The Office of the National Coordinator for Health Information Technology (ONC) established a Health Information Technology (IT) Certification Program in 2010 to support the Centers for Medicare and Medicaid’s (CMS) Meaningful Use electronic health record (EHR) incentive program. The Meaningful Use program (now called the Promoting Interoperability program) was an incentive program for physicians and hospitals to encourage the adoption of EHRs and to learn how to successfully exchange electronic health information (EHI) between providers and systems. The ONC’s health IT certification program is and has always been voluntary. However, to obtain the financial incentives associated with the Meaningful Use/Promoting Interoperability program, almost all hospital- and physician-focused EHRs have obtained certification from the ONC.
Requirements for health IT certification are established by standards, implementation specifications, and criteria adopted by the Secretary of Health and Human Services (HHS). The most recent edition of certification criteria (the 2015 Edition) includes robust technical and interoperability requirements, as well as cost transparency and disclosure requirements for health IT developers to ensure users of certified electronic health record technology (CEHRT) are fully informed about certain limitations and additional costs associated with the implementation or use of the technology.
Therapists and other non-physician health care professionals in outpatient practice and those in post-acute and long-term care settings/facilities were ineligible to participate in Meaningful Use upon its inception, and as such, received no financial assistance, direction, or support to adopt and implement interoperable, certified EHR systems. In addition, CEHRT requirements are designed for prescribing professionals (i.e., physicians), and do not capture tasks performed by other professionals, such as physical, occupational, and speech therapists, making the certification process especially laborious, inefficient, and costly. As a result, many of the EMR/EHR systems used by non-physician and non-hospital providers, including therapists, are not certified.
Although the ONC’s Health IT Certification program remains voluntary in 2021, the increased focus on patient access to EHI, interoperability, and value-based care models (most of which include requirements around the exchange and use of EHI), and the lack of guidance and policy on how therapy and post-acute EMR/EHR vendors can certify their products, are barriers to therapists fully participating and succeeding in various payment incentive programs, such as the Merit-based Incentive Payment System (MIPS) or other Advanced Alternative Payment Models (APMs).
The ONC’s Cures Act Final Rule, published May 1, 2020, outlines provisions and regulations regarding health IT certification and information blocking. Several health IT certification criteria have been updated in the final rule to address information blocking and the need for health IT developers and health care providers to facilitate – and not interfere with or block – the appropriate access, exchange, and use of EHI.
The 21st Century Cures Act, legislation passed in December 2016, defines information blocking as practices that prevent or materially discourage the access, exchange, or use of EHI, and for which the actor knows, or should know, are likely to interfere with EHI access, exchange, or use. Per an interim final rule released by the ONC on October 29, 2020, All actors must comply with the information blocking requirements by April 5, 2021.
Health IT developers of certified health IT are one of the “actors” required to comply with the information blocking provisions, and therefore are subject to penalties and disincentives should they be deemed to be an information blocker. Health IT developers of health IT that is not certified are not subject to the information blocking provisions and potential penalties. That being said, all health care providers, including therapists, skilled nursing facilities, home health agencies, hospitals, rehab agencies, etc., are actors and must comply. And, because many non-physician and non-hospital health care providers use health IT systems (EMRs/EHRs) that are not certified by the ONC to create, maintain, and transmit EHI, these health IT vendors and products must be able to fulfill requests to access, exchange, or use EHI on behalf of their clients.
The ONC has identified eight exceptions to information blocking, defined as “reasonable and necessary” activities that limit or restrict the access, exchange, or use of EHI, but would not constitute information blocking. One such exception is the privacy exception which allows an actor to deny a request to share or transfer information if the request violates any federal or state privacy law, including HIPAA. This exception would be generally be utilized at the level of the health care provider to determine if the initial request for EHI was appropriate. Another exception is the content and manner exception which allows an actor to fulfill a request for EHI in an alternative manner (or format) than what was requested if the actor is technically unable to fulfill it in the manner requested. This may be an exception used at the EHR vendor level if a client asks for EHI to be exchanged or transmitted in a form or format that the vendor/application is unable to accommodate from a technical standpoint. This does not mean the information does not need to be transmitted or exchanged, only that an alternative manner or format must be used (and agreed upon).
While there is no requirement for health IT developers to have products or applications certified under the ONC’s criteria, all health IT developers and EMR/EHR vendors must be prepared to respond to their clients’ requests to access, exchange, or use EHI in a timely manner (“timely manner” has not been specifically defined at this time) to ensure compliance with the information blocking requirements.
It is important to note that HIPAA requires covered entities and business associates to share and exchange protected health information (PHI) and EHI for treatment, payment, and health care operations and upon request of the patient. This is not new. The information blocking requirements that become effective April 5, 2021, simply clarify this expectation and ensure appropriate access, use, and exchange of EHI occurs in a timely manner.
Casamba has always been able to comply with requests for medical records and documentation under HIPAA, and we will continue to support our clients with all future requests to ensure compliance with the new information blocking requirements.
For more information: