Data Storyteller

CoE-PHI resource that describes the Information Blocking Rule and explains that it does not preempt stricter privacy laws and regulations such as 42 CFR Part 2.

Key Points:

• Information blocking includes practices that would “interfere with, prevent, or materially discourage the access, exchange, or use of electronic health information.”
• Following a legal requirement to obtain patient consent for a disclosure meets the “privacy exception” in the Information Blocking Rule and is not considered information blocking.
• If a portal cannot segment Part 2-protected records or prevent a patient’s proxy from unconsented access to such records, the healthcare provider should not share Part 2-protected records on the portal.

The Office of the National Coordinator for Health Information Technology’s (ONC) 21st Century Cures Act Information Blocking Rule (Info Blocking Rule) prohibits covered actors – including health care providers, health IT developers of certified health IT, and health information exchanges/health information networks– from engaging in practices likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information (EHI). The Info Blocking Rule includes eight exceptions that provide actors with certainty that, when their practice interferes with the access, exchange, or use of EHI and meets the conditions of one or more exception, such practice will not be considered information blocking. An actor’s practice that does not meet all the conditions of an exception will be evaluated on a case-by-case basis to determine whether information blocking has occurred.

This resource provides guidance to health centers for implementing FHIR in compliance with the Information Blocking Rule.  

Many healthcare providers, including health centers, are concerned about reconciling the need to protect patient privacy under HIPAA and 42 CFR Part 2 while avoiding interference with electronic health information sharing and violating Information Blocking regulations.

There are many questions about patient portals and the related requirements under the Information Blocking Rule. In this session, our expert speaker will review the impact of the Information Blocking Rule on implementation and use of the patient portal.

Over the last few years, the Office of Civil Rights has focused much of its enforcement efforts on ensuring patients are afforded their HIPAA right to access their protected health information (PHI). The Privacy Rule generally requires HIPAA covered entities to provide individuals, upon request, with access to the PHI (including electronic PHI) about them in one or more “designated record sets” maintained by or for the covered entity. This includes the right to inspect or obtain a copy, or both, of the PHI. It also includes an individual’s right to direct the covered entity to transmit a copy of their PHI to a designated person or entity of the individual’s choice.