The 21st Century Cures Act (Cures Act) included provisions to prevent information blocking. These information blocking rules aim to stop health care actors, including EHR vendors and health care providers, from preventing or blocking access to electronic health information (EHI). Here is what doctors need to know to comply with the new information blocking rules.
What Are the Information Blocking Rules?
As of April 5, 2021, regulations from the Office of the National Coordinator for Health IT (ONC) prohibit information blocking. This means that EHR vendors, health information exchanges, and providers must not interfere with or discourage access to, exchange of, or use of EHI. Prohibited activities include policies and practices that have the effect of restricting data access, technical limitations that prevent data sharing, and inappropriate delays in information access.
The Cures Act information blocking rules are intended to promote interoperability and ensure patients have timely access to their data. The rules also encourage data sharing to coordinate care and improve treatment.
ONC is rolling out the information blocking rules in phases. Between April 5, 2021, and October 6, 2022, only certain data elements are protected under the information blocking rules. For now, providers must ensure that their practices do not intentionally block access to, exchange of, or use of the data types included in the United States Core Data for Interoperability. As of October 7, 2022, this requirement will broaden to all data elements included in a patient’s HIPAA-protected record, including claims and billing.
Policies and Practices that Might Violate the Information Blocking Rules
Under the information blocking rules, EHR vendors and health information exchanges can not have data sharing policies or practices that they know or should know will likely limit or discourage access, exchange, and use of EHI. For providers, the rules include an additional standard that the provider must know the policy or practice is unreasonable.
Even with this additional protection for providers, your practice could still have policies or practices that violate the information blocking rules. For example, withholding test results for a set period before releasing them to patients could be considered information blocking.
Here are the most common policies and practices that could put providers at risk of violating information blocking rules:
- Limiting or otherwise interfering with patient access to EHI, even temporarily.
- Restricting or interfering with other providers’ access to EHI when they need the data for treatment or quality improvement.
- Limiting or interfering with payers’ access to EHI needed to confirm a clinical value.
- Restricting or interfering with access, exchange or use of EHI to improve patient health and public safety.
Exceptions to the Information Blocking Rules
The information blocking rules have exceptions. If your policy or practice meets one or more of these exceptions, you will not be considered to be information blocking.
ONC has defined five exceptions wherein you may refuse to fulfill requests to access, exchange or use EHI:
- Preventing Harm: Providers may have reasonable policies and practices designed to prevent harm to patients and others.
- Privacy: Providers may implement certain privacy policies and practices to protect patient privacy.
- Security: Providers may have reasonable policies and practices in place to protect the security of their EHR and IT systems.
- Infeasibility: In certain circumstances, providers can refuse requests because they are impossible or impractical to fulfill.
- Health IT Performance: EHR and IT system maintenance may inadvertently interfere with EHI access, exchange and use without violating the information blocking rules.
In addition, there are three other exceptions to information blocking rules that focus on your procedures for fulfilling requests for EHI. These include:
- Content and manner: Providers can limit EHI access to those data elements currently required under the information blocking rules. You can also provide the data in a different format than requested if you meet certain requirements.
- Fees: Providers can charge reasonable fees for EHI access. However, patients and their representatives may not be charged fees to access their EHI.
- Licensing: A practice, EHR vendor or health information exchange may require licensing agreements for access to interoperability tools if certain conditions are met.
How to Ensure Your Practice Complies with the Information Blocking Rules
Most medium and large practices have compliance programs to identify and correct possible regulatory violations. While these programs may not yet be focused on information blocking rules, they generally have policies and procedures in place to track compliance with new regulations. If you have questions or concerns about the new information blocking rules, your compliance program is a good place to start.
The information blocking rules include many layers of your practice, from technical systems to office visit workflows. To ensure compliance, start with your practices’ policies for data sharing. If any of these policies may unreasonably interfere with EHI access, exchange, and use, adjust them. You may also want to define what your practice will consider a “reasonable” limitation on data access. Having this definition and applying it consistently will help in compliance audits.
You should also check in with your EHR to ensure that you have not turned off access to critical data-sharing features. Your EHR vendor or third-party consultants like TempDev can help ensure your system has the technical capabilities to respond to requests.
If your providers or patients are having a difficult time with the concept of unrestricted access to the patient's record, consider researching the OpenNotes project to learn the reasons why this access is helpful in improving patient outcomes.
Finally, document any exceptions to the information blocking rules. To the extent possible, create this documentation at the time of the refusal or delay, rather than after-the-fact. Also, specify the exception you believe the incident falls under. This process can help protect you from accusations of information blocking.
TempDev Can Help Answer Your Questions about the Information Blocking Rules
TempDev’s NextGen regulatory and EHR consultants can help you review the new information blocking rules. From training to analysis, TempDev’s expert staff can help make compliance easy.
Call us at 888.TEMP.DEV or contact us here for help navigating the information blocking rules.