Beginning September 1, HHS’ Office of the Inspector General (OIG) will begin enforcing the anti-information blocking regulations laid out in the 21st Century Cures Act. The office finalized penalties to enforce these rules in July — including fines of up to $1 million for health IT companies found blocking the electronic flow of health data.
The 21st Century Cures Act, which was passed in 2016, has many different elements — one of which is imposing monetary penalties to ensure EHR vendors stop data hoarding. These regulations were created to bolster health data sharing and discipline organizations that uphold barriers to easy information exchange.
The law defines information blocking as practices by providers, health IT developers or health information exchanges that interfere with the access, exchange or use of electronic health information. The regulations identify certain practices that are considered information blocking — including not fulfilling requests for data access, implementing unreasonable restrictions on the use or sharing of health information, and charging fees that discourage access or exchange of health data.
The anti-information blocking regulations also emphasize the importance of using standardized formats and protocols, such as HL7 and DICOM, to enable seamless data exchange among different healthcare entities.
Additionally, the final rule outlines exceptions for which information blocking is permitted. These exceptions include instances where withholding information is necessary to prevent harm to the patient or others and situations involving privacy concerns.
When enforcing penalties, the OIG said it will prioritize the following types of cases: those that caused or had the potential to cause patient harm, those that affected a provider’s ability to care for patients, those that went on for a long duration of time, those that led to financial loss among federal healthcare programs, or those that were performed with actual knowledge.
EHR vendors are the entities that are most at risk of being fined for information blocking, said Troy Bannister, chief strategy officer of healthcare API platform Particle Health. But he is worried that EHR vendors simply might not care very much about the fines.
“If it’s a million-dollar-per-penalty maximum, that’s not very much money for some of these big companies. They’re going to just plan that into their budgets,” he explained.
Providers don’t have too much to worry about at the moment, given that the OIG’s finalized penalties don’t explicitly apply to them. However, HHS is working on a separate rule to regulate provider’s information blocking practices.
The OIG’s decision to add serious fines to the rule is a step in the right direction for healthcare interoperability, Bannister declared. However, it has yet to be seen whether the OIG will do a good job of enforcing these penalties, he pointed out.
Bannister’s apprehension could stem from the federal government’s poor track record of imposing fines on healthcare entities that violate its rules. For example, CMS has only fined four hospitals for price transparency violations since that rule took effect on January 1, 2021 — even though less than a quarter of hospitals were found to be compliant with the regulation more than two years after its enforcement began.
Photo: eichinger julien, Getty Images