Information Blocking Still Happening After Cures Act
By Greg Freeman
The government mandates healthcare entities and others share patient information effectively. However, failures remain that threaten safety and pose liability risks.
- Fines can be as high as $1 million.
- Work closely with IT vendors to prevent information blocking.
- Enforcement could involve multiple agencies.
Information blocking is a threat to patient safety, but it still occurs regularly, despite the penalties for noncompliance laid out by the 21st Century Cures Act.
The Department of Health and Human Services (HHS) defines information blocking as “a practice that interferes with, prevents, or materially discourages access, exchange, or use of electronic health information,” except as required by law. Recently, the HHS Office of Inspector General announced is final rule establishing penalties of up to $1 million for any entities that block the flow of necessary health data.1
Information blocking still happens because no one is feeling the pain of noncompliance, says David Lareau, CEO of Medicomp Systems, a medical technology company in Chantilly, VA. Lareau compares the situation to years when Meaningful Use was introduced and everyone said they were complying, but many were not.
“It was discovered probably five or six years later that a lot of the people who said that they were complying with the quality requirements and submitting them properly were not. Then, there were these massive fines that went down for violating Meaningful Use,” Lareau explains. “That was substantial enough that people were calling us all of a sudden in a panic, asking how to make sure they were in compliance.”
Lareau sees the same thing playing out with information blocking. “Some of them are in compliance now, some of them will shortly, and others will drag their feet until there are actual penalties associated with it,” he predicts. “Those penalties can range from fines to reputational damage to all of a sudden not being allowed to participate in government health insurance programs like Medicare and Medicaid. That is yet to unfold, but I think we’ll see it over the next couple of years.”
Information blocking might be less common if the Cures Act took a different approach to ensuring the sharing of protected health information (PHI), says Wayne Singer, vice president of regulatory at Darena Solutions, a medical technology company based in Chesterfield, MO.
“It is unfortunate that the Cures Act focuses on information blocking when it should prioritize information sharing, penalizing noncompliance. If architected this way, it would have mirrored the HIPAA Privacy Rule’s approach, which protects patient health information with penalties for unauthorized sharing, data breaches, and law infractions,” Singer says. “To achieve information sharing, we must consolidate the information blocking rule, making all involved parties equally responsible for both the implementation and the consequences.”
In the well-established HIPAA law, covered entities and business associates are equally responsible for compliance, Singer says. By contrast, the information blocking rule introduced inconsistent timelines for different actors. Providers were expected to update some data elements by April 5, 2021, and expand to include all electronic PHI by Oct. 6, 2022. However, their electronic health record (EHR) technology partners had until Dec. 31, 2022, to demonstrate compliance.2
“This incongruity made it challenging for providers to comply with patients’ requests for health information when their EHR technology lacked the necessary updates,” Singer notes.
There is a similar discrepancy in the noncompliance penalties, Singer says. Providers face no defined penalties for information blocking, while technology partners could face fines up to $1 million.1 Despite most information blocking complaints from patients about their providers, HHS appears more focused on technology partners. As with HIPAA, all parties should be encouraged toward information sharing, with universal penalties for compliance failures.
“Hospitals can protect against information blocking allegations by actively collaborating with their health IT vendor, informing providers about the Cures Act’s stipulations, and emphasizing the enhanced patient outcomes from accessible health data,” Singer says.
The government is trying to shift the narrative from information blocking to information sharing, says Courtney Tesvich, RN, MBA, MJ, CHC, CHPC, vice president of regulatory and compliance at Nextech Systems, an EHR software company based in Tampa, FL.
“There’s this huge push to open up these information channels and really create this longitudinal health record for patients that can encompass all of their information and really provide a bigger picture of what’s going on for a patient holistically for any provider in the future,” Tesvich explains. “We still have a long way to go.”
The mechanisms in place for sharing information have potential, Tesvich says, but the information available for sharing is limited.
Healthcare organizations need to set up procedures that allow their staff to track any requests to ensure they are followed to completion. There has been a huge increase in HIPAA Patient Right of Access judgments, and Tesvich expects to see the same soon for information blocking.
“It’s interesting that when you look at the current information blocking reports that have been filed, out of the 800, about 650 to 700 of them have actually been filed by patients or their representatives,” Tesvich notes.
