The federal 21st Century Cures Act from 2016 included provisions to advance and accelerate the adoption and effective use of health information technology; to support the access, exchange, and use of electronic health information (“EHI”); and to curtail “information blocking.” Information blocking is broadly defined to include “any practice that is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.” Final regulations implementing this new law were issued in May, 2020. These regulations are intended to hold parties accountable if they restrict the availability of EHI. Here is a link to the materials from The Office of the National Coordinator for Health Information Technology:
The information blocking portion of the rule (Part 171) was slated to go into effect November 2, 2020, although this date has now been extended until at least April 5, 2021 as noted in the following link:
Other portions of the rules (Part 170) have already been delayed due to the COVID-19 pandemic, as noted here: https://www.healthit.gov/curesrule/resources/enforcement-discretion
The information blocking rules apply to most health care providers, health IT developers, and health information exchanges and networks – called “actors” under these rules. These actors must provide access to EHI or they may be violating the information blocking provisions if there are unnecessary barriers to access the requested EHI. There are numerous exceptions that do not constitute information blocking (such as the “preventing harm” exception and the “infeasibility” exception) as detailed in the following summary –
The information blocking rules apply to EHI data, which includes electronic protected health information (“EPHI”) as defined by the HIPAA rules to the extent the EPHI would be included in a HIPAA “designated record set.” This information would not include, for example, psychotherapy notes as defined by HIPAA or information compiled in anticipation of litigation. Information which is de-identified would also be excluded. The scope of information/EHI initially subject to the information blocking provisions will be limited to data types described in the United States Core Data for Interoperability (“USCDI”) data elements. Here is a link to further USCDI information –
Eventually, EHI will include the complete HIPAA electronic designated data set.
The penalties for violations of the information blocking rules are not finalized. While a proposed rule has been issued, the civil monetary penalties issued thus far would only apply to health care providers if they are also acting as a health information network or health information exchange. Additional penalty rules will be issued in the future.
Providers should prepare an information blocking compliance plan in order to comply with these new information blocking rules, even if there ends up being a further compliance delay due to the COVID-19 pandemic.
Our Firm has extensive experience counseling employers and businesses on health care matters, and preparing applicable policies. If you have any questions related to this Legal Briefing, please contact any member of our Firm at 585-730-4773.
This Legal Briefing is intended for general informational and educational purposes only and should not be considered legal advice or counsel. The substance of this Legal Briefing is not intended to cover all legal issues or developments regarding the matter. Please consult with an attorney to ascertain how these new developments may relate to you or your business.
© 2020 Law Offices of Pullano & Farrow PLLC.