This week, we have a two-part blog diving into the 21st Century Cures Act. Part 1, published Monday, examined the effect of the Cures Act on interoperability and information blocking applied to providers. Today, Part 2 explores how information blocking applies to health IT (HIT) developers.
The topic of information blocking and Electronic Health Records (EHRs) has entered a new chapter with the enactment of the 21st Century Cures Act (Cures Act).
The root cause of information blocking complaints can be difficult to pinpoint. Each case of potential information blocking should be evaluated on its individual merits. The actions performed by various roles in potential information blocking cases can impact the outcome and determination of information blocking cases differently.
The Office of the National Coordinator’s (ONC) report on information blocking outlined examples of information blocking by HIT developers as well as strategies for preventing information blocking. ONC’s report frames the discussion through anecdotal evidence shared to them as complaints from industry stakeholders. These complaints center mostly on business practices of HIT developers related to high fees, using proprietary data formats to lock in customers to a given product or restricting a provider’s ability to use or exchange information within their EHR system (including providers transitioning EHR systems).
ONC notes costs and charges for exchange of information may not necessarily constitute information blocking. It does observe large variations in fees charged, especially where some fees seem to be charged for no reason except to restrict providers into only exchanging health information with organizations that have the same EHR technology or proprietary platforms and networks. ONC also states that each case of potential information blocking must be reviewed on its own merits, and only calls out a few limited scenarios that should be considered information blocking, such as the use of a “kill switch.” A kill switch refers to functionality allowing a HIT developer to prevent a provider’s access and use of their EHR system, such as upon nonpayment of software fees.
Additionally, ONC outlines a government-led strategy on information blocking. This strategy involves education on HIPAA privacy and security issues, creation of rules of the road for fair information exchange, constraint of standards and greater transparency in HIT and EHR options and costs.
The strategy for ONC includes the creation of their Enhanced Oversight and Accountability rule which was finalized last fall and lets ONC and their accrediting bodies conduct surveillance on certified EHR technology (CEHRT) to ensure the CEHRT is providing the functionalities and standards required under ONC’s certification program, especially those related to interoperability. This rule pushes beyond the disclosure statements and previous level of surveillance required by the ONC. If a CEHRT is found to be deficient, it can have its certification suspended or terminated.
Enacted in December 2016, the Cures Act defines information blocking conducted by a HIT developer as a practice the HIT developer knows or should know “is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.”
This places the standard for HIT developers at a higher bar than that of providers because a HIT developer is not required to have full knowledge of a practice interfering with access, exchange or use of health information. This presents some level of due diligence for the HIT developer to investigate and review potential issues to determine if they may rise to the level of information blocking.
The Cures Act grants the Office of the Inspector General (OIG) authority to investigate claims of information blocking or falsely attesting to the conditions of certification. OIG has the authority to penalize HIT developers found to be information blocking up to $1 million per violation.
The Cures Act is still fresh, and we are still awaiting regulatory guidance, such as practices that may be excluded from the definition of information blocking. The Cures Act requires the secretary of the Department of Health and Human Services to issue regulations clarifying reasonable and necessary activities which would not be included in the definition of information blocking as outlined by the Cures Act. The OIG has not yet made public the results of any reviews nor applied any penalties, but they do have the green light to advance their enforcement role. The HIT developer market will also likely react as information blocking cases are resolved.
Developments in and around information blocking affect the health care industry at all levels: HIT developers need to know the new requirements and address compliance, and patients should be aware of these requirements to better understand the rights they have pertaining to their electronic health information. Finally, providers need to be aware of these requirements, as they can impact business and access to health information. HIT industry leaders can keep an eye on developments involving information blocking by monitoring CEHRT implementations and understanding the requirements.
How will you stay ahead of the curve with new regulatory requirements? Count on Cerner to lead you through the future of regulatory compliance. Learn more here.