Health Data: Privacy, Patient Access, Interoperability, and Information Blocking

Since the enactment of the Health Information Technology and Clinical Health (HITECH) Act of 2009, the Department of Health and Human Services (HHS), particularly its Office of the National Coordinator for Health IT, has been focused on facilitating the free flow of electronic health information among health care providers, payors, and patients – commonly known as “interoperability.” In 2016, the 21st Century Cures Act (Cures Act) strengthened the agency’s authority to promote interoperability by imposing a new legal prohibition against information blocking – defined as any practice that is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information – and further requirements elevating the primacy of ensuring patients’ access (based on the Cures Act and other statutory authority):

On March 9, 2020, through ONC and CMS, HHS promulgated final rules that detail the regulatory and enforcement framework that will govern health care stakeholders’ obligations regarding interoperability, information blocking, and patient access:

• The Office of the National Coordinator for Health IT (ONC) published Final Rule: 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program, implementing provisions in Title IV of the 21st Century Cures Act that will significantly impact relationships among various entities in the health care industry and their relationships with consumers.
• The Centers for Medicare and Medicaid Services (CMS) published Medicare and Medicaid Programs; Patient Protection and Affordable Care Act; Interoperability and Patient Access for Medicare Advantage Organization and Medicaid Managed Care Plans, State Medicaid Agencies, CHIP Agencies and CHIP Managed Care Entities, Issuers of Qualified Health Plans on the Federally-facilitated Exchanges, and Health Care Providers, specifying new requirements for individual data access impacting health plans and providers participating in federal health care programs.

Both regulations will impact existing agreements, policies, and partnerships with other health care stakeholders. In the case of information blocking, penalties can be up to $1 million per violation for many actors.

Below is a list of links to key resources and analysis that will assist you and your organization in determining the policies, procedures, and business arrangements that will need to be reviewed for compliance with these key health IT regulations, as well as others that may govern your operations and relationships with health care providers, payers, and patients.

Summaries of Final Rules (March 2020)

• HHS Finalizes Sweeping Regulations on Interoperability of Health Information and Information Blocking
• CMS Finalizes New Requirements on Health Plans to Release Health Data; Updates Medicare Conditions of Participation for Hospitals to Send Electronic Notifications

Relevant Blogs and Analysis for Stakeholders

• SAMHSA's "Final" Substance Use Disorder Records Confidentiality Rules: a Short-Term Change Towards Further Alignment with HIPAA in 2021
• OIG Seeks Comment on Key Enforcement Parameters and Deadlines For Information Blocking; HHS Delays Enforcement
• Easy Compliance Reference Chart for ONC and CMS Interoperability Rules
• Practice Fusion Settlement Highlights Government’s Increasing Focus on Health Information Technology Certification and Financial Relationships in Enforcement Actions
• HHS Proposes Changes to Substance Use Disorder Data Confidentiality Rules to Improve Care Coordination
• New Proposed Rules on Confidentiality of Substance Use Disorder Data Would Address Care Coordination and Law Enforcement Challenges
• HIPAA Spring Cleaning! Tidying Up Penalty Limits and FAQs on Patients’ Right of Access
• Modernizing HIPAA to Pave the Way for Value Based Care
• Closing the Health Information Privacy Divide

For more information, please subscribe to C&M’s Health Law Blog by clicking here.

Summaries of Proposed Rules (February 2019)

• ONC Proposes Regulations on Health IT Certification and Information Blocking
• CMS Proposes New Requirements on Health Plans to Release Data

Information About Other Relevant Regulations Under Development

•  The HHS Office of Civil Rights’ Request for Information
• Trusted Exchange Framework and Common Agreement

Key Federal Regulations, Policies, and Guidance

• ONC Cures Act Final Rule
• CMS Interoperability and Patient Access Final Rule
• Information Blocking Congressional Report
• ONC Blog’s “Blocking of Health Information Undermines Health System Interoperability and Delivery Reform”

Our Team

Crowell & Moring’s Digital Health team helps leading companies and innovators navigate emerging business opportunities and the regulatory challenges that follow. Our first-hand experience on digital health issues—including data use and interoperability, direct-to-consumer applications, telemedicine, health IT safety and oversight, reimbursement, electronic health records, value-based care, and new product and service development—provides clients with unparalleled insight into the competitive landscape and the objectives of regulators and lawmakers for the expansion of digital health and health IT-driven care coordination and data sharing models.