Measure your identity data management maturity. Take our 5-minute maturity assessment now

Understanding information blocking in healthcare: Laws, regulations, and implications 

Digital engagement/Healthcare interoperability

In the ever-evolving landscape of healthcare, accessibility and exchange of patient information are vital for providing quality care. However, a significant challenge known as information blocking has the potential to disrupt the flow of patient data. In this blog post, we will explore what information blocking is, the key federal laws and regulations surrounding it, and its implications for healthcare professionals. 

What is information blocking? 

Information blocking refers to practices that interfere with the access, exchange, or use of electronic health information (EHI) when it’s needed for patient care. These practices can take various forms, including technical barriers, excessive fees, and policies that hinder the sharing of EHI. Information blocking can disrupt the continuity of care and impact patient outcomes. 

Key stakeholders involved in information blocking include healthcare providers, health IT developers, and health information exchanges (HIEs). The effects of information blocking ripple through the entire healthcare ecosystem, affecting patients and providers alike. 

The current landscape of information blocking 

Historical challenges 

Historically, the healthcare industry faced various challenges in sharing patient information electronically. Fragmented systems, varying standards, and a lack of interoperability hindered the seamless exchange of data. 

Introduction of federal laws and regulations 

In response to these challenges, several federal laws and regulations have been introduced to combat information blocking: 

  • Health Insurance Portability and Accountability Act (HIPAA) (1996): HIPAA required the creation of national standards to protect sensitive patient information. To accomplish this goal, the U.S. Department of Health and Human Services enacted the HIPAA Privacy Rule. The rule details how protected health information (PHI) can be used and disclosed to allow the flow of health information while protecting PHI. Unlike the Information Blocking Rule, which only applies to electronic information, HIPAA also covers paper and verbal information. 
  • 21st Century Cures Act (December 13, 2016): The 21st Century Cures Act was enacted to address several critical healthcare issues, including promoting interoperability and improving patient access to health information. It aimed to accelerate medical product development and innovation while ensuring that patients could access their health data more easily. 
    • Prohibition of information blocking: The Act prohibits practices that interfere with the access, exchange, or use of EHI. Healthcare providers and IT developers must avoid any actions that hinder the flow of information. This includes practices such as unreasonable delays in providing patient records or charging exorbitant fees for data access.
    • Exceptions to information blocking: While the Act prohibits information blocking, it also defines eight exceptions. These exceptions are essential to protect patient privacy and data security. For example, healthcare providers can withhold patient data in situations where sharing the information could harm the patient. 
    • Penalties for non-compliance: Non-compliance with the 21st Century Cures Act can result in penalties for healthcare providers and IT developers. These can include fines and exclusion from federal healthcare programs, underscoring the importance of compliance. 
  • Health IT Certification Program (2010): The Health IT Certification Program was established to ensure that health IT systems meet specific criteria for interoperability. Certified systems are required to meet certain standards, ensuring that they can effectively exchange EHI with other systems. This program plays a crucial role in advancing interoperability across the healthcare landscape. 
  • ONC Information Blocking Rule (May 1, 2020): The Office of the National Coordinator for Health IT (ONC) issued the Information Blocking Rule to provide additional clarity and enforcement around information blocking: 
    • Overview of the rule: The ONC Information Blocking Rule provides a detailed framework for defining and addressing information blocking practices. It clarifies what constitutes information blocking and provides guidance on compliance. 
    • Definition of Health IT developers: The rule outlines the responsibilities of health IT developers, emphasizing their role in promoting interoperability and the free flow of EHI. Health IT developers are expected to make necessary changes to their systems to ensure compatibility and data exchange. 
    • Responsibilities of healthcare providers: Healthcare providers are also subject to the rule’s provisions. They must refrain from information blocking practices that hinder patient care and data exchange. This includes timely sharing of patient records with authorized entities. 
    • Examples of information blocking: The rule provides concrete examples of actions that may constitute information blocking, helping healthcare professionals understand what to avoid. For instance, refusing to share patient records with another healthcare provider for the purpose of care coordination can be considered information blocking. 

Implications of information blocking 

How information blocking affects workflow 

Despite increased attention to the topic, many healthcare organizations still struggle with information blocking. In a survey of 2092 hospitals, 42% of responding hospitals indicated perceiving that at least one of the actors (health IT developers, healthcare providers, HIEs) either sometimes or often engaged in information blocking. Of these actors, healthcare providers were identified as the most common culprit, with over a third of hospitals identifying them as engaging in information blocking. Interruptions in accessing critical patient information can lead to delayed care, duplicate testing, increased costs, and misdiagnoses, which is why avoiding information blocking is of vital importance.  

Strategies to avoid information blocking 

To ensure compliance with the 21st Century Cures Act and the ONC Information Blocking Rule, healthcare professionals and IT developers must adopt strategies that promote interoperability and the responsible sharing of patient information. As a first step, providers should identify whether a compliance program is already in place and make sure they are familiar with it. It is especially important that policies address each information blocking exception before an exception is applied. Additionally, organizations should ask themselves what technological challenges requesters may face, especially patients and non-clinical caregivers. 

Organizations should also be aware that all information beyond EHR data needs to be shared. ONC does not differentiate whether information is captured in an EHR system or comes from a different source, such as radiology or dialysis systems. It is therefore important that information is organized, accessible, and consistent across disparate data sources to comply with information sharing requests in an efficient manner. A master data management system purpose-built for healthcare (hMDM) is an essential tool for connecting information about every individual across an entire enterprise and ensuring compliance with the Information Blocking Rule. 

An hMDM tool can also help organizations prepare for increased data exchange as a result of the Information Blocking Rule. As more patient information is shared between health systems, organizations will inevitably come across low-quality data or information about patients who already exist in the receiving system. A good identity management solution should be able to reconcile data even when information is outdated, missing, or incorrect.  

Any compliance program should be reviewed on a regular basis. Conducting staff training that covers information blocking rules is of equal importance. 

Benefits of compliance 

Compliance with information blocking regulations ultimately benefits healthcare professionals and, more importantly, patients. Better data exchange improves patient care and outcomes by enhanced coordination between providers. It also reduces the need for duplicate testing and unnecessary procedures or treatments, resulting in cost savings for patients and healthcare providers. Compliance also helps organizations avoid legal ramifications and costly penalties – which are up to $1 million per violation if a health IT developer of certified health IT, HIE, or health information network is found to have committed information blocking. In October 2023, HHS published a proposed rule with disincentives specifically aimed at healthcare providers participating in certain Medicare programs.

Understanding information blocking is essential for healthcare professionals to navigate the evolving healthcare landscape successfully. Compliance with the 21st Century Cures Act and the ONC Information Blocking Rule is critical for ensuring the seamless exchange of patient information, ultimately leading to better patient outcomes and improved healthcare delivery.