The New Definition of EHI: Are Vendors Ready?

By Elizabeth Delahoussaye, RHIA, CHPS, Chief Privacy Officer, Ciox
Twitter: @cioxhealth

The October 6, 2022 information blocking deadline is one of the most discussed—and debated—topics in healthcare IT. New regulations expand the definition of electronic health information (EHI), but health IT vendors remain uncertain about how to achieve and maintain compliance.

To summarize: health IT developers and health information networks and exchanges are now subject to penalties of up to $1 million per violation should they interfere with the exchange of electronic health information. It’s all part of the new regulatory requirements related to the 21st Century Cures Act, which is designed to allow patients unprecedented access to their healthcare information, and steeply penalize any health IT vendors who block this access.

In addition to healthcare providers, health IT vendors play an important role in the unobstructed access, exchange, and use of EHI. But in an August 18th letter, dozens of health IT professional associations, provider organizations, and other stakeholders asked the Department of Health and Human Services for clarity and flexibility regarding how to best implement the information blocking regulations. Impacted parties requested more detailed definitions of foundational concepts, examples of use case scenarios, and further communications that provide more specificity about the process. The Office of Civil Rights has provided technical assistance to providers who have requests for information HIPAA compliance claims against them, and stakeholders are hoping that the same type of assistance will be available regarding information sharing. It’s no wonder health IT developers are seeking more details about standardization and enforcement with a hefty civil monetary penalty projected up to $1M per violation.

To delve deeper into the data elements affected by the October 6 deadline, it is important for health IT vendors to identify potential issues and gaps as outlined under new regulations. While data elements under the previous U.S. Core Data for Interoperability includes clinical notes, patient demographic data, and other categories like data provenance, October’s definition of EHI includes “the entire scope” of the EHI definition, including electronic protected health information and designated record sets, including unstructured data. An example is information from fetal heart monitoring. While it is included in a patient’s care, it may not be incorporated into the electronic medical record and, therefore, must be integrated from a standalone system to ensure patient access. Regardless of whether the data is from an internal or external system, it is critical the vendor and health information department work together to ensure a process is in place to capture and release this information. Vendors must be transparent and clear in their communication with the HIM department so that they can determine the best process to close any gaps.

The patient must have access to their newly defined EHI via application programming interfaces, patient portals, or apps. And keep in mind, the patient has a right to receive their information in the form and format of their choice. This data availability demands ongoing collaboration and transparency between providers and health IT vendors to avoid any actions that could be deemed as information blocking by the Health and Human Services Office of Inspector General.

While the process for information blocking claim investigation and penalty enforcement remains to be seen, health IT vendors can familiarize themselves with the current release of information process and requirements with a focus on the privacy and security of protected health information regardless of the patient’s technological means of access. Generally, regulatory bodies look to enforce clear and egregious outliers. Put forth good faith efforts to integrate all sources of patient data in a secure and manageable way, complying with the spirit of the regulation. The Office of the National Coordinator for Health Information Technology is an excellent resource for additional information and guidance.

As our healthcare system continues to arc toward patient-centered care, the enablement of unprecedented access to information by patients is an important yet complex journey. Developers who remain well connected to the evolving nature of healthcare’s information access environment—and the healthcare providers that supply data—will be prepared to meet the challenges of information blocking’s next chapter.