Congress in 2016 passed the 21st Century Cures Act (“Cures Act”). Nestled within the 312-page law is a section prohibiting “information blocking” that has received recent attention as the Department of Health and Human Services’ (“HHS”), Office of the National Coordinator for Health Information Technology (“ONC”) published regulations setting forth, among other things, allowable exceptions to the information blocking prohibition under the Cures Act.
The information blocking regulations were published during the height of the pandemic in May 2020, with an effective date of June 30, 2020. Our office previously provided information blocking resources and noted a delay in the applicability of the rules due to the COVID-19 public health emergency here. Currently, the information blocking regulations come into effect April 5, 2021 (unless the implementation date is further extended).
1. What is “information blocking” and does the prohibition apply to me or my organization?
According to ONC, the information blocking provision was passed to address concerns that market forces incentivized unreasonable restrictions on the availability and use of electronic health information. Developers of electronic health records, health systems, and hospitals are clear targets of the provision; however, the information blocking provision applies more broadly to health information exchanges, health information networks, health IT developers of certified health IT, and health care providers.
Health care providers subject to the information blocking provision include but are not limited to nursing homes and long term care facilities, hospitals, federally qualified health centers, home health providers, pharmacies, physicians and group practices, therapists, and various health centers and clinics.
What constitutes information blocking depends upon the subject entity or individual. Providers are prohibited from knowingly engaging in a practice that is unreasonable and likely to interfere with access, exchange, or use of electronic health information (“EHI”). Health information exchanges, health information networks, and health IT developers of certified health IT are subject to a stricter standard that prohibits them from engaging in a practice that they should know is likely to interfere with access, exchange, or use of EHI.
ONC states that it will evaluate whether a practice constitutes information blocking on a case-by-case basis.
2. Ok, it applies to me. Are there exceptions?
The information blocking provision requires HHS to identify exceptions where an information blocking activity may be innocuous or beneficial. To date, ONC has identified the following practices as exceptions (subject to various conditions):
Practices reasonable and necessary to prevent harm to a patient or another person
Denial of access, exchange, or use of EHI to protect an individual’s privacy
Interference with access, exchange, or use of EHI to protect its security
Denial of access, exchange, or use of EHI due to infeasibility
Temporary unavailability or degradation of health IT performance to benefit overall health IT performance
Certain content and manner conditions
Requirement of a fee for access, exchange, or use of EHI
Licensing of interoperability elements
3. Do I Have to Make EHI Available Through a Patient Portal or With Other Technology?
According to “Frequently Asked Questions” from ONC (hyperlink: Information Blocking FAQs (healthit.gov)), the answer to this question is no. There are no obligations under the information blocking provisions to affirmatively make EHI available to individuals who have not requested EHI. If a provider delays releasing EHI, however, this could be considered improper interference if an exception does not apply.
4. How serious is this?
The information blocking provision currently imposes civil monetary penalties up to $1 million for violations by non-health care providers, authorizes the HHS Office of Inspector General (“OIG”) to investigate information blocking, and conditions certification of health IT developers on compliance with the provision. Penalties specific to health care providers are being established.
Our firm can help you with questions you may have on information blocking, health information privacy and security, or other health care legal topics. If you have any questions, please contact any member of our firm at 585-730-4773 or through our website. Please note that any embedded links to other documents may expire in the future.
This Legal Briefing is intended for general informational and educational purposes only and should not be considered legal advice or counsel. The substance of this Legal Briefing is not intended to cover all legal issues or developments regarding the matter. Please consult with an attorney to ascertain how these new developments may relate to you or your business. © 2021 Law Offices of Pullano & Farrow PLLC