On May 1, 2020, the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology (ONC) released its final rule (Final Rule) on “Information Blocking” as part of the 21st Century Cures Act. The Final Rule applies to the following (ONC refers to each one as an “Actor”): (i) healthcare providers, (ii) health IT developers subject to ONC’s Health IT Certification Program, (iii) health information networks (HIN) or (iv) health information exchanges (HIE). With the initial enforcement date fast approaching (November 2), we explain the rule below.
What is Information Blocking?
“Information Blocking” is generally a practice that, except as required by law or covered by an exception, is likely to interfere with access, exchange, or use of electronic health information (EHI), and the Actor has actual knowledge, or in the case of Actors who are health IT developers, HINs or HIEs, should know, that the practice is unreasonable and is likely to interfere with, prevent, or materially discourage access, exchange, or use of EHI.
But what does it really mean?
Some examples of Information Blocking include:
- Hospital policies or procedures that require personnel to obtain an individual’s written consent before sharing the individual’s EHI with unaffiliated providers for treatment purposes even if obtaining such consent is not required by state or federal law.
- Contractual arrangements that prevent sharing or limit how EHI is shared with patients, their healthcare providers, or other third parties.
- Patients or healthcare providers become “locked in” to a particular technology or healthcare network because their electronic health information is not portable.
- A healthcare provider has the capability to provide same-day access to EHI in a form and format requested by a patient or a patient’s healthcare provider, but takes several days to respond.
Are there any exceptions to the Information Blocking rule?
Yes – there are eight exceptions to the Information Blocking Rule. The exceptions generally fall into two categories: (i) Exceptions that involve not fulfilling requests to access, exchange, or use EHI; or (ii) Exceptions that involve procedures for fulfilling requests to access, exchange, or use EHI. The exceptions will be discussed in these separate categories.
A. Exceptions That Involve Not Fulfilling Requests to Access, Exchange, Or Use The EHI
- Preventing harm exception. It will not be information blocking for an Actor to engage in practices that are reasonable and necessary to prevent harm to a patient or another person, provided certain conditions are met. This exception aligns well with existing HIPAA rules.
- Privacy Exception. It will not be information blocking if an Actor does not fulfill a request to access, exchange, or use EHI in order to protect an individual’s privacy, provided certain conditions are met.
- Security Exception. It would not be information blocking for an Actor to interfere with the access, exchange or use of EHI in order to safeguard the confidentiality, integrity, and availability of EHI, provided certain exceptions are met.
- Infeasibility Exception. It will not be information blocking if an Actor does not fulfill a request to access, exchange or use EHI due to the infeasibility of the request, provided certain conditions are met.
- Health IT Performance Exception. It will not be information blocking for an Actor to take reasonable and necessary measures to make health IT temporarily unavailable or to degrade the health IT’s performance for the benefit of the overall performance of the health IT, provided certain conditions are met.
B. Exceptions that Involve Fulfilling Requests to Access, Exchange, or Use of EHI:
- Content and Manner Exception. It will not be information blocking for an Actor to limit the content of its response to requests to access, exchange, or use EHI or the manner in which it fulfills a request to access, exchange, or use EHI provided certain conditions are met.
- The Fees Exception. It will not be information blocking for an Actor to charge fees, including fees that result in a reasonable profit margin, for accessing, exchanging, or using EHI, provided certain conditions are met.
- Licensing Exception. It will not be information blocking for an Actor to license interoperability elements for EHI to be accessed, exchanged, or used, provided that certain conditions are met.
When does this rule go into effect?
The Final Rule goes into effect on November 2, 2020. However, prior to May 2, 2022, the EHI subject to the Final Rule is limited to the data elements in the United States Core Data for Interoperability (USCDI) standard. Beginning May 2, 2022, the Actor must respond to requests with all EHI. ONC has issued a Policy whereby ONC will exercise its discretion on enforcement for three (3) months after the compliance dates, and just last month submitted an interim final rule (Interim Rule) Office of Management and Budget (OMB), suggesting a delay in effective date. However, unless and until the Interim Rule is issued, providers should be prepared to comply.
Oh no! My organization is not ready for implementation on November 2. What should we do?
Our attorneys are ready to help! We have worked with multiple providers on reviewing their current practices and recommending operational changes to prepare for Information Blocking. We have also drafted customized policies and procedures on Information Blocking. If you need assistance with Information Blocking, please contact: