One of the most challenging pieces of the information blocking regulation that’s about to hit healthcare on April 5, 2021 is all the exceptions that are included. These exceptions are important, because there are some reasonable times when it might be in anyone’s best interest to share data. However, I’m sure many healthcare organizations are going to be spending a lot of time pouring over the various information blocking exceptions and having long discussions about what they really mean.
For those not familiar with the exceptions, here’s the short overview of exceptions:
Steven Posnack from ONC has a great blog post on the various exceptions as well where he outlines the details of the 2 categories of exceptions:
Category 1: Exceptions that involve not fulfilling requests to access, exchange, or use EHI. Five specific exceptions were established in this category. These exceptions aim to give clarity to actors that their practices (consistent with an exception) would not constitute information blocking when they are unable to share all the EHI requested or part of the EHI requested. For example, the Cures Act Final Rule provides exceptions to prevent patient harm, protect patient privacy, and ensure the security of EHI. These exceptions broadly address scenarios such as when a patient’s consent is required and the patient has denied that consent, health IT downtime events, or being unable to segment EHI that, for example, cannot be disclosed by law.
Category 2: Exceptions that involve procedures for fulfilling requests to access, exchange, or use EHI. Three exceptions were established in this category. These exceptions aim to support actors when they are willing to share EHI but may need to do so in a different format than requested or to address specific market considerations, such as intellectual property rights or fees, before doing so. These exceptions recognize that actors should be able to engage and negotiate EHI-related sharing and services in an open market. At the same time, many of the complaints leading up to the Cures Act’s passage and ONC’s subsequent regulation indicated that actors were leveraging their market power to engage in anti-competitive and EHI-restrictive practices – causing more friction in the market and preventing EHI from being shared. Accordingly, the three specific exceptions that HHS adopted provide guardrails for actors with the ultimate goal of EHI being shared.
If you want to dive into the details for each of the 8 information blocking exceptions, this fact sheet has detailed info on each exception.
In Steven Posnack’s article, he also suggests that HHS OIG will evaluate each instance individually on a case-by-case basis. I think what this indicates is that they plan to be reasonable in how they enforce this regulation. However, I think we can expect OIG to really come down on healthcare organizations that aren’t acting in good faith when it comes to sharing health data. It’s pretty clear that they expect healthcare organizations to share data with patients unless it’s a major problem to do so (ie. security, safety, etc).
What will also be interesting is how HHS will discover information blocking. They have created a feedback portal where people can share instances of information blocking with them. Plus, The Cures Act provides specific confidentiality protections for those that report it.
What’s been your organization’s response to information blocking and these exceptions? Do you find it confusing or are these exceptions reasonable? Are there any other exceptions you wish they’d included? Are you ready for April 5th?
