- On and after April 5, 2021, any Actor’s agreements, arrangements, or contracts are subject to and may implicate the Information Blocking Rule.
- The Communications Condition of Certification (CCOC) requirements must be revised to remove or void the contractual provision that contravenes the CCOC requirements whenever the contract is next modified for any reason.
- A Business Associate Agreement should generally not prohibit or limit the access, exchange, or use of the EHI for treatment.
Subscribe to HERE to our compliance library to gain access to sample policies, resources and tools for compliance with the Information Blocking Rule.
It’s Friday, so you know what that means! Time for federal regulators to quietly drop new guidance or regulations (lol, why always on a Friday?)
Today, ONC added a few new FAQs on its Information Blocking FAQ page. The one pertaining to contracts and agreements in particular caught my eye. Specifically, it says:
Q: On April 5, 2021, can prior contracts, arrangements, or contracts still in effect implicate the information blocking definition in 45 CFR 171?
Yes. On and after April 5, 2021, any actor’s agreements, arrangements, or contracts are subject to and may implicate the information blocking regulations in 45 CFR part 171.
It is likely ONC will initially focus on Health IT vendor contracts that contain impermissible restrictions on access, use and exchange of electronic health information (EHI), such as restrictions on the Communications Condition of Certification requirements. On this point specifically, comments and concerns were raised about vendors not being able to renegotiate contracts in time for the Information Blocking Rule (IBR) compliance deadline. In response, ONC has said:
“While we considered extending the deadline to five years to allow developers to have additional time for compliance, we determined that a more flexible solution is appropriate. As such, we have modified the requirement in § 170.405(b)(2)(ii) to state that any contracts/agreements in place as of the effective date of the final rule and containing language in contravention of the Communications Condition of Certification requirements must be revised to remove or void the contractual provision that contravenes the Communications Condition of Certification requirements whenever the contract is next modified for any reason . . .” (emphasis added) 85 Fed Reg 25738 (May 1, 2020).
However, other types of contracts could also be implicated. In its Preamble to the Final Rule, ONC has stated:
“[c]ontracts and agreements can interfere with the access, exchange, and use of EHI through terms besides those that specify unreasonable fees and commercially unreasonable licensing terms . . . For instance, a contract may implicate the information blocking provision if it included unconscionable terms for the access, exchange, or use of EHI or licensing of an interoperability element, which could include, but not be limited to, requiring a software company that produced a patient access application to relinquish all IP rights to the actor or agreeing to indemnify the actor for acts beyond standard practice, such as gross negligence on part of the actor. Such terms may be problematic with regard to information blocking in situations involving unequal bargaining power related to accessing, exchanging, and using EHI.” (emphasis added). 85 Fed Reg 25811-25812 (May 1, 2020).
Additionally, with regard to HIPAA Business Associate Agreements, ONC has elaborated:
“While the information blocking provision does not require actors to violate these agreements, a BAA or its associated service level agreements must not be used in a discriminatory manner by an actor to forbid or limit disclosures that otherwise would be permitted by the Privacy Rule For example, a BAA entered into by one or more actors that permits access, exchange, or use of EHI by certain health care providers for treatment should generally not prohibit or limit the access, exchange, or use of the EHI for treatment by other health care providers of a patient.
To be clear, both the health care provider(s) who initiated the BAA and the BA who may be an actor under the information blocking provision (e.g., a health IT developer of certified health IT) would be subject to the information blocking provision in the instance described above.
To illustrate the potential culpability of a BA, a BA with significant market power may have contractually prohibited or made it difficult for its covered entity customers to exchange EHI, maintained by the BA, with health care providers that use an EHR system of one of the BA’s competitors. To determine whether there is information blocking, the actions and processes (e.g., negotiations) of the actors in reaching the BAA and associated service level agreements would need to be reviewed to determine whether there was any action taken by an actor that was likely to interfere with the access, exchange, or use of EHI, and whether the actor had the requisite intent….” (emphasis added) 85 Fed Reg 25912 (May 1, 2020).
In light of the foregoing and ONC’s new FAQ today, it is unclear how Actors will be able to complete any necessary amendments to such agreements in time for the April 5, 2021 compliance deadline. While ONC addressed this issue in part for Health IT vendors attempting to amend their contracts to comply in time with the CCOC requirements by modifying Section 170.405(b)(2)(ii) to allow for a “rolling” obligation to amend agreements for the CCOC requirements, it appears that ONC is offering no such reprieve for Actors that might need to amend their BAAs and other agreements to remove terms that could be deemed to violate the IBR for other reasons. With the compliance deadline fewer than 18 days away, further confirmation from ONC on this point is welcome.
Subscribe HERE to Legal HIE’s compliance library to gain access to sample policies, documents and tools for compliance with the Information Blocking Rule. Review our Table of Contents here.