Changes to Information Blocking Requirements Have Arrived

After many delays, a new Information Blocking (IB) deadline is here! We wanted to remind everyone that October 6, 2022 is the deadline for compliance with an extended definition of Electronic Health Information (EHI). IB "actors" (health care providers, Health Information Networks or Health Information Exchanges, and Health IT Developers of Certified Health IT) need to know what the new definition of EHI is and how they can check their compliance.

Expanded Definition of Electronic Health Information (EHI)

Beginning October 6, 2022, the definition of EHI, as it relates to IB regulations, is no longer limited to the data elements represented in the United States Core Data for Interoperability (USCDI) version 1. The new definition of EHI now includes all electronic protected health information on the HIPAA designated record set -- including unstructured data (data not already defined in data portability standards like the USCDI).

As a reminder, if an actor engages in a practice that is likely to prevent, or materially discourage, or otherwise interfere with the access, exchange, or use of EHI, they could be found to be information blocking.

There are eight exceptions to these IB requirements: 

The two exceptions that small practices will most likely be used, as applicable, are the Prevention of Patient Harm Exception and the Infeasibility Exception.

If you have to claim an exception, be sure to have sufficient contemporaneous documentation of the necessity of the exception and policies and procedures in place to claim the exception. We explain these exceptions in more detail in our Information Blocking webinar.

It is important to note that EHI does not include:

• psychotherapy notes as defined in 45 CFR 164.501; or
• information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding.

How Do I Make Sure I'm Complying with the New Requirement?

The good news is that the new definition of EHI for IB aligns with another rule providers and EHRs are already well acquainted with: the HIPAA Privacy Rule. This means that the same information that patients have a right to access under HIPAA is now the same information that cannot be "blocked" under the IB regulations. So compliance, at this point, should be straightforward for any IB actor who is also a HIPAA covered entity.

• Unlike HIPAA, however, IB regulations require the sharing of EHI not only to the patient directly, but also between business entities (B2B), like those that support payment, treatment, or general health care operations.
• Compliance does not require any specific technology or platforms to facilitate the sharing of EHI, you could use patient portals, other web interfaces, application programming interfaces (APIs), or any other technology that your practice already has the capability to share this data through, but you are required to meet one of the IB exceptions if you are not fulfilling the request in the manner requested.
• Blocking EHI is prohibited whether or not ONC-certified Health IT is involved. So, no matter what kind of technology is being used, the law applies to the access, exchange, and use of EHI.
• If you have a state or local law that prohibits the sharing of EHI, then you do not need to comply with the new regulations, as the state or local law overrides them. 
  

Next Steps

• Stay tuned in the weeks to come as we provide more resources, policies, and education about Information Blocking. 
  • Subscribe to our blog to get alerts on this and other important issues. You can subscribe using the field in our website footer below.
• If you’re not a MarsdenAdvisors client and you want hands-on, personalized assistance, contact us and we will have your back.
•