Although the 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program Final Rule ("Final Rule") was published on May 1, 2020, there are prohibitions and exceptions regarding information blocking that went into effect on April 5, 2021 (See 85 Fed. Reg. 25642). This Final Rule was part of an effort to increase patients' access to health data and it has presented significant new opportunities and challenges for providers, payers, and health IT companies.
The information blocking provisions were enacted in response to concerns that some individuals and entities were engaging in practices that unreasonably limited the availability and use of electronic health information (EHI) for authorized and permitted purposes. Citing a 2015 Report on Health Information Blocking it submitted to Congress, the Office of the National Coordinator for Health Information Technology (ONC) found that prevailing market conditions create incentives for some individuals and entities to exercise control over EHI in ways that limit its availability and use. This includes:
- For electronic health record (EHR) vendors, maximizing short-term revenue and competing for new clients
- For hospitals and health systems, strengthening their competitive positions relative to other hospitals and health systems
The ONC pointed out that these practices weaken competition among health care providers by limiting patient mobility, encouraging consolidation, and creating barriers to entry for developers of new and innovative applications and technologies that enable more effective uses of clinical data to improve population health and the patient experience.
What is information blocking?
Information blocking is generally defined as a practice that is likely to interfere with access, exchange, or use of EHI. The current rules limit EHI to the data elements represented in the United States Core Data for Interoperability (USCDI). Depending on the actor, there are different intent standards as to when an actor might be engaging in the practice of information blocking:
- Health Information Technology Developer, Network, or Exchange: Such developer, network, or exchange knows, or should know that such practice is likely to interfere with, prevent, or materially discourage access, exchange, or use of EHI.
- Health Care Provider: Such provider knows that such practice is unreasonable and is likely to interfere with, prevent, or materially discourage access, exchange, or use of EHI.
What are the exceptions?
There are eight exceptions to the information blocking rule. An actor must satisfy all applicable requirements and conditions of the exception at all relevant times in order for a practice not to be treated as information blocking. These are not discussed in detail here, but generally, these exceptions include:
- Preventing harm
- Privacy
- Security
- Infeasibility
- Health IT performance
- Content and manner
- Fees
- Licensing
As the ONC has provided, a practice that does not meet the conditions of an exception would not automatically constitute information blocking; such practices would not have guaranteed protection from civil money penalties or appropriate disincentives and would be evaluated on a case-by-case basis to determine whether information blocking has occurred.
What are your next steps?
The implementation of the information blocking final rules will affect health care providers as well as health IT developers, networks, and exchanges. The ONC has indicated it is aware of its enforcement authority, as well as the interplay with the Office of Inspector General's enforcement under these rules. In preparation, you should implement the following steps:
- Providers should update release of information and/or compliance policies to be consistent with the Final Rule and assess their processes for providing patients' EHI.
- Providers should determine if any of their activities with other providers mean they are also a health information exchange (HIE)/health information network (HIN).
- Health IT developers, networks, and exchanges should update software as needed to meet the Final Rule requirements and assess whether contracts with health care providers, vendors and other developers comply with the content and manner, fees, and licensing exceptions of the Final Rule.
To help with this effort, we have created an Information Blocking Fact Sheet summarizing some of the provisions that went into effect on April 5, 2021. For more information, please contact any member of Baker Donelson's Data Protection, Privacy and Cybersecurity team.