On April 10, ONC released its Report to Congress on Health Information Blocking (the “Report”). Here is a brief summary of the report, the full text of which is available here.
ONC has stated that its views health information blocking as frustrating the goals of HITECH and the Meaningful Use initiative. ONC defines information blocking as conduct which:
- Interferes with the ability of authorized persons or entities to exchange electronic health information; and
- is done knowingly with the intent to block information exchange; and
- is not justified by reasonable business, technological, or public policy reasons.
ONC recognizes that there may legitimate reasons why EHR systems are not interoperable. The Report focuses on the non-legitimate reasons, and highlights the following behavior:
- Contract terms which restrict individuals’ access to their EHR;
- Charging prices or fees for data exchange, portability, and interfaces which make exchanging EHR cost prohibitive;
- Developing health IT in “non-standard” ways which may increase the costs of sharing health information (particularly when interoperability standards have been adopted);
- Developing health IT in ways which may “lock in” users or their data, leading to fraud, waste or abuse, or otherwise impede innovation in health information exchange.
The Report is careful to explain that ONC would weigh such practices against legitimate considerations whether they are technological, regulatory, or economic in nature.
The Report notes that the evidence available thus far of information blocking is largely anecdotal, including approximately 60 unsolicited complaints of information blocking in 2014. Most of these complaints were directed at health IT vendors, many of which alleged that vendors were charging cost-prohibitive fees to send, receive, or export information stored in EHRs. While ONC recognizes that some of these fees reflect technological and service models, ONC notes that those factors do not adequately explain the variation in prices reported to ONC, leading ONC to believe that some developers are engaging in opportunistic pricing practices or charging prices designed to deter connectivity. ONC also has reports that vendors are preventing the exchange of health information with competitors or specific providers.
ONC also has received complaints directed at health care providers, such as the following:
- Hospitals or health systems are engaging in information blocking to control referrals and enhance market dominance.
- Health care providers have been citing HIPAA or other privacy regulations as a reason to prevent information sharing, even when the relevant regulation specifically permits such disclosure.
- Health care providers are working with health care vendors to artificially restrict information sharing only to those physicians who are members of the provider’s care network.
- Improper use of proprietary data formats to lock in customers, failure to publish required APIs, and charging differential fees unrelated to increased costs of information exchange.
The Report summarizes some limited empirical data and research supporting these complaints. In particular, the Report notes that there is a large variation among physicians’ capabilities to exchange information with other providers based on the EHR vendor employed. Large hospital systems have also been observed to have greater information exchange capabilities than small providers. The evidence also shows that for-profit hospitals are less likely than non-profit hospitals to exchange electronic health information, as are hospitals that do not have significant market share or operate in more competitive markets.
ONC cautions that it has not yet balanced these complaints with the potential “reasonable justification for the alleged interference.” And ONC is cautious about giving too much weight to anecdotal evidence, and notes that the empirical data remains limited. ONC’s Shared Nationwide Interoperability Roadmap seeks to address some of these data gaps, and ONC is considering other measures to improve their knowledge about the actual extent of information blocking.
The Report also contains an appendix, wherein ONC considers five hypothetical scenarios which could potentially constitute information blocking, as well as ONC’s analysis of those scenarios. These scenarios are:
- An accountable care organization (“ACO”) is technically capable and legally permitted to send and receive patient information electronically. However, they will only send patient information about a competing ACO’s patient’s by fax, which increases the cost and expense for the competing ACO.
ONC states this likely constitutes information blocking, because it 1) interferes with the flow of electronic health information; 2) is done intentionally; and 3) is not justified by any technical or regulatory reason. Because the interference is avoidable, ONC states that would be viewed as information blocking, even if it enhanced the ACO’s ability to compete against other ACOs.
- A vendor which operates services and infrastructure to facilitate health information exchange requires their customers follow certain security and business “best practices”. They refuse to share health information with health care providers which do not meet these standards.
ONC states it is unclear whether this constitutes information blocking. While the vendor is knowingly interfering with the exchange of health care information, more information is needed to assess whether such interference is unreasonable (criteria #3 above). In particular, ONC’s inquiry would focus on whether the “best practices” are actually warranted, or whether they are more of a business practice than a compliance or liability-reducing mechanism.
