Full Scope of EHI Now Subject to Information Blocking
The full scope of electronic health information (EHI), as defined under the information blocking regulation (Regulation), is now subject to the prohibition against information blocking. Under the Regulation, information blocking is "a practice that is likely to interfere with access, exchange, or use of EHI, except as required by law or covered by an exception." For the past two years, EHI was limited to only the data elements represented in the United States Core Data for Interoperability version 1 (USCDI v1). The scope of EHI was temporarily reduced to allow "actors" subject to the Regulation enough time to review and update their policies and practices. Effective Oct. 6, 2022, EHI covered under the Regulation expanded beyond the USCDI v1 data elements to its fully defined scope under the Regulation and includes all electronic protected health information (ePHI) to the extent that such information would be included in a designated record set, regardless of whether the records are used or maintained by or for a covered entity as defined by the Health Insurance Portability and Accountability Act (HIPAA).
The full scope of EHI is not the only thing actors need to be mindful of going forward. In preparation for the implementation of this change, the ONC held additional virtual office hours on Oct. 6 and will again on Oct. 27 to allow industry stakeholders to ask questions about the expanded scope of EHI or other topics related to the Regulation. In addition, the Information Blocking FAQs remain available as a resource. Finally, the ONC has called out several other key reminders and has set the expectation that we could see "periodic, experience-driven regulatory updates as well as continued work on education, outreach, and oversight, including the establishment of disincentives for health care providers." There is even a teaser about the possibility of information blocking advisory opinions.
As the scope of EHI expands, it is more critical for healthcare providers, developers of certified health IT and HIEs/HINs to ensure that they are not engaging in practices that may interfere with the appropriate exchange, access and use of EHI. Actors should continue to evaluate EHI requests and ensure employees are educated about the Regulation and its exceptions to facilitate compliance and reduce the risk of enforcement action.