While many providers have been focused on supporting the fight against COVID-19, there is an important milestone looming in November. November 2 marks the beginning of information blocking enforcement, as detailed in the Office of National Coordinator for Health IT (ONC)’s “21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program.”

As the largest provider of release of information (ROI) services, Ciox Health has been having numerous conversations with healthcare providers to help them prepare for enforcement of the information blocking prohibition. We have practical suggestions for ensuring readiness for November 2 as well as considerations for health information management (HIM) professionals as they continue to support interoperability and patient access to medical records.

What is Information Blocking?

A practice that is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.

Recall what information blocking is: a practice that is likely to interfere with, prevent, or materially discourage access, exchange or use of electronic health information. (Note that there is no narrowing to just patient requests. Information blocking applies to all requestors.) This leads to the question of what is “electronic health information”? For the purposes of information blocking, ONC has created a phased definition of electronic health information. Until May 2022, electronic health information subject to information blocking is the data elements in the United States Core Dataset for Interoperability (USCDI). After May 2022, electronic health information subject to information blocking is electronic protected health information (ePHI) to the extent that the ePHI is included in a designated record set.

With these foundational definitions in mind, here are three suggested questions to ask your HIM department and assess readiness for November 2.

When are requests for electronic health information not being fulfilled today?

First, make sure the requests are subject to information blocking. The definition of electronic health information in November 2020 is USCDI. Conduct an audit of requests that involve USCDI over the past year and determine what percentage of those requests were not fulfilled. That percentage will give you a sense of the scale of the problem. For example, is it 5% or 80%?

Can you map reasons for those unfulfilled requests for electronic health information to one of the eight categories of exceptions to information blocking?

 Next, ascertain the reasons those requests were not fulfilled. ONC defined eight categories of exceptions where an actor’s practice that is likely to interfere with the access, exchange, or use of electronic health information would NOT be considered information blocking. This requires a detailed review of the exceptions, as the requirements to satisfy the conditions of any exception are commonly layered. For example, the Preventing Harm Exception requires that a “practice meets the conditions in paragraphs (a) and (b) of this section, satisfies at least one condition (subparagraph) from each of paragraphs (c), (d) and (f) of this section, and also meets the condition in paragraph (e) of this section when applicable.”[1]  That’s a total of four different conditions with some options for one of those conditions.

If the reason the request was not fulfilled does not map to one of the exception categories, it is possible your facility would need to adjust how it responds to those types of requests in the future.

Source: https://www.healthit.gov/topic/information-blocking

Are your policies in line with language in the exceptions?

Finally, make sure that the language in your facility’s policies has been updated to reference and comply with information blocking requirements. In several places, the rule requires that organizational policies be in writing (for example, in the Preventing Harm, Privacy and Security Exceptions). The rule also requires in several places that the policies be implemented in a consistent and non-discriminatory manner.

Many large hospitals are the product of mergers and acquisitions and may need to confirm that all facilities have and are implementing the same policies. In addition, these policies should be written so HIM professionals can reference policies as they fulfill requests for health information in a non-discriminatory manner.

Being ready for November 2 is just the first milestone in the ONC rule. As certification requirements for electronic health record technology change, healthcare providers will need to make choices about their technology as well as how to deploy new functionality. Technology choices that are being made now and over the next year will affect the daily operations of HIM. This is a critical opportunity for HIM to engage with IT colleagues and shape the evolution of HIM.


Join Our Upcoming Webinars

Policy & Election Implications for Interoperability & Patient Access

Join us for a webinar series featuring Ciox’s policy, privacy, and operations leaders, as well as guests from ONC and Sirona Strategies who will discuss interoperability, the 2020 election, and HIPAA, PHI, and Patient Access,. We’ll wrap up with a session focused on the digital transformation of HIM and release of information. Click here to register for upcoming webinars and access recorded sessions.


[1] Federal Register, “21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program,” https://www.federalregister.gov/documents/2020/05/01/2020-07419/21st-century-cures-act-interoperability-information-blocking-and-the-onc-health-it-certification#sectno-citation-%E2%80%89171.201

X