On March 9, 2020, the Office of the National Coordinator for Health Information Technology (“ONC”) and the Center for Medicare and Medicaid Services (“CMS”) published their long-awaited final rules that seeks to promote interoperability. Market participants waited longer than usual for this rule due to the Department of Health and Human Services (“HHS”) extending the comment period at the request of a variety of stakeholders.

The ONC’s rule (the “Final Rule”) supports interoperability by prohibiting “information blocking”.  Affected organizations (see below) will want to be considering the impact on contracts and developing compliance policies that reflect the requirements of the Final Rule. One aspect of needed compliance relates to the Final Rule’s exceptions to information blocking including a newly-added “content and manner” exception.

Generally, information blocking is defined as an action by an actor interfering with, preventing, or materially discouraging access, exchange, or use of electronic health information[1]  (“EHI”). Actors include health care providers, health IT developers, health information exchanges, or health information network. In the proposed rule, the ONC proposed seven exceptions to conduct that might otherwise be deemed information blocking. However, in the Final Rule, ONC created eight exceptions. Further, the ONC defined two categories of exceptions: (1) Exceptions that involve not fulfilling requests to access, exchange, or use EHI and (2) Exceptions that involve procedures for fulfilling requests to access, exchange, or use EHI. Each of the eight enumerated exceptions are categorized as follows:

Exceptions that involve not fulfilling requests to access, exchange, or use EHI include the following: (1) preventing harm to a patient or another person; (2) protecting an individual’s privacy; (3) protecting the security of EHI; (4) not fulfilling a request due to infeasibility; and (5) to make health IT temporarily unavailable or to scale down the health IT's performance for the benefit of the overall performance of the health IT. All exceptions include enumerated conditions that must be met in order to qualify for the exception.

Exceptions that involve procedures for fulfilling requests to access, exchange, or use EHI include the following: (6) limiting the content of its response to a request to access, exchange, or use EHI or the manner in which it fulfills a request to access, exchange, or use EHI; (7) charging fees, including fees that result in a reasonable profit margin; and (8) licensing interoperability elements for EHI to be accessed, exchanged, or used. The “content and manner” exception was added as the eighth exception in the Final Rule to accommodate stakeholder comments expressing concern regarding flexibility in the implementation of the information blocking prohibition, as well as comments requesting clarification regarding reasonable alternatives to provide access. As above, all exceptions include enumerated conditions that must be met in order to qualify for the exception.

It is important to note that a failure to fall within an exception does not necessarily mean that a practice constitutes information blocking. Each practice that may violate the information blocking prohibition will be analyzed on a case-by-case basis through investigation by the Office of Inspector General and/or ONC.

Epstein Becker and Green continues to review the ONC’s Final Rule as well as the CMS interoperability rule and will provide further analysis for stakeholders over the coming weeks.


[1] EHI is finalized in the final rule to mean electronic protected health information (ePHI) as the term is defined for HIPAA in 45 CFR 160.103. Until 24 months after the publication date of the final rule, EHI for purposes of the information blocking definition is limited to the EHI identified by the data elements represented in the USCDI standard adopted in § 170.213.

Back to Health Law Advisor Blog

Search This Blog

Blog Editors

Authors

Related Services

Topics

Archives

Jump to Page

Subscribe

Sign up to receive an email notification when new Health Law Advisor posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.