The information blocking definition of electronic health information (EHI) includes the entire scope of electronic protected health information (ePHI) that is or would be in a Designated Record Set (DRS). Prior to October 6, 2022, the definition of information blocking was focused only on the subset of EHI that is represented by elements in the United States Core Data for Interoperability (USCDI) v1. As of October 6, 2022, all EHI falls within the scope of the information blocking definition.
What is and what is not EHI for purposes of information blocking regulations? In Verisma’s Nov 2022 ROI Roundtable Webinar we heard from two experts with the ONC – Rachel Nelson JD, Branch Chief, Compliance and Administration Branch, and Dan Healy, Policy Coordinator, Compliance and Administration Branch on what EHI is and how its definition relates to but differs from the definition of ePHI under the HIPAA Rules. The speakers provided important facts related to current information blocking policy and what healthcare organizations and providers should bear in mind specific to information blocking regulations as they review and update their technical capabilities and workflows in context of their DRS (Designated Record Set) to ensure they are sharing EHI consistent with all applicable laws. Some highlights from their presentation follow.
What is EHI as defined by the information blocking regulation? According to ONC, EHI is as follows:
- “Electronic Health Information (EHI) means electronic protected health information (ePHI) to the extent that the ePHI would be included in a designated record set as these terms are defined for HIPAA.”
The scope of EHI is relayed was shared in the following ONC graphic that can be found at HealthIT.gov:
The expansion is “only” PHI that is in an electronic format. Noted in the webinar is that EHI is “electronic health information (ePHI) to the extent that it would be included in a designated record set.” Further explained during the webinar was that EHI “is individually identifiable health information, that is maintained in electronic media or transmitted by electronic media.” If the ePHI is included in any of the following records and not in the exclusions such as psychotherapy notes, then it would be considered EHI:
- Medical records and billing records of a provider about an individual
- Enrollment, payment, claim adjudication, and case or medical management record systems maintained by or for a health plan.
- Records used in whole or in part to make decisions about individuals
What is not EHI was explained as well. For example, such things like psychotherapy notes, information complied in anticipation of, or for use in, a civil, criminal, or administrative action or proceeding, employment records health information, and de-identified protected health information. EHI is not limited by when the information was generated.
Organizations should be looking at what they now include in their designated record set policy and revise if necessary, to ensure the that their policy includes the full scope of EHI that is now in effect as of the October 6, 2022 expansion of the EHI definition beyond the current USCDI v.1 definition. Working with your Release of Information vendor is important as well, so they are aware of exactly what ePHI is defined in your designated record set and how to access all the ePHI for disclosure purposes. Many resources such as an EHI Fact Sheet, recorded Webinars, and an Infographic are available on https://www.healthit.gov/.
Dan and Rachel also spent time going over the Information Blocking definition and explaining how that relates directly to the exchange of ePHI. More details and explanation of the Information Blocking Regulation was shared with the attendees. Points that have caused some questions from health care providers and others in the health IT field were clarified. Information Blocking applies to “actors.” Actors are:
- Health Care Providers
- Health It Developers of Certified Health IT
- Health Information Networks (HINs)
- Health Information Exchanges (HIEs)
Exceptions to the Information Blocking Rule, which have caused a lot of questions from “actors,” in particular the “Content and Manner Exception” where it is not considered information blocking if the actor does not have all the requested EHI in their possession, cannot be shared using the technology requested, or where it must be “withheld due to laws or is permissible to be withheld, such as under the Preventing Har or Privacy exceptions.” One example would be if it would be impossible for an actor to segment out psychotherapy notes from the EHI. Another would be the cost to comply would be prohibitive. Other examples were given as well as resource information available on ONC’s Cures Act Final Rule website. For more in-depth information on Information Blocking, resources can be found at https://www.healthit.gov/ where there are fact sheets, Webinars, and FAQs.
Health Information Management leaders should be reviewing all the policies and procedures related to release of ePHI, especially their designated record set policy to ensure they are following the updated requirements that went into effect on October 6, 2022 and working closely to ensure their ROI vendor is up to date on all the requirements to ensure there are no risks of information blocking.