Skip to main content

Information Blocking: Now Comes the Hard Part

Analysis  |  By Scott Mace  
   May 05, 2021

Providers face education of workforce; penalty phase remains a mystery.

Faced with the threat of penalties if they do not comply, healthcare providers are figuring out as best they can how to comply with new information blocking rules that took effect April 5, but one size definitely does not fit all.

One month in, many questions remain, and some providers find themselves in the middle between how patients want to receive their medical records, and how electronic health record (EHR) vendor suppliers want to provide them.

"We're required to follow this information blocking rule, but a lot of our software vendors are not prepared to do that," says Randi Terry, director of IS at Munson Healthcare, a nine-hospital system in northern Michigan.

This is despite the fact that some of the EHR software in question, which Terry declined to name, attests that its EHR software meets the certification standards promulgated by the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Information Technology.

A big example of lack of preparation centers around patient demand for interoperability with Apple Health, a longitudinal health record and tracking app preinstalled on millions of Apple iPhones. The information blocking rules say that if a patient requests their data in digital form, one way it can be provided is through a link between the EHR vendor's software and the application programming interface for Apple Health, known as HealthKit.

"Vendors say, 'Yep, can't do that,' " Terry says. "Or if they do it, they give us a 37-page document, and say, 'tell your patient to go talk to Apple Health.' There's no patient in the world that's going to follow through." Munson has been trying to get this particular certified  EHR vendor to implement the link for three years, Terry adds.

Other EHRs, including Epic, have provided interoperability with Apple Health for several years, according to Terry, who also is a member of the policy steering committee of the College of Healthcare Information Management Executives (CHIME), which meets regularly to discuss, among other things, issues around implementing the April 5 information blocking rule.

Randi Terry, director of IS, Munson Healthcare (Photo courtesy of Munson Healthcare)

Standard Interface Coming in 2023

The situation is set to improve in 2023, when EHR providers will be required to support an ONC-certified, standardized application programming interface (API) defined by the HL7 organization as Fast Healthcare Interoperability Resources (FHIR), providing a lingua franca between applications such as Apple Health and EHR software, and between different vendors' EHR software.

In the meantime, providers are required to find some other way to digitally share requested patient medical records, in order to appear to be complying with the April 5 rule. "It's very definitely an issue that we're facing right now," Terry says.

In addition, providers are still in the dark about the precise date when enforcement of the April 5 requirements will begin, says Andrew Tomlinson, director of federal affairs at CHIME.

"We don't want enforcement until we have the education piece," Tomlinson says.

Andrew Tomlinson, director of federal affairs, CHIME (Photo courtesy of CHIME)

"This whole information blocking [rule] is a fundamental shift in how we have to educate every person in healthcare," Terry says. "It's a fundamental shift in the way we release records, and that's really difficult."

Initial steps at Munson include providing scripts to all offices, for those answering the phone, who may be receiving requests for medical records, Terry says.

Requests are being considered on a case-by-case basis, with the general rule being what is best for the patient, she adds.

Areas of Friction are Causing Provider Concern

Three areas of particular friction are disparities of action based on organization size, confusion over which organizations the April 5 rule covers, and the rule's insistence that lab results be delivered to patients without a waiting period for a clinician consult, which the ONC's Information Blocking FAQ cites as an example of information blocking.

Smaller healthcare organizations and medical practices, where a physician may double as a chief information officer, "are going to feel that stress" of having to abide by the April 5 rule, lacking the number of resources that large healthcare providers can apply to conformance, Tomlinson says.

Another area of friction arises because many U.S. healthcare organizations believe that just because they do not participate in CMS payments or incentives to purchase certified EHR software, they are not subject to the provisions of the rule.

Instead, the information blocking rule applies to all U.S. providers, Tomlinson says.

"That's part of the education gap," he says. "Even if they don't collect Medicare or Medicaid, they still have to comply with these requirements."

Those providers who are not necessarily familiar with programs run by CMS or ONC are now having to familiarize themselves with those programs, because of the information blocking rule, Tomlinson says.

"For [the] information blocking [rule] and interoperability to work, it has to be everyone," he says. "We can't leave any provider behind. We have to go together as one, or it won't work, long term."

An earlier effort to provide a national registry of all providers, through which C-CDAs could flow via Direct messaging, remains a hit-and-miss way to find and forward or receive patient records between providers. This is true even though any HIPAA-covered provider, or provider who bills Medicare, is required to have a national provider identifier number in the National Plan and Provider Enumeration System (NPPES). "It's kind of a misnomer to say that everybody is now putting their Direct Trust addresses in NPPES, because they're not," Terry says. Smaller providers are among those most missing in the NPPES database, she adds.

Yet another promising method is the growth of national data exchanges such as CommonWell, Terry says. Munson uses CommonWell to keep track of "snowbird" patients who winter over in Florida and Arizona, she says. Munson has also successfully tested Carequality, another vendor-driven national healthcare data interoperability framework.

The requirement to release lab results when they are available runs counter to many organizations' waiting periods before patients get to see their lab results. "ONC has outlined in their FAQ that an organizational policy of a delay from releasing the results does not comply with [the] information blocking [rule]," Tomlinson says.

Additional Complexities

There are some exceptions to the April 5 rule, one being preventing harm, and corner cases will likely result in an initial surge of use of those exceptions, Tomlinson says. Examples include EHR records of teenagers, some portions of which teenagers can by rights withhold from their parents, even though the supporting EHR software has no way to send only selected portions of the records.

A further complication involves the dates by which the FHIR API must be implemented. Right now, both EHR vendors and providers are expected to turn on this interoperability by December 31, 2022. "Providers need time to be able to implement those new pieces of health IT," Tomlinson says. Fortunately, recent clarifying rules state that providers will be able to attest during any 90-day period in 2023, he adds.

Providers can also demonstrate compliance by transmitting medical records as C-CDA documents. If patients request the digital files via a technical means that the provider does not have, providers are permitted to pass along the costs of such delivery, such as building or purchasing a patient portal or buying a Zip drive, Tomlinson says. If the patient doesn't want to spend that money, provider and patient can negotiate an alternate digital delivery format, he adds.

Lastly, says Tomlinson, ONC needs to do a better job of showing providers how to document the process of attempting to comply with the rules, and documenting procedures once a provider actually receives notice of an information blocking complaint.

"The information blocking requirements are about attempting to get patients their data when they need it," Tomlinson says. "We can provide the education and the policies and procedures, and the understanding, but we do need a little bit more understanding of what exactly [ONC] may be looking for."

“We're required to follow this information blocking rule, but a lot of our software vendors are not prepared to do that.”

Scott Mace is a contributing writer for HealthLeaders.


Many questions remain as providers negotiate abilities of EHR vendors with demands of patients for their records.

Apple Health has emerged as an early pain point where patient demand for data and vendor capability to deliver it don't always intersect.

Universal FHIR API in 2023 will simplify and accelerate data sharing between EHRs and patient apps.

Get the latest on healthcare leadership in your inbox.