The 21st Century Cures Act required the Department of Health & Human Services, Office of the National Coordinator for Health Information Technology (ONC) to adopt rules preventing health care providers, developers of certified health information technology and health information exchanges from interfering with the access, exchange and use of electronic health information (EHI). Originally, the information blocking (IB) rules applied only to data elements included in the Core Data for Interoperability. Effective October 6, 2022, the IB rules now apply to all EHI included within the Designated Record Set (DRS) as defined in the Health Insurance Portability & Accountability Act (HIPAA) rules. (HIPAA defines the DRS as including medical and billing records, or records used by the health care provider to make decisions about individuals.)
Since the rules now apply much more broadly, ONC recently published a blog post with reminders about important features of the IB rules. Notable reminders include:
- The IB rules apply not only to affirmative acts, but also omissions. For example, a provider's failure to comply with state law requiring reporting of contagious diseases could be an interference with access, exchange or use of EHI that violates the IB rules.
- The eight exceptions to the IB rules are not "one size fits all", but rather are intended to apply to individual facts and circumstances. For example, there is an exception for a provider that is unable to provide access to EHI because it is infeasible. ONC points out that "What's infeasible for an IB actor in October 2022, may not be a year later."
- The IB rules apply to all EHI, not only EHI contained in certified electronic health records.
- Some of the exceptions to the IB rules require a response to the party requesting EHI (such as a patient requesting access to the health record) if the request is delayed or denied. For example, if a provider denies a request to access EHI on the grounds that the request is infeasible, the provider must provide an explanation to the requestor within ten days explaining in writing why the request is infeasible.
To provide additional guidance to health care providers and HIT developers, ONC publishes Frequently Asked Questions (FAQs) on the IB regulations. In an FAQ published in March 2021, ONC addressed the question of when a delay in providing patient access to electronic health information (EHI) constitutes interference with the patient’s access to EHI. ONC answered that a fact-based case-by-case assessment is required to determine whether delay constitutes interference. If the delay is due to the health care provider’s obligation to comply with state law and is no longer than necessary, this would not likely be considered interference. Also, where EHI must be manually retrieved from one system and moved to another system, a delay that is no longer than necessary will not likely be interference. On the other hand, if the provider has a policy imposing a delay on release of lab results in order for the provider to contact the patient, this would likely be deemed interference. Other examples that would likely be considered interference are where there is a delay in making information available through a patient portal, or a delay occurs in providing a patient’s EHI to an Application Programming Interface (API) that the patient has authorized.
ONC has established a portal to receive complaints of potential information blocking. As of August 31, 2022, 487 submissions were received on the portal, of which 452 were evaluated as potential claims of information blocking. The majority of these were claims against health care providers received from patients or parties acting on the patient's behalf, including attorneys. As the public gains awareness of the IB rules, it is important for health care providers to review their practices to make sure they do not involve potential information blocking.