In December 2016, the U.S. Congress passed the 21st Century Cures Act, in part to mandate that different EHR systems, hospitals, and physician groups share patient data in compliance with new information blocking rules.
Following the passage of the law, it took several years for the U.S. Department of Health and Human Services (HHS) to issue a final regulation detailing exactly what these data-sharing rules would require and then, in 2021, those rules officially went into effect for the first time, but without any enforcement or penalties and applying only to a subset of health information.
In October 2022, the rules expanded in scope in terms of the data covered to include the full set of electronic protected health information (ePHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA), but still without any enforcement or penalties. Then, in 2023, civil monetary penalties of up to a $1 million penalty per violation went into effect for certified EHRs and health IT exchanges/networks.
“Disincentives” Final Rule for Healthcare Providers
On June 24, HHS, the Centers for Medicare and Medicaid Services (CMS), and the Office of the National Coordinator for Health Information Technology (ONC) released a final rule titled, “21st Century Cures Act: Establishment of Disincentives for Health Care Providers That Have Committed Information Blocking.” The 189-page final rule established penalties or “appropriate disincentives” that apply to certain providers found to have committed information blocking by the HHS Office of Inspector General (OIG). You can see us discuss this here.
The rule establishes penalties for providers participating in three Medicare programs: the Promoting Interoperability Program for hospitals, the Merit-based Incentive Payment System (MIPS), and the Medicare Shared Savings Program (MSSP). MIPS participants found to have committed information blocking will receive a zero-point score for the twenty-five-point Promoting Interoperability performance category, which will negatively impact their overall MIPS score (the Promoting Interoperability performance category counts for 25 of 100 possible MIPS points).
This, in turn, could negatively impact Medicare reimbursement rates for a single year in the future. MSSP ACO participants found to have committed information blocking could (at CMS’s discretion) be deemed ineligible to participate in the program for a period of at least one year, potentially resulting in a provider being removed from an ACO or prevented from joining an ACO. In a change from the proposed rule, CMS will have the discretion to consider this potential disincentive for an MSSP ACO participant based on the “relevant facts and circumstances” in each instance.
It is worth noting that the final rule only establishes disincentives for providers in these three Medicare programs because the information blocking rules apply to a much broader set of providers (i.e. they extend to Medicaid providers and providers in other Medicare alternative payment models).
July 31 Effective Date & Compliance Reminders
The June 24 final rule was officially published in the Federal Register on July 1, which established a July 31 effective date for OIG enforcement of the rule’s policies. Criticality, however, OIG enforcement will only apply to conduct or actions occurring on or after July 31.
For providers in these three Medicare programs, this enforcement deadline is many years in the making. In preparation, providers might want to consider the following action items:
1) Review the 2020 information blocking rules including the eligible exceptions to ensure an understanding of the requirements of these data sharing rules.
2) Consider adopting formal compliance and data-sharing policies for this regulation (a la HIPAA or other federal regulations).
3) Review technology solutions to determine the ability to share data as required under these new rules (even though these rules do not require the use of any specific technology).
For more information about our Cures-certified EHR visit here.
Meet NextGen Ambient Assist, your new AI ally that generates a structured SOAP note in seconds from listening to the natural patient/provider conversation.
Read Now