Information Blocking

| | January 15, 2024

Information Blocking

Since 2022, allergists have been required to comply with requirements against information blocking – with regards to electronic health information (EHI). The Office of the National Coordinator for Health Information Technology (ONC) has not enforced or issued penalties for physicians violating the information blocking prohibition – until now. In a new proposed rule, the ONC and the Centers for Medicare and Medicaid Services (CMS) propose to penalize allergists who violate the rule via the Merit-based Incentive Payment System (MIPS) program. The proposals described in this article have not yet been finalized.

What Is Information Blocking?

Information blocking is broadly defined as an act or omission by a health care provider (including physicians and practitioners) that is likely to interfere with access, exchange, or use of EHI. For example, information blocking may occur if an allergy practice refuses to provide a patient’s EHI to an unaffiliated provider for treatment purposes after the patient requests the transfer of data. However, there are exceptions. An allergist is not considered to have committed information blocking if the practice meets one of eight exceptions detailed at the end of this article.

What Is EHI?

EHI refers to electronic protected health information included in a designated record set. A designated record set includes:

  • The medical records and billing records about individuals.
  • The enrollment, payment, claims adjudication, and case or medical management of record systems maintained by or for a health plan.
  • Records that are used, in whole or in part, to make decisions about individuals.

What Are the Proposed Penalties?

CMS has proposed three separate penalties applicable to hospitals, Accountable Care Organizations (ACOs), and MIPS clinicians. This article only describes the proposed enforcement against MIPS clinicians.

Under the proposed rule, if a provider is determined to have committed information blocking, they will receive a “zero” score on the MIPS Promoting Interoperability performance category, which is a quarter of the total final composite score under MIPS. However, this penalty would not apply to small practices (15 or fewer clinicians) that receive reweighting of the Promoting Interoperability performance category, as long as they do not submit data for the performance category.

In addition, after a disincentive has been imposed, ONC will post – on its public website – information about the actors (individuals or entities) who have committed information blocking, including the actor’s name and business address, the information blocking practice, and the disincentive applied.

The Advocacy Council will update members on enforcement requirements when the proposed rule is finalized.

What Is the Current Investigation Process?

Alleged instances of information blocking can be reported to the Office of Inspector General (OIG). The OIG has discretion to determine which claims of information blocking it would like to pursue. The OIG has indicated it will prioritize complaints that:

  • Resulted in, are causing, or have the potential to cause patient harm.
  • Significantly impacted a provider’s ability to care for patients.
  • Were of long duration.
  • Caused financial loss to Federal health care programs.

Information blocking violations also include a knowledge requirement for health care providers – providers must “know that such practice is unreasonable” – and that the practice will discourage access to EHI. After the OIG determines that information blocking has occurred, it will refer the complaint to CMS to impose penalties.

Eight permitted exceptions to Information Blocking

An allergist is not considered to have committed information blocking if the practice meets one of the following eight exceptions:

  1. Preventing Harm Exception: The health care provider holds a reasonable belief that the practice will substantially reduce the risk of harm to a patient or another person that would otherwise arise from the access, exchange, or use of EHI affected by the practice.
  2. Privacy Exception: The health care provider does not fulfill a request to access, exchange, or use EHI to protect an individual’s privacy.
  3. Security Exception: The provider’s practice is directly related to safeguarding the confidentiality, integrity, and availability of EHI.
  4. Infeasibility Exception: The health care provider does not fulfill a request to access, exchange, or use EHI due to the infeasibility of the request.
  5. Health IT Performance Exception: The provider’s practice takes reasonable and necessary measures to make health IT temporarily unavailable or to degrade the health IT’s performance for the benefit of the overall performance of the health IT.
  6. Content and Manner Exception: Under certain circumstances, the health care provider may limit the content of its response to, or how it responds to, a request to access, exchange, or use EHI.
  7. Fees Exception: Under certain circumstances, an actor may charge fees for accessing, exchanging, or using EHI.
  8. Licensing Exception: Under certain circumstances, an actor may license interoperability elements for EHI to be accessed, exchanged, or used. (Health care providers are less likely to invoke this exception).

Read more on the Information Blocking Enforcement Proposed Rule.