Commentary
Article
Author(s):
"Urologists may wish to review their policies for patient portal, responding to requests for records, and supporting the concept of a shared electronic record," writes Robert A. Dowling, MD.
I recently wrote about the evolution of patient access to health care information from the age of “information asymmetry,”where only providers held medical records, to the current expectation of timely, unrestricted patient access to a shared record.1 This transition has been enabled by the ubiquitous implementation of electronic health records (EHRs), the Health Insurance Portability and Accountability Act (HIPAA) privacy rule’s right of access, and—separately—Section 4004 of the 21st Century Cures Act. The latter defined a new concept called “information blocking,” which holds certain entities accountable for behaviors that impede patients’ timely, unrestricted access to their health information. In this article, I will review some important updates about information blocking that could affect urology practices.
The premise underlying the concept of information blocking is simple: Patient access to, and sharing of, health care information should be the expected norm in the digital age. All certified EHR systems and their users are technically able to meet this expectation, so there should be consequences if an actor unreasonably interferes with that access or exchange of information. Of course, the devil is in the details. The precise definition of information blocking is a practice that, except as required by law or covered by an exception, is likely to interfere with access, exchange, or use of electronic health information and that if conducted by a health care provider, the provider knows that such practice is unreasonable and likely to interfere with access, exchange, or use of electronic health information.2
How could urologists knowingly or unknowingly commit information blocking? Some examples include the following: refusing a request to disclose to the patient the result of their radiology exam or their biopsy results until their next appointment; configuring a patient portal in a manner that does not allow a patient to access lab results that are available to the urologist; and a policy of systematically excluding progress notes from timely portal access by patients. According to the Office of the National Coordinator for Health Information Technology, the regulator responsible for implementing this part of the Cures Act: “It would likely be considered…information blocking if a health care provider established an organizational policy that, for example, imposed delays on the release of lab results for any period of time in order to allow an ordering clinician to review the results or in order to personally inform the patient of the results before a patient can electronically access such results.”3
There are 2 important updates in the realm of information blocking. First, the “information” referred to in information blocking was initially limited to a standard subset of protected health information (ePHI) called the United States Core Data for Interoperability until October 2022.4 Although that set of information is very comprehensive and would cover most medical records content, there remained early concern by actors about what was included or excluded. That limitation has now passed and any ePHI in the designated record set (DRS) is information that can be blocked. The DRS is broadly defined as medical records and billing records about individuals; enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; and other records that are used, in whole or in part, to make decisions about individuals. The last clause is particularly broad and could invoke electronic messaging systems, patient navigation, and even analytic solutions if the information is used to make decisions about patients.
The second major update has to do with enforcement. When CURES was implemented in 2020, the enforcement activity regarding information blocking was clarified for health information technology developers and health information exchanges, but not for health care providers. To wit, the Office of the Inspector General (OIG) of the US Department of Health and Human Services said at the time, “If OIG determines that a health care provider has committed information blocking, it shall refer such health care provider to the appropriate agency for appropriate disincentives. The appropriate agency and appropriate disincentives will be established by the Secretary in future notice and comment rulemaking.”5 On October 30, 2023, a proposed rule was released that establishes the disincentives (penalties) for health care providers that engage in information blocking.6 These proposed penalties are limited to Medicare providers and do not address information blocking by those who do not participate in Medicare. (From a practical perspective, most urologists are Medicare providers.) The proposed rule would establish that a health care provider that commits information blocking and is a Merit-based Incentive Payment System (MIPS)-eligible clinician would not be considered a meaningful EHR user in the relevant MIPS reporting period; further, that provider would earn a score in the Promoting Interoperability (PI) category—25% of the total MIPS score—of 0. Note that one of the existing PI requirements is an attestation that the provider did not willfully engage in information blocking. Similar penalties would exist for hospitals in the Medicare Promoting Interoperability Program. The proposed rule goes on to describe disincentives for providers in the accountable care organization (ACO) track of the Quality Payment Program (QPP): a provider that is an ACO, ACO participant, or ACO provider/supplier, if determined by OIG to have committed information blocking, would be barred from participating in the Medicare Shared Savings Program for at least 1 year. Although incentives earned by eligible clinicians in the MIPS track have been modest to date, those earned in the ACO track have been substantial; exclusion from participation in an ACO could have significant financial consequences for a specialty provider. Finally, some types of information blocking could also invoke penalties under HIPAA right of access—a bit of potential double jeopardy.
THE BOTTOM LINE AND WHY IT MATTERS
Existing laws establish, and empower patients to exercise, a civil right to unrestricted access to their electronic health information. The most recent proposed rule clarifies that providers who willfully block that access would be penalized under both tracks of the QPP. Whether this will provide an effective disincentive for providers in the QPP remains to be seen. In the meantime, urologists may wish to review their policies for patient portal, responding to requests for records, and supporting the concept of a shared electronic record. Per Benjamin Franklin, “An ounce of prevention is worth a pound of cure.”
REFERENCES
1. Dowling RA. Is your practice compliant with patient record access rules? Urology Times. Published online December 8, 2021. Accessed January 3, 2024. http://tinyurl.com/6hfb759u
2. Information blocking. 45 CFR §171.103 (2020). http://tinyurl.com/yc83zsfs
3. Frequently asked questions: information blocking. HealthIT.gov. Accessed January 3, 2024. http://tinyurl.com/2cbkb7pa
4. United States Core Data for Interoperability (USCDI). Health IT.gov. Accessed January 3, 2024. http://tinyurl.com/bdehkvms
5. Grants, contracts, and other agreements: fraud and abuse; information blocking; Office of Inspector General’s civil money penalty rules. 85 FR 22979 (2020). http://tinyurl.com/mr44kjns
6. 21st Century Cures Act: establishment of disincentives for health care providers that have committed information blocking. 88 FR 74947 (2023). http://tinyurl.com/dvu4vvff