Health Care Industry Must be Mindful of ‘Information Blocking’

Health Care Industry Must be Mindful of ‘Information Blocking’
Tuesday, January 2, 2018

Under the 21st Century Cures Act (Cures Act), the Health and Human Services (HHS) Secretary is mandated to have promulgated regulations by Dec. 13, 2017 that, among other requirements, prohibit “information blocking” as a condition to Electronic Health Record (EHR) certification, which is a requirement that EHRs must meet to qualify for use in Medicare/Medicaid EHR Incentive Programs. Although the HHS Secretary has yet to do so, and the Office of the National Coordinator for Health Information Technology (ONC) continues to work on defining the Cures Act broad definition of information blocking through exemptions, the prohibition is already supported by the 2015 Edition Health IT Certification Criteria, as well as other federal regulations and programs, such as HIPAA and MACRA.

Accordingly, vendors and providers should avoid practices that may be considered “information blocking” when negotiating their contracts for services, including technical limitations that make authorized access to the electronic health information difficult, burdensome or expensive for health care providers or patients. Such restrictions on health IT (HIT)’s certified technical capabilities may result in risk to the technology’s EHR Certification and/or result in civil penalties.

Cures Act’s Implications for Health Care Providers

While software developers would seem to be the main target of the Cures Act, they are not the only professionals that must be aware of such prohibitions. Under the Merit-based Incentive Payment System (MIPS) for the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), health care practitioners are now expected to submit a “Prevention of Information Blocking Attestation,” which indicates that such providers will make a “reasonable attempt” to maintain interoperability. Regulators fear that practitioners may engage in information blocking activities in an attempt to prevent patients from going to a competing provider or blaming confusion over complying with HIPAA or other state and federal privacy laws.

Under MIPS, however, individual practitioners are expected to get adequate assurances from their HIT vendors that they comply with information sharing requirements. Many practitioners have voiced concerns about meeting these requirements in light of challenges they already face with fully utilizing EHR technology, much less being cognizant of technological functionality or enhancements that support data sharing. Furthermore, given EHR vendors’ current lack of clarity on what would be considered “information blocking,” health care providers are concerned that they may not be able to obtain “adequate assurances” that all information sharing requirements are adequately met.

Information Blocking

In recent years, EHR vendors have been accused of intentionally complicating and monetizing the interoperability of electronic health records. Enacted on Dec. 13, 2016, the Cures Act was established, in part, to prohibit EHR vendors from such activities collectively referred to as “information blocking.”

The Cures Act broadly defines “information blocking” as any “practice that … is likely to interfere with, prevent, or discourage access, exchange, or use of electronic health information” if the practice is known or should be known by the relevant entity to “interfere with, prevent, or materially discourage the access, exchange, or use of electronic health information.”

The Cures Act also provides wide sweeping examples of information blocking, such as “[i]mplementing HIT in nonstandard ways that are likely to substantially increase the complexity or burden of accessing, exchanging or using electronic health information.” These examples are likely based on the 2015 ONC Report to Congress on Health Information Blocking (2015 ONC Report), which discussed vendors “charging prices or fees (such as for data exchange, portability, and interfaces) that make exchanging and using electronic health information cost prohibitive,” and “developing or implementing health IT in non-standard ways that are likely to substantially increase the costs, complexity, or burden of sharing electronic health information.”

EHR Certification

For purposes of EHR Certification, the Cures Act mandates that EHR and HIT vendors must attest that they are not engaging in information blocking. Vendors that make false attestations risk being penalized with revocation of the certification. This certification is essentially a requirement of doing business as a HIT developer, in light of the fact that the ONC has required that health care providers use a certified EHR to qualify for Medicare and Medicaid EHR Incentive Programs.

The Cures Act also requires that the HHS Secretary establish a process for collecting complaints of information blocking and for investigating such complaints, with the Office of Inspector General (OIG) as the agency designated for carrying out such investigations. The 2015 ONC Report recommended that health IT vendors engaging in information blocking should face corrective action, up to and including the suspension or termination of its EHR certification. The Cures Act specifies that the penalty for information blocking is up to $1 million “per violation.”

Current Regulatory Guidance for Software Developers

Although the 2015 ONC Report currently serves as the ONC’s best guidance as to its stance on information blocking, the 2015 Edition of ONC’s Health IT Certification Criteria already require EHR software to enable users to export patient summaries in a customizable and user-friendly manner.

Additionally, the Privacy Rule of the Health Information Portability and Accountability Act (HIPAA) promotes the interoperability of EHR software, including the flow of patient health information to providers for treatment, payment, and health operations purposes, as well as to patients themselves. Furthermore, the Health Information Technology for Economic and Clinical Health (HITECH) Act requires that patients must be able to transmit data at little or no cost to a location of the individual’s choosing, even if that may be a competing health care provider or to an alternate HIT vendor.

Many vendors claimed that meeting the Cures Act’s requirements is prohibitively difficult, especially in conjunction with the HIPAA Privacy Rule, which places significant restrictions on how certain entities, including health care providers, may use or disclose patients’ health information. However, as noted, HIPAA promotes the interoperability of EHR software to enable the permitted sharing of patient health information not only for personalized healthcare but also to advance medical research and public health.

Thus, regardless of the ONC’s final rules, HIPAA promotes the development of EHR software that permits the transmission of health information freely to authorized users, regardless of the software environment in which it sits.

Next Steps

These heightened requirements come at a complicated time for EHR vendors and healthcare providers.

 Almost all health care providers have already implemented an EHR system, and thus, with customer demand at an all-time low, EHR vendors are seeking out new revenue opportunities. On the other hand, health care providers are looking for more cost-effective ways to minimize the ongoing costs of medical software and services, while maintaining high expectations for EHR software to provide a secure storage solution for patient information.

HIT developers and health care providers anticipate that the ONC, tasked with drafting rules for these processes by the HHS Secretary, would soon clarify what activities qualified as information blocking; standard and “nonstandard” ways of burdening the exchange of health information, and how an entity can be determined to be in compliance with such requirements.

While the ONC has reportedly been meeting with stakeholders and other government agencies to determine what practices shall be exempted from information blocking’s broad definition, the ONC’s Deputy National Coordinator has not yet offered a timeline as to when such publications may be released. The OIG, on the other hand, has indicated its readiness to investigate and take enforcement actions against information blocking violators, but must await the implementation of the ONC’s rules prior to taking any actions. Currently, the OIG does not have a legislated investigation process, so it is unclear which entity would have the burden of proving whether information blocking has occurred and what standards of implementation would act as operational benchmarks.

Moving forward, EHR developers will need to work closely with health care providers and interoperability standard groups to avoid any practices that may be considered to be information blocking in order to maintain their ONC certification and to avoid costly penalties. At a critical time with regard to EHR vendors’ financial viability, these entities are challenged to balance not only enabling cost-effective and outcome-based healthcare delivery, developing interoperable EHR software that does not run afoul of the information blocking restrictions, while protecting the vendors’ intellectual property rights in its software and other innovations and maintaining profitability. However, HIT vendors and health care providers alike await the ONC’s future guidance on information blocking to ensure the requisite interoperability of EHR systems.

© Polsinelli PC, Polsinelli LLP in California

Current Legal Analysis

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be  a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.

The National Law Review - National Law Forum LLC 3 Grant Square #141 Hinsdale, IL 60521  Telephone  (708) 357-3317 or toll free (877) 357-3317.  If you would ike to contact us via email please click here.

Copyright ©2024 National Law Forum, LLC