Checklist for Compliance With Information-Blocking Rule

Here’s a checklist to help hospitals, physicians and other “actors” take steps to comply with the information-blocking regulation from HHS’s Office of the National Coordinator for Health Information Technology. The checklist is part of the information-blocking tool kit developed by the law firm Davis Wright Tremaine. The compliance date of the regulation was Nov. 2, but on Oct. 29, HHS delayed it until April 5 because of the COVID-19 public health emergency. [1] Contact attorney Adam Greene at adamgreene@dwt.com.

Action Item

Completed

Notes

1.

Learn about information blocking at Tab C. Overview of Information Blocking; Tab H. Information Blocking Laws and Preamble Commentary; and Tab I. USCDI Summary and Standard.

Online resources outside of this tool kit:

2.

Identify and convene relevant stakeholders regarding compliance with the information-blocking regulations.

Stakeholders you may want to consider include: (1) Privacy/Compliance; (2) Legal/Contracting; (3) Health Information Management; (4) Electronic Health Record/Patient Portal Team; (5) Security

3.

Determine whether you are an “Actor” subject to the information-blocking provisions at Tab D. Information Blocking Actor Determination.

4.

Identify who will be responsible for your organization’s compliance with the information-blocking regulations (IB Lead(s)).

5.

Create a planning and implementation timeline to stay on track with the various compliance deadlines.

6.

Draft information-blocking policies. See Tab E. Information Blocking Policy Template.

7.

Educate and train workforce members on:

  • What electronic health information (EHI) and information blocking are,

  • Identifying common examples of prohibited information-blocking practices,

  • Identifying at a high level relevant regulatory exceptions to information blocking, and

  • How and to whom to report potential information-blocking practices.

8.

Identify the categories of third parties who are likely to request access, exchange, or use of EHI you maintain or control in Tab F. Identification of Relevant Information Systems and Practices, Section 1.

9.

Identify your systems used in the access, exchange, or use of EHI in Tab F. Identification of Relevant Information Systems and Practices, Sections 2-3.

10.

Identify your “practices,” which are your activities that potentially interfere with access, exchange, or use of EHI within each of your systems in Tab F. Identification of Relevant Information Systems and Practices, Section 4. Further, conduct an assessment to determine whether any of your current practices do not meet the elements of the information-blocking regulations, either because the information requested is outside the scope of EHI or the practice is required by law. Practices that involve EHI and are not required by law may implicate information-blocking concerns if they interfere with access, exchange, or use of EHI in any way.

11.

Conduct an analysis of each practice identified in Tab F. Identification of Relevant Information Systems and Practices, Section 4 that is not exempt to see if that practice fits into an exception to information blocking.

See Tab G. Information Blocking Analysis.

12.

Remediate your information-blocking practices.

Remediation steps to consider: (1) bring that practice within an exception, or (2) bring that practice as close to an exception as reasonably possible and document why it does not fit squarely within an exception.

13.

Maintain documentation that practices that interfere with access, exchange, or use of EHI fall under exceptions.

14.

Conduct regular audits of your organization’s compliance with your information-blocking policies and procedures.

This document is only available to subscribers. Please log in or purchase access.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field