ONC Proposes Information Blocking Rule Revisions to Address Providers’ Concerns, Releases Public Comment Template
On April 11, 2023, the Office of the National Coordinator (ONC) announced proposed revisions to the Information Blocking Rule (IBR) as part of its recent “HTI-1” proposed rule (see our previous coverage of the HTI-1 announcement). The proposed IBR updates — published in the Federal Register on April 18, 2023 — are intended, in part, to address questions regarding when certain practices common among health care providers would be deemed to be information blocking. This alert addresses what we view as some of the most important proposed IBR revisions in HTI-1. We think it will provide a helpful start to anyone reviewing the HTI-1 proposed rule — and to anyone considering public comment submission.
Speaking of Public Comment Submission . . .
ONC has just released its promised Public Comment Template to facilitate the public comment process. The template is accessible via ONC’s HTI-1 webpage by clicking the link titled “Download Public Comment Template [DOCX - 177 KB].”
As ONC notes in the preface of the Public Comment Template, the “template is intended to provide a simple way to organize and present comments on the new and modified provisions in 45 CFR Parts 170 and 171.” We believe this template document, which also serves as a guide to ONC’s requests for comments, will be particularly useful considering the lengthiness of the HTI-1 proposed rule. For any readers seeking to comment on Information Blocking Enhancements, the relevant section of the template begins on page 35.
ONC will receive public comments until June 20, 2023 at 11:59 PM ET. Accordingly, health care providers and other actors should consider submitting comments to help guide ONC as it finalizes the proposed revisions.
And now, on to the HTI-1 proposals discussion.
New Definition: “Offer Health IT”
Under the current rules, an entity that “offers” health information technology can be deemed to be a “Health IT developer of certified IT” (Developer) if certain conditions apply. The current IBR, however, does not provide clear guidance on what it means to “offer” health IT.
The lack of clarity prompted questions regarding under what circumstances a health care provider’s effort to extend Electronic Health Records (EHRs) and Electronic Health Information (EHI) to community providers and patients would result in a health care provider being deemed a Developer. Because of the different standards and penalties that will apply to Developers (up to $1M per violation) versus health care providers (to-be-determined “appropriate disincentives”), this is an important distinction.
To provide more clarity on this issue, ONC has proposed a new detailed definition of “offer health IT” that includes a list of practices that would not be deemed as “offering” health IT. ONC thus provides guidance regarding certain practices that would not result in the actor being deemed to be a “Developer.” The practices can be summarized as follows:
Donation and Subsidized Supply Arrangements
- An entity makes health IT and related services available on a subsidized or donation basis (e.g., in accordance with the donation safe harbor to the Anti-Kickback Statute and exception to the Stark Law).
Implementation and Use Activities
- An individual or entity provides its employees with access and use of the entity’s health IT (e.g., an EHR) in the course of their employment.
- An individual or entity implements, operates or otherwise makes available production instances of an API technology that supports access, exchange and use of EHI that the individual or entity has in its possession, custody, control, or ability to query or transmit from or across a health information network (HIN)/Health Information Exchange (HIE).
- An individual or entity implements, operates and makes available production instances of online portals for patients, clinicians or other health care providers, or public health entities to access, exchange and use EHI that the individual or entity has in its possession, custody, control, or ability to query or transmit from or across a HIN or HIE.
- An individual or entity issues login credentials or user accounts for the individual’s or entity’s production, development, or testing environments to public health authorities or such authorities’ employees as a means of accomplishing or facilitating access, exchange and use of EHI for public health purposes including but not limited to syndromic surveillance.
- An individual or entity issues login credentials or user accounts for independent healthcare professionals who furnish services in a healthcare facility to use the facility's electronic health record or other health IT system(s) in furnishing, documenting and accurately billing for that care.
Consulting and Legal Services Arrangements
- Legal services furnished by outside counsel in connection with clients seeking, assessing, selecting or resolving disputes over contract or other arrangements by which the client obtains use of certified health IT.
- Provision of certain consulting services and advice to a customer, or a consultant acting on the customer’s behalf, with respect to health IT products that the consultant does not sell, resell, license or supply.
- Comprehensive outsourcing and practice management arrangements with a health care provider that includes, as a component, health IT, provided certain conditions apply, including that the arrangement is not predominately for health IT.
Infeasibility Exception Updates
New “Third Party Seeking Modification Use” Condition
ONC has proposed a new Infeasibility Exception component that would apply when a third-party requests that an entity which has deployed health IT (e.g., an EHR) provide the third-party the ability to “modify” (e.g., create or delete) EHI that the entity maintains within or through the use of its health IT (e.g., within the entity’s EHR). If the request is not made by a health care provider (directly or through another business associate of a health care provider) to its business associate, then failing to enable such use could be covered by the Infeasibility Exception.
New “Manner Exception Exhausted” Condition
ONC has proposed a new condition that would apply if an actor were unable to fulfill a request to access, exchange or use EHI if all of the following are true:
- The actor and the requester are not able to reach agreement on reasonable terms to fulfill the request, or the actor is technically unable to fulfill the request.
- The actor offered all of the alternative manners set forth in the existing “Content and Manner” exception. (Note: ONC has specifically requested comments on whether the requirement should be to offer all or two or three of the standards-based alternative manners).
- The actor does not provide the same access, exchange or use of the requested EHI to a substantial number of individuals or entities that are similarly situated to the requester.
Revised “Uncontrollable Events” Condition
The Uncontrollable Events condition applies to actors who information block in the context of an uncontrollable event such as a natural disaster or public health emergency. ONC proposed updating this condition very slightly — changing “due to” to “because of” — in an effort to emphasize that an actor must establish a causal nexus between the cited uncontrollable event and their information blocking practice. In other words, ONC is aiming to clarify that the existence of an enumerated uncontrolled event is not sufficient on its own to justify the use of this condition.
Manner Exception Update: “TEFCA Manner”
Another key update to the Manner Exception is the incorporation of a TEFCA manner component, as well as a detailed set of definitions explaining relevant TEFCA-related terminology. The exception essentially provides that if a TEFCA participating actor fulfills a request from another TEFCA participating actor using TEFCA services, the disclosing actor does not even need to consider offering EHI in any alternative manner — and the same actor is not subject to the IBR’s Fees Exception or Licensing Exception.
In a brief explanation of its rationale for this addition, ONC noted that it “aligns with a foundational policy construct underpinning the Manner Exception in that it facilitates an actor reaching agreeable terms with a requestor to fulfill an EHI request and acknowledges that certain agreements have been reached between these parties for the access, exchange and use of EHI.”
Conclusion
As noted above, these are proposed revisions and the public has an opportunity to provide comments until 11:59 PM ET on June 20, 2023. The fact that the proposed revisions are in response to issues that have been raised by providers and other actors — and that ONC has specifically requested comments on certain aspects of the proposed rule — reflects the impact that public comments can have on the final rule. Accordingly, providers and other actors covered by the IBR should consider providing comments to ONC.
Please feel free to contact us if you have any questions regarding the proposed IBR revisions or are interested in providing comments to ONC.