that these acronyms are going to solve all your digital health data needs. 

Over the next few weeks, we’ll be publishing a series of articles to bring you up to speed on these novelties: 

• What they are and what we know today based on available evidence. 
• Why we think it makes sense to stay focused on developing, integrating, and enhancing proven, frictionless digital health data solutions like our EHR+ network. 
• Why taking a wait-and-see approach with these buzzwords and letting someone else do your homework is the smart decision. 

More importantly, we’re going to keep everything in layperson terms and focus exclusively on life insurance use cases. Hopefully these articles will teach you something you didn’t know. If we do a really good job, you might even enjoy reading them. 

Disclosures 

Clareto has agreements in place with three of the initial six organizations that had their QHIN applications approved in February 2023. 

About IAS 

For our first installment, we’re going to jump into the deep end with individual access services (IAS). To kick things off, let’s take a look at the official IAS definition from the Common Agreement (deep breath): 

Individual Access Services (IAS): with respect to the Exchange Purposes definition, the services provided utilizing the Connectivity Services, to the extent consistent with Applicable Law, to an Individual with whom the QHIN, Participant, or Subparticipant has a Direct Relationship to satisfy that Individual’s ability to access, inspect, or obtain a copy of that Individual’s Required Information that is then maintained by or for any QHIN, Participant, or Subparticipant. 

Yikes. Long story short, IAS enables consumers to access their own health information. If you’re a life insurance stakeholder thinking “That seems like a round peg in a square hole,” you’re not wrong (but we’ll save that for a future installment). 

How IAS Works 

There’s no speculation necessary here because the IAS standard operating procedure (SOP) has already been published. As a prerequisite to accessing their health information, consumers must complete an identity verification process to a specific standard (NIST IAL2), which includes providing personal information, uploading a picture of a driver’s license or passport, taking a selfie, and more. 

What to Expect with IAS 

Next, let’s think about the IAS process as a funnel. Like any workflow, IAS will have several potential points of failure where consumers may dropout. 

Top of Funnel 

We’ll follow 100 applicants who begin the IAS process. 

Vendor Selection

The IAS process requires use of an approved vendor for identity verification (SOP section 3.1). We expect there to be differentials in success rates, workflow duration, and user experience across vendors, which could even introduce bias by being more likely to decline certain consumers. I’ve experienced this variability first-hand by downloading and testing various apps (health-related and otherwise) that utilize identity verification workflows. Many are easy to complete and take the expected 5-10 minutes, but I’ve encountered some that require 5-10 phone calls with technical support. 

Funnel Update

Let’s assume we select the gold standard, and downside variation is not an issue. We still have 100 applicants in the funnel (sounds expensive though). 

Consumer Engagement 

Since the IAS process requires identity verification and evidence thereof (SOP sections 3.2 and 3.3), consumers will have to be engaged to initiate the process (and re-engaged if their credentials expire). Doing so, however, may be easier said than done. In a Human API case study, only 68% of life insurance applicants opened emails giving them an option to expedite the underwriting process by connecting their digital health data. 

Funnel Update 

Given the direct applicability to life insurance, we’re going to apply the full discount – only 68 applicants remain in the funnel (and we didn’t even touch more complicated questions like who should contact the applicant, when, and how). 

Identity Verification 

We also need to consider identity verification success rates. At the 2022 Carequality annual meeting, the “Improving Patient Access” panel indicated that 5-20% of consumers will fail identity verification. For a more precise estimate, a recent Digital.gov case study reported that login.gov had an average success rate of 74% after implementing identity verification via NIST IAL2. 

Funnel Update

We’ll assume that 80% of the remaining 68 applicants pass identity verification – only 54 applicants remain in the funnel (this is more favorable than login.gov, which likely obtained a large, representative sample). 

Patient Matching 

IAS requests can only be initiated using demographic information that has been verified (SOP section 3.4). Historical names, addresses, and other information may be included, but only if that information has also been verified. Of course, asking consumers to verify additional demographics beyond the minimum necessary may come with tradeoffs, including higher failure rates, longer workflows, and eroded user experience.

Further, while participating healthcare organizations are required to respond to IAS requests, they can set their own policies regarding what constitutes an acceptable patient match (SOP section 3.5). Some are contemplating more restrictive patient matching thresholds for IAS requests, including requiring an exact match with the address on file. The Carequality “Improving Patient Access” panel noted that 10-15% of consumers will have address issues and discussed some specific examples of where and how these may come into play. (As a test, I checked 9 of my patient portal accounts and discovered that only 3 of my providers have my current address on file.)  

Bottom of Funnel

To recap, the IAS process restricts what demographics can be used in an IAS request. Simultaneously, healthcare organizations will likely raise the bar on patient matching requirements. As a result, we’ll assume 15% of the remaining 54 applicants experience address issues and other matching obstacles – meaning that only 46 of our 100 applicants come out the other side of the funnel. 

Conclusion 

You guessed it – we’re going to wait-and-see with IAS. 

First, IAS fails to check the box on several of our health data partnership priorities: 

• Not a frictionless experience for consumers. 
• Limited potential for rapid end-to-end turnaround times to enable true accelerated underwriting and straight-through processing. 
• No near-term ability to test data exchange, evaluate performance at scale, and drive continuous improvement. 

Second, all the evidence points to IAS having more attrition than expected. Our imaginary cohort was whittled down from 100 applicants to just 46 – and that’s before accounting for the share of healthcare organizations that join a QHIN (remember, the current figure is still *zero* and QHIN participation is voluntary). If we’re correct, then IAS will underperform our current EHR+ network, which makes our decision easy. Today, tomorrow, and for the foreseeable future, we’ll prioritize growing and improving our EHR+ network, and building solutions that enhance the digital health data available through it. Eventually, IAS may prove itself as an attractive secondary option, and we’ll add it to our EHR+ network. 

And if IAS exceeds expectations? Even better – there’s no first-mover advantage or FOMO here (see Section 6 the Common Agreement re: Cooperation and Non-Discrimination). In fact, we’d prefer to be a fast-follower, learn from the successes (and failures) of others, and make informed decisions about which QHIN to join and which identity verification vendor to select.