New CMS Guidance on Information Blocking

Firm Publication

Centers for Medicare & Medicaid Services (CMS) recently published two important guidance statements on so-called “information blocking,” i.e., knowingly and willfully limiting or restricting the compatibility or interoperability of certified electronic health record (EHR) technology.1

The first statement is entitled The Merit-Based Incentive Payment System (MIPS) Advancing Care Information Prevention of Information Blocking Attestation: Making Sure EHR Information is Shared (the “MIPS Guidance”), and the second statement is entitled The Medicare and Medicaid EHR Incentive Programs Prevention of Information Blocking Attestation Fact Sheet (the “EHR Fact Sheet”). These guidance statements will be collectively referred to as the “Fact Sheets.” Links to both Facts Sheets are found at the end of this alert.

Who is Subject to the Fact Sheets?

The MIPS Guidance applies to MIPS-eligible clinicians who report on the “advancing care information” (ACI) performance category under MIPS (the “ACI Providers”). The EHR Fact Sheet applies to eligible professionals participating in the Medicaid EHR Incentive Program, as well as to eligible hospitals and critical access hospitals (CAHs) that participate in the Medicaid and/or Medicare EHR Incentive Programs (the “EHR Providers”).2 Since the contents of the two Fact Sheets are substantively the same, we will discuss them collectively in this alert and will refer to the ACI Providers and the EHR Providers collectively as “providers.”

To meet the requirements of the Fact Sheets, providers must attest to three statements related to the implementation and use of their certified EHR technology (CEHRT).

The three statements, collectively referred to as the “Prevention of Information Blocking Attestation,” were published in the MIPS/Quality Payment Program (QPP) final rule with comment period published last year. The Fact Sheets provide clarity on the Prevention of Information Blocking Attestation.

The Three Statements (Summarized)

  • Statement 1: Providers must attest that they did not act knowingly and willfully to limit or restrict compatibility or interoperability of CEHRT.
  • Statement 2: Providers must attest that they implemented technologies, policies and practices to reasonably ensure that their CEHRT was in compliance with the law, allowed for timely patient access of electronic health information, and allowed for the timely and secure exchange of electronic health information to other providers.
  • Statement 3: Providers must attest that they responded timely and in good faith to requests for the exchange of electronic health information with patients or other providers.

Good Faith Standard and General Guidance

CMS applies a “good faith” standard to each statement. Thus, making the Prevention of Information Blocking Attestation does not require a minimum level of knowledge about technology, nor does it hold providers responsible for outcomes outside of the providers’ reasonable influence or control. Factors that may, in good faith, limit the exchange or use of electronic health information include:

  1. the practice or organization size,
  2. how much technology is available, and
  3. the CEHRT’s capabilities.

No supplemental documentation is required for the Prevention of Information Blocking Attestation.

Guidance Specific to Statement 2

In regards to CEHRT implementation, examples of actions that may restrict compatibility or interoperability include the following:

  • implementing or configuring CEHRT so access to certain types of data elements or to the “structure” of the data is limited, and
  • implementing CEHRT in ways that limit the people or entities that can access and exchange information, or the types of technologies they can use.

Providers need not have any special technical skills, personally deal with the technical details of implementing CEHRT, nor have direct knowledge of all the matters described in Statement 2. However, providers shall take reasonable steps to ensure they can attest to Statement 2, including:

  1. informing health IT developers, implementers, and others who are responsible for implementing and configuring their CEHRT of the requirements; and
  2. obtaining assurances from them that the CEHRT was connected to meet the requirements.

Guidance Specific to Statement 3

The Prevention of Information Blocking Attestation does not prohibit a provider from restricting access to information for reasonable purposes. For example, a provider that disables functionality for system maintenance likely did not knowingly and willfully restrict the compatibility or interoperability of the CEHRT as long as the provider acted in good faith, did not disable functionality for longer than necessary to ensure proper CEHRT maintenance, and took reasonable steps to minimize the impact on patients and other providers trying to access electronic health information. Other examples of potentially reasonable purposes include blocking access to CEHRT information for security reasons, and restricting access to a patient’s sensitive test results until the clinician has reviewed and appropriately communicated the results to the patient.

Takeaway and More Information

The purpose of the Prevention of Information Blocking Attestation is to ensure providers act in good faith to facilitate appropriate exchange of electronic health information. Providers are responsible for making reasonable efforts to facilitate access to electronic health information and interoperability of CEHRT, but are not to be held responsible for outcomes outside of their control. However, some providers have expressed concern that the Fact Sheets lack clarity on what constitutes a good faith effort.

The full text of the Fact Sheets is available at the links below:

1 This guidance is part of CMS’ implementation of statutory requirements found in Section 106(b)(2) of “MACRA,” the Medicare Access and CHIP Reauthorization Act of 2015. Section 106(b)(2)(A) reads: “(2) PREVENTING BLOCKING THE SHARING OF INFORMATION.—(A) FOR MEANINGFUL USE EHR PROFESSIONALS.—Section 1848(o)(2)(A)(ii) of the Social Security Act (42 U.S.C. 1395w–4(o)(2)(A)(ii)) is amended by inserting before the period at the end the following: ‘, and the professional demonstrates (through a process specified by the Secretary, such as the use of an attestation) that the professional has not knowingly and willfully taken action (such as to disable functionality) to limit or restrict the compatibility or interoperability of the certified EHR technology.'”

2 Note that the Medicare EHR Incentive program, as applied to eligible professionals, was folded into MIPS and expired as a separate program at the end of 2016. The Medicaid EHR Incentive program is still extant for eligible professionals.

