Close this search box.

+1 (888) 895-8366

Understanding information blocking in healthcare is crucial for anyone involved in the record release process. However, sifting through countless online articles and government websites for answers can take astonishing time and effort.

This pocket guide provides answers to the most essential information blocking FAQs in one convenient location.

At ChartRequest, our experts can help you optimize your release of information (ROI) process without stress. They will explain everything you need to know about what constitutes information blocking and highlight relevant HIPAA rules. 

Consider the following information, then contact us to explore the record release software with a 5-day turnaround guarantee.

What Is Information Blocking?

In 2016, the federal government codified the Cures Act with strong bipartisan support. This legislation sets the parameters for the accelerated development and delivery of 21st-century healthcare solutions. It also defined information blocking and established penalties for violations.

According to the Cures Act, information blocking occurs when an individual or organization interferes with the access, transfer, or use of electronic health information (EHI). 

While information blocking is typically intentional, the Department of Health and Human Services (HHS) does not distinguish between deliberate and accidental interference regarding HIPAA violations. Hence, it is crucial to understand what constitutes information blocking and how it correlates with privacy to avoid surprise penalties.

Blocking EHI can compromise patient safety and reduce the likelihood of achieving positive healthcare outcomes.

Still, it’s important to note that not all instances of restricted access qualify as information blocking. The Office of the National Coordinator for Health Information Technology (ONC) outlined certain exceptions where healthcare IT cannot share EHI for legitimate reasons. We will cover these exceptions in greater detail later in this article.

What Are Some Examples of Information Blocking?

Information blocking can manifest in several ways. Here are a few examples:

  • A hospital system restricts the flow of patient information to competing providers or facilities.
  • A healthcare provider fails to share lab results electronically with other providers participating in patient care.
  • An electronic health record vendor charges a high fee for data access or system interfacing.
  • A healthcare facility does not allow patients to access their own EHI or excessively delays the release of these records.
  • A health information exchange (HIE) IT developer creates technical barriers or restrictive contract terms that prevent information sharing.

Who Must Comply With the Cures Act?

You may wonder, “To whom do these information blocking FAQs apply, and which entities are subject to the Cures Act?”

According to the Cures Act, the following “actors” must comply with current information sharing standards:

  • Hospital and clinic employees
  • Other in and out-patient medical facilities
  • Physicians
  • Health IT professionals
  • Health information exchanges or networks

Who Enforces Information Blocking?

The federal government authorizes the ONC to outline enforcement requirements and regulations and reduce the risks of information blocking in the healthcare sector. 

Still, it takes time to investigate and enforce information blocking, depending on the circumstance. Here are six steps the Office of the Inspector General (OIG) takes to conduct a comprehensive review:

Step 1: A patient or provider submits an information blocking complaint to the OIG.

Step 2: The OIG uses authorized powers to inspect the complaint and rule out exceptions.

Step 3: The OIG opens the information blocking case and designates resources toward a more thorough investigation.

Step 4: The OIG opens transparent communication to discuss the case with the entity in question.

Step 5: The OIG might send a demand letter to the entity.

Step 6: The entity in question can appeal the OIG’s findings, opening another pipeline for review.

What Metrics Does the OIG Use To Determine Information Blocking?

The OIG may open an information blocking case if they determine that denied access to EHI:

  • Caused or will cause harm to a patient
  • Impacted the care quality of a provider
  • Takes too long to produce
  • Caused financial losses to federal programs or other private entities
  • Intentionally caused a block for other malicious reasons

What Are Some Exceptions to Information Blocking?

