Getty Images/iStockphoto

News

ASTP highlights ongoing issues with information blocking

Despite prohibition of information blocking in April 2021, issues with the access, exchange and use of electronic health information (EHI) persist across the care continuum.

Hannah Nelson
By
Published: 24 Oct 2024

Since the information blocking regulation went into effect in April 2021, the Assistant Secretary for Technology Policy and ONC has received daily information blocking complaints, according to a Health IT Buzz blog post.

Notably, almost 90% of information blocking complaints received by ASTP/ONC have been against healthcare providers.

ASTP listening sessions have revealed various concerns about potential information blocking activity. For instance, healthcare providers might be imposing preconditions on the access, exchange and use of electronic health information (EHI) that the HIPAA Privacy Rule or jurisdictional laws do not require.

Other concerns include perceived barriers to data access, such as gatekeeping, delays and challenges in establishing the connection or registration of apps for patient data access.

ASTP has outlined certain practices that would or would likely implicate the information blocking regulations in rulemaking and FAQs.

For instance, the following practices would likely constitute information blocking:

  • A healthcare provider who has a locally hosted EHR certified to 170.315(g)(10) does not automatically publish its service base URLs and only provides them to specific apps, preventing applications from accessing data that should be readily available through standardized application programming interfaces (APIs).
  • A healthcare provider who locally manages its FHIR servers without a certified API developer's help refuses to provide a certified API developer with the FHIR service base URL(s) necessary for patients to access their EHI.
  • A healthcare provider chooses not to allow patients to directly transmit or request for direct transmission of their EHI to a third party when their EHR developer's patient portal offers this capability.
  • A healthcare provider has the capability to provide same-day EHI access in a form and format requested by a patient or a patient's healthcare provider but takes several days to respond.
  • A healthcare provider states that the certified API is only available for patient access and not for access by other authorized parties such as other providers.

Practices by developers of certified health IT

Stakeholders have also raised concerns regarding practices by developers of certified health IT. For instance, individuals have highlighted concerns that developers fail to publish service base URLs for patients' access to their EHI and only provide the URLs to specifically approved apps.

Additionally, the blog post emphasized that an actor's refusal to register an app that allows patients to access EHI would effectively prevent its use and likely implicate information blocking.

Other examples in the Cures Act Final Rule of practices by certified health IT developers that could implicate information blocking include the following:

  • Refusing to license or grant the necessary rights to distribute apps that use an API's interoperability elements, or refusing to provide the services required to enable these applications to function in production environments.
  • Requiring a developer to grant access to the app's source code or other intellectual property as a condition for listing the app on a certified health IT platform.
  • Charging app developers a substantial fee to list their apps on the developer's platform, unless the app developer agrees not to deploy the app in any other EHR vendors' app stores.

ASTP encourages all information blocking actors to review the examples of practices that could implicate information blocking in the Cures Act Final Rule. The agency will continue to engage with the Office of Inspector General to monitor regulatory concerns related to information blocking and the certification program.

Hannah Nelson has been covering news related to health information technology and health data interoperability since 2020.

Dig Deeper on Heathcare policy and regulation

xtelligent Rev Cycle Management
xtelligent Patient Engagement
xtelligent Healthtech Analytics
xtelligent Healthtech Security
xtelligent Virtual Healthcare
Close