Information Blocking One Year Later: Key ChallengesSes s ion 194, Augus t 12, 2021
1
Adam H. Greene, JD, MPH, FHIMSSAmy S. Leopard, JD, MHA, FHIMSS
DISCLAIMER: The views and opinions expressed in this presentation are solely those of the author/presenter and do not necessarily represent any policy or position of HIMSS.
2#HIMSS21
Welcome
Partner, Bradley, NashvilleAmy S. Leopard, FHIMSS
Partner, Davis Wright Tremaine, Washington DCAdam H. Greene , FHIMSS
#HIMSS21
Conflict of Interest
Adam H. Greene, JD, MPH, FHIMSS
Has no real or apparent conflicts of interest to report.
Amy S. Leopard, JD, MHA, FHIMSS
Has no real or apparent conflicts of interest to report.
3
#HIMSS21 4
Agenda
What is prohibited? What is permitted?
1
Example Challenges – with Solutions
3
Compliance Planning
2
#HIMSS21
Learning Objectives• Describe what is meant by “Information Blocking” and provide examples of information
blocking practices
• Evaluate useful Information Blocking Rule exceptions and pathways to help actors comply with the Information Blocking Rule
• Predict areas in the implementation of an information blocking compliance plan likely to present challenges and identify practical solutions to address them
5
What Practices are Prohibited?
6
Health Information Networks
and Exchanges
Health IT Developers of
Certified Health IT
Healthcare Providers
• Restricting Access, Exchange, Use of EHI authorized under state or federal law
• Limiting or Restricting Health IT Interoperability Element over which you have control
• Implementing HIT in non -standard ways, likely to restrict export of complete information sets
• Impeding innovation in access, exchange, or use of health IT-enabled care delivery
• Unless Practice: • Is required by Law• Falls under HHS Rulemaking Except ion
• Practice is likely to . . . • Interfere with [prevent, or materially discourage]
• The Access, Exchange or Use of• Electronic Health Information (EHI)
• When conducted by an Actor• Health IT Developer of Cert ified Hea lth IT or
Hea lth Informat ion Network or Exchange• who knows or s hould know of like lihood
• Healthcare provider • who knows pract ice is unreasonable
Examples:
#HIMSS21 7
USCDI v1 Data Elementsuntil October 6, 2022Source: HHS Office of the National Coordinator of Health Information Technology
Eight Exceptions
Source: HHS Office of the National Coordinator of Health IT, https://www.healthit.gov/topic/information-blocking
8
AnalysisEnforcement For health IT developers , HIN/HIEs
Up to $1M per violat ion
Final OIG rule this fa ll?
NPRM: OIG will not enforce conduct occurring before 60 days after final rule
For health care providers
What are “Appropria te dis incentives ”
Enforcement for conduct after April 5, 2021 and which agency uncerta in
Look at exis t ing authorit ies (OCR, CMS)
9
#HIMSS21
Information Blocking Getting Started – Year One
10
Confirm Actor Status Educate Core Staff Identify Sources of Electronic Health
Information
Identify Interoperability Elements over which you
have control
#HIMSS21
Information Blocking Digging in – Year One
11
Identify Potential Information Blocking Practices
Assess Applicable Exceptions,
Reasonableness of Practices
Assess Applicable Technology Solutions
Set Priorities and Mindthe Gaps
• Key Vendor dialogue• For exchange, identify and
exploit opportunities to leverage technology (e.g., use of FHIR/USCDI APIs, standard interfaces)
Focus on highest risks:• Any arbitrary denials or delays• Denials or delays of patient requests for
non-clinical reasons (e.g., patient is high malpractice lawsuit risk)
• Discriminatory practices (e.g., favoring affiliated providers’ requests over competitors)
• Privacy, Security, Risk of Harm, Infeasibility Exceptions require qualifying policies and risk assessment
• Document, document, document -factors for determination at the time, consistent and nondiscriminatory policies
ONC Response:
“There is no requirement under the information blocking regulations toproactively make available any EHI to patients or others whohave not requested the EHI. We note, however, that a delay in the release oravailability of EHI in response to a request for legally permissible access,exchange, or use of EHI may be an interference under the information blockingregulations (85 FR25813, 25878).”https://www.healthit.gov/curesrule/resources/information -blocking-faqs
13
Minors Records If parent or minor requests access to a minor’s record, look to HIPAA:
Parent has access to most EHI in preferred form and format (which may be the patient portal).
Parent does not get access to limited amount of PHI (e.g., where minor was able to consent to services without parent and did so).
Minor does not get access to most EHI. Minor does get access to limited amount of PHI (e.g., where minor was able to consent to
services without parent and did so) in preferred form and format (which may be the patient portal).
If you cannot segment, then denial of access through patient portal may fall within Information Blocking Rule’s infeasibility exception.
14
Sub-Question
Is registering for the patient portal treated as a proactive request for all EHI through the patient portal?
15
Analysis
Preventing harm exception may apply, but generally requires reasonable belief that “the access requested is reasonably likely to endanger the life or physical safety of the individual or another person.”
Guidance has clarified that intentional delay is likely an “interference”
If acting as a health care provider, it’s only information blocking if “provider knows that such practice is unreasonable.”
What amount of delay, if any, is reasonable?
17
Analysis May limit recipient’s uses and disclosures consistent with applicable
privacy laws. When privacy law provides discretion, what contractual limits are reasonable?
Security safeguards must directly relate, be reasonably tailored to specific security risks, consistent and non -discriminatory Concerns re app developers
Legitimate delays due to certain legal, project management, and technical resources → but is it legitimate or a delay tactic to Information Blocking?
19
Question #4
Are scanned records generated by another provider subject to the Information Blocking Rule?
20
Analysis
If portions of the record fall within the United States Core Data for Interoperability (USCDI) data set (through October 6, 2022) or the designated record set (thereafter), then seemingly yes, the scanned records are subject to the Information Blocking Rule.
21
#HIMSS21
Thank you!• Adam H. Greene, JD, FHIMSS
• [email protected]• www.linkedin.com/in/adam -greene -dwt• @HIPAAadam
• Amy S. Leopard, JD, FHIMSS• [email protected]• www.linkedin.com/in/LeopardHealthLaw• @Amy_Leopard
23