The Office of the National Coordinator for Health IT (ONC) published “21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program Final Rule” in the Federal Register earlier in May. Included in the rule are exceptions that define when denying a request for health information is permissible, and therefore not considered information blocking.
Our conversations with healthcare providers have yielded some common misconceptions that distract from the goal of complying with the information blocking prohibition. We’d like to provide answers to frequently asked questions about information blocking and help providers prepare appropriately.
Does information blocking prohibition only apply to patient requests?
Information blocking is defined as a practice that is likely to interfere with, prevent, or materially discourage access, exchange or use of electronic health information (EHI). It applies to any request for electronic health information from any requestor; it is not limited to just patient requests.
Does information blocking prohibition not apply to outpatient providers?
The information blocking prohibition is relevant for healthcare providers, developers of certified health IT and health information networks or health information exchanges. ONC took the definition of health care provider from the Public Health Service Act, which is a broad definition that covers practically all healthcare providers. This means that all providers, including outpatient ones, are regulated by the information blocking prohibition.
Will IT take care of information blocking compliance? Does Health Information Management (HIM) have a role to play?
While the ONC rule does include several requirements for health IT and conditions of certification, many of those will not be in place until after information blocking enforcement has begun. Fundamentally, information blocking is about access, exchange or use of EHI. This is the daily work HIM manages and delivers. HIM will continue to deliver EHI to requestors in compliance with federal and state laws and other requirements, including this information blocking prohibition. This is the case with or without new health IT functionality. HIM should be partnering with IT to ensure any new technology developed meets HIM needs in making health data easily and appropriately accessible to patients and other requestors.
Does the ONC rule changes the timeliness requirement in HIPAA?
The ONC final rule does not impose any specific timeframe requirements for providing EHI. Rather, ONC notes that “unnecessary” delays could constitute a prohibited interference. ONC incorporates this same concept into the Content and Manner Exception when responding in alternative manners. Whether a delay is “unnecessary” will depend on the specific facts and circumstances. Timeliness requirements imposed by other laws, such as HIPAA or similar state laws, may provide useful guidelines (depending on the specific circumstances) as the information blocking prohibition does not extend any otherwise-applicable timeframe requirements.
Is it information blocking if providers charge requestors for supplying medical records?
The ONC rule includes an exception for fees that “permits the recovery of certain costs reasonably incurred for the access, exchange, or use of EHI” including a reasonable profit margin. However, a fee prohibition applies to electronic access by the individual, their personal representative, or another person or entity designated by the individual. Electronic access is defined as an internet-based method that makes information immediately available at the time requested with no manual effort. So if the information is available to the individual, their personal representative or designee via an internet-based method that makes information immediately available without any manual effort, charging a fee could be information blocking. But if a provider is pulling information from various systems to provide access via the internet, the provider’s cost related to that manual effort can be recovered.
Ultimately, the goal of interoperability is to support data sharing that enables greater health care. By taking the time now to fully understand the information blocking prohibition, health care providers can ensure compliance, avoid penalties, and support the goals of promoting interoperability.