Info Blocking Rule’s Loose Definition of EHI
Editor’s note: This article is the third in a series on overcoming the challenges at the heart of interoperability in healthcare and meeting information blocking requirements. Future articles will cover how modern technology can break down longstanding obstacles to sharing data and coordinating care, as well as how third-party partners can help organizations overcome “last mile” barriers to interoperability.
The information blocking final rule makes it crystal clear that provider organizations can no longer inhibit the exchange or use of electronic health information (EHI). What’s less clear, though, is what specifically constitutes EHI.
Once information blocking penalties are in place, providers will likely only face penalties if they knowingly and intentionally withhold access. However, organizations shouldn’t take chances on defending themselves by saying, “We didn’t know it was EHI.” Leaders must understand what’s covered under the rule, what’s excluded, and how to ensure compliance.
How is EHI defined under the info blocking rule?
The Office of the National Coordinator for Health IT refers to EHI as electronic protected health information that would be included in a designated record set (DRS). A DRS is defined under HIPAA as information falling into one of three categories: A provider’s medical and billing records; a health plan’s enrollment, payment, claims, and medical management records; and other records “used in whole or in part” to make healthcare decisions.
How has the definition of EHI evolved?
Prior to the information blocking final rule taking effect in October 2022, the definition of EHI was limited to data elements represented in the United States Core Data for Interoperability (USCDI) Version 1 standard. This included 16 data classes – such as demographic information, vital signs, allergies, and treatment plans – and various data elements underneath them, many tied to specific Logical Observation Identifiers, Names, and Codes (LOINC) or SNOMED Clinical Terms.
What is excluded from EHI?
As it relates to information blocking, EHI is a subset of DRS, and several types of information are excluded. The most notable are psychotherapy notes, information found in educational records or employment records, and information gathered in anticipation of civil, criminal, or administrative action. De-identified information is also excluded.
Why is the new definition of EHI unclear?
The information blocking final rule intentionally broadened the scope of what constitutes EHI. In doing so, though, its definition lost the specificity of USCDI v1. In ONC’s own words, “Because the definition of DRS is not specific to particular systems or technology platforms where an organization maintains the information, neither is the definition of EHI.”
Further complicating matters: Entities such as pharmacies and labs are also subject to the information blocking rule, and their DSRs look a lot different than those of physician offices and hospitals.
How can providers ensure they meet the EHI requirements?
Document where EHI is stored. Most will be in electronic health records, but practice management, imaging, and lab and diagnostic systems likely contain this information as well.
- Work with technology vendors to ensure that EHI subject to the information blocking rule is accessible when requested.
- Internally, update policies for reasonably disclosing information to patients to align with the organization’s definition of EHI within the DRS, not the USCDI.
- Remember that state laws regarding patient access to lab or test results may go beyond federal law with additional requirements and may impact when certain types of EHI can be shared.
About Consensus Cloud Solutions: Consensus Cloud Solutions, Inc. (NASDAQ: CCSI) has been a global leader of digital cloud fax technology for over 25 years. The company leverages its technology heritage to provide secure solutions that transform simple digital documents into advanced healthcare standard HL7 FHIR for secure data exchange. Consensus offers eFax, a global leader in online faxing, Consensus Unite and Consensus Harmony interoperability solutions, Consensus Signal for secure automatic real-time healthcare communications, Consensus Clarity, a Natural Language Processing (NLP)/Artificial Intelligence solution, and jSign for electronic digital signatures. For more information about Consensus, visit consensus.com. Follow us on Twitter @ConsensusCS.