Getty Images/iStockphoto

What Providers Can Expect for Information Blocking Enforcement

Information blocking enforcement across healthcare providers is on the horizon, with a proposed rule from CMS that would establish disincentives tied to Medicare reimbursement.

While the 21st Century Cures Act prohibited information blocking in 2016, healthcare interoperability has remained a persistent challenge across the country.

The Cures Act defines information blocking as any practice likely to interfere with accessing, exchanging, or using electronic health information (EHI). According to a survey, over 40 percent of nonfederal acute care hospitals observed practices they perceived to constitute information blocking in 2021.

However, a proposed rule from CMS is looking to bring the industry one step closer to achieving true interoperability.

Released in October 2023, the proposed rule would establish disincentives for healthcare providers found by the HHS Office of Inspector General (OIG) to have committed information blocking.

"This has been a long time coming, and now we have the final piece of the puzzle that's falling into place as far as enforcement of information blocking against healthcare providers," Sean Sullivan, a healthcare regulatory and compliance attorney at Alston & Bird Law Firm's Atlanta office, told EHRIntelligence in an interview.

However, Sullivan noted that it will probably take several months, or potentially years, for the release of a final rule to enforce information blocking against healthcare providers. Nonetheless, it is a step in the right direction.

The proposed legislation follows a final HHS OIG rule released in July 2023 that outlines information blocking enforcement for certified health IT developers, companies that resell certified health IT, health information networks, and health information exchanges (HIEs).

Under the final rule, these stakeholders could be subject to up to a $1 million penalty per instance of information blocking.

Instead of civil monetary fines, the proposed rule for healthcare providers puts forth information blocking disincentives tied to Medicare participation.

According to Sullivan, the difference in enforcement strategy goes back to statutory and regulatory language in the Cures Act.

Sullivan also said that tying disincentives to Medicare is perhaps the easiest way for HHS to enforce the information blocking rule, with approximately 95 percent of providers participating in Medicare.

"Because it's tied to Medicare participation and because most healthcare providers in the country participate in Medicare, obviously, it's still capturing a pretty good chunk of the pool," he said.

HHS has indicated that it may issue another rule in the future to apply to providers who do not participate in Medicare, Sullivan said.

However, for providers that participate in Medicare, the proposed disincentives could have a significant impact on their bottom line.

The proposed rule outlines three categories of providers that can engage in information blocking, each with an associated information blocking disincentive. 

First, under the Medicare Promoting Interoperability Program, an eligible hospital or critical access hospital (CAH) would not be a meaningful EHR user in an applicable EHR reporting period if found to be engaged in information blocking. Eligible hospitals would lose 75 percent of the annual market basket increase.

"It could be a significant amount of money that the hospital foregoes on those hospital adjustment payments," Sullivan emphasized.

On the other hand, CMS would slightly lower payment to 100 percent of reasonable costs instead of 101 percent for CAHs found to be engaged in information blocking. Sullivan noted that since CAHs are more strapped for resources, CMS is looking to give a little more benefit to these organizations.

Second, under the Promoting Interoperability performance category of MIPS, an eligible healthcare provider or group would not be a meaningful user of certified EHR technology in a performance period if found to be engaged in information blocking.

Therefore, the provider or group would receive a zero score in the Promoting Interoperability performance category of MIPS if required to report on that category. The Promoting Interoperability performance category score can be a quarter of a clinician or group's total MIPS score in a year.

Third, if found to be engaging in information blocking, the proposed rule would bar ACOs and ACO participants from participating in the Medicare Shared Savings Program (MSSP) for at least one year.

With a final rule on the horizon, healthcare providers should carefully examine their internal policies and procedures related to health information. 

"Look at your policies and procedures to see if there is anything that imposes any unnecessary obstacles or delays or prevents the requester from getting full access to all of the electronic health records," he said.

For instance, providers should examine how they respond to records requests, what information they make available on their patient portals, and what information is available to their vendors in their EHR system, Sullivan noted.

"If the patient goes to another provider and that clinician needs access to the records of the patient's other doctors, they should be able to share those records, and they're permitted to under existing law and HIPAA," he said.

However, if a provider imposes an unnecessary delay or obstacle in providing access to health records, such as an authorization form, that could be viewed as information blocking.

He noted that healthcare providers should also examine their EHR vendor relationships, as well as partnerships with revenue cycle management, billing, and release of information companies, to ensure information blocking compliance.

"If any of those vendors are doing anything that could be viewed as information blocking, I think that there could be a real concern," Sullivan said.

He noted that among the healthcare provider community, there's a concern that the activities of vendors could extend to healthcare providers themselves.

"Providers really should be taking a hard look at their vendor relationships and vendor contracts and thinking about whether there is anything that puts them at risk for information blocking," Sullivan pointed out.

Next Steps