Skip to main content

ONC Chief Delves Into Everything You Want to Know About Info Blocking Rule

Analysis  |  By Scott Mace  
   April 28, 2021

Micky Tripathi gets into details about sharing patient records, clarifies April 5 and December 2022 compliance rules, and more.

The information blocking rule that took effect April 5 promises to usher in a new era of free-flowing electronic medical record information, under the direction of patients and their physicians.

In Part 1 of this interview with Micky Tripathi, PhD, MPP, who since January has headed the U.S. Department of Health and Human Services Office of the National Coordinator for Health Information Technology (ONC), Tripathi discussed the challenges hospitals and health systems face in interoperability and telehealth. Part 2 delves deeper into the April 5 rule. This interview has been lightly edited for space and clarity.

HL: How can patients achieve the ability to have a longitudinal health record, regardless of provider? This question is spawned by the April 5 rule. Say a patient used the Apple Health app, and they switch providers. Instead of their medical record being in Epic, now it's in Cerner. How will their next doctor be able to see what was in Epic, through the way that the patient carried it with them on Apple Health?

Tripathi: There are actually two pathways that a patient ought to be concerned about. You described one, which is to say that the patient is the conduit of the information. Implicit in what you just described was that I go to Mass General Hospital, they're on Epic. I download my record. Then tomorrow, I go to Baystate, [Health] in Massachusetts. They're on Cerner. And I want to be able to show that record to the next place.

The information blocking rule requires that by December 2022, that those APIs, those interfaces that allow you to access it via the Apple Health record, for example—there are there are other applications out there, but just as an example—be standardized. So that regardless of whether you're using your iPhone, or using an Android system on your end, or the provider is on eClinicalWorks, or Epic, or Cerner, or whatever it is, you should be able to get that from one provider to the other provider. It all ought to be able to be sort of integrated and available on your phone.

The other pathway, which is also an equally important one that's usually invisible to the patient (often the patient thinks it's happening when it's actually not), is the interoperability provider-to-provider. In some ways, and it is a personal decision, I actually don't want to be the one responsible for bringing that information to the next provider. I want them to exchange it. That's what you're supposed to be doing! I just want to make sure that when I show up, you've got access to it.

It's those interoperability networks that also were enhanced by [the] information blocking [rule]. So information blocking also applies to [the exchange of information between providers]. That's the other thing that patients ought to expect and demand and ought to ask their providers, "Why aren't you getting that information electronically from the other provider? You should have been getting that. I shouldn't be the one who has to do that."

Micky Tripathi, PhD, MPP, National Coordinator for Health Information Technology (Photo Courtesy of ONC)

HL: Can you clarify which part of the rule is effective immediately, as opposed to the 2022 date you mentioned?

Tripathi: The rule says that starting on April 5, you are required to make that information available via a variety of means that you already have available to you. In certified EHR systems, they are required to make information available as a CCD—a continuity of care document. Starting in December 2022, they're required to make it available via a FHIR API, which would make it very easy for you to download it into an app.

Related: ONC Coordinator Outlines New Vistas for Telehealth, Unblocked Health Records, and Patient ID

HL: Some are saying the April 5 information blocking rule covers all data created on and after April 5, but not necessarily before April 5. Please help us clear this up.

Tripathi: That is not true. It applies to all records, regardless of when they were generated. There's an FAQ on our site that specifically asks and answers that question.

HL: Should providers focus on all methods in which people want the data, via a FHIR message, CCD, or Direct? Smaller practices say they can't afford to do all those different things. Does that leave them in the lurch? Does it create a situation where they're more inclined to sell the practice and further consolidate the healthcare industry?

Tripathi: I don't think so. HIPAA has always said that you're required to provide the information, the records of the patient, in the mechanism that the patient chooses. But that's always had the constraints of what's practical, and what you have available to you. EHR certified systems today require that you make data available via an API. It doesn't have to be a FHIR API. It can be any API, but you have to openly publish the specification as an EHR vendor that's certified.

[In addition], it has to contain the same data elements, regardless of what API you use, which is the USCDI version one. So that's already a requirement for you to be able to get your information that way, or you can download the information. There's always been the view/download/transmit side of it as well.  From a patient portal, I can download it off the computer into a web browser, for example, and then be able to get it that way as well. But with the information blocking rule, they are required to make it available via standard-based API.

HL: What's your next big challenge? Such as proof of vaccination, or other challenges?

Tripathi: For us. there are two big goals. One is concrete, and one is a little bit more conceptual or strategic in nature. The first one is getting people past thinking about information blocking as purely compliance or as only compliance—having them think about it more in a strategic way, which is, how do I engage patients, now that I have this information available, and they have these cool apps now on their hands? That means that I have an opportunity to engage patients in ways that I was never able to do before. And so rather than thinking of it as, "I've got to provide this thing, so that a patient can get their information," it's like, "Yeah, the patient now has the information in a way that you can actually do something with it."

You can engage the patient in much better ways. You can create stickiness. You can offer them a whole bunch of other things that you weren't able to able to offer them before. That is a big goal, because it takes a lot to get people to move beyond thinking about something just in regulatory terms, and think about a real strategic change, which is what this really implies, almost a cultural change in the way they think about information sharing.

The more concrete thing is also a big goal, which is TEFCA, the Trusted Exchange Framework and Cooperative Agreement, which is about creating some type of nationwide governance for network-to-network interoperability. We have networks out there—Carequality, CommonWell, eHealth Exchange. There are a number of state and regional HIEs (health information exchanges). They're sort of connected. They're not fully connected, all the way.

[It's analogous to] a world where you're on Verizon, I'm on AT&T, [and] we can't call each other. TEFCA wants to say, regardless of which network you're on, you should be able to communicate with someone else, and not have the user know that at all. I have no idea what phone system you use, [but] I'm very confident that if I had your phone number, I could call you. So that's what we want to be able to do with TEFCA, and that takes some work. That's governance. That's technical architecture. And that's working with a whole bunch of different parties who operate different networks at different levels, to be able to get a common understanding of how that works, and then actually get the technical pieces in place to make it work.

HL: The April 5 rule enforcement is going to be up to the HHS Office of Inspector General (OIG). That's really not your wheelhouse, right?

Tripathi: So you're expecting a yes or a no answer. It's a balance [and] complicated. We're responsible for policy, and OIG is responsible for the enforcement. There's one little piece where ONC actually is responsible for the enforcement, and that has to do with a technology vendor who is seen to be violating a condition of certification of their EHR system, because we're the ones who do certification of EHR systems. So a technology vendor could be seen as violating their condition of certification, in which case it would fall to us, because that's what we do. They could also be seen to be violating other provisions of information blocking, in which case, OIG would get involved in those cases as well.

“The first [goal] is getting people past thinking about information blocking as purely compliance … having them think about it more in a strategic way, which is, how do I engage patients?”

Scott Mace is a contributing writer for HealthLeaders.


In December 2022, connectivity between electronic health records will get simplified from each EHR's API to a FHIR interface in standardized data elements.

USCDI standardization will also accelerate consumers' ability to download their records into personal health apps they control.

While the HHS OIG prepares to enforce the penalty phase of rule, ONC is prepared to wield the power of EHR decertification.

Providers should "think strategically" about changing their EHR culture to one of authorized information sharing.

Get the latest on healthcare leadership in your inbox.