Health Information Technology in Care Management
Health information technology (health IT) encompasses the electronic systems, standards, and infrastructure that enable the collection, storage, exchange, and application of health data across clinical and care management workflows. This page covers the regulatory framework governing health IT in care management contexts, the technical mechanisms that underpin interoperability and data exchange, common deployment scenarios across care settings, and the functional boundaries that distinguish health IT tools from clinical decision-making authority. Understanding health IT's role is foundational to interpreting how care management models and frameworks are operationalized at scale.
Definition and scope
Health information technology, as defined by the Office of the National Coordinator for Health Information Technology (ONC) under the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 (Public Law 111-5), refers to hardware, software, integrated technologies, related licenses, intellectual property, upgrades, or packaged solutions sold or licensed to health plans, providers, or care management entities for clinical or administrative functions.
Within care management specifically, health IT spans five primary categories:
- Electronic Health Records (EHR) — longitudinal patient data repositories used by care managers to review diagnoses, medications, lab results, and care plans.
- Care Management Platforms — purpose-built software that supports patient-centered care planning, task assignment, and caseload tracking.
- Health Information Exchanges (HIE) — networks that enable authorized providers and care managers to query and retrieve patient records across organizational boundaries.
- Remote Patient Monitoring (RPM) systems — devices and software that transmit physiologic data from patients to care teams outside clinical encounters.
- Decision Support Tools — algorithms and rule sets embedded in platforms to flag care gaps, trigger outreach, or support risk stratification in care management.
ONC publishes the United States Core Data for Interoperability (USCDI) standard, which defines the minimum data elements that certified health IT must be capable of exchanging (ONC, USCDI). Certified EHR Technology (CEHRT) designation from ONC is a prerequisite for qualifying care management billing under the Centers for Medicare & Medicaid Services (CMS) Chronic Care Management (CCM) and Transitional Care Management (TCM) programs.
How it works
Health IT in care management functions through a layered architecture connecting data ingestion, workflow automation, and clinical communication.
Data ingestion begins when patient records are created or updated within an EHR. HL7 FHIR (Fast Healthcare Interoperability Resources), standardized by HL7 International and mandated for API-based exchange under the CMS Interoperability and Patient Access Final Rule (85 FR 25510, 2020), defines the technical format for transmitting discrete clinical data elements such as problem lists, medication records, and care plan components (CMS, 85 FR 25510).
Workflow automation layers atop ingested data. Care management platforms use configured rule sets — not autonomous clinical judgment — to generate alerts when a patient's hemoglobin A1c exceeds a configured threshold, when a hospital discharge event is received via ADT (Admit, Discharge, Transfer) feed, or when a scheduled follow-up has lapsed beyond a protocol-defined window.
Clinical communication is mediated through secure messaging conforming to the Direct Protocol, an ONC-specified standard for encrypted point-to-point clinical messaging. Referrals, care plan updates, and post-acute transition summaries transmitted between interdisciplinary care teams depend on Direct-compliant infrastructure.
Privacy and security requirements governing all health IT systems that handle protected health information (PHI) are set by the HIPAA Security Rule (45 CFR Part 164, Subpart C), enforced by the HHS Office for Civil Rights (HHS OCR, 45 CFR 164). Encryption standards, access controls, and audit logging are not discretionary under this framework; they are mandatory technical safeguards for any platform processing PHI in care management workflows.
Common scenarios
Chronic disease monitoring: In chronic disease care management, RPM devices transmit blood pressure, weight, or glucose readings to a care management platform. The platform compares incoming readings against patient-specific or population-level thresholds and queues outreach tasks for care managers without generating autonomous clinical orders.
Transitional care coordination: Following a hospital discharge, an ADT notification is received by the receiving care management organization's platform. The care manager reviews the discharge summary via HIE query, updates the longitudinal care plan in the EHR, and documents the required post-discharge contact per CMS TCM billing requirements (CPT codes 99495–99496). The transitional care management process depends entirely on timely, accurate ADT feed connectivity.
Behavioral health integration: Platforms supporting behavioral health care management must navigate 42 CFR Part 2 restrictions, which impose consent requirements for substance use disorder records that are stricter than standard HIPAA provisions. Health IT systems must be configurable to segment and restrict disclosure of Part 2-protected records independently of general medical records.
Population-level analytics: In population health management, aggregated EHR and claims data are processed through analytics platforms to identify cohorts for preventive outreach, gap closure, or care plan enrollment. CMS Quality Payment Program (QPP) participants rely on these analytics to generate MIPS (Merit-based Incentive Payment System) performance data.
Decision boundaries
Health IT tools in care management occupy a defined operational lane: they surface data, automate administrative tasks, and generate configurable alerts. They do not replace clinical judgment, generate orders, or constitute medical advice.
The FDA Center for Devices and Radiological Health (CDRH) maintains regulatory authority over software that crosses into clinical decision support meeting the definition of a medical device under 21 CFR Part 880. Under guidance issued pursuant to the 21st Century Cures Act, the FDA distinguishes between software that displays or transmits clinical information (generally not device-regulated) and software whose primary purpose is to analyze patient-specific data to support diagnosis or treatment decisions (potentially device-regulated) (FDA, 21st Century Cures Act guidance).
A critical contrast exists between EHR-integrated care management modules and standalone care management platforms:
| Dimension | EHR-Integrated Module | Standalone Platform |
|---|---|---|
| Data source | Native EHR record | HIE query, ADT feed, claims import |
| CEHRT certification | Inherits from EHR | Must qualify independently if required for billing |
| Interoperability | Internal, limited external | Designed for cross-organizational exchange |
| Regulatory pathway | ONC Certification Program | ONC + potential FDA oversight if decision support |
Care managers accessing PHI through any health IT system remain bound by HIPAA and care management privacy requirements regardless of the platform type. Minimum necessary standards, role-based access controls, and audit trails are non-negotiable components of compliant health IT use in care management contexts.
For billing purposes, CMS mandates that care management services billed under CCM, TCM, and related codes be documented using CEHRT, a requirement detailed under care management reimbursement and billing frameworks.
References
- Office of the National Coordinator for Health Information Technology (ONC)
- ONC — United States Core Data for Interoperability (USCDI)
- CMS Interoperability and Patient Access Final Rule — 85 FR 25510 (2020)
- HHS Office for Civil Rights — HIPAA Security Rule, 45 CFR Part 164
- FDA — 21st Century Cures Act: Clinical Decision Support Software Guidance
- HL7 International — FHIR Standard
- CMS Quality Payment Program (QPP)
- 42 CFR Part 2 — Confidentiality of Substance Use Disorder Patient Records