On December 13, the Office of the National Coordinator for Health Information Technology (ONC) finalized changes to the information blocking rules by issuing its Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing (HTI-1) rule (the Final Rule). The Final Rule, which seeks to advance goals of patient access and interoperability, refines certain definitions and exceptions in the information blocking rules to support information sharing and adds a new exception to encourage secure, efficient, standards-based exchange of electronic health information (EHI) under the Trusted Exchange Framework and Common Agreement (TEFCA).
More on Rule
The Final Rule revises the infeasibility exception at 45 CFR 171.204, which sets forth criteria for not fulfilling a request for EHI based on the request being infeasible. The Final Rule made several changes to the exception. First, it revises the “uncontrollable events” condition of the exception to clarify that an uncontrollable event must in fact have affected the actor’s ability to fulfill requests for access, exchange, or use of EHI (in addition to the preexisting requirements under the exception). Second, it creates a new condition that may be relied upon when an actor is asked to provide the ability for a third party (or its technology, such as an application) to modify EHI that is maintained by or for an entity that has deployed health information technology. This condition does not apply to requests by a health care provider to its business associate.
The Final Rule creates another condition to the infeasibility exception that applies in scenarios where an actor remains unable to fulfill a request for access, exchange, or use of EHI after having exhausted the manner exception. The condition requires, among other things, for the actor to offer all alternative manners in accordance with the manner exception, and the actor must not currently provide to a substantial number of individuals or entities similarly situated to the requestor the same requested access, exchange or use of the requested EHI. ONC declined to further define the term “substantial number,” granting flexibility for all actor types, who may have very different numbers of requestors, to satisfy this condition based on what number of requestors is substantial for that actor. This new condition makes it easier for an actor who offers to provide EHI in alternative manners that are consistent with ONC operability standards to avoid investing substantial resources into responding to atypical requests while complying with the infeasibility exception.
Additionally, the Final Rule creates a new exception involving practices related to an actor’s participation in TEFCA, a federally-created infrastructure that enables data sharing between health information networks. The exception is intended to encourage the exchange of information via TEFCA, although ONC recognizes that not all entities will be ready, willing, or able to join TEFCA right away. Accordingly, an actor’s practice of not fulfilling a request to access, exchange, or use EHI in a manner other than via TEFCA will not be considered information blocking when the following conditions are met: (1) The actor and requestor are both part of TEFCA; (2) The requestor is capable of such access, exchange, or use of the requested EHI from the actor via TEFCA; (3) The request for access, exchange, or use of EHI is not via the API standards adopted by 45 CFR 170.215; (4) Any fees charged by the actor in relation to fulfilling the request satisfy the fees exception in 45 CFR 171.302; and (5) Any license of interoperability elements granted by the actor in relation to fulfilling the request satisfies the license exception.
The Final Rule clarifies what constitutes a health IT developer of certified health IT (HIT Developer) through some modifications. Specifically, the preexisting definition of “health IT developer of certified health IT” included certain individuals or entities that develop or offer health information technology. The Final Rule defines “offer health information technology” (offer health IT) in a manner that narrows the types of activities that may result in an entity being considered a HIT Developer. Moreover, the Final Rule modifies the HIT Developer definition so that it is clear that the healthcare providers who self-develop certified health IT will continue to be excluded from this definition if they do not engage in activities falling within the “offer health IT” definition above.