The effective date for the Federal Information Blocking Rule has been postponed to April 2021.
The Information Blocking Rule applies to most healthcare providers as well as certain health technology vendors (“Affected Entities”) and prohibits interference with access to, or exchange of, electronic health information (“EHI”). This is especially challenging for providers who will need to meet two objectives: (1) continue to protect EHI, as required by HIPAA and other existing laws, and (2) ensure that patients and others are provided timely access to such information. Affected Entities that violate the Information Blocking Rule by engaging in prohibited information blocking practices will be subject to monetary penalties or other “disincentives.”
In order to avoid enforcement, Affected Entities will need to reconsider and update their current information handling practices. For example, HIPAA requires that providers respond to patient requests for medical records within 30 days. Unfortunately, 30 days is likely too long of a response time under the Information Blocking Rule. Instead, a provider using an EHR with portal capability should make the full medical record, including clinical notes and lab results, available to patients through the patient portal as soon as possible.
Other common practices that may be problematic under the Information Blocking Rule — even if they are permitted by HIPAA and/or state laws — include:
- Failing to provide information to other treating providers expeditiously and in a commonly accepted electronic format.
- Withholding any clinical notes or emergency room visit records from a patient’s EHR portal.
- Delaying release of laboratory test results until a patient visits with the ordering provider.
- Withholding an entire medical record when only part of it contains information that cannot legally be disclosed to the patient or requestor.
- Requiring onerous medical record access procedures, such as notarization or an in-person visit to request access.
There are a number of exceptions that function as safe harbors for certain practices. For example, providers cannot be required to disclose EHI if such disclosure is prohibited by law. Other exceptions focus on areas such as privacy rights, security requirements and protecting patients from harm. These safe harbors can be useful in operationalizing the Information Blocking Rule.
* * * * *
Click Here to download the Legal Alert.