ONC lists eight exceptions to the information blocking rule. Below, we list each exception in this information blocking FAQ:

  1. Harm Prevention: A healthcare provider or exchange network might deny access to certain information if it is reasonable and necessary to prevent harm.
  2. Privacy of the Patient: Healthcare employees are not subject to information blocking penalties if they deny a request that may compromise a patient’s privacy (see HIPAA).
  3. Security: A healthcare provider or exchange can restrict access to certain documents to safeguard the overall security of sensitive EHI.
  4. Practicality: Sometimes, information requests are infeasible due to technology restrictions, emergencies, or other unforeseen circumstances.
  5. IT Performance Issues: It may be reasonable and necessary for some record managers to restrict access to certain documents during data breaches or other cybersecurity-related events — thereby protecting the privacy and security of patients.
  6. Content Standards: Healthcare providers can limit the content of their response to a request to access, exchange, or use EHI.
  7. Fees and Transactions: Healthcare providers and exchange services can deny an EHI request if the requestor does not pay record release fees (all charges must be within a reasonable profit margin). 
  8. Legal Licensing: Healthcare providers and exchanges have the right to license and restrict interoperability elements for EHI access, provided they meet certain conditions.

See our article here for a deeper dive into the Cures Act information blocking exceptions.

What Is the Penalty for Breaking Cures Act Rules?

The HHS recently proposed numerous rules to disincentivize healthcare providers from blocking EHI. The proposed rule imposes severe disincentives in the form of reduced payout from government programs for healthcare providers that engage in information blocking.

These monetary penalties can cause irreversible harm to small medical facilities or healthcare IT firms. That is why it is crucial for your organization to carefully follow all HHS and HIPAA guidelines during the record release process. 

How Long Does My Organization Have To Release Information After a Request?

Slow service may cause healthcare organizations to end up on the wrong side of an information blocking complaint. HIPAA guidelines state that covered entities must act on an individual’s request for personal health information (PHI) within 30 calendar days. Failing to do so may qualify as information blocking and result in an investigation.

Organizations that experience a high volume of requests may need help to keep up with turnaround demand. That is why investing in secure record exchange platforms — like those offered by ChartRequest — is the safest way to ensure compliance. These solutions can optimize the exchange process and protect your company from blocking complaints.

How Does Information Blocking Affect Patients’ Right To Access Requests?

Patients have the right to access their EHI anytime. Therefore, information blocking rules do not generally alter a patient’s right of access under HIPAA. 

Current information blocking rules serve to reinforce patients’ rights and streamline access. They act as an added layer of protection, ensuring that healthcare providers cannot deploy barriers that prevent patients from accessing their information.

Here are a few things to consider when planning your organization’s record exchange policy:

  • Patients can request to see and obtain a copy of their medical charts, personal information, or doctors’ notes for any reason.
  • Patients can request their health records in a form and format of their choice as long as the provider can readily produce the documents in such a way.
  • Healthcare providers cannot knowingly delay the process by withholding information or ignoring requests.
  • Additional requests for the same documents might be necessary if the patient initially provides the wrong information on their request form — delaying verification.
  • Your team can review these information blocking FAQs to comprehensively understand current rules and regulations.

It’s important to note that information blocking rules and the HIPAA Privacy Rule are not synonymous. While they both aim to promote access to EHI, there are differences in their approach and scope. 

For instance, the information blocking rules apply more broadly than HIPAA, encompassing all EHI — not just the subset of EHI included in a designated record set under HIPAA. Understanding these nuances can help you better navigate the regulatory landscape and ensure compliance.

Can I Exclude Records From an External Provider When Receiving Medical Record Requests?

According to the HIPAA Privacy Rule, your organization is not obligated to create new information when responding to a request for access, such as explanatory materials or analyses that do not already exist in the designated record set. 

However, you must provide access to all of the requested PHI in a designated record set, which can include records from external healthcare providers. Omitting records from an external provider or other entity — such as a payor — may encourage patients to file information blocking complaints.

Can I Limit Release of Information to Just One Location Without Information Blocking?

Some might consider the limitation of data release to a single location as information blocking. Remember, the primary purpose of the information blocking rule is to promote a seamless exchange of health data. Consequently, any action restricting EHI access in one location might qualify as information blocking unless it falls within the exceptions outlined by the ONC.

However, the ONC reviews nuances in every case. For example, limiting the release of information to one location might be acceptable if it’s in response to a patient’s specific request or done to maintain patient safety or security. In this case, it would comply with one or many of the ONC’s exception rules.

