New Federal Information Blocking Law, Healthcare
April 14, 2022 | 4 minutes read
The 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program, also known as the Information Blocking Final Rule, is an amended federal healthcare law that was passed by the U.S. Congress in 2020. The 21st Century Cures Act was initially enacted by U.S. Congress in 2016 for the purpose of improving the nation’s healthcare system. More specifically, as stated by the U.S. Food and Drug Administration or the FDA, the law was designed to “help accelerate medical product development and bring new innovations and advances to patients who need them faster and more efficiently.” With this being said, the Information Blocking Final Rule was passed in order to address the widespread issue that information blocking has presented to both patients and healthcare professionals within the medical industry.
Due to the fact that information blocking can result in a wide variety of adverse consequences for U.S. healthcare patients, as the practice effectively makes it more difficult for said patients to share and transfer their Electronic Health Information or EHI to other providers, federal legislation was created to reduce the measures, policies, and tactics that have been used in the past decade to prevent U.S. citizens from being able to fully access their healthcare information and data. To this point, the law establishes a number of provisions that are geared toward enabling healthcare professionals and patients within the U.S. to access and share their EHI when looking to provide or receive medical services.
What are the provisions of the Information Blocking Final Rule?
The Information Blocking Final Rule prohibits healthcare providers, EHI vendors, and other related professionals from undertaking any policy, measure, or practice that would be likely to interfere with, or discourage the access to or exchange of EHI. These policies, measures, and practices can include hospitals that customize their EHI systems to intentionally create barriers to the access and disclosure of EHI, health IT vendors that discourage customers from getting data integration capabilities from third-party providers, and healthcare systems that require their workers to obtain written authorization prior to disclosing the EHI of a particular patient, among a host of others.
What’s more, the Information Blocking Final Rule also updated the data elements and personal information that are considered to be Patient Health Information or PHI under applicable legislation. Prior to the enactment of the Information Blocking Final Rule, PHI was limited to the data elements contained within the first version of the United States Core Data for Interoperability or the USCDIv1 for short. Such data elements included specific classes of health data, including vital signs, clinical notes, patient demographics, personal information concerning patients such as their names and addresses, as well as data concerning lab reports, among other details. However, after October 6, 2022, all information within a U.S. healthcare patient’s medical records, with the exception of psychotherapy notes and information that has been collected in relation to litigation or administrative action, will constitute PHI.
Information Blocking Exceptions
While the provisions of the Information Blocking Final Rule generally forbid healthcare providers and professionals from taking steps to prevent their respective patients from sharing or accessing their EHI, there are some exceptions to the law. Many of these exceptions are geared toward instances in which the blocking of the EHI of a patient is done to protect the privacy of a patient, or to safeguard a patient from material harm, among others. As such, the exceptions to the Information Blocking Final Rule include:
- Preventing harm exception.
- Privacy exception.
- Security exception.
- Infeasibility exception.
- Health IT performance exception
- Content and manner exception.
- Fees exception.
- Licensing exception.
What are the penalties for violating the Information Blocking Final Rule?
As it relates to the enforcement of the law, the Information Blocking Final Rule is enforced by the Office of Inspector General, U.S. Department of Health and Human Services, or the OIG for short. To this point, health information networks (HIN) and health information exchanges (HIE) that violate the law are subject to a wide range of fines, penalties, and sanctions. Most notably, HINs and HIEs that fail to comply with the Information Blocking Final Rule will be subject to a monetary penalty of up to $1 million per violation, once all of the provisions of the law have been put into effect after October 6, 2022. Additionally, healthcare providers and professionals that violate the law will also be subject to “appropriate disincentives”, though these regulations have yet to be implemented.
While citizens of the U.S. may not be aware of the adverse effects of having their EHI or PHI blocked, the practice serves to reduce the level of care that many American citizens receive when visiting their doctors or healthcare providers. As such, federal legislation has been enacted to punish individuals and organizations that are found to have engaged in practices that work to block the EHI and PHI of the patients that they serve. While all of the provisions set forth in the law have yet to come into effect, the end goal is to ensure that all patients within the U.S. healthcare system can access and share the data that is used to treat their various ailments and illnesses, at their own discretion.