On October 29, 2020, the Department of Health and Human Services’ (HHS) Office of the National Coordinator for Health IT (ONC) further extended (via an Interim Final Rule) the compliance due date for its implementation of the 21st Century Cures Act (“ONC Final Rule”). The Act, which was signed into law on December 13, 2016, addressed several issues, one of which was encouraging interoperability between electronic health records and to prohibit information blocking.
Health IT developers have until April 5, 2021, to comply with several key provisions of the ONC Final Rule relative to information blocking and other Conditions of Certification (CoC) provisions as part of the Health IT Certification Program.
Does this Rule apply to me?
Most likely, yes, and now is the time to work with your health IT vendor to ensure compliance. While the CoC requirements mainly affect certified health IT developers and vendors, the information blocking prohibition also applies to clinicians, hospitals and health systems. Prohibiting information blocking means allowing patients easier access to their medical records on smartphones and software apps, while their data still must remain private and secure. That is, patients could now be allowed to view not just lab results, but information such as progress notes, surgical notes, clinical notes and other information not readily accessed today.
If your health IT system does not currently support third-party access, you may want to consider looking for another vendor or encourage your current health IT vendor to become compliant with the ONC Final Rule.
LAMMICO will provide more information regarding other aspects of the ONC Final Rule as more information becomes available.
What is information blocking?
Information blocking is a practice by a health IT developer of certified health IT, health information network, health information exchange, or healthcare provider that, except as required by law or specified by the Secretary of Health and Human Services (HHS) as a reasonable and necessary activity, is likely to interfere with access, exchange, or use of electronic health information (EHI). Section 4004 of the Cures Act specifies certain practices that could constitute information blocking:
- Practices that restrict authorized access, exchange, or use under applicable state or federal law of such information for treatment and other permitted purposes under such applicable law, including transitions between certified health information technologies (health IT);
- Implementing health IT in nonstandard ways that are likely to substantially increase the complexity or burden of accessing, exchanging, or using EHI;
- Implementing health IT in ways that are likely to —
- Restrict the access, exchange, or use of EHI with respect to exporting complete information sets or in transitioning between health IT systems; or
- Lead to fraud, waste, or abuse, or impede innovations and advancements in health information access, exchange, and use, including care delivery enabled by health IT.
Risk Management Considerations
Contact your certified health IT vendors to ensure they are aware of the requirements under the ONC Final Rule and that they are making progress towards being compliant. Whether a new vendor is required or not, consider adding provisions in your business associate agreements that would require compliance with the ONC Final Rules. Other resources regarding the ONC Final Rules:
- ONC’s Cures Act Final Rule website
- ONC’s Cures Act Final Rule factsheets
- ONC's Cures Act Final Rule webinars
As part of LAMMICO’s Practice Solutions services, contact the LAMMICO Risk Management and Patient Safety Department at 504.841.5211 for Risk Reduction services or Natalie Cohen, MBA, MHA, LAMMICO Practice Management Specialist, at 504.841.2727 or firstname.lastname@example.org for Business of Medicine services such as consultations on QPP and the Promoting Interoperability Program.
Participation in the Quality Payment Program may help you mitigate your malpractice risk through tracking and improving quality care (Quality measures), increasing patient engagement and satisfaction (Improvement Activities) and improving communications using secure electronic transmissions between providers and with patients (Promoting Interoperability).
1. Note that the 21st Century Cures Act, signed on December 13, 2016, also contained provisions that applies to the U.S. Food and Drug Administration (FDA); those provisions are separate from the ONC Final Rules and are not discussed in this article.
2. The ONC Final Rule originally set November 2, 2020 as the compliance due date with one enforcement discretion pushing this date further by three months prior to this latest extension.
3. QPP and PI Program Considerations: In 2011, CMS established the Medicare and Medicaid EHR Incentive Programs (now known as the Promoting Interoperability (PI) Programs) to encourage eligible professionals (EPs) and eligible hospitals to adopt, implement, upgrade and demonstrate meaningful use of certified electronic information. To prevent actions that block the exchange of health information, the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) requires EPs, eligible hospitals and critical access hospitals that participate in both the Medicare and Medicaid Promoting Interoperability Programs to show that they have not knowingly and willfully limited or restricted the interoperability of their certified electronic health record technology (CEHRT).
Medicare EPs are part of the Quality Payment Program. As part of the attestation for the PI performance category, EPs and groups have to attest to a statement acknowledging the prevention of Information Blocking.
Contact the Quality Payment Program help desk for assistance at or 1-866-288-8292