Beginning April 5, information blocking is now prohibited through recently adopted regulations by the Office of the National Coordinator for Health Information Technology (ONC) under the 21st Century Cures Act. Here’s what you should know.
What Is Information Blocking?
Information blocking is any activity by a health IT developer, health information network, health information exchange, or health care provider that interferes with access, exchange, or use of electronic health information (EHI).
Section 4004 of the Cures Act specifies certain practices that could constitute information blocking:
- Restricting authorized access, exchange, or use of information for treatment and other permitted purposes;
- Implementing health IT in nonstandard ways that will increase the complexity or burden of accessing, exchanging, or using EHI;
- Implementing health IT in ways that restrict the access, exchange, or use of EHI for exporting information or transitioning between health IT systems
- Implementing health IT in ways that lead to fraud, waste, or abuse, or impede innovations and advancements in health information access, exchange, and use.
More specific examples of information blocking for specific actors were offered in the proposed rule of the 21st Century Cures Act. Two examples specific to healthcare providers include:
- a health care provider takes several days to fulfill a patient’s request for EHI when in fact the provider could have, using reasonable efforts, fulfilled the patient’s request in a much shorter timeframe.
- A health care provider imposes one set of fees and terms to establish interfaces or data sharing arrangements with several registries and exchanges, but offers another more costly or significantly onerous set of terms to establish substantially similar interfaces and arrangements with an HIE or HIN that is used primarily by health plans that purchase health care services from the provider at negotiated reduced rates.
You can find other examples in the proposed rule beginning on page 364.
What Is EHI?
From April 5, 2021, through October 6, 2022, the information blocking rule’s definition of EHI is limited to the information contained in the sixteen data classes for the United States Core Data for Interoperability (USCDI) standard, which are:
- Patient Demographics
- Vital Signs
- Allergies and Intolerances
- Smoking Status
- Care Team Members
- Clinical Notes
- Assessment and Plan of Treatment
- Health Concerns
- Unique Device Identifiers (for a patient’s Implantable Device)
- Provenance (i.e., the metadata of the records provided)
After October 6, 2022, the information blocking rule’s definition of EHI will expand to include the full electronic “designated record set” as defined by HIPAA.
Are There Exceptions?
Of course there are exceptions to the information blocking rules. Some activities that in effect block information sharing are done out of privacy, security, safety, and even infeasibility. Generally, there are two categories of exceptions:
- Exceptions that involve not fulfilling requests to access, exchange, or use EHI; and
- Exceptions that involve procedures for fulfilling requests to access, exchange, or use EHI.
Exceptions that involve not fulfilling requests to access, exchange, or use EHI include the following:
- Preventing Harm Exception
- Privacy Exception
- Security Exception
- Infeasibility Exception
- Health IT Performance Exception
Exceptions that involve procedures for fulfilling requests to access, exchange, or use EHI include the following:
- Content and Manner Exception
- Fees Exception
- Licensing Exception
In order to claim that certain actions or policies should not be considered information blocking, “actors” (i.e., health care providers, health IT developers, health information networks and health information exchanges) must meet the conditions of one or more exceptions, which are outlined in the Information Blocking Exceptions Fact Sheet.
An actor’s actions or policies that do not meet the conditions of an exception will not automatically constitute information blocking. Instead such practices will be evaluated on a case-by-case basis to determine whether information blocking has occurred.
The National Law Review recommends that healthcare providers take the following actions to ensure compliance with the new information blocking rules:
- Make sure patient portals are configured to provide lab test results and other electronic health information (EHI) to patients without unnecessary delay.
- Update release of information policies so that their procedures comply with the ONC final rule, along with the HIPAA Privacy Rule and applicable federal and state laws.
— All rights reserved. For use or reprint in your blog, website, or publication, please contact us at firstname.lastname@example.org.