Related Services
Firm Publication

Centers for Medicare & Medicaid Services (CMS) recently published two important guidance statements on so-called “information blocking,” i.e., knowingly and willfully limiting or restricting the compatibility or interoperability of certified electronic health record (EHR) technology.1

The first statement is entitled The Merit-Based Incentive Payment System (MIPS) Advancing Care Information Prevention of Information Blocking Attestation: Making Sure EHR Information is Shared (the “MIPS Guidance”), and the second statement is entitled The Medicare and Medicaid EHR Incentive Programs Prevention of Information Blocking Attestation Fact Sheet (the “EHR Fact Sheet”). These guidance statements will be collectively referred to as the “Fact Sheets.” Links to both Facts Sheets are found at the end of this alert.

Who is Subject to the Fact Sheets?

The MIPS Guidance applies to MIPS-eligible clinicians who report on the “advancing care information” (ACI) performance category under MIPS (the “ACI Providers”). The EHR Fact Sheet applies to eligible professionals participating in the Medicaid EHR Incentive Program, as well as to eligible hospitals and critical access hospitals (CAHs) that participate in the Medicaid and/or Medicare EHR Incentive Programs (the “EHR Providers”).2 Since the contents of the two Fact Sheets are substantively the same, we will discuss them collectively in this alert and will refer to the ACI Providers and the EHR Providers collectively as “providers.”

To meet the requirements of the Fact Sheets, providers must attest to three statements related to the implementation and use of their certified EHR technology (CEHRT).

The three statements, collectively referred to as the “Prevention of Information Blocking Attestation,” were published in the MIPS/Quality Payment Program (QPP) final rule with comment period published last year. The Fact Sheets provide clarity on the Prevention of Information Blocking Attestation.

The Three Statements (Summarized)

  • Statement 1: Providers must attest that they did not act knowingly and willfully to limit or restrict compatibility or interoperability of CEHRT.
  • Statement 2: Providers must attest that they implemented technologies, policies and practices to reasonably ensure that their CEHRT was in compliance with the law, allowed for timely patient access of electronic health information, and allowed for the timely and secure exchange of electronic health information to other providers.
  • Statement 3: Providers must attest that they responded timely and in good faith to requests for the exchange of electronic health information with patients or other providers.

Good Faith Standard and General Guidance

CMS applies a “good faith” standard to each statement. Thus, making the Prevention of Information Blocking Attestation does not require a minimum level of knowledge about technology, nor does it hold providers responsible for outcomes outside of the providers’ reasonable influence or control. Factors that may, in good faith, limit the exchange or use of electronic health information include:

  1. the practice or organization size,
  2. how much technology is available, and
  3. the CEHRT’s capabilities.

No supplemental documentation is required for the Prevention of Information Blocking Attestation.

Guidance Specific to Statement 2

In regards to CEHRT implementation, examples of actions that may restrict compatibility or interoperability include the following:

  • implementing or configuring CEHRT so access to certain types of data elements or to the “structure” of the data is limited, and
  • implementing CEHRT in ways that limit the people or entities that can access and exchange information, or the types of technologies they can use.

Providers need not have any special technical skills, personally deal with the technical details of implementing CEHRT, nor have direct knowledge of all the matters described in Statement 2. However, providers shall take reasonable steps to ensure they can attest to Statement 2, including:

  1. informing health IT developers, implementers, and others who are responsible for implementing and configuring their CEHRT of the requirements; and
  2. obtaining assurances from them that the CEHRT was connected to meet the requirements.

Guidance Specific to Statement 3

The Prevention of Information Blocking Attestation does not prohibit a provider from restricting access to information for reasonable purposes. For example, a provider that disables functionality for system maintenance likely did not knowingly and willfully restrict the compatibility or interoperability of the CEHRT as long as the provider acted in good faith, did not disable functionality for longer than necessary to ensure proper CEHRT maintenance, and took reasonable steps to minimize the impact on patients and other providers trying to access electronic health information. Other examples of potentially reasonable purposes include blocking access to CEHRT information for security reasons, and restricting access to a patient’s sensitive test results until the clinician has reviewed and appropriately communicated the results to the patient.

Takeaway and More Information

The purpose of the Prevention of Information Blocking Attestation is to ensure providers act in good faith to facilitate appropriate exchange of electronic health information. Providers are responsible for making reasonable efforts to facilitate access to electronic health information and interoperability of CEHRT, but are not to be held responsible for outcomes outside of their control. However, some providers have expressed concern that the Fact Sheets lack clarity on what constitutes a good faith effort.

The full text of the Fact Sheets is available at the links below:

1 This guidance is part of CMS’ implementation of statutory requirements found in Section 106(b)(2) of “MACRA,” the Medicare Access and CHIP Reauthorization Act of 2015. Section 106(b)(2)(A) reads: “(2) PREVENTING BLOCKING THE SHARING OF INFORMATION.—(A) FOR MEANINGFUL USE EHR PROFESSIONALS.—Section 1848(o)(2)(A)(ii) of the Social Security Act (42 U.S.C. 1395w–4(o)(2)(A)(ii)) is amended by inserting before the period at the end the following: ‘, and the professional demonstrates (through a process specified by the Secretary, such as the use of an attestation) that the professional has not knowingly and willfully taken action (such as to disable functionality) to limit or restrict the compatibility or interoperability of the certified EHR technology.'”

2 Note that the Medicare EHR Incentive program, as applied to eligible professionals, was folded into MIPS and expired as a separate program at the end of 2016. The Medicaid EHR Incentive program is still extant for eligible professionals.

In Case You Missed It:

  • BBS Connect April 2024
    April 16, 2024 | Firm Publication
  • CMS Finalizes CY 2025 Medicare Advantage Rule, Confirming Continued Focus on Marketing Practices and Health Equity
    April 15, 2024 | Firm Publication
  • CISA Publishes Proposed Rule for Cyber Reporting
    April 10, 2024 | Firm Publication