Last November, the Department of Health and Human Services (HHS) extended compliance dates for a complex federal regulation aimed at ending information-blocking practices that impede the secure exchange and use of electronic health information by patients, doctors and health care organizations.
The HHS Office of the National Coordinator for Health Information Technology extended the final rule, implemented under the 21st Century Cures Act (Cures Act), extended the “applicability date” from November 2, 2020 to April 5, 2021. On and after that date, all “actors” – “which includes health information networks and exchanges, EHR vendors and health care providers – “will be subject to information blocking.”
The compliance deadline delay comes in response to the AMA’s advocacy efforts. A Sept. 29, 2020 letter from the AMA, the American College of Physicians, the American Hospital Association and others told the ONC that “the COVID-19 pandemic continues to monopolize our members’ time and attention, and has strained resources, drastically limiting our members’ ability to prepare” for the Nov. 2, 2020 deadline that had been in place.
In general, information blocking is a practice by a health IT developer of certified health IT, health information network, health information exchange, or health care provider that, except as required by law or specified by the Secretary of Health and Human Services (HHS) as a reasonable and necessary activity, is likely to interfere with access, exchange, or use of electronic health information (EHI).
Some general examples of Information Blocking include:
– Hospital policies or procedures that require personnel to obtain an individual’s written consent before sharing the individual’s EHI with unaffiliated providers for treatment purposes even if obtaining such consent is not required by state or federal law.
– Contractual arrangements that prevent sharing or limit how EHI is shared with patients, their healthcare providers, or other third parties.
– Patients or healthcare providers become “locked in” to a particular technology or healthcare network because their electronic health information is not portable.
– A healthcare provider has the capability to provide same-day access to EHI in a form and format requested by a patient or a patient’s healthcare provider, but takes several days to respond.
The American Psychological Association published examples that apply to psychologists:
– EHR systems that put or allow an automatic hold on certain psychological records/mental health progress notes while psychologists determine what EHI is appropriate to include in the system (e.g., minor proxies and multiple patients).
– EHR systems that allow psychologists to simply classify that EHI is “sensitive” (without further justification) to limit access within the system.
– Practices that restrict access more than is legally justified (e.g., restricting patient access more than permitted under the HIPAA Privacy Rule and state law).
– Limiting the interoperability of health IT (e.g., disabling a capability that would allow sharing EHI with patients).
Enforcement is by the Office of the Inspector General (OIG) of HHS. OIG would have to show that the provider had knowledge and intent to interfere with access. However, it would not have to show that the provider understood that they were violating the information blocking rules; therefore, ignorance of the rules would not be an excuse. Nor would OIG have to show that the information blocking caused actual damage. OIG has, however, indicated that it does not plan to take enforcement action regarding innocent mistakes.
In the final rule, HHS identified eight categories of reasonable and necessary activities that do not constitute information blocking, provided certain conditions are met.