Federal authorities are ramping up efforts to crack down on information blocking practices to enhance patient care and facilitate seamless information exchange. They recently unveiled stringent statutory penalties targeting individuals and organizations that engage in information blocking by deliberately hindering access to electronic health information (EHI) or obstructing their sharing with patients and healthcare providers.

Indeed, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released long-awaited guidelines for exceptions and statutory penalties under the 21^st Century Cures Act (Cures Act). The Final Rule, announced on June 27, 2023, states that any entity guilty of information blocking may face penalties of up to $1 million per violation. Healthcare providers could also be subject to disincentives, fines, or other disciplinary actions if found non-compliant.

Organizations that facilitate the exchange of electronic health records may find that effectively navigating the new regulations is critical yet complex. Luckily, healthcare IT experts and partners can provide valuable support to prepare organizations to meet these regulatory requirements and avoid penalties that took effect on September 1, 2023.

Information Blocking: A Barrier to Interoperability in Healthcare

Until now, information blocking has represented a significant barrier to achieving true interoperability — at times, even perpetrated by bad actors that purposefully impede the exchange or use of electronic health information. The motivations behind information blocking may vary – from financial gain to concerns about maintaining competitiveness or control over data.

Federal regulators’ clear guidelines and enforcement actions are meant to address these issues and ensure individuals and their providers can easily access accurate and timely medical records to minimize errors or gaps in care delivery.

The rules are also intended to increase interoperability in the healthcare sector to allow more seamless coordination of information-sharing between hospitals, clinics, labs, pharmacies, and other

stakeholders involved in the delivery of patient care. To that end, some provisions in the regulation include specific language to support healthcare IT initiatives in facilitating pediatric medical treatment “across the care continuum” and preventing inappropriate access to prescription opioids. 

Stakeholders contend that the obstruction of interoperability, whether deliberate or unintentional, can hinder the sharing of crucial data in the medical field and impede innovation, resulting in various adverse effects, such as:

• Failure to coordinate care,
• Unavailability of important clinical values at the point of care, and
• Lack of rich data to fully utilize analytic tools, benchmarking, and machine learning techniques.

Cures Act Promotes EHI Access and Interoperability

Federal legislators signed the Cures Act in 2016, introducing sweeping changes to improve patient access to healthcare, including requiring healthcare organizations to share medical records, or electronic health information (EHI), with patients or healthcare providers at their request and without delays or costs.

Building upon this statutory direction is The Office of the National Coordinator for Health Information Technology (ONC) Cures Act Final Rule, which defines information blocking as any practice that prevents or discourages authorized access, exchange, or use of electronic health records for reasons not explicitly permitted under applicable law.

ONC also outlines interoperability requirements, which lay the foundation for how organizations access, exchange, and use EHI with the following objectives in mind:

1. Increase innovation and competition by fostering an ecosystem of new applications to provide patients with more choices in their healthcare.
   
2. Adopt standardized application programming interfaces (APIs), allowing individuals to securely and easily access structured EHI using smartphone applications.
   
3. Enable patients to electronically access all their EHI, structured and/or unstructured, at no cost.
   
4. Implement the information blocking provisions to support the access and exchange of EHI.

Exceptions to Information Blocking Rules

Following the introduction of proposed rulemaking in 2020, ONC defined eight exceptions that provide entities managing healthcare information with the assurance that their EHI practices will not be deemed information blocking as long as they meet specific conditions. These exceptions fall under two categories:

1. Exceptions that involve not fulfilling EHI requests:
   • Preventing Harm – Engaging in practices that are reasonable and necessary to avoid harm to a patient or another person.
   • Privacy – Not fulfilling an EHI request in order to protect an individual’s privacy.
   • Security – Interfering with the access, exchange, or use of EHI in order to protect the security of EHI.
   • Infeasibility – Not fulfilling an EHI request due to the infeasibility of the request.
   • Health IT Performance – Taking reasonable and necessary measures to make health IT temporarily unavailable or to degrade the health IT’s performance for the benefit of the overall performance of the health IT.
2. Exceptions that involve procedures for fulfilling EHI requests:
   • Content and Manner – Limiting the scope of the content or how it fulfills an EHI request.
   • Fees – Charging fees, including costs that result in a reasonable profit margin for accessing, exchanging, or using EHI.
   • Licensing – Licensing interoperability elements for EHI to be accessed, exchanged, or used.

5 Key Steps to Support Compliance to Information Blocking Provisions

The final ruling of the Cures Act is a significant stride towards enhancing interoperability and curbing information blocking practices. If enforced to the letter, the regulations will encourage vendors to develop new and improved solutions that meet the evolving needs of healthcare providers, facilitate seamless exchange of information between various operating systems and applications, and set the stage for increased patient empowerment.

To ensure compliance with the Final Rule, healthcare leaders and IT providers must assess and address information blocking at the system, organization, and community levels.

Consider these five general practices with your advisors to help support compliance:

• Develop Clear Policies: Evaluate existing information-sharing practices to identify areas where information blocking could occur and whether policies are optimized for EHI access and exchange.
• Implement Interoperable Systems: Review current technology and enhance interoperability capabilities for open, seamless exchange of EHI between different systems and organizations.
• Conduct Regular Compliance Audits: Consider a risk assessment of technology, processes, and policies to identify potential areas of non-compliance.
• Collaborate with Stakeholders: Leverage a technology partner for up-to-date data exchange, privacy, and security measures that protect information and scale to meet the growing needs of the network.
• Educate Medical Staff: Educate healthcare providers on the importance of data sharing and the information blocking regulations and their implications. Empower clinicians to discuss EHI access during care visits or through automated text communication.

_{This material is for general information purposes only and should not be construed as legal advice or any other advice on any specific facts or circumstances. No one should act or refrain from acting based upon any information herein without seeking professional legal advice. Health Catalyst, Inc. (HCAT) makes no warranties, representations, or claims of any kind concerning the content herein. HCAT and the contributing author expressly disclaim all liability to any person in respect of the consequences of anything done or not done in reliance upon the use of contents included herein.}

Additional Reading

Would you like to learn more about this topic? Here are some articles we suggest:

Exceptions to Information Blocking Defined in Proposed Rule: Here’s What You Need to Know

Seizing the Value of Health Information Exchange Data

More Than Data Querying: 3 Ways You Can Maximize Data from the Largest Health Information Network