Deputy National Coordinator for Health IT Steven Posnack penned a blog post on the ONC website this past week, offering eight reminders and pieces of advice for providers, IT developers and information networks covered by the 21st Century Cures Act’s information blocking rules. The rules will expand in scope on Thursday, October 6, even as confusion remains among some of those entities bound by them.
That date represents “the end of the more than two-year glide path laid out for the information blocking regulations,” said Posnack.
Starting this week, the information blocking rules’ limited definition of “electronic health information” will be lifted – expanding the variety and types of data that those organizations subject to the regs will be responsible for.
The rule “no longer limits what’s considered EHI to the data elements represented in the United States Core Data for Interoperability version 1 (USCDI v1),” Posnack explained. “We have sought to make sure that actors had ample time to evaluate and revise their practices related to EHI and making it available for access, exchange, and use.”
Posnack also reminded those covered by the info blocking rules, which he termed “IB actors,” that potential compliance violations could come from either “acts and omissions.”
As he explained it, while “technology related practices may come up as a top-of-mind example, information blocking practices are inclusive of but not solely limited to them. Other acts (e.g., contract negotiations and terms) and omissions could prevent, materially discourage, or otherwise inhibit the access, exchange, and use of EHI.”
He reassured those bound by the regs, however, that “exceptions are not solely ‘one size fits all’ and address the facts and circumstances of the situation at hand.”
The Cures Act requires HHS to identify “reasonable and necessary activities” that don’t meet the definition of information blocking, said Posnack, who pointed out that exceptions are built in to “address the fact that not all actors are similarly situated, such as hospitals that participate in the CMS Promoting Interoperability Program and laboratories or other health care providers that may not have adopted certified health IT.”
Meanwhile, he re-emphasized that not all health information that’s “electronic” is necessarily EHI, even under the broader regulatory definition.
“The good news is that the EHI definition as of October 6th is something with which most IB actors have had 20 years of familiarity – the Designated Record Set as defined under the HIPAA Privacy Rule,” said Posnack. “To put it simply, the same electronic protected health information that an individual has a right to access (and request an amendment to) under the HIPAA Privacy Rule is the same ePHI that IB actors can’t ‘block.'”
He also reminded stakeholders that the ways those bound by the rule make EHI available for access, exchange and use “can and will vary” based on who they are, their technology capabilities and who is seeking access to the data.
“The information blocking regulations do not require IB actors to adopt or use certain technologies or platforms. IB actors may use patient portals, other web interfaces, application programming interfaces, and a multitude of technologies and platforms to make EHI available for access, exchange, or use,” said Posnack.
Posnack also emphasizes the core goal of the info blocking rules: It’s about the data.
“A common misconception we’ve heard with respect to the information blocking regulations is that they’re dependent on health IT that is certified through the ONC Health IT Certification Program,” he said. “To the contrary, there are only limited connections between the information blocking regulations and ONC’s certification regulations.”
He said info blocking exceptions will require “clear notification to requestors whether their request to access, exchange, or use EHI is delayed or denied,” whether those exceptions are because of licensing, infeasibility, or content and manner.
Finally, Posnack reminded those bound by the new October 6 compliance data that info blocking claims are confidential and restricted from public disclosure.
“The Cures Act prohibits ONC from disclosing information blocking claims or information that could reasonably be used to identify the source of the information, except as may be necessary to carry out the purpose of the information blocking statute,” he said, “and exempts these claims and information from mandatory disclosure under the Freedom of Information.
“Remember, information blocking is more than just an individual’s access to EHI issue, it could involve a practice between a hospital and clinician practice, two hospitals, a doctor and a lab, a developer of certified health IT and a health information network or a practice involving other actors and entities,” he added. “If you believe that information blocking has occurred, please submit a claim via our web portal.”