As with any set of new regulations, there's a lot of detail to unpack. Providers already share a lot of data, but the ONC rule further defines which electronic health information (EHI) must be made available. It also establishes eight types of necessary "exceptions" to information blocking. For example, in some cases releasing certain information is prohibited by privacy laws—that's an exception and would not be considered information blocking.
Promoting Interoperability (PI) Toolkit
The information blocking requirements take effect on Nov. 2, 2020. That date is swiftly approaching, so right now is the time for organizations to review their policies and processes for sharing EHI. To help get you started, we've outlined our guidance for the top questions we hear from providers.
1. What data is covered under information blocking?
The information blocking policies apply to EHI. Initially, ONC will define EHI as the data elements in the United States Core Data for Interoperability (USCDI) standard. Almost all USCDI data elements are already captured in 2015 Edition certified EHRs today—which means the information blocking policies will apply to the data that's available in your system. However, under ONC's rule, the definition of EHI will eventually expand beyond the USCDI. Starting May 2022, the EHI definition will include the full HIPAA electronic designated data set.
2. How does the ONC rule impact PI program measures?
The ONC rule doesn't directly affect CMS' Promoting Interoperability (PI) program. Any changes to the PI reporting requirements would be established through CMS rulemaking. And while CMS may update the PI program in the future, it has not done so yet.
That said, the scope of the ONC rule includes, but is not limited to, data elements specified by the PI program. So providers need to think more broadly about information blocking—more like they would for HIPAA or Stark laws.
3. Do we have to upgrade our 2015 Edition certified EHR by Nov. 2, 2020?
The Nov. 2, 2020 date applies to compliance with the information blocking policies. Providers are not required to upgrade their EHRs to the new 2015 Edition certification criteria at that time. For example, providers do not have to immediately implement an Application Programming Interface (API) that supports Fast Healthcare Interoperability Resources (FHIR) for the purposes of information blocking compliance.
Beyond information blocking, the ONC rule finalized several updates to 2015 Edition certification criteria, including a new standards-based API certification criterion that is required to support FHIR. IT developers must roll out this functionality to their customers by May 2022 to remain in good standing in the ONC certification program.
4. What is the penalty for information blocking?
It's complicated. Enforcement of disincentives and penalties depends on what role you play in sharing information. ONC defined three types of "actors" that are subject to information blocking policies: providers, IT developers, and Health Information Exchanges and Networks (HIEs/HINs). Keep in mind:
- For providers, ONC didn't establish a mechanism for information blocking disincentives. But remember that providers must agree to "prevention of information blocking" in order to meet PI reporting requirements.
- It's also possible for a provider to act as an IT developer or HIE/HIN for the purposes of information blocking. In those cases, a violation of the information blocking policies could be subject to civil monetary penalties.
Watch our webinar, "How to figure out your information blocking exposure," for more details on which disincentives or penalties could apply.