Home  |   Subscribe  |   Resources  |   Reprints  |   Writers' Guidelines

E-News Exclusive

Information Blocking: It’s Time for Providers to Get in the Game

By Joe Licata

The release of information space continues to be a regulatory balancing act. For a number of years after HIPAA was enacted, the focus on protecting patient privacy was so strong that it led many people to think the “P” in HIPAA stands for privacy. (It doesn’t.) For the last several years, regulators have been keenly focused on expanding patient access. Now, information blocking (focus: access) is back in the news thanks to a new proposed rule related to provider-based disincentives.

Information blocking enforcement started with a focus on developers of health care IT, health information networks, and exchanges, with a June 2023 Final Rule that established penalties for that audience. Then in November, Health and Human Services’ Office of the National Coordinator for Health Information Technology, along with CMS, issued a proposed rule that outlines disincentives for health care providers. So, if you’ve been watching all this from the sidelines as a provider because enforcement was focused elsewhere, that just changed. Now is the time to get in the game.

Information Blocking 101
Information blocking is defined as a practice by an actor that’s likely to interfere with the access, exchange, or use of electronic health information. An actor can be an individual, entity or organization that engages in a practice that impedes access to electronic health information without a justifiable reason.

While the Information Blocking Final Rule has been around since 2021, penalties and disincentives were not established until the latter half of 2023. Enforcement of the June 2023 Final Rule just commenced on September 1, 2023, and the November 2023 Proposed Rule for providers will need to be finalized before an enforcement effective date. This means we have not yet seen real-world examples of violations and enforcement. In summary? It’s about to get real.

The November 2023 Proposed Rule: How Did We Get Here?
If you don’t follow the regulatory scene closely and this new rule caught you off guard, you’re not alone. But there’s no need to panic—these are still proposed rules, which means you have time to make the necessary changes to your release of information processes if needed before enforcement begins.

Summary of the Proposed Disincentives for Providers
The proposed disincentives revolve around various methods of CMS reimbursement for providers. While it may seem odd at first that this is tied to CMS, it actually makes sense if you think about it because participation in CMS programs provides Health and Human Services with an excellent authority “hook.”

The disincentives differ by CMS program, so here’s a breakdown of the disincentives outlined in the new proposed rule:

  • Who: Providers who participate in the Medicare Promoting Interoperability Program.
  • Proposed Disincentive: Providers will not be considered a meaningful EHR user for the applicable reporting period.
  • Impact: The provider would not qualify for the three-quarter annual market basket increase and will have its payment reduced to 100% of actual costs instead of 101%. It’s estimated that the median disincentive amount here would be $394,393.
  • Who: Clinicians who participate in a Medicare Advantaged Alternative Payment Model or minimum Merit-based Incentive Payment System.
  • Proposed Disincentive: Clinicians will receive a score of zero under Promoting Interoperability.
  • Impact: The clinician will not receive a threshold score required for receiving an upward adjustment of up to 9% of reimbursement under the Physician Fee Schedule, and instead would receive a downward adjustment of up to 9%. It’s estimated that the median disincentive amount here would be $686 per clinician.
  • Who: Provider organizations that are considered accountable care organizations (ACOs) under the Medicare Shared Savings Program.
  • Proposed Disincentive: ACOs will not be permitted to participate in Medicare’s Shared Savings Program for the applicable year.
  • Impact: An ACO would be disqualified from earning shared savings payments, which in 2022 totaled $2.3 billion for ACOs as a whole.
  • Who: All providers, regardless of CMS program.
  • Proposed Disincentive: The Office of the National Coordinator for Health Information Technology will publish a public list (much like the Office for Civil Rights Wall of Shame for HIPAA violations) that identifies all health care providers determined to have committed information blocking.
  • Impact: The list will include details such as name, address, practice, disincentives applied, and where to find more information. An appearance on this list would have a negative impact on the public perception and credibility of your organization.

Releasing Records in Light of This New Rule: What to Consider
The bottom line is that the best protection for your organization from this and any other potential regulatory hot water is to have a structured, uniform, and clearly documented process that’s followed for every single medical record release.

If you already have a clearly defined process for releasing medical records either internally or through a relationship with a vendor, that’s great news. But this new rule is a good reason to take a fresh look at your process and ensure that it appropriately balances the privacy protections of HIPAA with the access provisions of information blocking.

If you don’t already have a structured process in place, this should become a short-term priority. Gone are the days of a part-time staff member handling release for a few hours a week on their own—it’s just too complex now with the evolving regulatory oversight. Outlining, documenting, and following a structured process for release of information will not only help protect you from the proposed information blocking disincentives, but it’s also an important best practice for the overall safety and security of your patient’s data.

— Joe Licata is the chief operating officer and general counsel for HealthMark Group, where he is the driving force behind the company's commitment to operational excellence. He oversees day-to-day operations and collaborates with cross-functional teams to optimize processes that enhance patient care and drive success for the millions of patients and thousands of providers HealthMark serves.

Licata also is the leader for both the HealthMark privacy office and HIPAA steering committee, where he leverages his health care regulatory knowledge to ensure HealthMark maintains the highest standards for the handling and dissemination of confidential patient health information. He’s an active member of the Association of Health Information Outsourcing Services, the Association of Corporate Counsel, and the Texas Bar Association, Health Law Section. Licata’s professional experience includes expertise in process automation, privacy and security, internet and e-commerce transactions, HIPAA, and other health care regulatory matters. He holds a BS from Texas A&M University and a JD from Southern Methodist University, where he was a Walsh Scholar.

Great Valley Publishing Company
1721 Valley Forge Road #486
Valley Forge, PA 19481
Copyright © 2024
Publisher of For The Record
All rights reserved.
Contact
 About Us
Writers' Guidelines
Privacy Policy
Terms and Conditions