HHS Urged to Extend Deadline for Compliance with Cures Act Information Blocking Requirements
The deadline for compliance with the information blocking requirements of the 21st Century Cures Act is October 6, 2022, after which the HHS can impose financial penalties and healthcare providers will be subject to appropriate disincentives if they are determined to have failed to facilitate the easy digital sharing of patient data.
Information blocking is defined as any practice by an entity that is likely to interfere with the access, exchange, or use of electronic health information that is not covered by eight exceptions. These new requirements were introduced pursuant to the 21st Century Cures Act to improve patient access to their medical records. From October 6, 2022, healthcare providers are required to start sharing the data of patients contained in a designated record set, as defined under HIPAA. Previously the data sharing mandates only required information to be shared that is contained in the USCDI.
Last week, 10 healthcare groups wrote to HHS Secretary, Xavier Becerra, to express their concern about the fast-approaching deadline. They explain that despite the best efforts of healthcare providers to comply with the information blocking regulations, many have been unable to achieve compliance and will be unable to do so in time. As such, they have requested the HHS extend the deadline for compliance by one year. They have also requested the HHS issue corrective action warning communications to healthcare providers and clinicians prior to imposing any financial penalty, disincentive, or before launching a formal investigation, to give them time to take action to correct the noncompliance.
The healthcare groups, which include the American Health Care Association (AHCA), American Hospital Association (AHA), American Medical Association (AMA), Association of American Medical Colleges (AAMC), and the College of Healthcare Information Management Executives (CHIME), explain that they have been working hard to help their members achieve compliance ahead of the deadline, but many of their members have faced challenges achieving compliance and will miss the deadline.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The healthcare groups stress that they understand the importance of improving patient access to digital medical records and the need to make that as easy as possible and that they strongly support the new regulations; however, “Despite our best efforts to educate our members, significant knowledge gaps and confusion still exist within the provider and vendors communities with respect to implementation and enforcement of information blocking regulations.”
One of the main issues is the widespread inability to support access, exchange, and use of expanded electronic health information (EHI). They explain that there is no clear definition of EHI and a lack of technical infrastructure to support the secure exchange of EHI. The Office of the National Coordinator (ONC) issued an infographic explaining EHI, but many healthcare providers found it confusing, and there are widely divergent approaches to how each healthcare provider has interpreted what is ePHI, DRS, and EHI.
Further, surveys of members have revealed many are confused about how the eight information blocking exceptions are applied, and when EHI cannot or should not be exchanged. Patients and providers alike have expressed concern about harm occurring when lab results and reports are released in instances of life-threatening or life-limiting diagnoses, and there are limited technical and policy guides to help providers protect highly sensitive health records, such as those related to mental health, substance abuse disorder, and reproductive healthcare information.
There is considerable confusion among large healthcare providers, but it is much worse for smaller healthcare providers with more limited resources, many of which are not aware of the policies and are heavily reliant on their vendors. That is a big problem, as vendor readiness is lagging. Many vendors do not plan to deliver the necessary upgrades until the end of the year, 3 months after the compliance deadline for providers. The deadline for certified vendors is one year and three months after the deadline for healthcare providers to comply with the changes.
In addition to extending the compliance deadline, the HHS agencies have been urged to engage more in education about the information blocking regulations and target the provider/clinician community, with a focus on small, medium, and lesser-resourced organizations. “Without real-world guidance, providers will continue to struggle with implementing internal policies to avoid allegations of information blocking,” explained the groups in the letter. As it stands, there are no indications that the HHS plans to extend the deadline for compliance.
