Information exchange and data availability are now a cost of doing business but establishing a robust strategy for that exchange and compliance with the new regulation from the Office of the National Coordinator for Health Information Technology takes careful planning. Healthcare organizations can achieve and maintain compliance by following these six takeaways:
1. Understand what constitutes “Electronic Health Information”
“Electronic Health Information,” ONC’s new term for the data elements that need to be “exchangeable” upon request, is currently limited to data elements within the U.S. Core Data for Interoperability (USCDI) standard. You’ll want to understand what USCDI means, you need to exchange now, but on Oct. 6, 2022, the definition will expand to the electronic designated record set defined under HIPAA. It’s a good idea to plan for that expansion today so your organization is positioned for a smooth transition in a year.
If your organization is unable to exchange all the data elements within the USCDI (now or in the expanded set), you may need to note an exception, which brings us to the next tip.
2. Study the exceptions framework
ONC established eight categories of “reasonable and necessary” activities that would not constitute information blocking even where data is withheld. This protective mechanism is important to understand to be able to demonstrate that patient data was not illegally blocked.
The first class of exceptions contains those that reflect a decision or inability to not fulfill requests to access, exchange or use EHI: the Preventing Harm, Privacy, Security, Infeasibility, and Health IT Performance Exceptions. The second class of concerns exceptions that involve procedures for fulfilling requests to access, exchange or use EHI only under certain conditions and includes the Content and Manner, Fees, and Licensing Exceptions.
3. Determine documentation and archiving ownership
At its core, information blocking is a legal and compliance issue. If you need to respond to an investigation from the HHS Office of the Inspector General (OIG) in response to a complaint, the exceptions framework described above may help you dispute any claims of information blocking.
To maximize your opportunities to use the exceptions’ structure to comply, someone will need to “own” your response to this regulation. This individual will be your expert on the rule and its details, thinking through the implications for your organization’s response, identifying the process and location for documentation, and archiving your exceptions in the event of a complaint, as there is no natural place to do so in an electronic health record (EHR).
4. Roll out a training program
Educate all staff on your organization’s updated policies and procedures. Employees from the front desk to physicians to tech support could encounter a situation requiring analysis of how best to meet a request for a patient’s EHI, and the need to document an exception. Should the OIG launch an investigation, demonstrating an organizational commitment to interoperability, including the fact that you trained all team members, could help prove your intention to access and exchange data as requested by patients, other providers, or public health entities.
5. Investigate intersections with other regulations and laws
The information blocking rule overlaps with regulations and laws at the federal and state levels. While it largely defers to states or more restrictive rules, ensure you understand how you can remain compliant with all laws applicable in your geographic location.
A few key areas to examine closely include privacy rules, which vary greatly from state to state, as well as the Preventing Harm Exception, which intersects with HIPAA and has specific implications for organizations treating pediatric patients.
6. Update your information exchange strategy
The regulation presents an opportunity for you to review your connectivity capabilities and assess your need to expand or modernize. Maximizing capabilities such as the Direct Exchange, the Carequality network, and/or your local health information exchange can help make data-sharing seamless for your organization.
Sharing data with patients is different from connecting with other providers, laboratories, or pharmacies. The list of actors obligated by this regulation to expand their information exchange capability is long and varied (based on the definition of healthcare provider in the Public Health Service Act). Your organization may need multiple strategies to facilitate timely, appropriate data movement.
As you outline these processes, engage with organizations you are likely to exchange electronic health information with across your community, as competitive status with other organizations doesn’t supersede the regulation. Removing friction proactively will pay off when you need to send or receive patient data, whether to or from a patient, another organization providing care, or one collecting medical data for public health purposes.
Widespread adoption of EHRs defined the last two decades. Now we are in a new era marked by greater interoperability. Maintaining compliance will remain a challenge as the regulatory landscape evolves to benefit all of us as patients — no matter where we receive care.
About Leigh Burchell
Over the past 12 years, Leigh Burchell has served as vice president of policy and government affairs for Allscripts (having worked for the company for more than 20 years in total). In this role, she determines the company’s response to all governmental activities, as well as conducts internal education around legislative and regulatory developments. Burchell has helped the company and its customers navigate significant sea changes, including the HITECH Act, the Affordable Care Act, and recent federal efforts to encourage interoperability and address information blocking within the healthcare industry. She is a subject matter expert frequently sought out for her knowledge and perspectives on emerging topics in health and healthcare IT, serving as a prominent voice in health-related advocacy. @LCBurchell on Twitter; Leigh C. Burchell on LinkedIn