Information blocking occurs when data do not flow freely across the healthcare continuum, creating an interference of access, use, and exchange of electronic health information (EHI), says Bill Charnetski, executive vice president of health system solutions and government affairs with PointClickCare, a healthcare software company headquartered in Mississauga, Ontario, Canada. This can even happen when there is a practice or process in place that would prevent or materially discourage access or exchange of EHI.
To mitigate information blocking, it is essential to create the proper infrastructure to facilitate more visibility across the continuum and remove any existing technological barriers that might prevent this free flow of data.
Information blocking can severely affect patients and institutions that provide care.
“Information blocking can be extremely problematic because it slows innovation as well as quality, integrated, and coordinated care. Information blocking leads to patients enduring greater difficulty in accessing and having control of their health information, thus eliminating their visibility, and making them take a back seat in being more vocal and proactive with their healthcare,” Charnetski explains. “Simultaneously, providers who have sparse knowledge and historical context around a new patient’s medical history are limited in determining the best possible care and treatment they can provide, especially for high-needs patients in real time.”
HHS did not adopt additional aggravating and mitigating factors specific to information blocking as requested by some during a comment period. The agency had been urged to include considerations taking account of actors’ size, market share, history of compliance, and other factors when considering penalties, Charnetski notes.
Engaging in information blocking could create False Claims Act (FCA) liability for an actor, Charnetski says. If, for example, the health IT developer has falsified attestations as part of the ONC Health IT Certification Program, it may cause healthcare providers to file false attestations under the Merit-Based Incentive Payment System, which could lead to an FCA violation.
The enforcement documentation also details coordinated enforcement among multiple agencies. The document mentions OIG might coordinate enforcement with other agencies like CMS, the Federal Trade Commission, or other HHS agencies.2
“This means that anyone found to be engaging in information blocking might have to deal with multiple investigations from different federal agencies, which could lead to higher legal costs and more complex proceedings,” Charnetski explains. “To avoid these consequences, it’s important that changemakers realize there are improvements that can be made industry-wide to encourage widespread adoption of health information technology to enable more transparency. This will be critical for slow adopters and certain provider types, such as long-term and post-acute care facilities that currently sit outside of interoperability and health information exchange efforts.”
If a hospital itself believes it has been subject to information blocking, it is important to document these instances and key information about the scenarios, Charnetski says. They should consider if it may meet one of the allowed exceptions in the rule. If the data share is blocked and does not meet one of the allowed exceptions, the hospital should consider reporting it through the Information Blocking Portal for formal review.
“Historically, health systems have been hesitant to share information outside the walls of their facilities due to incomplete information and inefficient workflows. This has long created internal silos and widened care gaps,” Charnetski says. “Enabling more visibility and fostering transparency is the first step if information blocking is occurring. By collaborating with stakeholders across the continuum and making steps to improve connectivity via IT infrastructure, we can work collectively as one industry to not only improve interoperability, but also to significantly improve patient care.”
An important tool in managing risk is to ensure good, effective, and helpful information flow, but the healthcare industry struggles with balancing countless platforms and sources of information that leads to ineffective sharing of EHI, says Jon Zimmerman, CEO at Holon Solutions, a healthcare technology company based in Alpharetta, GA. Information blocking is problematic because patients share different healthcare information across providers and practices. They struggle to access all the information they need to make the best decisions for their health.
While the Cures Act has made strides toward bettering information-sharing processes, work remains.
“Information blocking can be inadvertent or purposeful. Both exist,” Zimmerman says. “When it is inadvertent, the appropriate thing to do is to let the blocker know and ask them to change it. When it is purposeful, by institution or by their vendor, the ONC and the Office of Management and Budget both want to know. Report it.”
- Howard JF, Schmeltzer PF. OIG releases final rule for information blocking penalties. July 31, 2023.
- Office of Inspector General. Grants, contracts, and other agreements: Fraud and abuse; information blocking; Office of Inspector General’s Civil Money Penalty rules. July 3, 2023.
Information blocking is a threat to patient safety, but it still occurs regularly, despite the penalties for noncompliance laid out by the 21st Century Cures Act. Recently, the HHS Office of Inspector General announced its final rule establishing penalties of up to $1 million for any entities that block the flow of necessary health data.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.