Tech & Innovation in Healthcare

No matter the size or scope of your organization, ensuring your patients have quick and easy access to their health data is critical. In a new rule, the Department of Health and Human Services (HHS) harnesses the might of the 21st Century Cures Act to regulate information blocking by providers participating in Medicare’s various quality programs.

History: In 2016, Congress signed the 21st Century Cures Act into law, expanding health information policy and ensuring better access to care and health data via technology.

In May 2020, the Centers for Medicare & Medicaid Services (CMS) and the HHS Office of the National Coordinator for Health Information Technology (ONC) released dual rules,

the “CMS Interoperability and Patient Access final rule” and the “ONC 21st Century Cures Act final rule,” regulating data exchange, promoting coordinated care, and improving access. In 2021, amid the COVID-19 public health emergency (PHE), ONC began implementing key policies from the Cure Act final rule concerning information blocking guidance for software developers, IT managers, and providers.

Under the fiscal year (FY) 2023 budget, information blocking-centered provisions were addressed with updated penalties and disincentives for violations, as well as a request for a new authority for advisory opinions and policymaking. Then in June 2023, the HHS Office of Inspector General (OIG) issued a civil monetary penalties (CMP) final rule, establishing statutory penalties for information blocking violations for individuals and entities.

Now: Last November, HHS published a proposed rule in coordination with OIG and ONC to clarify and regulate information blocking by providers participating in the following CMS programs: the Merit-Based Incentive Payment System (MIPS); the Medicare Promoting Interoperability Programs; and the Medicare Shared Savings Program (MSSP).

On June 24, HHS released a final rule titled the “21st Century Cures Act: Establishment of Disincentives for Health Care Providers That Have Committed Information Blocking,” which follows through on the quality-focused proposals. The rule was published in the Federal Register on July 1.

“This final rule is designed to ensure we always have access to our own health information and that our care teams have the benefit of this information to guide their decisions. With this action, HHS is taking a critical step toward a health care system where people and their health providers have access to their electronic health information,” said HHS Secretary Xavier Becerra in a release. “When health information can be appropriately accessed and exchanged, care is more coordinated and efficient, allowing the health care system to better serve patients. But we must always take the necessary actions to ensure patient privacy and preferences are protected — and that’s exactly what this rule does.”

Prepare for These Information Blocking Reforms

Though HHS finalized the proposals without change, the final rule has its shortcomings. For example, HHS offers limited guidance to providers on how to comply with information blocking requirements. And instead of designing an appeals system for data blocking offenders, providers will need to use the Medicare appeals process, which isn’t perfect.

“CMS and ONC largely maintained their initial proposals despite opposition from providers,” say attorneys Lauren Knizner and Kristen O’Brien and healthcare executive Jeffrey Davis with McDermott + Consulting, an affiliate of law firm McDermott Will & Emery. “As a result, healthcare providers may face a complicated array of potential consequences for information blocking conduct and will need to understand which disincentives may apply to them, as the potential penalties could be financially significant,” acknowledge Knizer, O’Brien, and Davis in a McDermott’s Regs & Eggs blog post.

Here’s a brief overview of what quality program participants can expect:

PI Programs: “An eligible hospital or critical access hospital (CAH) that has committed information blocking and is referred to CMS by OIG will not be a meaningful electronic health record (EHR) user during the calendar year of the EHR reporting period in which OIG refers its determination to CMS,” the HHS release says.

What that means is that CAHs won’t be able to earn 75 percent of their market basket increases, and subsequently, their “payment will be reduced to 100 percent of reasonable costs instead of 101 percent,” HHS warns.

MIPS: Clinicians and groups participating in MIPS that block information won’t be considered meaningful users of certified

EHR technology, and this will result in a zero score under the Promoting Interoperability category.

However, “CMS has modified its policy for this disincentive to clarify that if an individual eligible clinician is found to have committed information blocking and is referred to CMS, the disincentive under the MIPS Promoting Interoperability performance category will only apply to the individual, even if they report as part of a group,” HHS clarifies.

MSSP: Participants in the MSSP — Accountable Care Organizations (ACOs), ACO participant, or an ACO supplier or provider — may be ineligible for a year and could possibly be excluded from future ACO/MSSP participation for information blocking. Providers would also not receive MSSP-earned revenue during that time period. However, on the plus side, CMS will consider “relevant facts and circumstances” before instituting the information blocking disincentives for MSSP participants, HHS indicates.

The disincentives are effective 30 days from the final rule’s publication date, with one exception: MSSP disincentives will begin Jan. 1, 2025.

Watch out: “Not every provider will be subject to these penalties, as some providers do not participate in the CMS quality programs into which the disincentives are built. However, CMS and ONC hint in the final reg that they may consider other disincentives for providers who are currently ‘off the hook,’” Knizer, O’Brien, and Davis caution.

Kristin J. Webb-Hollering, BA, CPCO