Information Blocking

The information blocking provisions of the 21st Century Cures Act[1] will impact virtually every healthcare stakeholder with access to electronic health information.

Update: September 17, 2021

In the recent ONC webinar, a key slide outlined the specific question about release of lab (Anatomic Pathology) results. As illustrated in row 1, the generic blocking will likely classify as interference. This has also been mentioned and confirmed in several key FAQ (link here) (from ONC; i.e., "we" below in the FAQ answers refers to ONC).

Q: When would a delay in fulfilling a request for access, exchange, or use of EHI be considered an interference under the information blocking regulation? (IB.FAQ22.1.2021MAR)

A determination as to whether a delay would be an interference that implicates the information blocking regulation would require a fact-based, case-by-case assessment of the circumstances.  That assessment would also determine whether the interference is with the legally permissible access, exchange, or use of EHI; whether the actor engaged in the practice with the requisite intent; and whether the practice satisfied the conditions of an exception. Please see 45 CFR 171.103 regarding the elements of information blocking.

Unlikely to be an Interference

If the delay is necessary to enable the access, exchange, or use of EHI, it is unlikely to be considered an interference under the definition of information blocking (85 FR 25813).

For example, if the release of EHI is delayed in order to ensure that the release complies with state law, it is unlikely to be considered an interference so long as the delay is no longer than necessary (see also 85 FR 25813). Longer delays might also be possible, and not be considered an interference if no longer than necessary, in scenarios where EHI must be manually retrieved and moved from one system to another system (see, for example, 85 FR 25866-25887 regarding the manual retrieval of EHI in response to a patient request for EHI).

Likely to be an Interference

It would likely be considered an interference for purposes of information blocking if a health care provider established an organizational policy that, for example, imposed delays on the release of lab results for any period of time in order to allow an ordering clinician to review the results or in order to personally inform the patient of the results before a patient can electronically access such results (see also 85 FR 25842 specifying that such a practice does not qualify for the “Preventing Harm” Exception).

To further illustrate, it also would likely be considered an interference:

• where a delay in providing access, exchange, or use occurs after a patient logs in to a patient portal to access EHI that a health care provider has (including, for example, lab results) and such EHI is not available—for any period of time—through the portal.

• where a delay occurs in providing a patient’s EHI via an API to an app that the patient has authorized to receive their EHI.

Q: Is it information blocking when state law requires a specific delay in communication of EHI, or that certain information be communicated to the patient in a particular way, before the information is made available to the patient electronically? (IB.FAQ25.1.2021JAN)

No. The definition of information blocking (45 CFR 171.103) does not include practices that interfere with access, exchange or use of EHI when they are specifically required by applicable law (see 85 FR 25794). To the extent the actor’s practice is likely to interfere with access, exchange, or use of EHI beyond what would be specifically necessary to comply with applicable law, the practice could implicate the information blocking definition.

Q: Would the Preventing Harm Exception cover a “blanket” several day delay on the release of laboratory or other test results to patients so an ordering clinician can evaluate each result for potential risk of harm associated with the release? (IB.FAQ33.1.2021JAN)

No. Blanket delays that affect a broad array of routine results do not qualify for the Preventing Harm Exception. The Preventing Harm Exception is designed to cover only those practices that are no broader than necessary to reduce a risk of harm to the patient or another person.

As we discussed in the Cures Act Final Rule, a clinician generally orders tests in the context of a clinician-patient relationship. In the context of that relationship, the clinician ordering a particular test would know the range of results that could be returned and could prospectively formulate, in the exercise of their professional judgment, an individualized determination for the specific patient that:

• witholding the results of the particular test(s) from the patient would substantially reduce a risk to the patient’s or another person’s life or physical safety - or -

• that witholding the results of the particular test(s) from a representative of the patient would substantially reduce a risk of substantial harm to the patient or another person.

