After we shared the Information Blocking Exceptions in the 21st Century Cures Act, we realized that you all seem to really enjoy this type of practical information on the coming information blocking regulation. Today, ONC came out with a number of Information Blocking FAQ’s to help healthcare organizations understand the information blocking rules and answer some of the common questions they were getting about the regulation.
We won’t go through all of them here, but we’ll highlight a few that caught our eye and then you can go read through the rest as desired.
Q: On April 5, 2021, can prior agreements, arrangements, or contracts still in effect implicate the information blocking definition in 45 CFR 171? *3/19/2021*
Yes. On and after April 5, 2021, any actor’s agreements, arrangements, or contracts are subject to and may implicate the information blocking regulations in 45 CFR part 171.
This question was fascinating to me since I’m not sure how many healthcare organizations realized that they might have contracts and agreements that need to be modified in order to meet these regulations. Of course, most legal contracts have something in the contract about the contract not forcing them to violate the law, but it’s always better to make sure the agreement and contract are clear between parties by adjusting it to the changing law. And as we all know, contracts like this and reviewing all the hundreds (or is it thousands) of contracts healthcare organizations have is time consuming.
Q: Do the information blocking regulations (45 CFR Part 171) require actors to proactively make electronic health information (EHI) available through “patient portals,” application programming interfaces (API), or other health information technology? *1/15/2021*
No. There is no requirement under the information blocking regulations to proactively make available any EHI to patients or others who have not requested the EHI. We note, however, that a delay in the release or availability of EHI in response to a request for legally permissible access, exchange, or use of EHI may be an interference under the information blocking regulations (85 FR 25813, 25878). If the delay were to constitute an interference under the information blocking regulations, an actor’s practice or actions may still satisfy the conditions of an exception under the information blocking regulations (45 CFR 171.200-303).
Please review the other questions under this heading for more information.
This one is interesting because it acknowledges that information blocking doesn’t mean you have to be proactive in sharing. It largely means that when someone else is proactive in wanting the information, then you have to comply. Although, there are some exceptions to this. For example, the next question which talks about access to test results.
Q: Are actors (for example, health care providers) expected to release test results to patients through a patient portal or application programming interface (API) as soon as the results are available to the ordering clinician? *1/15/2021*
While the information blocking regulations do not require actors to proactively make electronic health information (EHI) available, once a request to access, exchange or use EHI is made actors must timely respond to the request (for example, from a patient for their test results). Delays or other unnecessary impediments could implicate the information blocking provisions.
In practice, this could mean a patient would be able to access EHI such as test results in parallel to the availability of the test results to the ordering clinician.
Please review the other questions under this heading for more information.
Again, while you don’t have to be proactive in your sharing, the regulation does require the information be available to the patient on demand in ways that weren’t required before. Another question addresses the timeline that the HIPAA Privacy Rule allows for release of records after a request and shares that the information blocking may require a shorter timeline than the HIPAA Privacy Rule requires. Basically, the HIPAA Privacy Rule timeline isn’t a safe harbor for showing that you shared in a reasonable timeframe.
No doubt there are a lot more details, so if you’re involved in this be sure to go and read all of the FAQs.
Also, I think we’re going to need to become very familiar with two key phrases: EHI (Electronic Health Information) and Preventing Harm. Much like PHI, EHI is going to become a standard talking point when it comes to information blocking and the information that needs to be shared. Also, given the number of FAQs on the subject, the Preventing Harm exception is likely going to be problematic and is going to take some time to really understand. I can easily see people abusing this exception with some vague fear of “harm” being caused by sharing. ONC seems to be working hard to make sure that this exception is available, but that healthcare organizations don’t use it to overreach.
There are a number of questions in the FAQ about whether the information blocking rule applies to your organization. It seems that many think it only applies to those who use a certified EHR, but that would be wrong. The information blocking rule doesn’t require an organization have a certified EHR or that they use one. In fact, the rules could apply to HIEs, Payers, and business associates to name a few. Check out the various FAQs for more details.
Any other responses in this Information Blocking FAQ stand out to you? As always, we love hearing your insights and perspectives.
Thanks John! Good synopsis and abstract of key info.
Hi. Where can I find information related to availability of Radiology Images pertaining to the Cures Act?