Monday, April 5th, marked the deadline for compliance with the information blocking regulations implemented by the Office of the National Coordinator for Health IT (ONC). As a follow-up to our earlier FAQs on these new rules, which can be found here and here, this is a third series of answers to the questions that we’ve been receiving.
What are the penalties for failure to comply with the information blocking regulations?
In the 21st Century Cures Act (the Cures Act), Congress established that developers of certified health IT and health information networks and exchanges would be subject to civil monetary penalties of up to $1M per violation for engaging in information blocking. Health IT developers are also subject to the Conditions of Certification under the ONC’s Health IT Certification Program. Proposed regulations pertaining to penalties are available here.
On the other hand, for health care providers, the penalties for failure to comply are still unclear. The Cures Act provides that health care providers who engage in information blocking may be subject to “appropriate disincentives” as set forth by the HHS Secretary. It is anticipated that regulations will be proposed soon to create these “disincentives.” For current participants in the Centers for Medicare and Medicaid’s (CMS) Merit-based Incentive Payment System (MIPS), attestations with respect to information blocking have been included for several years. As the definition of information blocking is now set through the ONC rules, failure to comply with the ONC rules could be viewed as a breach of the MIPS attestations.
In short, compliance with the new information blocking rules is now required, but the penalties for providers are not yet fully fleshed out.
Given that these large penalties can apply to a health information network (HIN) or health information exchange (HIE), can a health care provider also be an HIN or HIE?
A health care provider can be an HIN or HIE. An HIN/HIE is an individual or entity that determines, controls, or has the discretion to administer any requirement, policy or agreement that permits, enables or requires the use of any technology or services for access, exchange, or use of electronic health information:
- Among more than two unaffiliated individuals or entities (other than the individual or entity to which this definition might apply) that are enabled to exchange with each other; and
- That is for a treatment, payment, or health care operations purpose.
For example, a hospital system that provides its EHR system to independent community doctors will likely be treated as both a health care provider and an HIN/HIE.
Are providers now required to provide open access to their notes to patients?
In general, yes. As part of the United States Core Data for Interoperability (USCDI) data elements, clinical notes must be provided to the patient. These elements include consultation notes, discharge summary notes, history and physical, imaging narratives, laboratory report narratives, pathology report narratives, procedure notes and progress reports.
While this may be a change to many providers, patients have reported that having access to their notes has improved understanding of their health and medical conditions, helped them feel more in control of their care and to have more successful conversations and stronger relationships with their doctors. Given that notes will be open to the patient, providers should consider what they might do to make records understandable to patients, for example, writing out “shortness of breath” (as opposed to using the acronym SOB). Additional tips for how to write patient-accessible notes are available from the Open Notes website here.