Such individualized determinations made in good faith by an ordering clinician, in the exercise of their professional judgment and in the context of the treatment relationship within which they order the test, would satisfy the type of risk and type of harm conditions of the Preventing Harm Exception. Actors, including but not limited to the ordering clinician, could implement practices in reliance on such determinations and the Preventing Harm Exception would cover such practices so long as the practices also satisfy the other four conditions of the exception.

Watch the recording of the webinar below. Click here to view additional resources.

21 Century Cures Act – Basics

The 21st Century Cures Act (Cures Act), signed into law on December 13, 2016 and authorized $6.3 billion in funding, mostly for the National Institutes of Health as well as the FDA

Proponents said that it would streamline the drug and device approval process and bring treatments to market faster. Opponents said that it would allow drugs and devices to be approved on weaker evidence, bypassing randomized, controlled trials, and bring more dangerous or ineffective treatments to market.

Over 312 pages the Cures Act tackles three broad topics (so-called Divisions A, B, and C)

A. research and drug development

B. behavioral health[2]

C. healthcare access and quality improvements

The act was designed to help accelerate medical product development and bring new innovations and advances to patients who need them faster and more efficiently.

Division A (named “21st Century Cures” = research and drug development focus) is the largest section and contains numerous titles and subtitles covering at least 9 topics

1. Opioid epidemic

2. FDA drug approval process

3. Targeted drugs for rare diseases

4. Informed consent

5. Human research subject protections

6. Medical research

7. Strategic Petroleum Reserve sales (to provide part of the NIH funding)

8. Electronic health records information blocking

9. Medical software[3]

In this context “Electronic health records information blocking” is key and relevant.

Information blocking summary

Executive summary.  The act defines interoperability and prohibits[4] information blocking. Information blocking can expose entities to fines of up to $1 million per violation[5] 

Information blocking: The Act defines information blocking as a practice that interferes with or prevents access to electronic health information, that is, information about a patient’s medical history or treatment.[6]

The ONC (Office of the National Coordinator for Health Information Technology; https://www.healthit.gov/) defined information blocking as “when persons or entities knowingly and unreasonably interfere with the exchange or use of electronic health information.”[7]

This definition of information blocking contains 3 requirements:

1. interference,

2. knowledge of interference, and

3. the absence of a reasonable justification for interference.

Interoperability:  The Act defines interoperability as the ability to securely exchange EHI between vendor technologies without requiring special efforts by the user and the ability of providers and patients to completely access and exchange EHI for authorized uses.[8]

Background Information Blocking:

“Information blocking poses several concerns for patient health. It could prevent timely access to patient information, which impedes efficient patient care, and it could prevent patient information from being used to research treatments or decrease health care costs. In addition, requiring health care providers to use specific electronic health record technologies can prevent patients from changing providers, thus limiting their options in making health decisions because their health data are not portable. Although specific actions have not yet been identified as, or excluded from, information blocking, some actions may suggest that information blocking is occurring. For example, when organizations impose cost-prohibitive fees on health data exchange or when they use privacy laws as an excuse to withhold health data, concerns may arise.”  From the excellent overview work by Black et al., 2018 (link)

Information blocking exceptions

Section 4004 of the Cures Act authorizes the Secretary of HHS to identify reasonable and necessary activities that do not constitute information blocking.

A practice that does not meet the conditions of an exception would not automatically constitute information blocking. Such practices would not have guaranteed protection from civil monetary penalties or appropriate disincentives and would be evaluated on a case-by-case basis to determine whether information blocking has occurred.

Per ONC, the exceptions are divided into two classes:

• Exceptions that involve not fulfilling requests to access, exchange, or use EHI; and

• Exceptions that involve procedures for fulfilling requests to access, exchange, or use EHI.

Exceptions that involve not fulfilling requests to access, exchange, or use EHI

Preventing Harm Exception: It will not be information blocking for an actor to engage in practices that are reasonable and necessary to prevent harm to a patient or another person, provided certain conditions are met.

