provider information blocking

On June 24, 2024, the Department of Health and Human Services (HHS) released a final rule establishing disincentives for healthcare providers who have engaged in information blocking. Information blocking is a practice by a provider that is likely to interfere with the access, exchange, or use of electronic health information (EHI).

Information blocking is illegal, except when required by law, or when permitted by an exception to the rule against information blocking. This article covers the disincentives that can be imposed on a provider found to have engaged in information blocking.

The History of Information Blocking Regulations

The initial information blocking regulation was issued under the 21st Century Cures Act. That 2016 law was established to accelerate the discovery, development, and delivery of 21st century cures, by streamlining drug and device approval processes, and bringing treatments to market faster. The drafters of the law believed that blocking of the exchange of electronic health information (e.g., provider to patient exchanges, provider-to-provider exchanges, and exchanges involving health IT developers of certified health IT, health information exchanges (HIEs), and health information networks (HINs)) would frustrate these purposes. So, in 2020, HHS, in conjunction with the Office of National Coordinator for Health Information Technology (ONC), issued the “Interoperability and Information Blocking Rule.” 

The rule, by prohibiting information blocking, was designed to (among other things) increase patient access to their electronic health information and to improve health outcomes.

What Are Examples of Provider Information Blocking?

Provider information blocking can take place as a result of a provider’s deliberate actions or policies that prevent ePHI (the definition of EHI includes ePHI) from being lawfully shared or used for HIPAA-authorized purposes. Provider information blocking can occur in less obvious ways. These less obvious ways include a provider’s using contract terms, policies, or technology that discourage or make it unnecessarily costly or burdensome to share or use ePHI.

Examples of conduct that might raise provider information blocking concerns include:

  • A provider imposing excessive fees on patients for their medical records. Excessive fees might make exchanging ePHI cost-prohibitive.
  • A provider has policies or contractual arrangements that prevent sharing, or that limit how information is shared with patients or other providers.
  • Citing “The HIPAA Privacy Rule” as a reason to not share information, when in fact the Privacy Rule places no restriction on that sharing.

The 2020 rule provided that entities other than healthcare providers – that is, IT developers of certified health IT, health information exchanges (HIEs), and health information networks (HINs), who engage in information blocking, are subject to civil monetary penalties (CMPs). 

The 2024 rule provides a different penalty for provider information blocking. The penalty is not in the form of CMPs, but rather disincentives. These disincentives withhold money that a provider might have earned under certain federal government incentive or “bonus” programs.

What Disincentives Does the 2024 Final Rule Establish?

In a press release announcing the final rule, OCR noted that the final rule establishes a series of disincentives for providers whom the HHS Office of Inspector General (OIG) has found to have engaged in information blocking. HHS OIG determines whether a provider information blocking violation has occurred, and then notifies the Centers for Medicare and Medicaid Services (CMS) of its determination. CMS may then apply the disincentive.

Disincentive #1: Removal of Meaningful Electronic Health Record User Status

Under the Medicare Promoting Interoperability Program, an eligible hospital or critical access hospital (CAH) that has committed information blocking faces a disincentive.

Under the program, an eligible hospital or critical access hospital (CAH) that has committed provider information blocking, and is referred to CMS by OIG, will not be a meaningful electronic health record (EHR). The hospital will not be deemed a meaningful electronic health record user during the calendar year of the EHR reporting period in which OIG refers its determination to CMS. An EHR reporting period is the period of time (currently 180 days as of 2024) for which hospitals must report statistics regarding whether they have meaningfully used EHR technology,

Here’s the disincentive: If the eligible hospital is not a meaningful EHR user, it won’t be able to earn three quarters of the “annual market basket increase” it would have earned had it successfully participated in the Promoting Interoperability (PI) program. For CAHs, payment will be reduced to 100 percent of reasonable costs instead of 101 percent.

Disincentive #2: Lower MIPS Promoting Interoperability Score

Under the Merit-Based Incentive Payment System (“MIPS,” which is a program that aims to improve patient care quality), an eligible clinician who is not a meaningful EHR user will receive a score of zero in the MIPS Promoting Interoperability performance category. The MIPS Promoting Interoperability performance category (PI category) score is typically a quarter of an individual MIPS eligible clinician’s final score in a performance period/MIPS payment year, unless an exception applies and the MIPS eligible clinician is not required to report measures for the performance category.

The maximum score a provider can earn under MIPS is 100 points (MIPS has four measurement categories; PI is one of them). The maximum score a provider can earn in the Promoting Interoperability category is 25 points. A total of below 75 MIPS points can result in a negative payment adjustment to a clinician’s Medicare Part B payments in the following year. A provider who earns a score of 75, exactly, receives neither positive nor negative payment adjustments. Receiving a zero in the PI category, which is worth 25 points, makes it impossible for the provider to obtain a positive payment adjustment in the following year.

Disincentive #3: Loss of Medicare Shared Savings Program Revenue

The Medicare Shared Savings Program (MSSP) is “a voluntary program that promotes accountability for a population of Medicare beneficiaries, [and] promotes higher value care.”  If this sounds like a description of the MIPS program, it basically is: the MSSP is an alternative payment program to MIPS. The difference between MIPS and APM is that each has its own measurement criteria. 

Medicare Shared Savings Program Accountable Care Organizations (ACOs) are groups of doctors, hospitals, and other health care providers who collaborate to give coordinated high-quality care to people with Medicare, focusing on delivering the right care at the right time, while avoiding unnecessary services and medical errors.

Under the Medicare Shared Savings Program, a health care provider that is an Accountable Care Organization (ACO), ACO participant, or ACO provider or supplier who has committed provider information blocking may be ineligible to participate in the program for a period of at least one year. Therefore, the health care provider may not receive revenue that it might otherwise have earned through the Shared Savings Program.

Can Other Disincentives be Imposed?

The press release notes that additional provider information blocking disincentives may be established through future rulemaking.

See How It Works