There's been some debate over who owns your personal electronic health information, but the law says it's the patient's right to access that without unnecessary barr...
There’s been some debate about who owns your personal electronic health information and whether it’s best for patients to see information before providers can discuss it with them. I fall on the patient access side. I want to read, research and reflect on my own results. For me, this leads to a more educated and robust discussion with my health care team. Others may not want to view their results before talking with their physician. I fully support that too. Either way, the decision should be the patients to make. That’s what a proposed rule continues to implement as a part of the larger 21st Century Cures Act (Cures Act) enacted in 2016. We have your update on what you need to know related to information blocking.
Background
The crux of information blocking is interfering with or materially discouraging a patient’s ability to see, use and access their own electronic health information. For example, how your technology or systems are configured or placing fees on patient access could potentially cross into info blocking. If you do so, you could face lower reimbursements or be excluded from value-based programs under the long-awaited proposed information blocking regulation just released by the Centers of Medicare & Medicaid Services (CMS) and the Office of the National Coordinator (ONC). The proposal creates provider penalties (called “disincentives” under the Cures Act statute). The law also included eight exceptions to the rule, which were finalized in a different rule. Also finalized in another rule are civil monetary penalties for IT/EHR vendors and HIEs that are found blocking information.
It’s important to note that health care provider [PDF] under the CURES Act is defined very broadly:
“hospital; skilled nursing facility; nursing facility; home health entity or other long term care facility; health care clinic; community mental health center; renal dialysis facility; blood center; ambulatory surgical center; emergency medical services provider; federally qualified health center; group practice; pharmacist; pharmacy; laboratory; physician; practitioner; provider operated by or under contract with the Indian Health Service or by an Indian tribe, tribal organization, or urban Indian organization; rural health clinic; covered entity under 42 U.S.C. 256b; ambulatory surgical center; therapist; and any other category of health care facility, entity, practitioner, or clinician determined appropriate by the HHS Secretary.”
However, the penalties in this most recent proposed rule apply only to a subset of providers who participate in certain Medicare programs. That is why CMS also asks for comments and information on additional penalties the agency should consider in future rulemaking, particularly for providers not covered under this proposal, such as laboratories and post-acute.
Proposed Rule
Under the proposal, following an investigation through which the Office of the Inspector General (OIG) determines a health care provider has committed information blocking and OIG’s referral of this determination to an appropriate agency, the health care provider would be subject to the following penalties.
Hospitals, Critical Access Hospitals (CAH)
Hospitals that are eligible to participate in the Medicare Promoting Interoperability (PI) Program and found to engage in information blocking would not meet the requirements of the PI program. As such, the annual update from Medicare would be reduced by 75%. For CAHs (cost-based), the reduction would be 1% (from 101% to 100%).
CMS simulated the impact using a 3.2% proxy update, estimating the median impact would be a reduction of $394,353, and a 95% range of $30,406 to $2,430,766 across eligible hospitals. CMS proposes to use the payment adjustment year associated with the calendar year in which the OIG referred its determination to CMS.
Medicare Providers (MIPS)
For physicians and other providers eligible to participate in the merit-based incentive payment system (MIPS) under the Quality Payment Program, CMS proposes that a provider committing information blocking cannot be a meaningful EHR/CEHRT user. If MIPS eligible clinicians cannot be a meaningful user of CEHRT then they cannot satisfy the requirements of “promoting interoperability.” As such, they’d earn a score of zero for this performance category with the maximum final score even possible being 75 points.
CMS analyzed the range of potential penalties using the most recent year of MIPS public data, 2021, and estimated an amount of $686 and a 95% range of $38 to $7,184 across all eligible clinicians (including those who may have been in a group). Based on the median estimated disincentive amount of $686 and estimated median group size of six clinicians, the estimate group disincentive was $4,116 and a range of $1,372 to $165,326 for group sizes ranging from two to 241 clinicians.
Medicare Providers (MSSP)
For Medicare’s main Accountable Care Organization (ACO)—the Medicare Shared Savings Program (MSSP)—CMS proposes those who are ACOs, ACO participants, or ACO providers/suppliers who engage in information blocking will be prohibited from participating in the MSSP for at least 1 year.
Notice, Transparency
The proposed rule indicates that notice of information blocking will be sent to the providers from the appropriate agency and include:
- A description of the practice or practices that formed the basis for the determination of information blocking referred by OIG
- The basis for the application of the disincentive or disincentives being imposed;
- The effect of each disincentive
- Any other information necessary for a health care provider to understand how each disincentive will be implemented
The Office of the National Coordinator will publicly release the names of those found to be blocking information.
8 Existing Exceptions
In an earlier regulation, federal regulators finalized a series of exceptions to the information blocking requirements. Those exceptions fall into two categories:
- Exceptions that involve not fulfilling requests to access, exchange, or use EHI. These exceptions include preventing harm, privacy, security, infeasibility, and health IT performance.
- Exceptions that involve procedures for fulfilling requests to access, exchange, or use EHI. These exceptions relate to content and manner, fees, and licensing.
Most likely, the ability to use one of these exemptions will fall under a case-by-case basis so it will be important to not rely on one of these without fact-specific assessments.
Next Steps
The proposed penalties will vary by provider or group having been found blocking information. This is due to the nature of the existing programs into which the blocking penalties are incorporated. For example, if a provider is already not a meaningful EHR user and is also found to have blocked information, there is no additional penalty applied. On the other hand, a provider who is a meaningful EHR user who is found blocking information would then be negatively impacted. Another example is when there are multiple instances of information blocking, CMS proposes the penalty applies only once.
What’s interesting is that the same finding of information blocking would result in a steep penalty for some while being a negligible impact for others. It will be interesting to see the comments to this proposed rule and whether changes will be made to reflect more consistency in impact. Additionally, it will be interesting to see what comments come in related to other health care providers, such as labs, post-acute, among others. All comments will be accepted through January 2, 2024.
Transparency and the ability for patients to see/access/use their own electronic medical information is not going away. In fact, it’s the basis of many federal activities that are moving payment and providers towards more patient-centered care.
These proposed penalties are not in effect yet but will be once the rule is finalized. Now is the time to consider your policies and procedures for when patients ask for their own electronic health information. It’s also the time coordinate with your EHR/IT vendor with technology/configuration questions related to Cures Act requirements.
Additional Resources
Want to learn more? Complete the form below and we'll be in touch. If you are unable to see the form below, please complete your submission here.Contact us