.st0{fill:#FFFFFF;}

What About Information Blocking? – Ep 282 

 December 4, 2020

By  Donna Grindle

HIPAA and information blockingWith so much going on this year things that would have been big news are slipping by with little notice. Back in 2016 The 21st Century Cures Act was passed which included a lot of healthcare IT updates to improve patient access to their information. A specific section was all about how to prevent information blocking. What is it, why do you care and when will things happen? That’s the topic for today.

A 5 star review is all we ask from our listeners.
1x
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy

In this episode:

What About Information Blocking? – Ep 282

The HIPAA Boot Camp

Virtual Edition Feb 23-25, 2021

Share Help Me With HIPAA with one person this week!

Thanks to our donors.  We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com.

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

HIPAA Say What!?!

OCR Settles Twelfth Investigation in HIPAA Right of Access Initiative

[18:10] OCR is committed to enforcing patients’ right to access their medical records, including the right to direct electronic copies to a third party of their choice. HIPAA covered entities should review their policies and training programs to ensure they know and can fulfill all their HIPAA obligations whenever a patient seeks access to his or her records,” said Roger Severino, OCR Director

University of Cincinnati Medical Center HIPAA Resolution Agreement and Corrective Action Plan

Distribution and Updating of Policies and Procedures

UCMC shall distribute the policies and procedures identified in section V.A. to all members of the workforce and relevant business associates within sixty (60) days of HHS approval of such policies and to new members of the workforce and relevant business associates within thirty (30) days of their beginning of service. UCMC shall provide to HHS proof of such distribution.

UCMC shall assess, update, and revise, as necessary, the policies and procedures at least annually or as needed. UCMC shall provide such revised policies and procedures to HHS for review and approval. Within thirty (30) days of the effective date of any approved substantive revisions, UCMC shall distribute such revised policies and procedures to all members of its workforce and relevant business associates and shall require new compliance certifications.

Minimum Content of Policies and Procedures

The Policies and Procedures shall include, but not be limited to:

1. All obligations required under 45 C.F.R. §164.524 and all its subparts;

2. An accurate definition of a “Designated Record Set” as defined in the Privacy Rule;

3. Standardized procedures for responding to requests for access pursuant to 45 C.F.R. §164.524;

4. Protocols for training all UCMC’s workforce members and business associates that are involved in receiving or fulfilling access requests as necessary and appropriate to ensure compliance with the policies and procedures provided for in section V.A. above;

5. Protocols for training UCMC’s workforce members that are involved in the maintenance of designated record sets and other protected health information as necessary and appropriate to ensure compliance with the policies and procedures provided for in section V.A. above.

6. Application of appropriate sanctions against UCMC workforce members who fail to comply with policies and procedures; and

7. A process for reviewing business associate performance with regard to access requests and responses and sanctioning business associates who fail to permit UCMC to comply with its HIPAA policies and procedures;

What About Information Blocking?

[26:21] Let’s get to the information blocking thing for a bit. This goes way back to the beginning in 2016 but the thing everyone is talking about right now is information blocking rules. That is the big deal to be aware of it and have it on your radar.

In general, information blocking is a practice by [a vendor), or health care provider that, except as required by law or specified by the Secretary of Health and Human Services (HHS) as a reasonable and necessary activity, is likely to interfere with access, exchange, or use of electronic health information (EHI).Office of National Coordinator
[28:17] But the big thing that the 21st Century Cures Act was about is promoting innovation, interoperability, those kinds of things. And the way that you do that is to make sure all these disparate systems everywhere can talk to each other. And there’s still a lot of sneakernet going on where that machine over there takes the data off it on some sort of, you know, USB stick and I bring it over here and I’ll put it in or, you know, the patient gets their data and then they take it with them

[30:07] For me, I’m a data interface person. That’s what I’ve always done. I love it. So, I’m excited about this because I see it opening up so many channels because, you know, we’ll have a standard.  Previously, when we had a NSF standard for claims, it was not standard.

The only thing that was standard was the names of the records and the things you could put on them. But how you filled them out was different for every payer. So, there was no standard, really. You still had a different set of code to deal with each payer’s requirement. For example, a referring physician could be put in like six different places.

There’s a long list that gets evaluated on what information blocking really is in the definitions. Technically, it also applies to providers. But there’s one big trick here

There are penalties if you’re involved in information blocking up to one million dollars per violation.

[35:26] But here’s the kicker, is that if there is a complaint filed for anybody that supposedly is doing information blocking. The complaint is investigated by HHS, OIG, the Office of Inspector General, not OCR who investigates HIPAA violations. That is two different offices. OIG has the legal authority to enforce information blocking rules and API rules on the vendors.

If they have a provider issue and they feel that there is a provider violating information blocking rules, they refer that to HHS, to the secretary who is going to determine “appropriate disincentives”. Not sure what the disincentives are but that is what is supposed to be happening.

If you are a provider, spend your time making sure you do everything you should be doing to allow patient’s access to their records according to the law. If you are doing that properly there is much less to worry about when it comes to the information blocking rules. Vendors need to be looking very carefully at all the Cures Act requirements to be sure they are ready for the first steps and a plan for where to go next.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word.  As always, send in your questions and ideas!

HIPAA is not about compliance,

it’s about patient care.TM

Special thanks to our sponsors Security First IT and Kardon.

HelpMeWithHIPAA.com Is A
Collaborative Project

Created & Sponsored By: