Recently, the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Medicare & Medicaid Services (CMS) released a long-awaited proposed rule to implement a 21st Century Cures Act provision establishing penalties for health care providers determined by the HHS Office of Inspector General (OIG) to have committed information blocking. Health care providers have been subject to the information blocking regulations since April 5, 2021, but there has been no enforcement mechanism under the Cures Act to date.
More on Rule
As defined under 45 CFR 171.103, “information blocking” means acts (i) that are likely to interfere with access, exchange or use of electronic health information; and (ii) that a healthcare provider knows are unreasonable and likely to interfere with access, exchange or use of electronic health information. As HHS Secretary Xavier Becerra expressed, the proposed rule aims to “discourage information blocking to help people and the health providers they allow to have access to their electronic health information.” While the proposed rule does not include major civil monetary penalties, healthcare providers that OIG determines have committed information blocking may be subject to various disincentives.
The proposed rule would establish three categories of disincentives for healthcare providers found to have engaged in information blocking based on different CMS programs. First are hospitals. Eligible hospitals or critical access hospitals (CAHs) under the Medicare Promoting Interoperability Program would not qualify as a “meaningful EHR user” in an applicable electronic health record (EHR) reporting period. The practical impact of this re-categorization is a payment reduction: eligible hospitals would lose 75% of the annual market basket increase, while CAHs would see a payment reduction from 101% of reasonable costs to 100% of reasonable costs. HHS estimates that disincentives would range widely from roughly $30,000 to $2.4 million across eligible hospitals, with a median disincentive of $394,353.
Second are clinicians. Eligible clinicians or groups under the Promoting Interoperability performance category of the Merit-based Incentive Payment System (MIPS) would not be a “meaningful user of certified EHR technology” in a performance period, resulting in a zero score in the applicable MIPS performance category (often a quarter of an entire MIPS score). In this category, HHS estimates a median individual disincentive of $696 but projects disincentives would grow to over $100,000 for large groups of clinicians.
Accountable Care Organizations (ACOs) are third. Under the Medicare Shared Savings Program (MSSP), a healthcare provider that is an ACO, ACO participant, or ACO provider or supplier would be deemed ineligible to participate in the program for at least one year. As a result, not only might these providers potentially miss out on revenues they otherwise would have earned as part of the MSSP, but certain ACO providers may also face potential removal from an ACO or resistance to participation in an ACO. CMS would determine whether a longer period of exclusion may be warranted, based in part on any subsequent determinations of further information blocking.
Although the proposed rule does not establish disincentives applicable to all types of healthcare providers, it nevertheless affects a broad enough array of providers to materially advance HHS’s priorities for deterring information blocking. The proposed rule invites comments on how to establish further disincentives for other healthcare providers, particularly those not participating in the CMS programs described above.
The OIG may exercise discretion in selecting which information blocking complaints to investigate. To maximize the efficient use of resources, HHS indicated in the preamble to the Proposed Rule that the OIG would likely focus on the following four stated enforcement priorities applicable to healthcare providers: (1) Practices that have resulted in patient harm (or may potentially do so); (2) Practices that significantly impact a provider’s ability to care for patients; (3) Practices that were of long duration; (4) Practices that caused financial loss to federal healthcare programs or other government or private entities. These enforcement priorities provide the public with a better understanding of how OIG anticipates allocating its enforcement resources and how providers may prioritize their compliance focus.