Enforcement of Information Blocking Penalties in Health Care IT Begins

Emma Trivax, Erin Whaley
Troutman Pepper
Contact
LinkedIn
Facebook
X
Send
Embed

Troutman Pepper

On September 1, the Department of Health and Human Services Office of Inspector General (HHS-OIG) will begin enforcing information blocking penalties against certain health care information technology (IT) actors as published in the HHS-OIG final rule on June 27.

The original information blocking rules are the combination of the two final rules published in May 2020 by the Centers for Medicare and Medicaid Services (CMS) and the Office of National Coordinator for Health Information Technology (ONC) that are intended to improve patient access to health information, with new standards that will reduce information blocking. "Information blocking" is defined as "a practice that interferes with, prevents, or materially discourages access, exchange, or use of electronic health information" [1] that is not otherwise protected or prohibited by other laws, such as the Health Insurance Portability and Accountability Act (HIPAA).

The original information blocking rules did not specify penalties for health care IT developers of certified health IT, health information exchanges, or health information networks. This lack of defined penalties prompted HHS-OIG to promulgate a corresponding rule to establish a clear framework for enforcement.

Currently, HHS-OIG's enforcement will only focus on penalties for health care IT developers of certified health IT, health information exchanges, or health information networks, as it is developing a separate rule for health care providers. At this time, HHS-OIG will prioritize information blocking enforcement in cases where health IT developers of certified health IT, health information exchanges, and health information networks engage in behavior that:

  • Resulted in, caused, or had the potential to cause patient harm;

  • Significantly impacted a provider's ability to deliver patient care;

  • Lasted a long time;

  • Caused a financial loss to a federal health care program, government entity, or private entity; or

  • Was performed with actual knowledge.

Compliance with information blocking rules will be critical for health IT developers of certified health IT, health information exchanges, and health information networks, as they will now be at risk for penalties when engaging in information blocking. The penalties include fines of up to $1 million per violation. Impacted organizations should take immediate steps to comply if they have not done so already. 

[1] The 21 st Century Cures Act, 42 U.S.C. 300jj-52.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Troutman Pepper | Attorney Advertising

Written by:

Troutman Pepper
Troutman Pepper
Contact
more
less

Troutman Pepper on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide