Stakeholders focus on information blocking in ONC final rule

Information blocking, electronic health information

In its finalized rule, ONC defined eight situations when health IT developers and health information networks and exchanges can withhold information, including to prevent harm, protect privacy, ensure security or when it's impractical.

Jeffery Smith

The information blocking provision, as well as the API requirement, is part of ONC's mission to clear the way toward greater interoperability. Eventually, the same groups that are asked to adhere to the new regulation will be penalized should they not comply. What that means exactly, including how financial penalties will be enforced, is still being worked out, noted Jeffery Smith, vice president of public policy for the American Medical Informatics Association (AMIA).

The Office of Inspector General (OIG), as the enforcing body, will lead additional rule-making to determine financial penalties and coordinate with ONC to determine enforcement timelines, according to an ONC fact sheet on the information blocking provision.

Smith said it's a complex process to ascertain why health data isn't being shared -- either maliciously or unintentionally.

"AMIA and a lot of other organizations called for a supplemental rule-making around information blocking," Smith said. "The fact [that ONC is] going to implement it in a step-wise fashion is really smart. And the fact that it's going to give public stakeholders another opportunity to engage with OIG is also really smart."

Another key aspect of the information blocking provision is that compliance is being required in phases. Impacted organizations don't have to comply with the new regulation for the first six months. After that, organizations will be required to share electronic health information (EHI) contained in the U.S. Core Data for Interoperability, a set of standardized data elements that includes clinical notes, patient demographics and medications, for the next 24 months. Within two years, organizations will be required to share patients' full EHI.

In the final ONC rule, the definition of electronic health information now aligns with the HIPAA-designated electronic-protected health information, which covers medical history, test and lab results, insurance data and other personal health information.

Matthew Fisher

"While there might potentially be some dissatisfaction that arguably limits the amount of information that constitutes EHI and could potentially limit the scope of what's obtainable, I think having that alignment between these new regulations and the HIPAA regulations operationally makes sense," said Matthew Fisher, partner at Mirick O'Connell Attorneys at Law. "Then, also, you're not going to have fights over differing interpretations of things."

Matthew Michela, president and CEO of medical image sharing company Life Image, said enforcement of the information blocking provision, finding "bad actors" and penalizing them, is going to be a key element of the ONC rule.

Matthew Michela

"It's not like I want the federal government running around with a big heavy stick," Michela said. "If we early on don't message leeway, then I think there's a much higher degree of confidence I have that the industry is going to pay attention and respond."

Adhering to the new regulation

A key first step healthcare CIOs can take to prepare for the new regulations is to reach out and check the preparedness of their EHR vendors, which will be building out the ONC rule-required APIs, Smith said.

For EHR vendor Cerner Corp., a vocal proponent of the interoperability and information blocking rule, planning and compliance started last year, when the proposed regulation was unveiled, and continues today.

Dick Flanigan

"We have teams that work on this every day," said Dick Flanigan, senior vice president of Cerner's ITWorks business unit. "We have a large development and support organization that is putting in place the technology and the oversight and the support requirements for our clients."

Flanigan said the EHR vendor will be working aggressively to meet timeframes ONC laid out in the interoperability and information blocking rule. He said not only is it a significant amount of work for the EHR vendor to build out APIs and prepare them for patients, app developers and other companies, but for hospitals and providers as well, which have to build the infrastructure for meeting patient requests for data.

"Our industry was concerned about this burden on our provider clients and the industry itself, and I think those are real concerns," Flanigan said. "But the overriding interest of making information accessible to patients so they can control their health information and how that leads to better quality outcomes and lowering of costs over time … the juice is worth the squeeze, so to speak."