Health Information Compliance Alert

Policy:

ONC Proposals Answer the Cures Act Call

Feds propose seven data-blocking exceptions.

As the health IT industry grows daily, offering more diverse and innovative ways to share patient information and improve care, the feds have struggled to align policies and standards. But a long-promised proposed rule from the HHS Office of the National Coordinator for Health Information Technology (ONC) has finally come to fruition — and it aims to revamp health IT and health information exchange (HIE).

“By outlining specific requirements about electronic health information [EHI], we will be able to help patients, their caregivers, and providers securely access and share health information,” said HHS Secretary Alex Azar. “These steps forward for health IT are essential to building a healthcare system that pays for value rather than procedures, especially through empowering patients as consumers.”

Background: The 21st Century Cures Act (Cures Act), released in December 2016 under President Obama, charged ONC with handling the nation’s EHI issues and the innovation and improvement of HIE. Provisions in Title IV of the Cures Act included thwarting information blocking, improving interoperability, and monitoring health IT, from vendor implementation to standardization to certification. In September 2018, ONC sent the Office of Management and Budget (OMB) a notice of proposed rulemaking to address these mandates.

Now: On Feb. 11, 2019, ONC in coordination with CMS released the long-delayed proposed rule, which was impacted by the government shutdown. ONC gives no publication date, but advises that the “HHS-approved document has been submitted to the Office of the Federal Register (OFR) for publication and has not yet been placed on public display or published in the Federal Register.”

The proposed rule abounds with changes that impact things as varied as EHR-vendor requirements, pediatric health IT, application programming interface (API) fee regulations and certification mandates, broad national interoperability standards, and rules to prohibit information blocking.

Take a Look at These Data Sharing Exceptions

Information blocking happens mostly to the detriment of patients, but the ONC wants to change all that in its patient-centered policy changes. “By supporting secure access of electronic health information [EHI] and strongly discouraging information blocking, the proposed rule supports the bipartisan 21st Century Cures Act,” said Don Rucker, MD, ONC national Coordinator for health IT in a release on the rule. “The rule would support patients accessing and sharing their electronic health information, while giving them the tools to shop for and coordinate their own health care.”

Even though the agency insists data sharing is central to HIE and value-based care, the proposed rule offers seven “reasonable and necessary” exceptions for why information might be blocked.

The proposed rule exceptions cover “actors” impacted by the changes and include providers, vendors and developers, HIEs, and networks. Consider this overview of why these actors might be exempt from information blocking provisions:

1. Protect patients. According to the rule, there may be times in the public’s interest when patient data is withheld, preventing harm.

2. Comply with HIPAA. “The information blocking provision will not require that actors provide access, exchange, or use of EHI in a manner that is not permitted under the HIPAA Privacy Rule,” the proposal says.

3. Keep EHI secure. If there are concerns that patients’ records or any EHI is in danger, an actor can safeguard it by information blocking.

4. Recover costs. This is a confusing exception, but in a nutshell means that an actor would not be charged for information blocking if the cost of sharing data impeded the exchange. It goes on to add that parties “should be able to recover costs that they reasonably incur to develop technologies and provide services that enhance interoperability and promote innovation, competition, and consumer welfare,” notes the rule.

5. Ignore unreasonable requests. If requests for patients’ data seem unreasonable or illegitimate, the actors don’t have to share the data. Size and scope of both the request and the actor are taken into account for this exception.

6. Halt discrimination. If the information requested might lead to discrimination, the actor can refuse to share the patient’s records.

7. Update health IT. If vendor updates are in progress, then information can’t be shared. In this situation, it is reasonable that data will not be shared until a later date.

Read the information bloc king fact sheet at https://www.healthit.gov/sites/default/files/nprm/ONCCuresNPRMInfoBlocking.pdf.

Looking ahead: Stay tuned to Health Information Compliance Alert as we delve into the different parts of the proposed rule in future issues and follow up on the final rule as the regulations unfold.

Resource: See the rule and ONC fact sheets at www.healthit.gov/topic/laws-regulation-and-policy/notice-proposed-rulemaking-improve-interoperability-health.