Information Blocking is No Longer Limited to USCDI

by | Oct 6, 2022 | Information Blocking

Today, the Information Blocking spigot has officially opened. As diligent students of the Information Blocking Rule will know, up until yesterday (October 5, 2022) the Content & Manner Exception permitted an Actor (i.e., health care provider; HIE/HIN; developer of certified health IT) to decline furnishing a requestor access to electronic health information (EHI) if it fell outside of the scope of the USCDI subset, or EHI that was within the USCDI subset could not be separated from EHI that fell outside of that subset. That exception is now gone.

As of today, October 6, 2022, all information that falls within the definition of EHI cannot “blocked” if requested (unless another exception applies to allow the EHI being requested to not have to be produced). In light of this, let’s reexamine the definition of EHI and just exactly what data are we talking about now. Luckily, ONC has an FAQ precisely on-point to help us parse through what is fair game.

FAQ 39.1.2021NOV explains:

“When information blocking is no longer limited to the subset that is represented by data elements in the United States Core Data for Interoperability (USCDI), what information will be covered by information blocking regulations as ‘electronic health information (EHI)’?

We have focused the EHI definition on terms that are used in the HIPAA Rules and that are widely understood in the health care industry as well as on a set of health information that is currently collected, maintained, and made available for access, exchange, and use by actors. On and after October 6, 2022, the definition of information blocking will apply to the full scope of EHI (as defined in 45 CFR 171.102):

‘Electronic health information (EHI) means electronic protected health information as defined in 45 CFR 160.103 to the extent that it would be included in a designated record set as defined in 45 CFR 164.501regardless of whether the group of records are used or maintained by or for a covered entity as defined in 45 CFR 160.103, but EHI shall not include:

(1) Psychotherapy notes as defined in 45 CFR 164.501; or

(2) Information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding.’ (emphasis added)

EHI as defined for the purposes of information blocking is information that is consistent with the definitions of electronic protected health information (ePHI) and the designated record set (DRS) regardless of whether they are maintained by or for an entity covered by the Health Insurance Portability and Accountability Act (HIPAA) Rules. Just like ePHI, the data that constitutes EHI is not tied to a specific system in which the EHI is maintained. We also noted in our final rule that health information that is de-identified consistent with the requirements of 45 CFR 164.514(b) is not included in the definition of EHI for the purposes of information blocking (85 FR 25804). Thus, any individually identifiable health information that is transmitted by or maintained in electronic media is EHI to the extent that the information would be included in the designated record set.

As defined in the HIPAA Rules, the designated record set comprises:

–  medical records and billing records about individuals;

–  enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan;

–  other records that are used, in whole or in part, to make decisions about individuals.

The term ‘record’ means any item, collection, or grouping of information that includes protected health information. (45 CFR 164.501)”

For those readers who have questions about whether things like clinical notes are included in the definition of EHI, see ONC FAQ15.1.2021JAN.

Other helpful responses to FAQs concerning the definition of EHI and what is included can be found under the “Electronic Health Information” heading of ONC Frequently Asked Questions.

Let the fun begin!

Subscribe HERE to Legal HIE’s backend compliance library. 

Share this:

If you are not a subscriber to our backend Legal HIE compliance library, download our Table of Contents here to check out all of the tools, checklists, whitepapers, sample policies we make available to our members to help their organizations comply with Information Blocking, HIPAA, 42 CFR Part 2, Data Breaches and more. Ready to subscribe now? Click here to review our subscription options.

Archives