April 9, 2021 | By Amanda Waesch
In December 2016, Congress passed the 21st Century Cures Act (often simply called the “Cures Act”). Woven within the Cures Act is Section 4004 titled “Information Blocking.”[1] The purpose of this section is to prohibit any action or practice that interferes with or prevents access to electronic health information (i.e., information about a patient’s medical history or treatment). The law requires the Department of Health and Human Services (“HHS”), through rulemaking, to identify reasonable and necessary activities that do not constitute information blocking.
On May 1, 2020, HHS issued its Final Rule that set an initial compliance date of November 2, 2020. [2] Due to the public health emergency and lobbying efforts, this was pushed back to April 5, 2021.
“Information blocking” is defined as any practice that is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information, and if conducted by a healthcare provider, such provider knows that the practice is unreasonable and is likely to be considered information blocking.[3] Engaging in “information blocking” could result in a civil monetary penalty up to $1,000,000 for each violation. The Final Rule also utilizes the definition of “healthcare provider” found in the PHSA – which is broader than the definition of “healthcare provider” under HIPAA.
Examples of information blocking include, but are not limited to, (1) practices that restrict authorized access, exchange, or use of such information for treatment, including transitions between certified health information technologies; (2) implementing health information technology in non-standard ways that are likely to substantially increase the complexity or burden of accessing, exchanging, or using electronic health information; and (3) implementing health information technology in ways that are likely to (a) restrict the access, exchange, or use of electronic health information with respect to exporting complete information sets or in transitioning between health information technology systems; or (b) lead to fraud, waste, or abuse, or impede innovations and advancements in health information access, exchange, and use, including care delivery enabled by health information technology.[4]
In the Final Rule, the ONC requires, at a minimum, that the common data through the U.S. Core Data for Interoperability (“USCDI”) be made available to a requestor. The USCDI is a standardized set of health data classes and data elements that are essential for nationwide, interoperable health information exchange.[5] The purpose of this rule is to advance and promote the complete access, exchange, and use of all electronically accessible health information.
The Final Rule identifies eight different types of clinical notes that must be shared under new USCDI standards: (1) consultation notes, (2) discharge summary notes, (3) history and physical, (4) imaging narratives, (5) laboratory report narratives, (6) pathology report narratives, (7) procedure notes, and (8) progress notes.[6]
The Final Rule also provides eight exceptions to information blocking that may be utilized by healthcare providers. If a provider meets one of these exceptions, then the action is not considered information blocking and will not be subject to civil monetary penalties. The Final Rule is clear that each situation is a case-by-case determination that is based upon the specific facts and circumstances of each request.
It will not be information blocking for an actor to engage in any of the following actions:
- Practices that are reasonable and necessary to prevent harm to a patient or another person.
- To not fulfill a request to access, exchange, or use electronic health information in order to protect an individual’s privacy.
- To interfere with the access, exchange, or use of electronic health information in order to protect the security of the electronic health information.
- To not fulfill a request to access, exchange, or use electronic health information due to the infeasibility of the request.
- To take reasonable and necessary measures to make health IT temporarily unavailable or to degrade the health IT’s performance for the benefit of the overall performance of the health IT.
- To limit the content of its response to a request to access, exchange, or use electronic health information or the manner in which it fulfills a request to access, exchange, or use electronic health information.
- To charge fees, including fees that result in a reasonable profit margin, for accessing, exchanging, or using electronic health information.
- To license interoperability elements for electronic health information to be accessed, exchanged, or used.
It is important for providers to evaluate their current policies, procedures, and practices to determine how the information blocking rules will affect their organization. Providers should identify and respond to gaps and provide training and education to staff.
Please contact Amanda Waesch, Esq. at 330-253-9185 or alwaesch@bmdllc.com should you have any questions regarding the Final Rule or questions regarding information blocking, the sharing of health information, or other general healthcare issues.
[1] Codified at 42 U.S.C. § 300jj-52.
[2] See 85 Fed. Reg. 25642.
[3] Id. at (a)(1).
[4] Id. at (2).
[5] HHS, HHS Finalizes Historic Rules to Provide Patients More Control of Their Health Data, (March 9, 2020), https://www.hhs.gov/about/news/2020/03/09/hhs-finalizes-historic-rules-to-provide-patients-more-control-of-their-health-data.html.
[6] 85 Fed. Reg. 25642, 25674.