Blog

Health Law News

Print PDF

ONC Proposes Rule Clarifying Information Blocking Issues

Posted on May 17, 2023 in Health Law News

Published by: Hall Render

On April 18, 2023, the Department of Health and Human Services Office of the National Coordinator for Health Information Technology (“ONC”) published a Proposed Rule titled “Health Data, Technology and Interoperability: Certification Program Updates, Algorithms, Transparency and Information Sharing” (“Proposed Rule”).  

The Proposed Rule is intended to serve a variety of purposes, including implementing provisions of the 21st Century Cures Act. One objective is to provide enhancements to support information sharing under the Information Blocking regulations at 45 C.F.R. Part 171 to advance interoperability, improve transparency, and support the access, exchange, and use of electronic health information (“EHI”). Although the Proposed Rule addresses other important proposed updates related to the ONC Health IT Certification Program and electronic health records (“EHRs”), we will focus on the pertinent and noteworthy changes regarding Information Blocking enhancements under Section IV of the Proposed Rule in this publication. Public comments on the proposed changes will be due by 5:00 p.m. on June 17, 2023.

Proposed Changes to the Information Blocking Regulations: 

  • Clarifying an “Offer” of Health Information Technology (“IT”):
    The Proposed Rule aims to provide clarity surrounding its applicability to those “offering health information technology” by defining such term to include certain exclusions related to providers that are not themselves responsible for the design features or that simply provide subsidies for obtaining certified electronic health record technology (“Certified HIT”) and to exclude certain activities customary and common amongst both health care providers that purchase Certified HIT from a commercial developer or reseller and health care providers that self-develop certified health IT. ONC stated that its goal, in part, was: “(1) to encourage beneficial arrangements under which providers in need can receive subsidies for the cost of obtaining, maintaining, or upgrading Certified HIT; or (2) to give health care providers (and others) who use Certified HIT concrete certainty that implementing certain Certified HIT features and functionalities, as well as engaging in certain practices that are common and beneficial in an EHR-enabled health care environment, will not be considered an offering of Certified HIT (regardless of who developed that health IT).”

Currently, the definition of “Health IT Developer of Certified Health IT” states that it includes in its scope “an individual or entity, other than a health care provider that self-develops health IT for its own use, that develops or offers health information technology” and has one or more modules certified under the ONC Health IT Certification Program. The Proposed Rule would modify that definition to refer to “an individual or entity, other than a health care provider that self-develops health IT not offered to others, that develops or offers health information technology,” and has one or more modules certified under the ONC Health IT Certification Program. It would also add a definition of “offer health information technology or offer health IT” as meaning “to hold out for sale, resale, license, or relicense; or to sell, resell, license, relicense, or otherwise provide or supply health information technology (as that term is defined in 42 U.S.C. 300jj(5)) that includes one or more Health IT Modules certified under the ONC Health IT Certification Program, for use by other individuals or entity(ies) under any arrangement.” However, it would expressly exclude the following arrangements:

  • Donation and subsidized supply arrangements when an individual or entity donates, gives, or otherwise makes available funding to subsidize or fully cover the costs of a health care provider’s acquisition, augmentation, or upkeep of health IT, provided such individual or entity offers and makes such subsidy without condition(s) limiting the interoperability or use of the technology to access, exchange or use electronic health information for any lawful purpose.
  • Certain implementation and use activities conducted by an individual or entity to permit access systems for permissible employment, treatment, payment, health care operations and public health-related purposes or to make available certain technology (e.g., online portals or application programming interfaces) that supports access, exchange or use of EHI that the individual or entity has in its possession, custody, control, or ability to query or transmit from or across a health information network or health information exchange for permissible purposes.
  • Certain consulting and legal arrangements, such as:
  • Outside counsel providing legal services for clients’ health IT contracts and disputes, including limited EHI access for legal discovery.
  • Health IT consultants offering expert advice and assistance in defining business needs, evaluating and selecting products and overseeing implementation without selling or supplying the products.
  • Management consultants acting as providers’ agents in dealing with health IT developers/vendors and managing day-to-day operations and administrative duties.

Health care providers who self-develop certified health IT will continue to be excluded from the definition of a developer if they supply their self-developed certified health IT to others under arrangements or pursuant to activities excluded from the definition of what it means to offer health IT. This provides them the same protection as those offering third-party health IT to others under excluded arrangements or activities.

