Healthcare grapples with enormity, complexity of information blocking rules
Even without enforcement provisions in place, many segments of the industry see challenges in complying with regs that grant easier access to data.
The federal government is aiming to put an end to the intentional blocking of patient data through new rules established earlier this year, known as the information blocking rules.
Executives of some healthcare organizations that have begun preparing for and studying these significant rules contend that they are overwhelmed by their far-reaching nature, and they're pressing regulators for clarifications, even as they await the second portion of the rules, which will detail how the regs will be enforced.
The provisions are implemented under two rules, one by the Department of Health and Human Services (HHS), Office of the National Coordinator for Health Information Technology (ONC), known as The ONC Cures Act Final Rule. The other, issued by the Centers for Medicare & Medicaid Services (CMS), is called the Implement Interoperability and Patient Access Provisions of the Bipartisan 21st Century Cures Act (Cures Act).
The rules call for patient data to be readily available to patients for free upon request via any method, including a smartphone app, and it sets the goal of punishing any provider, health IT vendor, health information exchange or health information network that blocks the exchange of these data. Disincentives and penalties have yet to be announced.
Wide Range of Interpretation
Leigh Burchell, vice president of government affairs and public policy for Allscripts, has been following the evolution of this regulation closely for nearly two years. She says it’ s a high-impact rule for the industry and “maybe a little bigger than Congress intended” because of the extent to which it is open to interpretation by regulatory agencies.
Burchell appreciates the fact that ONC recognizes that there are many ways information can be impeded—even with good intentions—but “this has led to a very broad exception structure because they tried to be comprehensive,” she says.
Allscripts and other industry organizations have pushed ONC actively for answers. For Allscript’s part, the company early on submitted questions to ONC, getting responses back within a few months, according to Burchell. “In some places, [ONC doesn’t] have people drafting it who have ever been software developers. We are still waiting for a lot of answers, particularly on some granular items,” she says.
On some questions, ONC told Allscripts they don’t have answers, but agency officials say they will address some concerns in the future. On one of these questions, Burchell says she has been waiting nine months for an answer. “I know they’re doing their best,” she says of ONC. “I work with them pretty regularly. To my point earlier, in some cases, ONC didn’t think it through enough.”
Complexity of Changes
“It’s impossible for the average clinician to understand this reg,” said Joseph Cody, associate director of research and innovation policy at the American College of Cardiology, noting that he has spent more than the past year working on it full time.
Cody says the regulations represent “a pretty substantial change and one that will take some getting used to.” The rules are very technical and add a lot of uncertainty regarding how they apply to specific situations, he adds. Cody and the ACC have been actively trying to educated members on the regulation as it unfolds and has an extensive website geared toward how providers can comply.
Mariann Yeager, CEO of the interoperability leader The Sequoia Project, says Sequoia saw that the information blocking rules would be complicated and central to policy. The organization started a group to cover the evolution of the rules, even before the federal government proposed a rule, and it has been busy “unpacking the practical implications of it,” ever since.
“We knew the industry would need credible information looking across the healthcare ecosystem,” Yeager says. Sequoia has recently offered bootcamps to provide a deep dive in a structured way. They help attendees understand the rule, the anticipated enforcement, the exceptions and prepare for compliance. “We do this as part of a public good,” but there’s one more benefit, in that it responses and comments during those events aid the organization in giving feedback to regulators. With its first two bootcamps, Sequoia fielded some 1,500 questions, distilled them into a compelling list of Frequently Asked Questions, highlighting where there was confusion and sent it to ONC. A lot of the answers were found in ONC’s responses to those questions that the agency published as its own FAQ, Yeager says.
Applying Rules is the Key
In the long run, understanding these rules is situation-specific. “How do you apply this complex set of rules and make sure you’re clear on what the obligations are?” Yeager asks. Like Burchell, she would like to see specific guidance that informs organizations on allowable instances in which information sharing is not required.
The College of Health Information Management Executives (CHIME) has been working on getting some of its questions answered for its members, typically top HIT execs in healthcare organizations, said Andrew Tomlinson, director of federal affairs at CHIME. The organization would like to know what constitutes a request for information. Currently the regulation's text indicates that organizations don’t have to make data proactively available to patients, but you can’t delay giving information when it's requested. If the information is going to a portal, is that a request? If the data does not exist or is not available for access, is that going to be considered a delay?
Timing is also an issue, says Tomlinson. In a recent survey of its members, CHIME focused on the impact of COVID-19, with 75 percent of respondents reporting they were concerned about their ability to meet future information blocking requirements as a result of resource constraints related to the pandemic response.
“The laws have taken effect, so that’s locked in,” Tomlinson says. “What we would like right now is more certainty. For example, when will penalizing begin? It’s hard to plan and prepare without knowing those dates. It’s difficult for our members to juggle on the IT side; there are so many moving targets.”
Healthcare attorney Steve Gravely says he’d wager that “the vast majority of the industry” hasn’t been paying much attention to this rule yet. But, on the other hand, “wide swaths of the healthcare industry are very tuned in”—particularly HIEs, vendors and large health systems. Physicians and rural hospitals are less aware of the impending impact. Providers such as clinical labs, imaging, dieticians and social workers all will have to comply, all with varying resources to make system or workflow changes to adequately comply with incoming data requests in a timely manner.