All You Need to Know About Information Blocking

Information blocking was brought into action to ensure the patient’s right to access their health data was valued and upheld; however, things haven’t been going as expected. There has been high dissatisfaction from the patient end with how providers have been handling the EHI access requests. Information blocking refers to any restraint placed on accessing or exchanging patients’ Electronic Health Information. Find out more about Information Blocking through this article.

• What Is Information Blocking?
• Examples of Information Blocking
• Who Is Affected by the Information Blocking Rule?
• The 8 Exceptions to the Information Blocking Rule
• The Severity of Information Blocking Complaints
• Action Against the Complaints
• What Must the Provider Organizations Do?

What Is Information Blocking?

The healthcare industry has gone through a radical change by enabling patients to have control over their health data. The information blocking rule was brought into place to corroborate the meaningful use of health data to ensure secure data sharing.

The Final Rule or the Information Blocking Rule 2020, published by the U.S. Office of the National Coordinator for Health Information Technology (ONC), defines information blocking as a practice that interferes with, prevents, or materially discourages access, exchange, or use of electronic health information. In other words, 21st Century Cures Act states that Information Blocking can be anything that unnaturally prevents access to patient health information.

To put it in simpler words, information blocking refers to an act that prevents or interferes with access, use, or exchange of Electronic Health Information. This rule was brought into place to ensure the protection and fair use of patients’ health data. The rule also comes with its own set of exceptions and penalties for non-compliance.

Examples of Information Blocking

The following practices could amount to Information Blocking:

• Policies or practices applicable under the State or Federal law that prevent an authorized person from accessing the Electronic Health Information
• Technical limitations that make it costly to access and use the health information
• Contract terms or having nonstandard IT that cause an additional burden to access, use, and exchange EHI
• A restriction imposed on health IT interoperability
• Fraudulent, wasteful, or abusive acts that prevent access, use, and exchange of EHI

Who Is Affected by the Information Blocking Rule?

Three categories of “actors” fall under the purview of the regulations of the information blocking section of the ONC Cures Act Final Rule, and they are:

• A Healthcare Provider A Healthcare provider is any person or an entity that provides healthcare services. The term could indicate a physician, a nurse, a nurse practitioner, a physician assistant, a pharmacist, and many such individuals and entities.
• Health Information Network or Health Information Exchange Electronic health information exchange (HIE) provides doctors, nurses, pharmacists, other health care providers, and patients with access to a patient’s vital medical information electronically—improving the speed, quality, safety, and cost of patient care.
• Health IT Developer of Certified Health IT Health IT developer of certified health IT refers to an individual or entity other than a health care provider that develops health IT for their own use.

The 8 Exceptions to the Information Blocking Rule

The following actions are considered to be exceptions to the Information Blocking Rule:

• Done to prevent harm: Preventing or interfering with the access, use, or exchange of EHI with the intent to prevent harm to the patient is not considered information blocking Done to protect privacy: Preventing the access, use, or exchange of EHI to protect an individual’s privacy or avoid violation of HIPAA; is not considered information blocking
• Done to ensure security: Preventing with the aim to ensure that the security of the EHI is protected, then it is not considered to be information blocking
• Done to confront infeasibility: If the infeasibility of the request requires prevention of access, use, or exchange of EHI, then it is not considered to be information blocking
• Done to fortify health IT performance: Making the health IT temporarily unavailable or taking it offline with the ultimate goal of securing the overall performance of health IT; is not considered information blocking
• Done to meet content and manner condition: The content and manner condition provides exceptions regarding the flexibility and clarity of the scope of response to the request to access, use and exchange EHI
• Done to cover fee requirements: Charging a reasonable fee to provide access to data; is not considered information blocking
• Done to license interoperability elements: Vendors can license elements of interoperability for it to be accessed, used, or exchanged without it amounting to information blocking

The Severity of Information Blocking Complaints

While information blocking was brought into the Healthcare industry to protect the health information shared electronically, several instances have caused the need to file complaints against information blocking.

As per data published by the ONC at the end of April 2022, 393 information blocking portal submissions were received, out of which 29 did not appear to be claims of potential information blocking. Patients or their representatives filed as much as 66.3% of the complaints.

“Something that requires attention is that 76.8% (more than three-fourths) of all information blocking complaints were filed against provider organizations.”

CHPL-listed Health IT Vendors (13.7%) and Non-Actors (4.2%) were a distant second and third in the list of potential actors against whom the complaints were filed.

Claimants from the patient end have raised concerns about being charged excessive fees to access the electronically held health data.

Action Against the Complaints

Has action been taken to address the complaints against the potential actors?

The Office of the Inspector General (OIG) is not yet ready to impose any action against the potential actors as it has not finalized the rules that would allow it to do so. Although the proposed rule was published in April 2020, the final rule is yet to see the light of the day. The final rule is expected to define the nature and quantum of penalties that could be imposed on the potential actors.

Something that isn’t entirely clear is if the final rules would apply to the information blocking incidents that occurred before publishing the final rules. However, this clearly is a wake-up call for provider organizations.

What Must the Provider Organizations Do?

To better comply with the information blocking rule and to aid the response to requests of access, use, and exchange of EHI, the provider organization must ensure the following:

Routine actions to be taken

• The provider organization can begin by looking at the organizational structure and include the following subject matter experts:
  a. a legal board that possesses expert knowledge and understanding of the information-blocking law;
  b. skilled IT team that is completely informed of the organization's procedure for EHI access, use, and exchange;
  c. information privacy specialists who apprehend the privacy protection policy for EHI;
• The provider organization must ensure that the appropriate staff is trained to respond to these requests.
• Assess your readiness to service any Release of Information (RoI) requests that come your way on time. Responding to such requests may include extracting data from your archival software in addition to the data stored in your primary EHR. Ensure to talk to your EHR and archive vendors and get the data extraction process tested.
• Check with your EHR vendor about their compliance with the Information Blocking Rule.
• Document the reasonableness standard of your organization; every situation in which reasonable action could not be taken must be documented to be used when required.

Request-specific actions to be taken

• Maintain a complete paper trail of all requests received and actions taken. Even if you have reasons to believe that the situation qualifies under information blocking exceptions and you do not need to release the information, respond in writing to the requester citing your reasons not to disclose the information.
• Promptly account for the fees received to provide such release of information using appropriate revenue codes so that your books of accounts stay clean.

One action that keeps the provider organization prepared for the future is to watch out for the newer amendments made to the Act. This helps the organization monitor its progress and meet the set standards.

When dealing with information blocking, it is good to remember that more documentation is better than less documentation!