Information Blocking One Year Later: Key ChallengesSes s ion 194, Augus t 12, 2021

1

Adam H. Greene, JD, MPH, FHIMSSAmy S. Leopard, JD, MHA, FHIMSS

DISCLAIMER: The views and opinions expressed in this presentation are solely those of the author/presenter and do not necessarily represent any policy or position of HIMSS.

2#HIMSS21

Welcome

Partner, Bradley, NashvilleAmy S. Leopard, FHIMSS

Partner, Davis Wright Tremaine, Washington DCAdam H. Greene , FHIMSS

#HIMSS21

Conflict of Interest

Adam H. Greene, JD, MPH, FHIMSS

Has no real or apparent conflicts of interest to report.

Amy S. Leopard, JD, MHA, FHIMSS

Has no real or apparent conflicts of interest to report.

3

#HIMSS21 4

Agenda

What is prohibited? What is permitted?

1

Example Challenges – with Solutions

3

Compliance Planning

2

#HIMSS21

Learning Objectives• Describe what is meant by “Information Blocking” and provide examples of information

blocking practices

• Evaluate useful Information Blocking Rule exceptions and pathways to help actors comply with the Information Blocking Rule

• Predict areas in the implementation of an information blocking compliance plan likely to present challenges and identify practical solutions to address them

5

What Practices are Prohibited?

6

Health Information Networks

and Exchanges

Health IT Developers of

Certified Health IT

Healthcare Providers

• Restricting Access, Exchange, Use of EHI authorized under state or federal law

• Limiting or Restricting Health IT Interoperability Element over which you have control

• Implementing HIT in non -standard ways, likely to restrict export of complete information sets

• Impeding innovation in access, exchange, or use of health IT-enabled care delivery

• Unless Practice: • Is required by Law• Falls under HHS Rulemaking Except ion

• Practice is likely to . . . • Interfere with [prevent, or materially discourage]

• The Access, Exchange or Use of• Electronic Health Information (EHI)

• When conducted by an Actor• Health IT Developer of Cert ified Hea lth IT or

Hea lth Informat ion Network or Exchange• who knows or s hould know of like lihood

• Healthcare provider • who knows pract ice is unreasonable

Examples:

#HIMSS21 7

USCDI v1 Data Elementsuntil October 6, 2022Source: HHS Office of the National Coordinator of Health Information Technology

Eight Exceptions

Source: HHS Office of the National Coordinator of Health IT, https://www.healthit.gov/topic/information-blocking

8

AnalysisEnforcement For health IT developers , HIN/HIEs

Up to $1M per violat ion

Final OIG rule this fa ll?

NPRM: OIG will not enforce conduct occurring before 60 days after final rule

For health care providers

What are “Appropria te dis incentives ”

Enforcement for conduct after April 5, 2021 and which agency uncerta in

Look at exis t ing authorit ies (OCR, CMS)

9

#HIMSS21

Information Blocking Getting Started – Year One

10

Confirm Actor Status Educate Core Staff Identify Sources of Electronic Health

Information

Identify Interoperability Elements over which you

have control

#HIMSS21

Information Blocking Digging in – Year One

11

Identify Potential Information Blocking Practices

Assess Applicable Exceptions,

Reasonableness of Practices

Assess Applicable Technology Solutions

Set Priorities and Mindthe Gaps

• Key Vendor dialogue• For exchange, identify and

exploit opportunities to leverage technology (e.g., use of FHIR/USCDI APIs, standard interfaces)

Focus on highest risks:• Any arbitrary denials or delays• Denials or delays of patient requests for

non-clinical reasons (e.g., patient is high malpractice lawsuit risk)

• Discriminatory practices (e.g., favoring affiliated providers’ requests over competitors)

• Privacy, Security, Risk of Harm, Infeasibility Exceptions require qualifying policies and risk assessment

• Document, document, document -factors for determination at the time, consistent and nondiscriminatory policies

Question #1

Do I need to proactively post all EHI to the patient portal?

12

ONC Response:

“There is no requirement under the information blocking regulations toproactively make available any EHI to patients or others whohave not requested the EHI. We note, however, that a delay in the release oravailability of EHI in response to a request for legally permissible access,exchange, or use of EHI may be an interference under the information blockingregulations (85 FR25813, 25878).”https://www.healthit.gov/curesrule/resources/information -blocking-faqs

13

Minors Records If parent or minor requests access to a minor’s record, look to HIPAA:

Parent has access to most EHI in preferred form and format (which may be the patient portal).

Parent does not get access to limited amount of PHI (e.g., where minor was able to consent to services without parent and did so).

Minor does not get access to most EHI. Minor does get access to limited amount of PHI (e.g., where minor was able to consent to

services without parent and did so) in preferred form and format (which may be the patient portal).

If you cannot segment, then denial of access through patient portal may fall within Information Blocking Rule’s infeasibility exception.

14

Sub-Question

Is registering for the patient portal treated as a proactive request for all EHI through the patient portal?

15

Question #2

Can I delay releasing test results to first speak with the patient?

16

Analysis

Preventing harm exception may apply, but generally requires reasonable belief that “the access requested is reasonably likely to endanger the life or physical safety of the individual or another person.”

Guidance has clarified that intentional delay is likely an “interference”

If acting as a health care provider, it’s only information blocking if “provider knows that such practice is unreasonable.”

What amount of delay, if any, is reasonable?

17

Question #3

Can I contractually limit access, exchange, or use of EHI?

18

Analysis May limit recipient’s uses and disclosures consistent with applicable

privacy laws. When privacy law provides discretion, what contractual limits are reasonable?

Security safeguards must directly relate, be reasonably tailored to specific security risks, consistent and non -discriminatory Concerns re app developers

Legitimate delays due to certain legal, project management, and technical resources → but is it legitimate or a delay tactic to Information Blocking?

19

Question #4

Are scanned records generated by another provider subject to the Information Blocking Rule?

20

Analysis

If portions of the record fall within the United States Core Data for Interoperability (USCDI) data set (through October 6, 2022) or the designated record set (thereafter), then seemingly yes, the scanned records are subject to the Information Blocking Rule.

21

#HIMSS21

Questions

22

#HIMSS21

Thank you!• Adam H. Greene, JD, FHIMSS

• AdamGreene@dwt.com• www.linkedin.com/in/adam -greene -dwt• @HIPAAadam

• Amy S. Leopard, JD, FHIMSS• aleopard@Bradley.com• www.linkedin.com/in/LeopardHealthLaw• @Amy_Leopard

23