  • Infeasibility Exception Update: The “Infeasibility Exception” permits an actor to not fulfill a request for the use, exchange, or access of EHI if infeasible to do so and the actor satisfies the condition of one of the pertinent sub-exceptions. ONC proposed three modifications to this exception, including two new sub-exceptions.  
  • Uncontrollable Events: The Proposed Rule seeks to clarify that the uncontrollable events sub-exception only applies if the reason for being unable to fulfill a request is caused by an event that is out of the control of the actor. ONC proposes to revise the condition by replacing the words “due to” an uncontrollable event with “because of” an uncontrollable event and provide protection to an actor who denies a request where an uncontrollable event did, in fact, negatively impact the ability of that actor to fulfill the request. ONC welcomes additional comments on this change and whether further clarification is needed. 
  • Third-Party Modification: The Proposed Rule proposes a new sub-exception that would permit an actor to deny a request to enable the use of EHI to modify it (including the creation or deletion functionality) provided the request is not from a health care provider requesting such use from an actor that is its business associate. This is an important update to the regulations for health care providers that rely on the integrity of the record and change control processes for treatment and patient safety purposes that expressed concerns about being required to enable external sources to modify EHI. 
  • Manner Exception Exhausted: The Proposed Rule also proposes a new sub-exception that would permit an actor to deny a request where the process outlined in the Content and Manner Exception has been exhausted and the parties were unable to reach an agreement so long as the actor does not provide the same access, exchange, or use of the requested EHI to a substantial number of individuals or entities that are similarly situated to the requester. 
  • Manner Exception Update: The “Content and Manner Exception” would be renamed given the proposed removal of the content sub-exception and add provisions to address the provision of EHI utilizing the Trusted Exchange Framework and Common Agreement (“TEFCA”). 
  • Content Sub-Exception: The content sub-exception is no longer necessary, given the expansion of the term EHI beyond USCDIv1 in October of 2022. Therefore, ONC proposes deleting this sub-exception and modifying a few other provisions of the regulations to remove its reference. 
  • TEFCA Manner: As part of its efforts to promote health information interoperability nationwide, ONC introduced TEFCA to establish a universal floor for interoperability across the country. According to ONC: “The Common Agreement will establish the infrastructure model and governing approach for users in different networks to securely share basic clinical information with each other—all under commonly agreed-to expectations and rules and regardless of which network they happen to be in. The Trusted Exchange Framework describes a common set of non-binding, foundational principles for trust policies and practices that can help facilitate exchange among [health information networks].” 

While participation in TEFCA is voluntary, the Proposed Rule aims to expand participation by permitting TEFCA-qualified health information networks (“QHINs”), their participants and sub-participants to satisfy the exception by offering to fulfill a request for EHI access, exchange, or use for any purpose permitted under the Common Agreement and Framework Agreement(s) from any other QHIN, participant, or sub-participant using connectivity services, QHIN services, or the specified technical services in the applicable Framework Agreement available to both parties. When offering EHI in such a manner, the actor would be relieved from having to offer EHI in an alternative manner and any fees or license of interoperability elements to fulfill the request would not have to meet the Fees Exception or Licensing Exception, respectively. The terms used in the exception are defined to align with the definitions provided under TEFCA. Notably, they are limited to United States entities who enter into adequate agreements pursuant to TEFCA related to the QHIN transmitting and receiving information via QHIN-to-QHIN exchange on behalf of the entity for certain purposes supported by TEFCA.

Providing Comments 

Health care providers, health information technology developers and other actors subject to the Information Blocking regulations should review the Proposed Rule’s changes to determine the potential impact on their operation and determine whether to submit a comment to support, question, clarify, or challenge an of the proposed changes. Comments are due by 5:00 p.m. on June 20, 2023 and should be identified by RIN 0955–AA03 and submitted via the Federal eRulemaking Portal, regular, express, or overnight mail, hand delivery or courier to the addresses and following the instructions based on the delivery type provided in the Proposed Rule.

If you have any questions, would like assistance preparing public comments or would like additional information about this topic, please contact: 

Hall Render blog posts and articles are intended for informational purposes only. For ethical reasons, Hall Render attorneys cannot—outside of an attorney-client relationship—answer specific questions that would be legal advice.  

If you have any questions, please contact one of the following or your regular Hall Render attorney.

Jeffrey W. Short's Photo

Jeffrey W. Short

(317) 977-1413

Email
Michael T. Batt's Photo

Michael T. Batt

(317) 977-1417

Email
Stephane P. Fabus's Photo

Stephane P. Fabus

(414) 721-0904

Email
Waseem Chachar's Photo

Waseem Chachar

(317) 977-1496

Email

Related Services

Dropdown arrow

Blog Categories

Archives