The rule prohibits specified “actors” from interfering with the access, exchange, and use of electronic health information with some exceptions.
The rule became effective April 5, 2021, but the compliance schedule has been extended because of the pandemic.
All health care providers who hold electronic health information, including those that do not use certified health information technology (IT) or are not HIPAA-covered entities, are required to comply with the rule. The rule also applies to developers of certified health IT, health information networks, and health information exchanges. The rule does not apply to healthcare providers who only use paper records.
The rule is a part of the 21st Century Cures Act, which became law in December 2016. A major focus of the act is the acceleration of research in the prevention and treatment of serious illness and of drug and medical device development. It includes provisions that push for greater interoperability and the adoption of electronic health records. A key principle of the act is to ensure patients have the information they need to make their own health care choices as the country moves toward a value-based health care system. The vision is that patients will be able to access their own health information simply and inexpensively by using applications that interface with health care providers’ systems.
Additionally, the 21st Century Cures Act implements interoperability rules for certified health IT. Greater interoperability, where different electronic health systems securely and reliably exchange patient information, should improve efficiency, decrease unnecessary diagnostic testing and improve communications between different entities involved in inpatient care. Patient safety issues also should be more apparent within health IT in the future.
The 21st Century Cures Act requires the use of a standardized set of health data classes and constituent data elements known as the U.S. Core Data for Interoperability (USCDI). The data set includes patient demographics, clinical notes, vital signs, patient goals, and much more. The USCDI establishes the baseline of information necessary for interoperability and electronic health information exchange. The information blocking rule initially prohibits actors from interfering with the access, exchange, and use of USCDI data, with some exceptions. The current version of the USCDI is here.
Beginning Oct. 6, 2022, the data covered by the rule will also include any information that a patient has the right to request copies of under HIPAA.
Eight categories of reasonable and necessary activities have been identified as activities that do not constitute information blocking as long as specified conditions are met. These are:
For full descriptions of the exceptions, including explanations of specified conditions, see this document from the Office of the National Coordinator for Health IT (ONC).
No, it does not. Financial disincentives are applied when a health care provider who participates in Medicare/Medicaid does not use certified health IT.
If a health care provider’s health information software/system has the capability to have a patient portal, that function must be enabled.
Dental practices that require a patient to submit a written request or to present in person will have to change their policies and procedures. Once patient identity is verified at the time of the request, a practice should comply with a patient’s request to the extent feasible or reach an agreement with the patient on an acceptable format for the copy. A dental practice may charge a fee to transfer information onto electronic media not to exceed the cost of labor and supply, and postage if applicable. No fee may be charged when a patient accesses their electronic information through the use of a portal or application program interface.
Although the ONC coordinates the adoption of both the information blocking rule and the interoperability standards, the Department of Health and Human Services Office of the Inspector General (OIG) will enforce the rule once a separate enforcement rule is finalized.
Dentists need to know about this rule so they do not implement policies and procedures that constitute information blocking. Although most dental electronic health record systems currently do not have the capability to permit application program interfaces (APIs) access to the data they hold, this situation is likely to change in the next several years.
HealthIT.gov summary - https://www.healthit.gov/topic/information-blocking
HealthIT.gov FAQ - https://www.healthit.gov/curesrule/resources/information-blocking-faqs
Information Blocking Exceptions - https://www.healthit.gov/sites/default/files/cures/2020-03/InformationBlockingExceptions.pdf
What Healthcare Providers Need to Know About Information Sharing & the Information Blocking Regulation Webinar - https://www.healthit.gov/curesrule/resources/webinars