On June 24, 2024, the Department of Health and Human Services (“HHS”) released a final rule (“Disincentives Final Rule”) establishing disincentives for certain healthcare providers that have committed information blocking. The information blocking disincentives directly impact Medicare-enrolled healthcare providers or suppliers including hospitals, critical access hospitals, MIPS-eligible clinicians, and ACOs. The Disincentives Final Rule has been submitted to the Office of the Federal Register for publication and will become effective 30 days after Federal Register publication.
Continue Reading Healthcare Providers Who Engage in Information Blocking Will Face Disincentives Described in an HHS Final RuleSearch results for: "information blocking"
ONC Releases Final Rule on Information Blocking and Health IT Certification Program Updates, Including Requirements Related to AI
On December 13, 2023, the U.S. Department of Health and Human Services’ (HHS) Office of the National Coordinator for Health Information Technology (ONC) released the Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing (HTI-1) Final Rule.
Continue Reading ONC Releases Final Rule on Information Blocking and Health IT Certification Program Updates, Including Requirements Related to AIHHS-OIG Releases Final Rule Implementing Information Blocking Penalties
On June 27, 2023, the Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”) issued a final rule (“OIG Final Rule”) that implements statutory provisions for its enforcement of the information blocking penalties created by the 21stCentury Cures Act (“Cures Act”) and assessment of civil money penalties (“CMPs”) of up to $1 million per violation of information blocking for certain individuals or entities subject to the information blocking requirements.
Continue Reading HHS-OIG Releases Final Rule Implementing Information Blocking PenaltiesONC Issues Interim Final Rule Extending Compliance Dates for the Information Blocking and the ONC Health IT Certification Program
Last week, the Office of the National Coordinator for Health Information Technology (ONC) published an Interim Final Rule: Information Blocking and the ONC Health IT Certification Program: Extension of Compliance Dates and Timeframes in Response to the COVID-19 Public Health Emergency (Interim Final Rule) providing needed relief to entities working toward compliance. In the 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program Final Rule (ONC Rule), issued on May 1, 2020, ONC defines the entities that are subject to the rule’s provisions. ONC refers to these entities as Actors. Actors include health care providers, health IT developers of certified health IT, Health Information Exchanges (HIEs), and Health Information Networks (HINs). The Interim Final Rule provides these Actors with “additional flexibilities” to implement the provisions of the ONC Rule including updated compliance dates. ONC explained that the extension is due to the outbreak of COVID-19 public health emergency; however, this will also provide ONC with additional time to provide answers to the numerous questions that the agency has received as Actors work toward compliance. ONC is accepting comments on this rule, as is typical for an interim final rule. These comments must be submitted to regulations.gov by January 4, 2021.
The Interim Final Rule extends “the applicability date for the information blocking provisions and compliance dates and timeframes for certain Program requirements, including compliance dates for certain 2015 Edition health IT certification criteria and Conditions and Maintenance of Certification requirements.” See CMS and ONC Enforcement Deadlines Chart for more information about compliance dates for the ONC Rule.
Information Blocking
Health Information Blocking Leads to New Requirements and May Lead to Enforcement Actions
The federal government has spent billions to promote adoption and “meaningful use” of health information technology (HIT). There is growing government interest in ensuring that HIT is used to support patient care, but doing so requires electronic exchange of information. Congress, the Department of Health and Human Services (HHS), and States have taken action to identify and prevent “information blocking”—interference with the exchange or use of electronic health information—by health care providers, hospitals, technology developers, and service providers. And there likely will be more guidance, statutory and regulatory changes, and enforcement by federal agencies and states in the coming year.
Congress Requests Information and Takes Action
On December 21, 2014, Congress raised concerns about health information blocking, claiming that such activities “frustrate Congressional intent” under the Health Information Technology for Economic and Clinical Health (HITECH) Act, “devalue taxpayer investments,” and make HIT “less valuable and more burdensome” to hospitals and health care providers. Congress urged the Office of the National Coordinator for Health Information Technology (ONC) at HHS to certify only HIT that does not block health information exchange. Congress also requested ONC publish a detailed report on the scope of health information blocking and a strategy to address it, within 90 days.
ONC Releases Report to Congress on Health Information Blocking
On April 10, ONC released its Report to Congress on Health Information Blocking (the “Report”). Here is a brief summary of the report, the full text of which is available here.
ONC has stated that its views health information blocking as frustrating the goals of HITECH and the Meaningful Use initiative. ONC defines information blocking as conduct which:
- Interferes with the ability of authorized persons or entities to exchange electronic health information; and
- is done knowingly with the intent to block information exchange; and
- is not justified by reasonable business, technological, or public policy reasons.
ONC recognizes that there may legitimate reasons why EHR systems are not interoperable. The Report focuses on the non-legitimate reasons, and highlights the following behavior:
- Contract terms which restrict individuals’ access to their EHR;
- Charging prices or fees for data exchange, portability, and interfaces which make exchanging EHR cost prohibitive;
- Developing health IT in “non-standard” ways which may increase the costs of sharing health information (particularly when interoperability standards have been adopted);
- Developing health IT in ways which may “lock in” users or their data, leading to fraud, waste or abuse, or otherwise impede innovation in health information exchange.
