Read time: 6 minutes (1228 words)
Who is the rightful owner of electronic health information? Who should control when, how, and with whom that information is shared? These are critical, and valuable, questions for an industry with a compound annual growth rate of data that exceeds manufacturing, financial services, and entertainment and media.
In its information blocking rule, the Office of the National Coordinator for Health Information Technology (ONC) offers a definitive response – the patient – and responds to concerns that some individuals and entities are engaging in practices that unreasonably limit the availability, interoperability, and use of patients’ electronic health information.
Key stakeholders in the health care industry – providers and certain health IT companies and developers – are now prohibited from engaging in practices likely to interfere with the appropriate access, exchange, or use of patients’ electronic health information.
Under the new rule, if the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or applicable state privacy laws permit the disclosure of electronic health information, the information blocking rule likely will require such disclosure. The rule does include important exceptions that offer regulated actors certainty that their practices will not be considered information blocking when meeting the conditions of one (or more) exception. Yet, leveraging these complex exceptions will require advance planning.
What is information blocking?
Information blocking is a business practice likely to interfere with, prevent, materially discourage, or otherwise inhibit the access, exchange, or use of electronic health information (EHI). Information blocking does not include practices that either (1) are required by law or (2) comply with an exception to the information blocking rule.
Put simply, information blocking encompasses activities that make the access, exchange, use, or interoperability of health data more difficult. The definition also encompasses an intent requirement, which is different depending on the identity of the regulated actor.
Who must comply, and what are the associated intent requirements?
The information blocking rule applies to health care providers, health information networks (HINs) and health information exchanges (HIEs), and ONC-certified health IT developers.
For health care providers, a practice meeting the regulatory definition will be considered information blocking if the health care provider knows such practice to be unreasonable and likely to interfere with access, exchange, or use of EHI.
For ONC-certified health IT developers, HINs, or HIEs, a practice meeting the regulatory definition will be considered information blocking if the regulated actor knows, or should know, that such practice is likely to interfere with the access, exchange, or use of EHI.
Developers must take note that if their products include any ONC-certified health IT, they must comply with the information blocking rule with respect to all of their health IT products and services – even those that are not certified.
- Disclosures of electronic health information (EHI) permitted by HIPAA and state law are now required (unless an exception applies) under new rule
- Providers and certain health IT companies must strategically evaluate how to protect IP interests yet maintain competitively neutral EHI data sharing practices
- Enforcement framework, which includes civil money penalties, remains in flux