The Cures Act and information blocking: Is your healthcare organization compliant?
Information blocking defined
Information blocking refers to practices that prevent access, exchange, or use of electronic health information (EHI). Eight exceptions to the rule exist, include:
- Preventing harm
- Health IT performance
- Content and manner
For instance, an organization can limit the content of information in fulfilling a request to exchange EHI and can charge fees to access EHI, and these wouldn’t necessarily be considered information blocking.
What to know about the information blocking rule
Healthcare organizations should understand which of their team members has ownership for compliance around this regulation, evaluate activities that have occurred to become compliant with the rule, and inquire about actions planned for ongoing compliance. Legal, IT, and information privacy staff from across the organization should take part in these discussions.
Organizations should also review policies that address requests for access, exchange, or use of patient medical information. This is particularly important for situations where patients or their nonclinical caregivers are requesting electronic information.
Internal audit and compliance leaders should consider testing for compliance or consider including auditing these factors on audit plans.
Penalties for noncompliance with the information blocking rule
Actors may be investigated by the Department of Health and Human Services Office of Inspector General if they’re the subject of an information blocking claim. Penalties for noncompliance can be costly:
- Health IT developers of certified health IT, health information networks, and health information exchanges may be subject to civil monetary penalties up to $1 million per violation.
- Healthcare providers may be subject to disincentives, to be established by the government.
The information blocking rule is in effect and comes with potential costly penalties for noncompliance. Various electronic medical/health record companies used by many health systems and medical groups have adjusted system configurations and processes to support compliance. Even with the support of technology companies, healthcare organizations should understand what’s been done to comply with the rule and develop actions needed around any remaining gaps.