The Report is careful to explain that ONC would weigh such practices against legitimate considerations whether they are technological, regulatory, or economic in nature.
Continue Reading ONC Releases Report to Congress on Health Information Blocking
CMS Issues First FAQs on the CMS Interoperability and Patient Access Rule
On May 14, 2021, CMS published FAQs addressing questions that have been raised regarding the Interoperability and Patient Access final rule published May 2020. CMS is careful to note that the FAQs “do not have the force and effect of law and are not meant to bind the public in any way, unless specifically incorporated into a contract, as directed by a program.” CMS has provided links and other guidance, including regarding technical standards, best practices, and privacy and security resources, and has directly addressed questions raised by trade associations and others.
We summarize some of the key points addressed in the FAQs. We encourage you to review the full CMS response where questions arise in your implementation. Continue Reading CMS Issues First FAQs on the CMS Interoperability and Patient Access Rule
HHS Proposes a New Rule to Govern Release and Maintenance of Agency’s Guidance Documents
On August 20, 2020 the Department of Health and Human Services (HHS) published a notice of proposed rulemaking (85 Fed. Reg. 51397) on good practices for the release and maintenance of agency guidance documents. Comments must be posted by 11:59 pm on September 16, 2020.
As instructed in the October 9, 2019 Executive Order 13891 (EO), titled ‘‘Promoting the Rule of Law Through Improved Agency Guidance Documents (84 FR 55235 (Oct. 15, 2019)), HHS proposes to issue regulations to ensure (i) there is proper notice of any new guidance, and (ii) that the guidance does not impose obligations on regulated parties that are not already reflected in duly enacted statutes or regulations.
This proposed rule appears to follow the Office of Management and Budget, “Final Bulletin for Agency Good Guidance Practices,” issued on January 25, 2007 (72 Fed. Reg. 3432) with respect to the significant guidance document that may, for example “adversely affect in a material way the economy, a sector of the economy, productivity, competition, jobs, the environment, public health or safety, or State, local, or tribal governments or communities” or “materially alter the budgetary impact of entitlements, grants, user fees, or loan programs or the rights and obligations of recipients thereof” and generally requires a 30 day notice and comment period.
Background
Compliance Reference Chart for ONC and CMS Interoperability Rules
Last week, the Center for Medicare & Medicaid Services (CMS) finalized long-awaited regulations on Interoperability and Patient Access (the “CMS Rule”) to require Medicare Advantage plans, Medicaid and Children’s Health Insurance Program (CHIP) managed care plans, state agencies, and Qualified Health Plan (QHP) issuers on federally-facilitated exchanges (“CMS Payers”) to provide patients easy access to their claims and encounter information, as well as certain clinical information, through third-party applications of their choice. On the same day, the Office of the National Coordinator for Health Information Technology finalized its rules on Interoperability, Information Blocking, and the ONC Health IT Certification Program (the “ONC Rule”) related to the 21st Century Cures Act (Cures Act). The CMS Rule and ONC Rule have far-reaching impacts.
As individuals and organizations covered by the rules are considering how they may facilitate their access to health information to support patients, health care providers, and others, it is important to understand when provisions in the rules will be effective and timing and what acts may constitute violations of these rules. To help clients get familiar with these deadlines, we are providing this summary chart of compliance requirements and applicable deadlines to help your organization prepare for upcoming enforcement of the ONC Rule and the CMS Rule. For legal advice tailored to the specific needs of your organization, please reach out to Jodi Daniel, head of the firm’s Digital Health Practice at jdaniel@crowell.com.
As you read the chart, you should keep the following in mind:
Continue Reading Compliance Reference Chart for ONC and CMS Interoperability Rules
OCR Announces First Enforcement Action Under Its Right to Access Initiative
On Monday, the Office for Civil Rights (“OCR”) at the U.S. Department of Health & Human Services (“HHS”) announced an enforcement action against Bayfront Health St. Petersburg (“Bayfront”) for allegedly failing to provide a mother timely access to her unborn child’s prenatal medical records. The enforcement action is noteworthy in that it marks OCR’s first enforcement action under its Right of Access Initiative, announced earlier this year to focus more on enforcing patients’ rights to access their medical records without being overcharged.
After receiving a complaint in August 2018, OCR conducted an investigation indicating that Bayfront, a trauma and tertiary care center based in St. Petersburg, Florida, failed to provide the mother timely access to her unborn child’s fetal heart monitor records in accordance with the Health Insurance Portability and Accountability Act (“HIPAA”). HIPAA generally requires health care providers such as Bayfront to provide patients with access to their medical records, as well as those of their minor children, within 30 days of a request. HIPAA also prohibits charging more than a reasonable cost-based fee for such access.
Bayfront agreed to pay $85,000 to OCR to settle the potential HIPAA violation while not admitting to any wrongdoing. Bayfront also agreed to a corrective action plan including training, updating policies and procedures, and OCR monitoring.
This enforcement action signals a continued push from HHS to hold the health care industry accountable for giving individuals access to their health information. Earlier this year, the Office of the National Coordinator for Health Information Technology released proposed regulations on interoperability and information blocking and CMS released proposed regulations on interoperability also aimed at promoting patient access to their health information. In light of this enforcement action and regulatory activity, we recommend that covered entities carefully review their policies and procedures regarding individuals’ access to health information.