Article By: Dr. Jessica Kasirsky, CMO, VP Regulatory Affairs, Therapy Brands
The regulation which implements the information blocking provisions of the 21st Century Cures Act applies to Health Care providers, certified electronic health record developers, and health information exchanges and networks. Catalyst is not subject to these specific regulations because 1) we are not certified under the Office of the National Coordinator’s Health IT Certification Program, and 2), we do not meet the definition of a health information network or exchange. While we are not subject to these regulations, Catalyst does not interfere with, prevent or discourage access, exchange, or use of electronic health information (EHI).
There are eight exceptions to information blocking:
- Preventing Harm: Blocking information is acceptable to prevent harm to a patient or another person.
- Privacy: An actor should not be required to use or disclose EHI (electronic health information) in a way that is prohibited under state or federal privacy laws.
- Security: Blocking is permitted to protect the security of EHI.
- Infeasibility: Legitimate practical challenges may limit an actor's ability to comply with requests for access, exchange, or use of EHI.
- Performance: e.g. If an app is hammering the database or disrupting others, it is acceptable to deny access or scheduled downtime periods.
- Content and Manner: These are new exceptions enumerated in the final ONC rule. According to ONC, this exception supports innovation and competition by allowing actors to first attempt to reach and maintain market negotiated terms for the access, exchange, and use of EHI. It is acceptable to fulfill requests in a manner different from what was requested if there is a technical incompatibility or agreeable terms cannot be achieved with the requestor of the EHI.
- Fees: You can charge reasonable fees with the exception that you can make a profit as long as it's transparent and applied consistently across the board.
- Licensing: An API provider can require licensing of API elements provided it is done in a reasonable and non-discriminatory way.
We recommend you engage your legal counsel or compliance professionals on whether any specific request implicates information blocking, and how to respond to it. In the event, your counsel or a compliance professional determines that the regulation applies to a specific request and you are unable to meet its technical requirements with your organization's product(s), we recommend that your organization evaluate claiming an exception, such as Infeasibility and/or Content and Manner. You can find a list of FAQs, fact sheets, and webinars on how information blocking applies to healthcare providers and other actors at https://www.healthit.gov/curesrule/.