The costs of information sharing may factor into future policymaking. The healthcare industry keeps discovering more diverse and innovative ways to share patient information and improve care. However, regulators have long struggled to align policies and standards with emerging technologies while securing patients’ safety. But a long-promised proposed rule from the HHS Office of the National Coordinator for Health Information Technology (ONC) has finally come to fruition — and it aims to revamp health IT, health information exchange (HIE), and patient engagement. “By outlining specific requirements about electronic health information [EHI], we will be able to help patients, their caregivers, and providers securely access and share health information,” said HHS Secretary Alex Azar. “These steps forward for health IT are essential to building a healthcare system that pays for value rather than procedures, especially through empowering patients as consumers.” Background: The 21st Century Cures Act (Cures Act), released in December 2016 under President Obama, charged ONC with handling the nation’s EHI issues and the innovation and improvement of HIE. Provisions in Title IV of the Cures Act included thwarting information blocking, improving interoperability, and monitoring health IT, from vendor implementation to standardization to certification. In September 2018, ONC sent the Office of Management and Budget (OMB) a notice of proposed rulemaking to address these mandates. Now: On Feb. 11, ONC in coordination with CMS released the long-delayed proposed rule, which was impacted by the government shutdown. The ONC proposal was published in the Federal Register on March 4. The proposed rule abounds with changes that impact things as varied as EHR-vendor requirements, pediatric health IT, application programming interface (API) fee regulations and certification mandates, broad national interoperability standards, and rules to prohibit information blocking. Take a Look at These Data Sharing Exceptions Information blocking happens mostly to the detriment of patients, but the ONC wants to reduce the practice in its patient-centered policy changes. “By supporting secure access of electronic health information [EHI] and strongly discouraging information blocking, the proposed rule supports the bipartisan 21st Century Cures Act,” said Don Rucker, MD, ONC national Coordinator for health IT in a release on the rule. “The rule would support patients accessing and sharing their electronic health information, while giving them the tools to shop for and coordinate their own health care.” Even though the agency insists data sharing is central to HIE and value-based care, the proposed rule offers seven “reasonable and necessary” exceptions for why information might be blocked. The proposed rule exceptions cover “actors” impacted by the changes and include providers, vendors and developers, HIEs, and networks. Consider this overview of why these actors might be exempt from information-blocking provisions: 1. Protect patients. According to the rule, there may be times in the public’s interest when patient data is withheld, preventing harm. 2. Comply with HIPAA. “The information blocking provision will not require that actors provide access, exchange, or use of EHI in a manner that is not permitted under the HIPAA Privacy Rule,” the proposal says. 3. Keep EHI secure. If there are concerns that patients’ records or any EHI is in danger, an actor can safeguard it by information blocking. 4. Recover costs. This is a confusing exception, but in a nutshell means that an actor would not be charged for information blocking if the cost of sharing data impeded the exchange. It goes on to add that parties “should be able to recover costs that they reasonably incur to develop technologies and provide services that enhance interoperability and promote innovation, competition, and consumer welfare,” notes the rule. 5. Ignore unreasonable requests. If requests for patients’ data seem unreasonable or illegitimate, the actors don’t have to share the data. Size and scope of both the request and the actor are taken into account for this exception. 6. Halt discrimination. If the information requested might lead to discrimination, the actor can refuse to share the patient’s records. 7. Update health IT. If vendor updates are in progress, then information can’t be shared. In this situation, it is reasonable that data will not be shared until a later date. Stay tuned as Medicare Compliance and Reimbursement looks at aspects of the Cures Act proposals that impact Medicare providers in the issues ahead. Note: See the ONC proposed rule in the Federal Register at www.federalregister.gov/documents/2019/03/04/2019-02224/21st-century-cures-act-interoperability-information-blocking-and-the-onc-health-it-certification and read the information blocking fact sheet at www.healthit.gov/sites/default/files/nprm/ONCCuresNPRMInfoBlocking.pdf.