Information Blocking: What to Know About ONC’s Information Blocking Policy

1. Where Did the Cures Act Information Blocking Rule Come From? 
2. What is Information Blocking According to the Cures Act?
3. What Does the Information Blocking Policy Mean for Me?
   1. How This Policy Affects Behavioral Health And I/DD Providers
4. How Does Information Blocking Actually Work? 
   1. Key Definitions from ONC’S Information Blocking Rule
      2. What Data Can Be Requested?
5. Exceptions to Information Blocking
   1. What Information is My Agency NOT Required to Share? 
   2. 8 Information Blocking Exceptions
6. Information Blocking: What You Need to Know to Move Forward

Where Did the Cures Act Information Blocking Rule Come From? 

Let’s take a look at the genesis of the Information Blocking Rule. There is not one single answer, but instead, a variety of different forces involved.

Over the past number of years, the emphasis has been on making sure that individuals have access to their own health information. That health information could be used in a variety of ways to improve care and address patient safety issues. 

With this increased emphasis on health literacy and individual health promotion, there has been an explosion of interest in the development of healthcare apps with companies seeking data to meet the needs of patient/consumer-focused applications. 

Having the ability to access this information and make it available to individuals and practitioners became a priority to the Federal Government, which is reflected in the Cures Act.

The Cures Act also includes a number of provisions that push for greater interoperability, adoption of electronic health records (EHRs) and support for human services programs. A couple years later, in May 2020, ONC published its Final Rule on information blocking, to lay out clear rules around information blocking in healthcare.

You may be wondering what Information Blocking is, and what it has to do with you and the services you provide. To start, we need to first define Information Blocking and Electronic Health Information (EHI).

Information Blocking: As defined by Congress, Information Blocking is anything that interferes with, prevents, or materially discourages access, exchange, or use of electronic health information (EHI). The Office of the National Coordinator (ONC) was given the responsibility for the implementation of the policy.

Simply stated, as a provider, you are obligated to provide EHI that you maintain for any individual to that individual, or others designated by the individual, in a timely and consumable manner.

Electronic Health Information (EHI): HHS defines electronic health information, or EHI, to mean electronically protected health information (ePHI) as defined in HIPAA, to the extent that ePHI would be included in a designated record set. De-identified data (such as de-identified patient data collected for research purposes) is excluded from the definition of EHI and may be exchanged without concern.

What Does the Information Blocking Policy Mean for Me?

Now for the question of what it means to you. The first thing to know is that until someone comes knocking on your door for information, there are no active steps your organization needs to take at this point. 

When you do get a request for information, your EHR vendor will work with you on your data sharing journey and help you determine if an exemption applies. 

Foothold’s software is a Certified EHR and meets the condition of certification. Our software will continue meeting certification standards as the Cures Act is implemented and new conditions are set. 

Your only job right now is to ensure you understand the rule and its exemptions, so that you know when to reach out for assistance. 

How this Policy Affects Behavioral Health And I/DD Providers

If the new Information Blocking policy has not been at the top of your “need to learn about” list, you are likely not alone. In the world of Behavioral Health and I/DD services, there have been strict rules surrounding the release of behavioral health information, a lack of data standardization, and a relative lack of external access to data. 

While most of the healthcare world has very sophisticated standardized data sets with full interoperability functionality, the Behavioral Health and I/DD provider community as a whole does not have these two attributes.

Yes, there are pockets of sophisticated data sets and a few providers whose EHRs have sophisticated interoperability functionality, but the majority of data generated is free text and not standardized. 

Moreover, the adoption of certified EHRs is not on par with the adoption rates of certified EHRs for primary care and other specialty areas. Primarily, this is because the majority of Behavioral Health and I/DD practitioners were not eligible professionals covered by the Meaningful Use program.

While the impact on the Behavioral Health and I/DD world is not completely clear at this point in time, it is clear that the demand for data in the primary care setting and other specialty areas has already exploded. 

It is likely only a matter of time before the demand for data in the Behavioral Health and I/DD world will grow exponentially like it has in the primary care world. 

There have been many concerns with the gathering of PHI for these applications, the obvious ones are privacy and security, standardization of data, and protocols from a technical perspective. 

But there is also the responsibility to provide this information in a consumable and timely manner. Many of these concerns are addressed in ONC’s information blocking rule, but time will tell how they play out. 

Foothold is committed to being a resource for agencies in this process. We’ll help our clients understand the basics and work closely with them when they receive formal requests for information.