- A health care provider licenses EHR software from a vendor. During a billing dispute the EHR vendor activates a “kill switch” which encrypts all patient records, and rendors the data inaccessible to the provider and its patients. The vendor also refuses to grant the provider temporary access so that the provider can retrieve its patient’s records.
ONC would consider this information blocking. The EHR vendor has knowing interfered with the exchange of health care information. Further, the vendor’s actions were unreasonable, because they were not done in furtherance of patient safety, data security, regulatory reasons, or any other legitimate countervailing reason. Additionally, the vendor’s refusal to grant temporary access undermines any argument about the furtherance of legitimate economic interests. ONC views leveraging control of patient health records in a contract dispute as unreasonable, and therefore the practice constitutes information blocking.
- A health care provider obtains laboratory testing services and EHR technology from a single source (“First Lab”). The largest commercial health plan in the health care provider’s community then switches its preferred lab to First Lab’s main competitor, “Second Lab”. The health care provider attempts to purchase from First Lab an interface to connect its EHR technology to Second Lab’s systems, so that the provider’s patients may order and receive lab results from both labs. First Lab refuses to do so, in spite of the fact that they are capable of building such an interface, and in fact, routinely builds such interfaces for labs not operated by Second Lab.
First Lab’s behavior would be considered information blocking. They are knowingly interfering with the exchange of electronic health records. Further, their interference is unreasonable, because it is not justified by any technical reason, or any other reason. The fact that First Lab builds such interfaces for some competitors, but not others, undermines any privacy or security concerns they could claim. Rather, First Lab is using its EHR technology to control referrals for the separate lab services market. Because First Lab’s interference is not necessary to achieve any important public policy interest, it constitutes information blocking.
- A hospital is technically capable of sharing mental health information with out-of-state providers and no state or federal regulations prohibit such sharing. A former patient of the hospital’s is receiving treatment in a neighboring state, and consents to the transfer of her health records to the facility currently treating her. The hospital, citing an internal privacy policy against sharing mental health information with out-of-state providers, refuses to transmit her information.
ONC states this this may constitute information blocking. As with the other scenarios, they are knowingly interfering with the exchange of electronic health information. While the hospital is refusing to share such information pursuant to a privacy policy, ONC does not view this refusal as providing a reasonable justification. This is because the policy is geographic in nature, and there is no evident increased privacy or regulatory risk.
The common theme unifying these five scenarios is that the analysis will often turn on the third criteria – whether the blocking is unreasonable in nature. These scenarios shed some light as to how ONC will evaluate the reasonableness of various information sharing practices.
ONC also identifies the following knowledge gaps on blocking questions:
- Limited Evidence and Knowledge of Information Blocking
- Limitations of Certification for Addressing Information Blocking by Developers
- Limitations of Program Oversight for Addressing Information Blocking by Providers
- Inadequate Legal Protections and Enforcement Mechanisms for Information Blocking
- Lack of Transparency and Information about Health IT Products and Services
- Need to Hold Entities Accountable to Governance Principles for Nationwide Health Information Interoperability
The Report concludes by giving targeted actions it is taking and considering taking to address information blocking. These include:
- Strengthening In-the-field Surveillance of Health IT Certified by ONC
- Constrain Standards and Implementation Specifications
- Promote Greater Transparency in Certified Health IT Products and Services.
- Establish Governance Rules that Deter Information Blocking
- Work in Concert with the HHS Office for Civil Rights to Improve Stakeholder Understanding of the HIPAA Privacy and Security Standards Related to Information Sharing
- Coordinate with the HHS Office of Inspector General (OIG) and CMS Concerning Information Blocking in the Context of the Federal Anti-kickback Statute and Physician Self-referral Law
- Refer Illegal Business Practices to Appropriate Law Enforcement Agencies
- Work with CMS to Coordinate Health Care Payment Incentives and Leverage Other Market Drivers to Reward Interoperability and Exchange and Discourage Information Blocking
- Promote Competition and Innovation in Health IT and Health Care
ONC concludes the Report by noting that it will work with Congress to address information blocking.