Information Blocking Regulations Set to Take Effect in Spring 2021

On October 29, 2020, the Department of Health and Human Services announced its decision to extend compliance with most “information blocking” requirements of the 21st Century Cures Act from November 2, 2020 to April 5, 2021, as reflected in an interim final rule recently promulgated by the agency.


 The 21st Century Cures Act was signed into law on December 13, 2016 (“Act”). A key provision of the Act was its prohibition of “information blocking,” which aims to improve patient access to records by promoting interoperability among electronic medical record systems and requiring healthcare providers to remove barriers to patient access. Information blocking is defined as any activity that is “likely to interfere with, prevent, or materially discourage access, exchange, or use” of electronic health information (“EHI”).

One purpose of the information blocking prohibition is to encourage and ensure patients’ access to their electronic records. The Act applies directly to healthcare providers and generally requires that such providers reduce barriers to patient access to their records. However, given that healthcare providers are already subject to federal and state laws that require them to disclose data that would constitute EHI, it is unlikely that the Act will have a drastic impact on the operations of a healthcare provider. For example, pursuant to the Health Insurance Portability and Accountability Act and the regulations promulgated thereunder (“HIPAA”) “patients already have a legal right to their data electronically. . . [the Act] is one step in this process by enhancing access to clinical data.” The Act’s most novel provisions largely apply to technology infrastructure and protocols, as well as those who design and implement such technology. Therefore, in the interest of promoting interoperability and access to EHI, health information technology (“HIT”) developers, networks, and exchanges are particularly affected by the information blocking prohibitions of the Act, as these entities are largely responsible for the design and implementation of technologies.

Examples of Information Blocking

The Act provides certain examples of information blocking, such as activities that restrict authorized access, exchange, or use of EHI, or activities that restrict exchange of data between certified HIT systems.  In addition, “implementing health information technologies in nonstandard ways” would constitute information blocking if the nonstandard implementation is “likely to substantially increase the complexity or burden of accessing, exchanging, or using” EHI.  Similarly, implementing HIT systems in a way that is likely to impede exporting of complete information sets, or impede transition between technology systems, constitutes information blocking. For example, it would constitute information blocking if a certified HIT developer adopted certain antiquated and proprietary standards when other interoperable means are readily available. Furthermore, implementing HIT systems in a way that is likely to lead to fraud, waste, or abuse, or impede innovations and advancements in health information access, constitutes information blocking.

Safe Harbors

There are several safe harbors that describe circumstances in which the information blocking prohibitions of the Act will not apply. However, the applicability of these safe harbors will depend upon a highly fact-specific inquiry.

How Frier Levitt Can Help

Data privacy and technology regulations are rapidly evolving. It is critical that companies and providers with access to health data remain apprised of applicable federal and state laws that may impact how such data is accessed, used and shared. With respect to information blocking, healthcare providers, HIT developers, and health information networks and exchanges must ensure that they adhere to the requirements of the Act by the new compliance date of April 5, 2021. Contact us for assistance in determining whether the Act applies to your business and what measures you must take to ensure your compliance.

Tagged with: , , , , , ,