Information Blocking: What You Need to Know

January 10, 2023  |  Shadowbox   |  ,

In 2016, the Federal Government enacted the 21st Century Cures Act (the Cures Act), to enhance patient access to their medical records, promote seamless communication across healthcare providers, and automate the secure exchange of patient information across disparate software platforms and systems. 

The Cures Act includes strict rules prohibiting information blocking, putting a stop to practices that are likely to interfere with, prevent, or materially discourage access, exchange, or use of Electronic Health Information (“EHI”). Health IT companies who violate the new rules could be subject to penalties of up to one million dollars per violation.   

Examples of information blocking fall into 5 categories:  

  1. Restriction on Access, Exchange or Use – For example, a health system requires staff to obtain patient written consent before sharing patient’s EHI with unaffiliated providers, even though this is not required by HIPAA or state law. 
  1. Limiting or restricting the interoperability of Health IT – An EHR vendor prevents (e.g., by imposing high fees) a third-party interoperability app from writing EHI to the EHR, when a provider has authorized it. 
  1. Impeding innovation and advancement in access, exchange or use of health-IT-enabled care delivery – EHR vendor will not provide technical documentation to a systems integrator engaged by a provider unless the systems integrator signs a broad non-compete that prohibits them from working with other vendors 
  1. Rent-seeking and other opportunistic pricing practices – An EHR vendor charges more to export or use EHI when a provider is transitioning to competing technology or trying to export data for use with an HIE. 
  1. Non-standard implementation practices – A health IT vendor uses the “required” portions of a widely adopted industry standard but implements proprietary standard wherever it has discretion, even when standard formats are available. 

There are 3 types of “actors” that must adhere to the regulations defined by the information blocking section of the ONC Cures Act Final Rule: 

  1. Healthcare Providers 
  1. Health Information Networks or Health Information Exchanges 
  1. Health IT Developers or Certified Health IT 

The Office of the National Coordinator for Health Information Technology’s (ONC) also established information blocking exceptions to implement the law. The eight exceptions  include the following: 

  1. Preventing Harm  
  1. Privacy  
  1. Security 
  1. Infeasibility 
  1. Health IT Performance 
  1. Content and Manner 
  1. Fees 
  1. Licensing  

At Shadowbox, it is our mission to make patient data easy to access and safe to share no matter where it resides. Per the ONC, the information blocking regulations do not require healthcare providers to adopt or use certain technologies or platforms. Providers may use “patient portals,” other web interfaces, application programming interfaces (APIs), and a multitude of technologies and platforms to make EHI available for access, exchange, or use.   

If your EHR vendor is prohibiting you from using Shadowbox technology to access a patient’s EHI, or if they insist on charging punitive fees for using our software, then this practice may constitute information blocking.  If you believe you may have experienced or observed information blocking by any health care provider, health IT developer of certified health IT, or HIN/HIE, we encourage you to share your concern through the Information Blocking Portal on ONC’s website HealthIt.gov.

Want more information on the process for reporting information blocking? Click here to find information on reporting information blocking.

Shadowbox is a smart, secure, HIPAA-compliant automation platform built for healthcare. We tackle interoperability and compliance by turning your browser into an “infinite API.”

Additional articles by Shadowbox