When the Health Information Technology for Economic and Clinical Health (HITECH) Act was introduced in 2009, one of its primary purposes was to increase adoption of electronic health records (EHRs) to make it easier for healthcare providers to share information about patients electronically.
Half of that goal was achieved. EHRs are now fairly ubiquitous, with 96% of non-federal U.S. acute care hospitals adopting a certified EHR and 86% of U.S. physicians adopting some form of EHR by 2017. Yet the actual patient information sharing aspects of HITECH (also known as “interoperability”) have continued to be stymied. This is due to several factors, including the use of proprietary data protocols by EHR vendors and a reluctance among providers to exchange data outside their practices or health systems.
The Office of the National Coordinator for Health Information Technology’s (ONC) 21st Century Cures Act final rule —designed to mitigate barriers to interoperability — was scheduled to go into effect on November 2, 2020.
However, just days before the effective date, the ONC extended the date to April 5, 2021, providing healthcare entities and vendors a very brief reprieve on a complex set of requirements whose preparation timeline has, in many cases, been usurped by COVID-19 and other market challenges.
Those impacted by the final rule, (also known as “actors”) should not view the date change as an opportunity to slow down planning, but to double-down on it. The final rule has complex new requirements for interoperability, as well as prohibitions against intentional information blocking. In practical terms, this means in cases where the Health Information Portability and Accountability Act (HIPAA) permits sharing of personal health information, the new final rule requires sharing the information electronically it upon demand with other providers or the patient unless the law preempts it or the provider meets an exception. Otherwise, the provider may be information blocking.
The final rule has 8 exceptions that permit providers to not share Electronic Health Information (EHI) under certain circumstances and not be subject to penalties for doing so. Briefly, the 8 exceptions that will not be information blocking are:
- Preventing Harm: An actor is permitted to not share EHI to prevent harm to a patient or another person, provided certain conditions are met.
- Privacy Exception: An actor is permitted to not fulfill a request to access, exchange, or use EHI in order to protect an individual’s privacy, provided certain conditions are met.
- Security Exception: An actor is permitted to interfere with the access, exchange, or use of EHI in order to protect the security of EHI, provided certain conditions are met.
- Infeasibility Exception: An actor is permitted to not fulfill a request to access, exchange, or use EHI due to the infeasibility of the request, provided certain conditions are met.
- Health IT Performance Exception: An actor is permitted to take reasonable and necessary measures to make health IT temporarily unavailable or to degrade the health IT’s performance for the benefit of the overall performance of the health IT, provided certain conditions are met.
- Content and Manner Exception: An actor is permitted to limit the content of its response to a request to access, exchange, or use EHI or the manner in which it fulfills a request to access, exchange, or use EHI, provided certain conditions are met.
- Fees Exception: An actor is permitted to charge fees, including fees that result in a reasonable profit margin, for accessing, exchanging, or using EHI, provided certain conditions are met.
- Licensing Exception: An actor is permitted to license interoperability elements for EHI to be accessed, exchanged, or used, provided certain conditions are met.
The COVID-19 pandemic underscores the pressing need for interoperability and the sharing of EHI — not just for direct care of individuals, but also for the improvement of population health management efforts and clinical research.
The final rule is designed to facilitate data exchange. Like any regulatory effort; however, there are many complexities which can make full compliance difficult and time consuming. Learn how to prepare for the ONC final rule regardless of effective date. Pivot Point Consulting can help both certified health IT vendors and healthcare providers assess their system, policy and workflow readiness and be fully prepared for when the final rule goes into effect on April 5, 2021.
For more information on the ONC’s final rule please contact us at for more info.