Information Blocking: What to Know and How to Navigate Next Steps

ONC and industry experts share details behind data blocking; penalties have not yet been set.

When the proposed interoperability rule was released last year by the Office of the National Coordinator for Health Information Technology (ONC), stakeholders had a lot of questions about what constitutes information blocking.

With the final rule, "Information blocking is more than just a nebulous condition of certification, it’s now a well-defined practice with penalties and exceptions," says Nick Hatt, product designer and policy expert at Redox, a Madison, Wisconsin, technology company that offers an integration platform to securely and efficiently exchange healthcare data. 

As the industry wades through the details of the 1,244-page document, here's more information about this aspect of the rule.

Related: HHS Interoperability Rules Get Mixed Response

Information blocking is anything that interferes with, prevents, or materially discourages access, exchange, or use of electronic health information (EHI). While the concept was defined by Congress in the 21st Century Cures Act, ONC was responsible for defining what doesn't constitute data blocking. 

Information blocking provisions are geared to certified electronic health record (EHR) developers, health information exchanges and networks—which were combined into a single definition—and providers, said ONC National Coordinator Don Rucker, MD, during a media briefing with reporters earlier this week.

While the rules will not be enforced for the first six months, those who engage in information blocking are subject to penalties. Interestingly, those consequences have not yet been established.

"We are still working on how those would be enforced and what the disincentives for providers would be," said Rucker.

The Eight Exceptions

There are now eight exceptions to information blocking: 

1. Preventing Harm: Blocking information is acceptable to prevent harm to a patient or another person.
    
2. Privacy: An actor should not be required to use or disclose EHI (electronic health information) in a way that is prohibited under state or federal privacy laws.
    
3. Security: Blocking is permitted to protect the security of EHI.
    
4. Infeasibility: Legitimate practical challenges may limit an actor’s ability to comply with requests for access, exchange, or use of EHI.
    
5. Performance: If an app is "hammering the database" or "disrupting others, it’s okay to deny access," says Hatt. "It’s also okay to take scheduled downtimes."
    
6. Content and Manner: These are new exceptions enumerated in the final ONC rule. According to ONC, this exception supports innovation and competition by allowing actors to first attempt to reach and maintain market negotiated terms for the access, exchange, and, use of EHI. For content, USCDI is acceptable for 24 months, then an actor must respond to a request to access, exchange, or use EHI. Regarding manner, it is acceptable to fulfill requests in a manner different from what was requested if there is technical incompatibility or agreeable terms cannot be achieved with the requester.
    
7. Fees: You can charge reasonable fees with the expectation that you can make a profit as long as it’s transparent and applied consistently across the board.
    
8. Licensing: An API provider can require licensing of API elements provided it is done in a reasonable and non-discriminatory way.
    

"The most notable change here from the proposed rules is the content exception," said Hatt. "Many commenters expressed concern that any and all information would have to be made available to authorized parties under information blocking. What the rules say, is that for the next 24 months, information blocking is limited in scope to USCDI data, but after that, it’s any information that relates to the individual. This will be an interesting part of the rule to watch unfold."

Approaches to Navigate Next Steps

"Unfortunately, our industry has sad history of many decades of not being interoperable," says Matthew Michela, president and CEO of Boston-based Life Image. "The problem with interoperability, and especially imaging, is that people build their business models on making sure the data is not accessible by other folks." While this protects business interests, he says, "patients get hurt in the long run when their information isn't available."

Life Image built its business around navigating the issues of interoperability through a digital platform that enables 10,000 healthcare facilities to transmit, exchange, and access images and other data with more than 150,000 U.S. providers and 58,000 global clinics.

Michela also is a member of The Sequoia Project, a nonprofit organization focused on implementation of secure, interoperable nationwide health information exchange. While the ONC has put a framework in place to help with certification, "they've told us to use technical standards, but not how to do it," he says. The Sequoia Project is working to create "a common consensus on how we will operate together by creating standards so "we don't recreate problems down the road."

Now that hospitals and other healthcare entities are required to implement the new interoperability rules to make their data more accessible, Michela has insights into the challenges they face.

It's possible, for example, that an MRI machine, the PACS (picture archiving and communication system) system and a monitor could all be integrated together in a nonstandard way. While this might have prevented an organization from changing vendors to obtain newer equipment, it also creates challenges when it's time to migrate data to comply with interoperability mandates. That task could end up costing even more than investing in new equipment, he explains.

One approach could be to hire consultants, survey the healthcare landscape, spend months determining what vendors to choose, and rush at the end of the year to meet the deadline, Michela says. "This could be an incredibly expensive project that could cost millions of dollars."

Others could check with their current vendors and see if an upgrade to HL7 standards would do the trick. This solution could cost as little as several thousand dollars, he says.

Compliance Leads to Greater Satisfaction

"In the long run these rules are is going to benefit all of these hospitals because they will increase their satisfaction and dramatically reduce costs for the production of records for patients," says Michaela.

Today, many organizations don't send digital reports to patients, instead, making them physically come to the facility to pick up documents, CDs, or film.

"Hospitals always underestimate the amount of patient pain, abrasion, and dissatisfaction they cause by this, and they always underestimate the manpower that's deployed to fulfill these requests". In the long run by digitizing this process, says Michela, "even the hospitals are going to be very happy about it."

Editor's Note: This story was updated on March 13 to add additional information from Matthew Michela.