Getty Images

ONC Outlines Cures Act Information Blocking Reminders for EHI

The information blocking regulation's definition of EHI will extend from data in the USCDI version 1 to all EHI on October 6th, per the ONC Cures Act.

The 21st Century Cures Act Final Rule information blocking provisions require healthcare stakeholders to share all electronic health information (EHI) beginning on October 6th, 2022, according to a HealthITBuzz blog post.

When the Cures Act Final Rule was published, ONC limited the scope of EHI to the United States Core Data for Interoperability (USCDI) version 1. On October 6th, stakeholders must exchange all EHI, including unstructured data.

Steven Posnack, deputy national coordinator for health IT, noted that information blocking (IB) actors' practices include acts and omissions.

"Even though technology related practices may come up as a top-of-mind example, information blocking practices are inclusive of but not solely limited to them," Posnack wrote. "Other acts (e.g., contract negotiations and terms) and omissions could prevent, materially discourage, or otherwise inhibit the access, exchange, and use of EHI."

He also pointed out that not all electronic health information is EHI under the regulatory definition.

"The good news is that the EHI definition as of October 6th is something with which most IB actors have had 20 years of familiarity – the Designated Record Set (DRS) as defined under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule," Posnack explained.

Since almost all information blocking actors are HIPAA-covered entities or business associates, the DRS is a cornerstone shared between the information blocking regulations and HIPAA, he said.

"To put it simply, the same electronic protected health information (ePHI) that an individual has a right to access (and request an amendment to) under the HIPAA Privacy Rule is the same ePHI that IB actors can't 'block,'" Posnack wrote.

He noted that three exceptions require an information blocking actor to explain to the other party seeking to access or use EHI why a request for access, exchange, or use is not fulfilled.

  • The Licensing Exception: The regulations accommodate that in certain cases, a license to access, exchange, or use EHI may be needed for certain interoperability elements to be used. In these cases, upon "receiving a request to license an interoperability element for the access, exchange, or use of electronic health information, the actor must – (1) Begin license negotiations with the requestor within 10 business days from receipt of the request; and (2) Negotiate a license with the requestor, subject to the licensing conditions in paragraph (b) of this section, within 30 business days from receipt of the request."
  • The Infeasibility Exception: If a stakeholder seeks to meet this exception, "the actor must, within ten business days of receipt of a request, provide to the requestor in writing the reason(s) why the request is infeasible." As a result, any engagement with an information blocking actor that leads to them claiming to have met the Infeasibility Exception will generate a written response to the requestor as to the reason(s) why. At that point, the requestor could determine if they wish to submit an information blocking claim to ONC.
  • The Content and Manner Exception – This exception recognizes that two parties are free to reach an agreement, on their own terms, for a request to access, exchange, and use EHI. However, if the parties cannot reach an agreement, the Content and Manner Exception provides a set of steps for an IB actor to follow concerning the requestor.

Lastly, Posnack noted that information blocking claims are confidential and restricted from public disclosure.

The Cures Act prohibits ONC from disclosing information blocking claims or information that could be used to identify the source of information, except as may be necessary to carry out the purpose of the information blocking regulation.

"Once received, information blocking claims go through a review process and are shared with the OIG, which is responsible for conducting investigations and determining whether information blocking occurred," he wrote.

Next Steps