On January 9, 2024, HHS published in the Federal Register its long-awaited Health Data, Technology, and Interoperability final rule (HTI-1 Rule or Final Rule). The Final Rule is designed to implement the 21st Century Cures Act (Cures Act) and several Executive Orders, and it addresses a number of topics. This blog post focuses on the changes made by the Final Rule to the information blocking regulations promulgated by HHS-ONC, including revisions to certain existing definitions and exceptions, and the addition of a new exception to encourage the secure, efficient, and standards-based exchange of electronic health information (EHI) under the Trusted Exchange Framework and Common Agreement (TEFCA).
Background
ONC’s information blocking regulations implement the “information sharing” mandate of the Cures Act with respect to certain co-called “stewards” of EHI—specifically: (i) developers of federally certified health information technology; (ii) health information exchanges and health information networks (HIE/HIN); and (iii) health care providers (collectively, “actors”). The information blocking regulations also set forth a number of specific exceptions to the information sharing mandate, each with specified conditions. For example:
- The “infeasibility” exception recognizes that legitimate practical challenges may limit an actor’s ability to comply with requests for access to (or the exchange or use of) EHI because the actor may not have, and may be unable to obtain, the requisite technological capabilities, legal rights, or other means necessary to enable the access, exchange, or use at issue.
- The “manner” exception, in turn, recognizes that an actor may need to fulfill a request in an alternative manner if the actor (i) is technically unable to fulfill the request in the requested manner or (ii) cannot reach agreeable terms with the requestor to fulfill the request.
HTI-1 Final Rule
The Final Rule amends several of the definitions in the information blocking regulations, revises one exception, and creates a new exception. Together, these amendments are designed to “enable actors to determine more easily and with greater clarity whether . . . practices . . . that may or do interfere with access, exchange or use of EHI . . . meet the conditions . . . [of] an information blocking exception,” thereby promoting greater predictability, less uncertainty, and lower costs.
- Definition of “offer health IT.” The Final Rule narrows the existing definition of this phrase in several ways. First, provided certain conditions are met, the Final Rule specifically excludes from the definition of “offer health IT” the provision of funding to obtain or maintain certified health IT. Second, the Final Rule confirms that providers (and other health IT users) do not “offer health IT” when they engage in health IT implementation and use activities (regardless of whether they obtain health IT from a third party or develop it themselves). Third, the Final Rule excludes from the definition of “offer health IT” assistance by health IT consultants with the selection, implementation, and use of health IT, and legal services furnished by outside counsel.
- Definition of “health IT developer of certified health IT.” The Final Rule amends the existing definition of this term to make clear that a provider that develops its own certified health IT will not be deemed a “health IT developer of certified health IT.” This amendment represents a policy shift. Previously, providers who developed certified health IT were excluded from the definition of “health IT developer of certified health IT” only if they developed the health IT for their own use. Under the amended definition, the same provider would not meet the definition of a “health IT developer of certified health IT” if it supplies health IT to one or more other health care providers under a comprehensive and predominantly non-health IT administrative or operations management services arrangement (i.e., pursuant to the consulting and legal services exception to the definition of “offer health IT”).
- Infeasibility Exception. The Final Rule adds two new situations (or conditions) under which this exception can be met and amends the requirements of a third condition.
- New Condition: Third Party Seeking Modification. Under the Final Rule, an actor’s practice of denying a third party’s request to enable use of EHI will not be considered information blocking provided (i) the actor is being asked to enable the third party to modify EHI within the records or systems maintained by the actor (e.g., by creating or deleting functionality), and (ii) the request is not from a health care provider requesting such use from an actor that is their business associate.
- New Condition: Manner Exception Exhausted. Under the Final Rule, an actor’s denial of a request for access to EHI after offering alternative, interoperable manners will not be considered information blocking provided certain requirements are met (e.g., the actor must offer at least two alternative manners in accordance with the separate manner exception and meet certain other requirements). Note that an actor cannot meet this new condition if it currently provides a substantial number of individuals or entities similarly situated to the requestor with the same requested access to (or exchange or use of) the requested EHI.
- Existing Condition: “Uncontrollable Events.” With respect to this condition, the Final Rule clarifies that the uncontrollable events at issue must be causally related to, and in fact negatively impacted by, the actor’s ability to fulfill the information request.
- TEFCA Manner Exception. Finally, the HTI-1 Rule creates a new, standalone exception that applies where an actor and requestor are both part of TEFCA.1 Under the exception, where certain conditions are met, an actor’s practice of fulfilling a request to access, exchange, or use EHI only via TEFCA will not be considered information blocking. To take advantage of this exception, both the actor and requestor must be parties to TEFCA and the requestor must be able to access, exchange, or use the requested EHI via TEFCA. Further, and in contrast to HHS’s initial proposed position, any fees charged or licensing of interoperability elements by the actor in relation to fulfilling the request via TEFCA must satisfy the fees and licensing exception under the information blocking regulations. Finally, the exception is not available when the requestor has requested access, exchange, or use via API standards adopted under the ONC Health IT Certification Program.
Take Away: The changes in the information blocking regulations effectuated by the Final Rule are in furtherance of ONC’s goals of promoting innovation, encouraging market competition, improving transparency, and supporting access, exchange and use of EHI, all for the purpose of of enhanced delivery of health care. While these goals are high level and aspirational, the requirements of the information blocking rule are highly technical and complex. Actors need to pay careful attention to the parameters of the rule in navigating compliance with respect to adopted health care technology.
- TEFCA originates from Section 4003(b) of the Cures Act, which requires ONC “to convene ap-propriate public and private stakeholders” with the goal of developing or supporting a Trusted Exchange Framework and a Common Agreement for the purpose of ensuring full network-to-network exchange of health information. ↩︎