How Does Information Blocking Actually Work? 

Some Key Definitions from ONC’s Information Blocking Rule

In the Final Rule, ONC defines and outlines information blocking and/or those activities that are considered likely to interfere with the access, exchange, or use of EHI, by “actors”.

Actors are defined as: healthcare providers, Health IT developers of Certified Health IT, and Health Information Exchanges (HIEs) and Health Information Networks (HINs).

In the Final Rule, ONC defines some additional key terms, including “electronic health information,” which updates the general definition of “protected health information” under HIPAA. 

For developers of EHRs, the Rule also provides guidance on how they must comply with these information blocking provisions as a “Condition of Certification.”

What Data Can Be Requested?

This can get somewhat complicated. The Cures Act marks a shift from Common Clinical Data Set (CCDS) to the United States Core Data for Interoperability (USCDI). 

The deadline for Health IT developers to update their software to the USCDI standard is 24 months after publication of the Cures Act in the Federal Register. This will mean the USCDI and the CCDS will coexist in some fashion for the next two years.

 The USCDI will receive regular annual updates, expanding the data set standard for exchange. The USCCI includes new data classes and elements, including support for: provenance of data, clinical notes, pediatric vital signs, address, email, and phone number.  

Below is just a sampling of the elements that can be requested and that you must be prepared to share under the new policy. A full list can be found here.

• Demographics
• Allergies
• Consultation Notes
• History and Physical
• Pathology Report Narratives
• Medication Prescription and Monitoring
• Provenance
• Smoking Status
• Discharge Summary Notes

Exceptions to Information Blocking

What Information is My Agency NOT Required to Share? 

There are a variety of exceptions to sharing information. One of the most notable exceptions is that Psychotherapy Notes do not need to be shared. 

To avoid information blocking, you should not include Diagnostic Information, Progress Notes, etc. within your Psychotherapy Notes. 

8 Information Blocking Exceptions

One of the most critical pieces of the ONC Final Rule was the creation of eight exceptions to information blocking, for when actors should not or do not have to exchange EHI with other entities. These exceptions are as follows: 

1) Preventing Harm Exception

It will not be information blocking for an actor to engage in practices that are reasonable and necessary to prevent harm to a patient or another person, provided certain conditions are met.

2) Privacy Exception

It will not be information blocking if an actor does not fulfill a request to access, exchange, or use EHI in order to protect an individual’s privacy, provided at least one of the following conditions are met:

• Precondition not satisfied.
• Health IT developer of certified health IT not covered by HIPAA.
• Denial of an individual’s request for their EHI consistent with HIPAA.
• Respecting an individual’s request not to share information. 

3) Security Exception

It will not be information blocking for an actor to interfere with the access, exchange, or use of EHI in order to protect the security of EHI, provided certain conditions are met. 

4) Infeasibility Exception

It will not be information blocking if an actor does not fulfill a request to access, exchange, or use EHI due to the infeasibility of the request, provided certain conditions are met.

The practice must meet one of the following conditions:

• Uncontrollable events.
• Segmentation.
• Infeasibility under the circumstances.

The actor must provide a written response to the requestor within 10 business days of receipt of the request with the reason(s) why the request is infeasible.

5) Health IT Performance Exception

It will not be info blocking for an actor to make health IT temporarily unavailable or to degrade the health IT’s performance, provided certain conditions are met.

6) Content and Manner Exception

It will not be information blocking for an actor to limit the content of its response to a request to access, exchange, or use EHI or the manner in which it fulfills a request to access, exchange, or use EHI, provided certain conditions are met.

• Content Condition: Establishes the content an actor must provide in response to a request to access, exchange, or use EHI in order to satisfy the exception.
• Manner Condition: Establishes the manner in which an actor must fulfill a request to access, exchange, or use EHI in order to satisfy this exception.

7) Fees Exception

It will not be information blocking for an actor to charge fees, including fees that result in a reasonable profit margin, for accessing, exchanging, or using EHI, provided certain conditions are met.

8) Licensing Exception

It will not be info blocking for an actor to license interoperability elements for EHI to be accessed, exchanged, or used, provided certain conditions are met.

Information Blocking: What You Need to Know to Move Forward

Policy around information blocking can be complicated to understand and is still developing. The most important thing that your agency can do is to make sure that you understand the rules around information blocking. For our customers, we’re prepared to help them understand and implement these regulations around information blocking, so that they can share data efficiently and securely.