It’s crucial to understand that while information blocking rules and HIPAA both aim to foster better access to EHI, they also uphold the need for privacy and security. Consequently, it’s critical to balance requests for information against the necessity of protecting sensitive health data.

Can I Verify a Requestor’s Identity Without Information Blocking?

While reading these information blocking FAQs, you may wonder which record release procedures are safe to implement and which can land your practice in hot water.

Verifying a requestor’s identity is essential for ensuring the secure release of EHI. This process doesn’t count as information blocking so long as you do not make unreasonable demands for verification.

Standard verification methods include implementing security questions, requestor identification documents, or digital verification tools. ChartRequest’s simple ROI software provides a fast and reliable verification workflow for organizations of all sizes.

It’s essential to carry out this verification process promptly and efficiently to avoid unnecessary delays. The ONC may perceive your verification process as information blocking if prolonged or excessively complicated.

What Is the Best Tool To Avoid Violations?

Health information exchange systems are the best tools to avoid information blocking while providing a robust, secure, and intuitive user experience. 

An excellent health exchange system promotes seamless sharing of EHI, ensuring that data flows freely across different platforms, providers, and health institutions. 

This solution also ensures that you have access to the information you need when you need it. Like our products at ChartRequest, a well-designed release of information system offers built-in security measures to protect patient data and uphold privacy for maximum HIPAA compliance. 

Furthermore, incorporating HIE features to facilitate patient access, such as dashboards and portals, can help you avoid information blocking complaints. 

Your team should spend time learning the implications of information blocking and how to deploy risk reduction policies. This way, your organization has all the tools and training it needs to succeed.

ChartRequest Release of Information Software Offers Swift Turnarounds

Does your healthcare practice worry about slow turnaround rates for ROI? These delays may encourage the OGI to investigate your company for information blocking.

Meet your 30-day deadlines with help from ChartRequest. We specifically designed our secure ROI platform to simplify the sharing of electronic health information while complying with HIPAA and information blocking rules. You can respond quickly to requests, manage high volumes of electronic documents, and more by investing in our modern solutions.

We pride ourselves on delivering a platform that can accommodate five-day turnarounds for optimal satisfaction.

Furthermore, we embed robust security measures in our software to protect patient data and uphold privacy. By facilitating the seamless transfer of health information, our ROI software promotes better patient care and keeps you compliant with the complex regulatory landscape.

Find more answers to your information blocking FAQs with ChartRequest. Call 888-895-8366 to learn more or schedule a consultation with our friendly representatives.

6 Types of Healthcare Audits For Insurance Companies
Healthcare audits are an essential part of maintaining fairness and accountability as a payor in the healthcare industry.
How Can ERP Insurance Optimize Risk Management?
ERP insurance coverage offers protection from financial losses for a limited period after an existing coverage plan expires.
Leverage Medical Records For Mass Tort Payouts
Mass tort payouts can be massive, but they often require quick and accurate access to your clients' medical records.
Hackensack Meridian Health Penalized $100K For Medical Records Right of Access Penalty
Hackensack Meridian Health, also known as Essex Residential Care, recently faced a $100,000 penalty for Right of Access failure.
What Is the Epic Vs. Particle Health Dispute Regarding Carequality?
The dispute between Epic vs. Particle Health has healthcare professionals split, and this article provides an unbiased breakdown.
Mass Tort Litigation Guide for Personal Injury Attorneys
Mass tort litigation can be a practical way to pursue compensation for numerous personal injury and medical malpractice claimants.

Want to Stay Updated?

Subscribe to our newsletter to learn:

  • Tips to Ensure Compliance
  • Strategies for ROI Success
  • Relevant Healthcare News

We respect your inbox, so we’ll only reach out to share high-quality content.

Sign Up for Automated Care Coordination Updates!

Our automated care coordination and referral management solution is coming soon!
If you’d like to be the first to learn new information and find out when it’s ready, please fill out this form:
This field is for validation purposes and should be left unchanged.