21st Century Cures Act Brings Fast-Approaching Nov. 2 Deadline

October 16, 2020

By Amie K. Alexander

While healthcare providers were reeling from the chaos surrounding the COVID-19 pandemic, The Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health IT (ONC) quietly released two final regulations related to interoperability and data exchange across the healthcare industry. These rules implement directives from the 21st Century Cures Act and President Trump’s Executive Order 13813, and both final rules bring change and new compliance concerns for healthcare providers.

The ONC Interoperability and Information Blocking Final Regulation (ONC Final Rule) implements key provisions of the Cures Act focused on advancing interoperability; supporting the access, exchange, and use of electronic health information (EHI); and addressing occurrences of information blocking. Most urgently, the ONC Final Rule requires healthcare providers to put policies in place by November 2, 2020 to comply with the requirement that providers do not engage in information blocking.

“Information blocking,” as defined in the 21st Century Cures Act, includes a practice engaged in by a healthcare provider that is likely to interfere with access, exchange, or use of electronic health information (EHI). The ONC Final Rule carved out eight exceptions that define what practices do not constitute information blocking. These exceptions are: preventing harm, privacy, security, infeasibility, health IT performance, licensing, costs, and content and manner. Each exception has unique elements and circumstances under which it might apply.

The ONC Final Rule established a compliance deadline of November 2, 2020. We recommend that by this compliance deadline, providers should review and revise HIPAA privacy and security policies, and other policies relevant to access and information sharing, to ensure compliance with information blocking rules. A few specific steps providers should take are:

  • Make sure to review procedures for patient requests for EHI;
  • Review procedures regarding fees for patient records (and also make sure these procedures comply with the HIPAA Right of Access rule);
  • Provide timely responses to requests for data access;
  • Check that you’re covered under the ONC Final Rule information blocking exceptions if there are cases where you withhold or delay access; and
  • Retain documentation supporting your practices.

The CMS Interoperability and Patient Access Final Regulation (CMS Final Rule) modifies the Hospital Conditions of Participation to require new admission, discharge, and transfer event notifications effective in spring of 2021. Additionally, the CMS Final Rule brings a few fall 2020 deadlines. CMS has indicated that it will begin to publicly display on its website providers who do not take the following actions:

Confirm they do not engage in information blocking in the attestations of the Promoting Interoperability Program of Merit-based Incentive Payment System (MIPS); and

Provide (and update) their digital contact information in the National Plan and Provider Enumeration System (NPPES).

Both Final Rules will bring big changes in the near future in the world of health IT and EHR. Providers will need to keep their eyes and ears open for these changes coming from their vendors. For now, providers should undertake review of their practices that may fall within the definition of information blocking and make sure to structure these policies and procedures according to the ONC Final Rule, and should confirm that you’ve attested you do not engage in information blocking (if participating in MIPS) and update your digital contact information in the NPPES.

We know these rules are complicated and bring big changes. You can find more information about these changes in the accompanying webinar, which is available here or at the video link below.

Webinar Provides More Details on CMS Final Rule

We know these rules are complicated and bring big changes. On Oct. 6, we held a webinar with the Arkansas Hospital Association to help further explain some of these regulations. Please view the video to hopefully better understand what is expected on Nov. 2nd.

Amie K. Alexander's practice is focused in the area of healthcare where she works primarily on various corporate and compliance matters. She drafts and reviews policies to ensure compliance with federal healthcare regulations such as HIPAA, Stark I and Stark II, Anti-Kickback and Medicare/Medicaid reimbursement.

Disclaimer: The information included here is provided for general informational purposes only and should not be a substitute for legal advice nor is it intended to be a substitute for legal counsel. For more information or if you have further questions, please contact one of our Attorneys.