Healthcare providers are not required to do anything new or buy new software to comply with the upcoming Information Blocking Rule issued by the HHS Office of the National Coordinator for Health Information Technology (ONC). However, understanding how your current policies and procedures could conflict with the rule’s requirements is a good exercise to start now.
It is important to understand that this rule requires healthcare providers, health IT developers, and HIE/HINs to provide access to certain electronic health information unless one of the eight exceptions to the rule applies. See the February TMC newsletter for a list of those exclusions, which includes denying access if a state or federal law, including HIPAA, prohibits or limits access to the information.
In other words, if you are permitted to provide access to a patient’s electronic health information, you must provide it when requested. Electronic health information is ePHI (as defined in HIPAA) that is maintained in a designated record set. That is, the information about a patient contained in a healthcare provider’s medical records, billing records, or other records the provider uses to make decisions about that patient. The rule’s definition of EHI excludes psychotherapy notes and information gathered for preparation or use in a civil, criminal, or administrative action or proceeding.
Initially, healthcare providers will only be required to provide access to the data elements listed below. Starting October 6, 2022, access to the full designated record set will be required.
A good first step in reviewing your policies and procedures could be to compare the last 5 requests for records in electronic format made by a patient or their personal representative to your policy. Then answer questions like the following to identify areas of improvement.
- How many calendar days did the request take from the day it was received from the patient? What, if anything, do you need to change to reduce the time?
- Was your office able to provide the information electronically as requested or did it need to be provided in a different way? Can you improve the process?
- Was a fee charged to the patient for the electronic records? If so, was it for an item like a CDROM or a thumb drive? Only cost-based charges are allowable. The ONC states that patient portal or EHR access should be given at no cost to the patient.
- Has your office received any complaints in the last 12-18 months about access to medical records? What can you do to change policies or procedures to prevent these complaints?
If any policies or procedures are updated after your review, be sure to train your employees on the changes.
The HHS Office of Inspector General (OIG) is the primary enforcer of the rule but will coordinate closely with ONC and the HHS Office of Civil Rights. As of March 1, 2021, OIG has not released final guidance on penalties.
TMC will notify its clients throughout the month of March as new information and support documentation is published.