News & Features

By Amie K. Alexander

While healthcare providers were reeling from the chaos surrounding the COVID-19 pandemic, The Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health IT (ONC) quietly released two final regulations related to interoperability and data exchange across the healthcare industry. These rules implement directives from the 21st Century Cures Act and President Trump’s Executive Order 13813, and both final rules bring change and new compliance concerns for healthcare providers.

The ONC Interoperability and Information Blocking Final Regulation (ONC Final Rule) implements key provisions of the Cures Act focused on advancing interoperability; supporting the access, exchange, and use of electronic health information (EHI); and addressing occurrences of information blocking. Most urgently, the ONC Final Rule requires healthcare providers to put policies in place by November 2, 2020 to comply with the requirement that providers do not engage in information blocking.

“Information blocking,” as defined in the 21st Century Cures Act, includes a practice engaged in by a healthcare provider that is likely to interfere with access, exchange, or use of electronic health information (EHI). The ONC Final Rule carved out eight exceptions that define what practices do not constitute information blocking. These exceptions are: preventing harm, privacy, security, infeasibility, health IT performance, licensing, costs, and content and manner. Each exception has unique elements and circumstances under which it might apply.

The ONC Final Rule established a compliance deadline of November 2, 2020. We recommend that by this compliance deadline, providers should review and revise HIPAA privacy and security policies, and other policies relevant to access and information sharing, to ensure compliance with information blocking rules. A few specific steps providers should take are:

• Make sure to review procedures for patient requests for EHI;
• Review procedures regarding fees for patient records (and also make sure these procedures comply with the HIPAA Right of Access rule);
• Provide timely responses to requests for data access;
• Check that you’re covered under the ONC Final Rule information blocking exceptions if there are cases where you withhold or delay access; and
• Retain documentation supporting your practices.

The CMS Interoperability and Patient Access Final Regulation (CMS Final Rule) modifies the Hospital Conditions of Participation to require new admission, discharge, and transfer event notifications effective in spring of 2021. Additionally, the CMS Final Rule brings a few fall 2020 deadlines. CMS has indicated that it will begin to publicly display on its website providers who do not take the following actions:

Confirm they do not engage in information blocking in the attestations of the Promoting Interoperability Program of Merit-based Incentive Payment System (MIPS); and

Provide (and update) their digital contact information in the National Plan and Provider Enumeration System (NPPES).

Both Final Rules will bring big changes in the near future in the world of health IT and EHR. Providers will need to keep their eyes and ears open for these changes coming from their vendors. For now, providers should undertake review of their practices that may fall within the definition of information blocking and make sure to structure these policies and procedures according to the ONC Final Rule, and should confirm that you’ve attested you do not engage in information blocking (if participating in MIPS) and update your digital contact information in the NPPES.