Compliance with Oct. 6 data blocking regulations will suffer without more clarity, stakeholders tell HHS

Twenty-eight health IT professional associations, provider organizations and other stakeholders are asking the Department of Health and Human Services (HHS) for more clarity and flexibility on how best to implement federal information blocking regulations set to go into effect Oct. 6.

In an Aug. 18 letter addressed to HHS Secretary Xavier Becerra, the groups warned that compliance will likely fall short if the agency doesn’t take additional steps to address “significant knowledge gaps … with respect to implementation and enforcement” that are commonplace among providers.

“Many independent, small, rural and solo medical practices are still unaware or underinformed about information blocking requirements. This likely plays a major role in allegations that providers are blocking access to patient data,” stakeholders including Ascension, Epic, Mayo Clinic, the American Medical Informatics Association and the Healthcare Information and Management Systems Society wrote.

The Oct. 6 regulations broaden the scope of information blocking rules put into effect in April 2021 that required health IT vendors, providers and health information exchanges to enable patients to access and download their health records with third-party apps. Under the rule, providers can't inhibit the access, exchange or use of health information unless the data fall within eight exceptions.

That initial pass generated hundreds of allegations of data blocking—particularly among providers—with HHS heads later acknowledging that more work needed to be done on enforcement and standardization.

Starting Oct. 6, the definition of electronic health information in the 21st Century Cures Act will expand beyond the U.S. Core Data for Interoperability (USCDI) Version 1 to all electronic protected health information that a patient has the right to access under the Health Insurance Portability and Accountability Act (HIPAA).

In this week’s letter, the groups lauded recent informational FAQ posts from the Office of the National Coordinator for Health Information Technology (ONC) but pushed HHS to release additional materials that dig into the details of October’s requirements.

At the same time, the organizations asked the department to accompany any outreach “that change or illuminate HHS’ interpretation of information blocking” with an enforcement grace period of at least six months.

“Giving regulated actors sufficient time to adapt their technology and compliance programs to meet the department’s policies will ensure the success of information blocking as a policy as well as contribute to changing the culture and environment of the health ecosystem to one that focuses on information sharing that leads to improvements in care delivery,” they wrote.

The groups also recommended that HHS:

  • Provide clear and detailed definitions of the “foundational concepts behind information sharing,” such as clarifying what exactly constitutes good information sharing practices.
  • Create and release additional FAQs that are based on individual use cases and scenarios to “give a greater degree of specificity and granularity than is currently covered in the FAQs on ONC’s website.”
  • Provide technical assistance to regulated actors and the broader community similar to how HHS’ Office for Civil Rights has assisted with HIPAA compliance.
  • Use the full weight of HHS and ONC’s communications machines to disseminate new information via newsletters, webinars, support lines and other mediums of open dialogue.  

"Overall, the undersigned organizations want to collaborate across HHS to create a culture of learning on information sharing to ensure that health data is flowing across the entire ecosystem," the groups wrote. "… Moreover, our organizations can help HHS publicize the availability of new information sharing resources, as well as how patients should think about using these new materials and the benefits of taking advantage of wider sharing of health information from these new regulations."

The letter’s full list of signatories is below.

  • AdventHealth
  • Alliance for Nursing Informatics (ANI)
  • American Academy of Family Physicians
  • American Academy of Neurology
  • American Heart Association
  • American Health Information Management Association (AHIMA)
  • American Medical Informatics Association
  • Ascension
  • Civitas Networks for Health
  • College of Healthcare Information Management Executives (CHIME)
  • Connected Health Initiative
  • Consortium for State and Regional Interoperability
  • Contexture
  • CyncHealth, Nebraska & Iowa
  • eHealth Exchange
  • Epic
  • Executives for Health Innovation
  • HIMSS Electronic Health Record Association
  • HIMSS New York State Chapter
  • Healthcare Leadership Council
  • Indiana Health Information Exchange
  • Marshfield Clinic Health System
  • Mayo Clinic
  • Medical Group Management Association (MGMA)
  • Partnership to Empower Physician-Led Care
  • Premier Inc.