Privacy Exception: It will not be information blocking if an actor does not fulfill a request to access, exchange, or use EHI in order to protect an individual’s privacy, provided certain conditions are met.

Security Exception: It will not be information blocking for an actor to interfere with the access, exchange, or use of EHI in order to protect the security of EHI, provided certain conditions are met.

Infeasibility Exception: It will not be information blocking if an actor does not fulfill a request to access, exchange, or use EHI due to the infeasibility of the request, provided certain conditions are met.

Health IT Performance Exception: It will not be information blocking for an actor to take reasonable and necessary measures to make health IT temporarily unavailable or to degrade the health IT's performance for the benefit of the overall performance of the health IT, provided certain conditions are met.

Content and Manner Exception: It will not be information blocking for an actor to limit the content of its response to a request to access, exchange, or use EHI or the manner in which it fulfills a request to access, exchange, or use EHI, provided certain conditions are met.

Fees Exception: It will not be information blocking for an actor to charge fees, including fees that result in a reasonable profit margin, for accessing, exchanging, or using EHI, provided certain conditions are met.

Licensing Exception: It will not be information blocking for an actor to license interoperability elements for EHI to be accessed, exchanged, or used, provided certain conditions are met. 

Relevance to Pathology

CAP has put together an excellent Cures act fact sheet and resource (link) 

Point - Counterpoint

Many pathologists have concerns or brought up cases of emotional harm because of the immediate release of results required by the Cures Act. These include stories of patients learning of particularly distressing results prior to their treating clinicians’ knowledge of the result or of treating clinicians having to scramble to reach and support patients before this occurred at unusual hours

References

Special topics

Legacy data

How to manage legacy data in the age of information blocking (AHIMA resource) (link)

21st Century Cures Act – FDA perspective

One key aspect of the 21st Century Cures act is to help accelerate medical product development and bring new innovations and advances to patients who need them faster and more efficiently.[9]

The concrete 21st Century Cures Act FDA Deliverables can be found here

Medicolegal relevance. 
FAQ on the Cures Act. On its website, CRICO has published answers to frequently asked questions about how these new rules and regulations impact patient safety and provider liability. This page also offers the opportunity to pose questions to our MPL and Patient Safety experts.

Relevance for medical notes / reports

Many other organizations—in particular, the OpenNotes movement—have developed advice and recommendations for writing “open” notes and managing patient questions and concerns. These include:

https://www.opennotes.org/research/

How to write an open note (OpenNotes)

Information Blocking Resource Center (ACP | AHIMA | AMA | AMIA | APA | CHIME | MGMA | Premier Inc.)
How do I comply with info blocking (AMA)

[1] https://www.govinfo.gov/content/pkg/PLAW-114publ255/pdf/PLAW-114publ255.pdf

[2] The 21st Century Cures Act is considered the most significant mental health reform bill in decades. (link)

[3] Of note, medical software is regulated as a medical device by the FDA (link) . Section 3060 of the Cures act amended section 520 of the FD&C Act to address how medical devices are defined (link). The amendment also defines function that are exempt from FDA regulation including: administrative, solutions encouraging healthy lifestyle, electronic health records, clinical laboratory test results, and clinical decision tools (link)

[4] 21st Century Cures Act, 42 USC § 300jj-52(a)(1)(A) (2016). 

[5] “…blocking shall be subject to a civil monetary penalty determined by the Secretary for all such violations identified through such investigation, which may not exceed $1,000,000 per violation…” Sec 4004 (2) Penalties

[6] https://www.healthit.gov/faq/what-electronic-health-record-ehr

[7] Office of the National Coordinator for Health Information Technology. Report to Congress on health information blocking. 2015. https://www.healthit.gov/sites/default/files/reports/info_blocking_040915.pdf

[8] 21st Century Cures Act, 42 USC § 300jj(9) (2016).

[9] https://www.fda.gov/regulatory-information/selected-amendments-fdc-act/21st-century-cures-act