By Tony Schueth, Managing Partner & CEO

Editor’s Note:  This blog was updated November 23, 2020 to reflect timeline updates made by CMS and ONC to their Final Rules.  

Even before their final publication on May 1 in the Federal Register, the government announced changes to the long-awaited interoperability rules from the Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Medicare and Medicaid Services (CMS). Some deadlines are extended, and enforcement is slightly delayed for a handful of provisions. The modifications were put into place to give providers a little (but not much) breathing room while they cope with the COVID-19 crisis.

CMS offered a deadline extension, as described in our recent blog. The Office of the Inspector General (OIG) also weighed in with separate enforcement provisions, which are contained in a proposed rule on civil monetary penalties. Let’s take a deeper dive.

CMS. The CMS final rule had a menu of provisions related to data sharing by its covered plans and agencies, including Medicare and Medicaid. These were described in detail in our March 13 webinar (Click here to listen).

Most will be implemented and enforced on schedule. There are two exceptions as outlined in the agency’s April 21 requirements.

• The biggest change involved the requirement that hospitals send admission, discharge, and transfer event notifications to another healthcare facility or to another community provider or practitioner as a condition of participation. That provision was expected to go into effect six months after publication of the final rule in the Federal Register on May 1, 2020. Now, implementation will be delayed until spring 2021.
• There is an enforcement change for the adoption of APIs to facilitate sharing of provider directory information and patient information more readily with third-party applications selected by patients. As originally written in CMS’ final rule, the new API requirements were scheduled to go into effect on January 1, 2021. However, CMS announced it will exercise enforcement discretion for a period of six months, or until July 1, 2021.

ONC. ONC announced extension of compliance dates and timeframes in response to the COVID-19 public health emergency. The revised timeline is here. In its rule update, ONC named April 5, 2021, as the compliance date for key provisions, including information blocking certification requirements, assurances and APIs.

OIG. The OIG is the investigative, enforcement and oversight arm of the Department of Health and Human Services. It issued a proposed rule on April 24, which outlines how civil monetary penalties (CMPs) related to information blocking may be imposed. The fines could be hefty, running up to a maximum fine of $1 million per violation. The proposed rule would not impose new information blocking requirements and ONC’s final rule will be used as an enforcement guide.

There are five expected enforcement priorities. They include investigating conduct that 1) resulted in, is causing or has the potential to cause patient harm; 2) significantly impacted a provider's ability to care for patients; 3) was of long duration; 4) caused financial loss to federal health care programs or other government or private entities; or 5) was performed with actual knowledge. However, such investigations would be just the beginning of the process. The identification and investigation of such issues takes time. The imposition of CMPs, if it comes to that, would come much later.

OIG said it would delay enforcement related to information blocking until 60 days after its final rule is issued. This would give individuals and entities subject to the information blocking CMPs time to come into compliance with any final regulations. Comments on the proposed rule are due June 23. This means that the final rule is likely to be issued sometime in October, with enforcement potentially beginning in January 2021.

What happens next?  CMS, ONC and the OIG stated they will continue to monitor the landscape to see whether further action is needed. Will this be enough to scare stakeholders into compliance? If further action is deemed necessary, what does that mean? Will the heavy hammer of CMPs will be dropped and somebody made a poster child for enforcement? In the past, the government often has bent over backward to bring miscreants into voluntary compliance with such laws as the Health Insurance Portability and Accountability Act (HIPAA). Follow-up actions include developing a corrective action plan and monitoring. CMPs are rarely imposed, although occasional multi-million-dollar settlements have been negotiated for egregious violations. The process generally takes years. Maybe things will be different for information blocking. Indeed, 2020 has been an unusual year.

Point-of-Care Partners is monitoring these, and other developments related to the implementation of the information blocking provisions of the 21^st Century Cures Act. We’d be happy to help you draft comments on the OIG proposed rule. Drop me a line at tonys@pocp.com.