Skip to main content
Skip to footer
    info blocking
    Regulatory Interoperability

    Understanding information blocking exceptions and compliance

    Estimated read time: 5 minutes

    by Josh Mast

    Published on 3/29/2021

    The content below aims to provide high-level education around the Office of the National Coordinator for Health IT (ONC’s) information blocking final rule. Cerner clients have been provided with detail and action items regarding ONC information blocking compliance. For additional resources, please contact your client accountable executive.

    Imagine a world where the patient data that a clinician needs to provide the highest quality of care is available and easily accessible. Or where data can be safely and efficiently exchanged among stakeholders to increase knowledge of a virus and develop therapies and vaccines during a public health crisis. And the one that drives the Cerner mission and vision: a world where patients have their health information at their fingertips to use however they like and take with them wherever they receive care.

    As we quickly approach the April 5 compliance deadline for the ONC’s final rule on information blocking, these scenarios are closer to reality than ever before. The ONC ruling requires electronic health information (EHI) to be made available without undue delays or unreasonable fees. The compliance framework applies to three entities, or “actors” as they’re called by the ONC: healthcare providers, health IT developers and health information networks/exchanges. The information blocking framework defers to federal, state and tribal privacy laws. 

    Download the infographic

    Framework exceptions

    Though the concept of information blocking has been around for years, the legal framework is fresh. Information blocking is broadly defined as any practice that “…is likely to interfere with, prevent, or materially discourage access, exchange or use of electronic health information.” With such a wide reach, the ONC identified eight framework exceptions to ensure reasonable and necessary activities wouldn’t be mischaracterized as information blocking.

    The exceptions allow providers, developers and health networks to comply with other legitimate business practices – even though some may otherwise meet the definition of information blocking. The eight exceptions fall into two categories:

    1. Denial exceptions, which outline several reasons why a request for EHI access, exchange or use is denied.
    2. Approval and process exceptions that reflect how requests for access, exchange or use for EHI can be fulfilled.

    Framework compliance

    How an EHI request is received and responded to determines if it’s compliant. To understand the framework, it’s important to know the content and manner exception. This exception outlines how requests should be fulfilled for EHI access, exchange or use. It also determines when the fees and licensing exception is applicable, along with how and when fees may be charged for an information request.

    • The content condition scopes the health information that actors are required to provide upon request.
    • The manner condition, or how EHI is requested to be made available, helps providers, developers and health networks determine the best format for fulfilling a request. When necessary, this includes offering an alternative.

    Preparing for compliance requires developing a process – based on the content and manner exception – that’s applied when an information request is received. As part of the procedure, providers, developers and health networks should also outline when it’s appropriate for a request to be denied.

    It’s important to know all the manners and methods that the requested EHI may be provided in order to determine if there’s a compliance risk. The content and manner exception limits information blocking to data that’s part of the U.S. Core Data for Interoperability (USCDI) for the first 18 months of compliance, or April 5, 2021, through October 6, 2022.

    The information blocking framework revolves around requests for information and as such the compliance framework doesn’t require actors to proactively provide EHI/USCDI data. Though ONC doesn’t define requests, these requests could be one-off requests, initial requests for ongoing release of information or the ongoing fulfillment of requests of information, such as interfaces, APIs and connections to health information exchanges or portals. Information blocking is also constrained by HIPAA, as well as other privacy and security requirements related to requests for access, exchange or use.

    Other requirements, such as those related to the Centers for Medicare & Medicaid Services Promoting Interoperability Programs or for use of Certified Electronic Health Record Technology, require proactively sharing health information through a patient portal. These requirements to proactively share health information are layered on top of information blocking requirements.

    While there is no singular answer for how to best provide data access, Cerner offers several options to enable access, exchange and use of EHI, such as standards-based interfaces, APIs, HealtheLife ℠ patient portal, health information exchange connections and many more. Cerner will continue to advance and enhance our interoperable functionality and is dedicated to enabling the easy access, exchange and use of EHI by all authorized users. 

    Download the infographic

    A guideline – not a tripwire

    The process for receiving and responding to information requests is more important to compliance than a provider’s system capabilities. The framework provides a basis where actors can respond to requests for access, exchange or use of EHI or deny those requests when appropriate. Information blocking requires intent and knowledge, and the ONC and the Office of Inspector General of Health and Human Services indicated that they don’t plan to punish unintended mistakes. As a result, the framework should be viewed as a guideline – not a tripwire – on which to share health information.

    Today’s information blocking framework took years of advocacy by many committed voices in the healthcare arena. It’s uncommon to see a compliance program of this magnitude, and it will no doubt take time beyond its effective date of April 5 to truly understand its impact. But this framework is a critical step toward ensuring the secure, timely and appropriate flow of patient information – and a key milestone on the path toward improving healthcare for all.

    For decades, Cerner has been a leading advocate in shaping policy and developing technology for the unimpeded exchange of health information that gives patients access to a digital, longitudinal health record. Learn more here.

    male physician holds tablet
    Ep. 232: Interoperability – the evolution and direction of shared care
    Oracle Cerner | 7/28/2022
    At Oracle Cerner European Collaboration Forum 2022, speakers from the UK, Canada, and Qatar consider where we currently are with the long-running challenge of interoperability and what we need to do to in the future to help achieve its key goals.
    The Future of the EHR image
    The Future of the EHR: Dr. David Feinberg on usability, interoperability, data, AI and value-based care
    Cerner Corporation | 5/25/2022
    During a workshop at Becker's Hospital Review's 12th Annual Meeting sponsored by Cerner, David Feinberg, MD, Cerner's president and CEO, discussed how the future and promise of the EHR can lead to more equitable, cost-effective, easy, convenient and dignified healthcare.
    Perspectives_Podcast_TEFCA
    Ep. 228: How TEFCA impacts the future of healthcare
    4/20/2022
    Learn about TEFCA, what it means for healthcare organizations, and what a trusted exchange framework can help providers accomplish going forward.