On Monday, ONC posted a new Information Blocking Frequently Asked Questions resource!  Here are a few of the highlights from all of the FAQs responded to by ONC:

Q:  Are health plans or other payers subject to the information blocking regulation?

A:  For purposes of the information blocking regulation in 45 CFR part 171, the term “actor” includes health care providers, health IT developers of certified health IT, and health information networks (HIN) or health information exchanges (HIE), as defined in 45 CFR 171.102. Although health plans and other payers are not specifically identified within any of these definitions, they also are not specifically excluded. To the extent an individual or entity that is a payer also meets the 45 CFR 171.102 definition of “health care provider,” “health IT developer of certified health IT” or “health information network or health information exchange,” that individual or entity would be considered an “actor” for purposes of information blocking. In addition, the HIN/HIE definition is a functional definition and should be reviewed for potential applicability to a health plan’s activities.  The Information Blocking Actors fact sheet on HealthIT.gov presents these definitions in an easy-to-use format. (See also Cures Act Final Rule page 85 FR 25803).

Q: For the period of time when Information Blocking is limited to USCDI data, how is an Actor expected to fulfill a request for USCDI data if they do not yet have certified health IT in place that includes an API with the USCDI standard?

A:  An actor is not automatically required to fulfill a request using the specific content and vocabulary standards identified in the United States Core Data for Interoperability (USCDI) standard for the representation of data classes and data elements, nor are they required to use certified technology or any specific functionality. The information blocking definition (45 CFR 171.103) provides that before October 6, 2022, electronic health information (EHI) is limited to the subset of EHI represented by the data elements identified by the USCDI standard. This limitation of EHI for purposes of the information blocking definition is not contingent on whether those data elements are recorded or represented using specific content and vocabulary standards in the USCDI standard in 45 CFR 171.213. On and after October 6, 2022, the information blocking regulation in 45 CFR part 171 pertain to all EHI as defined in 45 CFR 171.102.

Again, the information blocking regulation does not require the use of any specific standard or functionality. Instead, the “Content and Manner” exception, 45 CFR 171.301, outlines a process by which an actor may prioritize the use of standards in fulfilling a request for EHI in a manner that supports and prioritizes the interoperability of the data. This means that, for the purposes of information blocking, before October 6, 2022, an actor may fulfill a request with the EHI identified by the data elements represented in the USCDI standard, first in the manner requested and, if not, in an alternate manner agreed upon with the requestor, following the order of priority specified in the exception.

Q: Is an Actor required to fulfill a request for access, exchange or use of EHI with all the EHI they have for a patient or should the amount of EHI be based on the details of the request?

A: The fulfillment of a request for access, exchange or use of EHI, including what EHI is shared, should be based on the request. However, any activity by the actor that seeks to artificially restrict or otherwise influence the scope of EHI that may be requested may constitute interference and could be subject to the information blocking regulation in 45 CFR part 171.

In terms of fulfilling requests for EHI, it is important to remember that the requirement to fulfill requests for access, exchange, and use of EHI is in any case limited to what the actor may, under applicable law, permissibly disclose in response to a particular request. Under the information blocking regulation in 45 CFR part 171, the actor is only required to fulfill a request with the requested EHI that they have and that can be permissibly disclosed to the requestor under applicable federal and state law. However, for protected health information they have, but do not maintain electronically, all HIPAA requirements would still be applicable, including the right of access.

Q: If an Actor does not fulfill a request for access, exchange, and use of EHI in “any manner requested” that they have the technical capability to support, is the Actor automatically an information blocker unless they satisfy at least one of the Information Blocking exceptions?

A: Not necessarily. The eight information blocking exceptions defined in 45 CFR part 171 are voluntary and offer actors certainty that any practice meeting the conditions of one or more exceptions will not be considered information blocking. However, an actor’s practice that does not meet the conditions of an exception will not automatically constitute information blocking. Instead such practices will be evaluated on a case-by-case basis to determine whether information blocking has occurred.

Whether information blocking occurred in a particular case would be based on whether:

  • the individual or entity engaging in the practice is an “actor” as defined in 45 CFR 171.102;
  • the claim involves “EHI” as defined in 45 CFR 171.102;
  • the practice was required by law;
  • the actor’s practice met the conditions of an exception under 45 CFR 171;
  • the practice rose to the level of an interference under 45 CFR 171; and,
  • the actor met the requisite knowledge standard.

Please note, the knowledge standard varies based on the type of actor.  For health care providers, the standard is that the actor “knows that such practice is unreasonable and is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.” For health IT developers of certified health IT and health information networks (HINs) or health information exchanges (HIEs) the standard is that the actor “knows, or should know, that such practice is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.” In addition, we recommend review of the examples included in the Final Rule of what is and is not considered interference at 85 FR 25811.

 ______________ 

Subscribe to HERE to Legal HIE’s compliance library to gain access to sample policies, documents and tools for compliance with the Information Blocking Rule.  Take a look at our Table of Contents to our content library!