United States: Healthcare Providers: Prepare Now For New Information Blocking Prohibition

Highlights

• The Office of the National Coordinator for Health Information Technology's (ONC) final rule on interoperability, information blocking and patient access to data implements certain provisions of the 21st Century Cures Act to support patients' access to their electronic health information (EHI) in a form convenient for patients.
• The new regulations prohibiting information blocking are deeply rooted in the interests of health information technology stakeholders. As such, health IT developers are - not surprisingly - subject to the prohibition. However, providers, physicians and practitioners are also actors regulated by the rule.
• The new applicability date of April 5, 2021, is rapidly approaching, making this the time for healthcare entities to review organizational policies and procedures for sharing EHI. Accordingly, this Holland & Knight alert highlights key provisions regarding information blocking compliance for healthcare providers.

In summer 2020, the Office of the National Coordinator for Health Information Technology (ONC) published a final rule on interoperability, information blocking and patient access to data. The rule implements certain provisions of the 21st Century Cures Act to support patients' access to their electronic health information (EHI) in a form convenient for patients, such as making a patient's EHI more electronically accessible through the adoption of standards and certification criteria and the implementation of information blocking policies that support patient electronic access to their health information at no cost. 85 Fed. Reg. 25644. The applicability date for the information blocking regulations was established in the ONC Cures Act Final Rule, and was subsequently adjusted from Nov. 2, 2020, to April 5, 2021, in the ONC Interim Final Rule.

The new applicability date is rapidly approaching. Now is the time for healthcare entities to review organizational policies and procedures for sharing EHI. Accordingly, this Holland & Knight alert highlights key provisions regarding information blocking compliance for healthcare providers.

Background and Policy

Information blocking has come into sharp focus in recent years. At the request of Congress, the ONC submitted a 2015 report commenting on the state of technology, health IT and healthcare markets at the time. The report observed that prevailing market conditions created incentives for individuals and entities to limit the availability and use of EHI, negatively impacting industry-wide efforts to advance interoperability of health IT. Such practices weaken competition among healthcare providers by limiting patient mobility, encouraging consolidation, and creating barriers to entry for developers of new and innovative applications and technologies that enable more effective uses of clinical data to improve population health and the patient experience.

ONC has continued to receive complaints and reports of information blocking from many healthcare stakeholders. ONC's engagement with stakeholders - including patients, clinicians, healthcare executives, payers, app developers, technology companies, registries, health information exchanges, and professional and trade associations - confirmed that, despite significant efforts to improve interoperability and data accessibility, adverse incentives remained and continued to undermine progress toward a more connected health system. Concluding that information blocking was still a serious problem, the ONC recommended that Congress prohibit information blocking and provide penalties and enforcement mechanisms to deter harmful practices. The information blocking provision provides a comprehensive response to those concerns by deterring the spectrum of practices that unnecessarily impede the flow of EHI or its use to improve health and the delivery of care.

What Does This Mean for Providers?

The policy behind information blocking is deeply rooted in the interests of health information technology stakeholders. As such, health IT developers are - not surprisingly - subject to the prohibition. However, providers, physicians and practitioners are also actors regulated by the rule. In the months since the Final Rule was published in May 2020, analyzing how the complex framework applies to providers has been uniquely challenging because of the regulation's focus on the health technology space. In addition, penalties for healthcare providers, referred to as "appropriate disincentives," have not yet been established and are merely promised to address healthcare providers engaged in future information blocking. Of significant concern is whether providers can continue a common practice of delaying the release of laboratory and other test results to patients until a practitioner has a chance to discuss the results with the patient.

ONC's message so far on this issue has been consistent. According to its recently issued FAQs, general delays or other unnecessary impediments could implicate the information blocking provisions. Additionally, blanket delays that affect a broad array of routine results do not qualify for the so-called "Preventing Harm Exception." That exception allows information to be blocked only in very limited circumstances. There must be an individualized determination made in good faith by an ordering clinician that meets all of the conditions of the exception to protect a practice of delaying the release of results to a patient.

Another more general question facing providers relates to entering EHI in a patient portal. According to ONC, there is no requirement for actors to make information proactively available to patients who have not requested it. But if a request has been made, the EHI should be released. Patients who use their patient portals and click on lab results should be able to see any results that are available. So far, it is unclear what exactly constitutes a request, but ONC has indicated that the industry should stay tuned for that.

Key Provisions Providers Should Know

According to the ONC, the following "elements" establish a prima facie case for an information blocking violation:

• A practice likely to interfere with, prevent or materially discourage access, exchange or use of EHI
• The actor is regulated by the information blocking provision
• The practice involves EHI
• The actor possesses requisite knowledge
• The practice is not required by law
• Withholding the EHI is not covered by an exception

Information blocking is a practice that the ONC states is "likely to interfere with access, exchange, or use of electronic health information, unless required by law or covered by one of the eight exceptions set forth in the rule." Health IT developers, health information networks (HIN) and health information exchanges (HIE) may be considered information blockers for conduct they know or should know violates the regulation, while providers must know that conduct is information blocking.

Three categories of actors are subject to the provision. Regulated actors include any entity or individual that fit the definition of a healthcare provider, health IT developer of certified IT, HIN or HIE. The ONC has provided thorough descriptions of each category of actors.

The scope of EHI is limited to electronic protected health information (ePHI), to the extent it is included in the designated records set. However, until Oct. 6, 2022, EHI for the purposes of the information blocking definition is further narrowed to the EHI identified by the data elements represented in the United States Core Data for Interoperability (USCDI) standard.

The eight exceptions to information blocking operate like the Medicare/Medicaid Anti-Kickback Statute safe harbors, shielding actors from liability when engaging in practices that satisfy the conditions of an exception. The exceptions are limited to certain activities that the ONC has determined are important to the successful functioning of the U.S. healthcare system. Each exception addresses a significant risk that an actor may not engage in reasonable and necessary activities because of potential uncertainty or concern around violating the information blocking provision.

More detailed information on the exceptions is available from ONC.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.