Information Blocking Compliance FAQs
When do EHI Actors Need to Comply?
Beginning April 5, 2021, actors were required to fulfill requests for access, exchange or use of electronic health information (EHI) from patients and authorized third parties, unless the request meets exception criteria. Until October 5, 2022, the data to which EHI actors must provide access, exchange and use (for purposes of the information blocking definition) is limited to the EHI that is represented by data classes and elements within the United States Core Data for Interoperability (USCDI).
Who Is Considered an Actor?
Three categories of "actors" are regulated by the information blocking section of the ONC 21st Century Cures Act Final Rule: Health Care Provider, Health Information Network or Health Information Exchange; and Health IT Developer of Certified Health IT. Get additional clarification here.
What Type of Requests Are Excepted?
There are eight types of exceptions: Preventing Harm; Privacy; Security; Infeasibility; Health IT Performance; Content and Manner; Fees; and Licensing. Read through key criteria of each exception here.
What Specific Standard or Functionality Is Required to Fulfill Information Sharing Requests?
The information blocking regulations do not require the use of any specific standard or functionality to fulfill information sharing requests. Before October 6, 2022, an actor may fulfill a request with the EHI identified by the data elements represented in the USCDI standard, first in the manner requested and, if not, in an alternate manner agreed upon with the requestor, following the order of priority specified in the exception.
Are Actors Required to Have or Use Health IT Certified Under the ONC Health IT Certification Program?
No. Actors subject to the information blocking regulations, such as clinicians, are not required to immediately upgrade their certified health IT if they also happen to participate in a separate regulatory program that requires the use of certified health IT, such as the Center for Medicare and Medicaid Services' Promoting Interoperability Programs.
Does EHI Need to Be Proactively Available When It Has Not Been Requested?
There is no requirement under the information blocking regulations to proactively make available any EHI to patients or others who have not requested the EHI. However, any unnecessary delays or other unnecessary impediments in the release or availability of EHI in response to a request for legally permissible access, exchange, or use of EHI could implicate the information blocking provisions and result in violations.
How Are Information Blocking Regulations Enforced?
Enforcement of the information blocking regulations depends upon the type of actor that is subject of an enforcement action. For health IT developers and health information networks/HIEs, the Department of Health and Human Services (HHS) Office of the Inspector General is currently engaged in rulemaking to establish enforcement dates but has not finalized any process. For health care providers, HHS must engage in future rulemaking to establish appropriate disincentives as directed by the 21st Century Cures Act and an enforcement process has not been established.