On October 30, 2023, the US Department of Health and Human Services (HHS) released a proposed rule for public comment that would establish disincentives for healthcare providers found by the HHS Office of Inspector General (OIG) to have committed information blocking. The proposed rule, which reflects contributions from throughout the department, implements the HHS Secretary’s authority under section 4004 of the 21st Century Cures Act (Cures Act).
Information blocking occurs when a provider knowingly and unreasonably interferes with the access, exchange, or use of electronic health information except as required by law or covered by a regulatory exception. To ensure appropriate sharing and the protection of patient privacy and preferences, the information blocking regulations include exceptions, such as the Privacy Exception.
“HHS is committed to developing and implementing policies that discourage information blocking to help people and the health providers they allow to have access to their electronic health information,” said HHS Secretary Xavier Becerra. “We are confident the disincentives included in the proposed rule, if finalized, will further increase the appropriate sharing of electronic health information and establish a framework for potential additional disincentives in the future.”
Earlier this year, OIG published a final rule to establish civil money penalties authorized by the Cures Act that applies to health IT developers of certified health IT, entities offering certified health IT, health information exchanges, and health information networks. If OIG determines that one of these entities has committed information blocking, they may be subject to up to a $1 million penalty per violation.
The Office of the National Coordinator for Health Information Technology (ONC) and CMS will host an information session about the proposed rule in the coming weeks. More information can be found here and via ONC’s X account, @ONC_HealthIT.
The proposed rule will be published in the Federal Register on November 1, 2023, at which point it will be available for public comment for 60 days. In the proposed rule, HHS also requests information from the public on disincentives that could be established in the future for healthcare providers. Written or electronic comments must be received via the Federal Register no later than 11:59 p.m. ET on January 2, 2024.
The press release can be found here, and the proposed rule can be accessed here.
Compliance Perspective
Issue
As of October 6, 2022, long-term care facilities, home health entities, and other healthcare-related stakeholders are required to provide patients with no-cost, easy access to a wider portion of electronic health information (EHI) under the Cures Act or face potential penalties. The rule is designed to give patients and their healthcare providers secure access to health information. It also aims to increase innovation and competition by fostering an ecosystem of new applications to provide patients with more choices in their healthcare. It calls on the healthcare industry to adopt standardized application programming interfaces (APIs), which will help allow individuals to securely and easily access structured electronic health information using smartphone applications. The rule includes a provision requiring that patients can electronically access all of their EHI, structured and/or unstructured, at no cost. Finally, to further support access and exchange of EHI, the rule implements the information blocking provisions of the Cures Act. The rule outlines eight exceptions to the definition of information blocking.
Discussion Points
- Review policies and procedures related to the Cures Act patient right of access provision. Ensure the policies cover secure access, exchange, and use of EHI.
- Train staff on the Cures Act and providing secure access to health information. Ensure that those who receive requests for record release are knowledgeable in the right of access provision, including timely response. Include information blocking and the Cures Act exceptions. Details are available in the Med-Net Academy Prime program titled HIPAA Right of Access and the Cures Act. Document that these trainings occurred and file the signed training document in the employee’s education file.
- Periodically audit to ensure that the facility’s policies and procedures for timely access to requested medical records are being followed by staff. Report audit results to the QAPI/QAA Committee.
*This news alert has been prepared by Med-Net Concepts, LLC for informational purposes only and is not intended to provide legal advice.*