Definition Flashcards
What is Information Blocking?
Information blocking is a practice that is:
(1) likely to interfere with the access, exchange, and use of electronic health information (EHI) [defined below] except as required by law or covered by an exception; and
(2) conducted by a health IT developer, health information network or health information exchange that knows, or should know, that such practice is likely to interfere with, prevent, or materially discourage access, exchange, or use of EHI; or
(3) conducted by a health care provider that knows that such practice is unreasonable and likely to interfere with, prevent, or materially discourage access, exchange, or use of EHI.
Who is Subjected to Info. Blocking
Restrictions?
Throughout the regulations, “Actors” are the ones detailed as being the subjects of information blocking requirements.
The Actors are defined as:
- Providers
- Payers
- Vendors
- Health Information Exchanges (HIEs)/Health Information Networks (HINs)
Where Do These Requirements Reside in
Health Data?
The data that is being transmitted to a patient when they make a request for their data is defined as electronic health information (EHI).
Currently, until Oct. 6 2022, EHI is defined as
all the contents of the United States Core Dataset for Interoperability (USCDI) as defined by ONC.
After Oct. 6, 2022, EHI is defined as
all electronic personal health information (ePHI) to the extent it is included in the designated record set (as defined by HIPAA).
What Does CMS Have to Do With This?
The OIG final rule states that any investigations that confirm the practice of information blocking by an actor would be referred to the appropriate regulatory authority for disincentives.
For provider actors, that means CMS would hold jurisdiction for implementing disincentives.
CMS has not declared how exactly they would do that or what the penalties would look like.
Do the information blocking regulations require actors to have or use certified health IT, or upgrade the certified health IT they already have to fulfill a request to access, exchange or use EHI?
• No.
The information blocking regulations do not require actors to have or use health IT certified under the ONC Health IT Certification Program. Actors subject to the information blocking regulations are not required to immediately upgrade their certified health IT (as of the applicability date (i.e., April 5, 2021)) if they also happen to participate in a separate regulatory program that requires the use of certified health IT, such as CMS’ Promoting Interoperability Programs.
When state or federal law or regulation, such as the HIPAA Privacy Rule, requires EHI to be released by no later than a certain date after a request is made, is it safe to assume that any practices that result in the requested EHI’s release within that other required timeframe will never be considered information blocking?
- No. The fact that an actor covered by the information blocking regulations meets its obligations under another law applicable to them will not automatically demonstrate that the actor’s practice does not implicate the information blocking definition.
- If an actor who could more promptly fulfill requests for legally permissible access, exchange, or use of EHI chooses instead to engage in a practice that delays fulfilling those requests, that practice could constitute an interference under information blocking, even if requests affected by the practice are fulfilled within a time period specified by a different applicable law.
On April 5, 2021, can prior agreements, arrangements, or contracts still in effect implicate the information blocking definition?
Yes.
On and after April 5, 2021, any actor’s agreements, arrangements, or contracts are subject to and may implicate the information blocking regulations in 45 CFR part 171.
What is the best way to explain the ‘content and manner’ exception vs. ‘infeasibility’ exception?
- Content and Manner: Provides flexibility concerning the content (i.e.— scope of EHI) of an actor’s response to a request to access, exchange or use EHI and the manner in which an actor may fulfill the request
- Content: USCDI until October 6, 2022. After October 6, 2022, ePHI to the extent it is included in the designated record set
- Manner: Permits an actor to fulfill a request in an alternative manner when the actor is technically unable to fulfill the request in the manner requested or cannot reach agreeable terms with the requestor to fulfill the request.
- Infeasibility: Recognizes the practical challenges that may limit an actor’s ability to comply with requests for access, exchange, or use of EHI. One of three conditions must be met: (1) uncontrollable event, (2) segmentation, (3) infeasible under the circumstances
• Content and Manner: Provides flexibility concerning the content (i.e.— scope of EHI) of an actor’s response to a request to access, exchange or use EHI and the manner in which an actor may fulfill the request
- Content: USCDI until October 6, 2022. After October 6, 2022, ePHI to the extent it is included in the designated record set
- Manner: Permits an actor to fulfill a request in an alternative manner when the actor is technically unable to fulfill the request in the manner requested or cannot reach agreeable terms with the requestor to fulfill the request.
Best Practices
1) Read the Rule
2) Determine whether your organization is an “actor”
3) Become familiar with Part 171 of the Cures Act Final Rule and related exceptions
4) Establish a Governance Structure
5) Identify organizational stakeholders
6) Develop a multi-disciplinary compliance team
7) Conduct an assessment and/or risk analysis to determine readiness
8) Assess Systems for Compliance and Operational Efficiencies
9) Assess patient identification and matching accuracy to ensure appropriate access to EHI
10) Conduct a system inventory to determine whether designated record sets are included
11) Define your designated record set if you have not done so already
12) Develop policies and procedures for unsigned or incomplete documents and lab/test results that require review before availability
13) Evaluate Compliance and System Infrastructure
14) Review BAAs to determine any revisions necessary to contract, agreements, and licenses related to information blocking
15) Identify staff and processes for monitoring/auditing the organization’s incoming and outgoing EHI requests
16) Review and revise consents and authorizations for compliance with information blocking and patient accessUpdate Policies and Procedures
17) Assess and implement policies and procedures to ensure compliance and business actions related to information blocking
18) Develop an information blocking and patient access incident management policy and procedures that includes data collection, reporting and forms
19) Update and/or develop HR policies, procedures, documentation, and systems to provide for discipline for information blocking violations by workforce members
20) Develop education and training materials as well as competency tests on information blocking
21) Develops patient education plans regarding information blocking and the risks associated with using third-party applications
InfoBlockingCenter.org
is a new resource center partnership with provider focused organizations including CHIME and AHIMA
