Health Law Alert by Lamb McErlane attorneys Vasilios J. Kalogredis, Esq. and Sonal Parekh, Esq.

The Department of Health and Human Services’ (“HHS”) final rule “Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing” relating to the 21^st Century Cures Act (“Cures Act”) became effective on Monday, March 11, 2024. This rule implements the Electronic Health Record (“EHR”) Reporting Program provision of the Cures Act by establishing new Conditions and Maintenance of Certification requirements for health information technology (“Health IT”) Developers under the Office of National Coordinator (“ONC”) Health IT Certification Program (the “Program”).

The Cures Act is applicable to entities that (i) provide health care or are considered a health care provider[1], and (ii) hold Electronic Health Information (“EHI”). EHI is, in essence, the health records of a patient that is stored on a hard drive, server, or any other electronic platform. The intent behind this rule is to increase patient accessibility to EHI. While the final rule focused mostly on Health IT Developers, the rule included several key provisions for health care providers to which the rule is subject.

In general, information blocking is considered to be conduct that a health care provider (or Health IT Developer) knows is unreasonable and is likely to interfere with, prevent or materially discourage access, exchange, or use of EHI. This includes, without limitation:

1. Restrictions on Access, Exchange, or Use.
2. Limiting or Restricting the Interoperability of Health IT.
3. Impeding Innovation and Advancements in Access, Exchange or Use of Health IT-Enabled Care Delivery.
4. Opportunistic Pricing Practices.
5. Non-Standard Implementation Practices.

The ONC has clarified that there are several exceptions which are not considered to be information blocking. These exceptions are set forth below. The final rule focused on changes to the Infeasibility Exception, Manner Exception, and TEFCA Manner Exception.

1. Preventing Harm Exception.
2. Privacy Exception.
3. Security Exception.
4. Infeasibility Exception.
5. Health IT Performance Exception.
6. Manner Exception (updated in the final rule from the previously referenced “Content and Manner Exception”).
7. Fees Exception.
8. Licensing Exception.
9. Trusted Exchange Framework and Common Agreement (“TEFCA”) Manner Exception.

Health care providers should be aware that effective March 11, 2024, health care providers will need to provide all EHI represented by Data Elements identified by the United States Core Data for Interoperability (“USCDI”) upon request unless there is a reason to deny the request based on one of the listed exceptions enumerated above. The final rule further clarified that at all times, patients (and their authorized representatives) must be able to use the software (or Health IT) to view, download, and transmit their health information to a third party. Such data should be able to be selected by a patient according to a specific date or identified date range. In the final rule, HHS has declined to adopt new or additional privacy standards related to controlling sensitive data that may be represented in USCDI Data Elements. Existing criteria includes support for privacy and security labels in health information exchange workflows.

If you have any questions regarding Cures Act compliance, please feel free to contact Bill Kalogredis, Esq. or Sonal Parekh, Esq.

[1] A health care provider is defined broadly and includes a hospital, skilled nursing facility, nursing facility, home health entity or other long term care facility, health care clinic, community mental health center, renal dialysis facility, blood center, ambulatory surgical center, emergency medical services provider, Federally qualified health center, group practice, pharmacy, laboratory, pharmacist, physician, practitioner, and any other category of health care facility, entity, practitioner, or clinician as determined appropriate by the Secretary.

_______________________________________

Vasilios J. (Bill) Kalogredis, Esq. has been advising physicians, dentists, and other healthcare professionals and their businesses as to contractual, regulatory and transactional matters for over 45 years. He is Chairman of Lamb McErlane PC’s Health Law Department. Bill can be reached by email at bkalogredis@lambmcerlane.com or by phone at 610-701-4402.

Sonal Parekh, Esq., is an associate at Lamb McErlane PC who focuses on healthcare transactional matters and a broad range of healthcare regulatory-related issues on behalf of healthcare systems, physicians, dentists, and other healthcare providers, and is a pharmacist by education and training. Sonal can be reached by email at sparekh@lambmcerlane.com or by phone at 610-701-4416.

*This alert is for educational purposes only and is not intended to be legal advice. Should you require legal advice on this topic or have any questions or concerns, please contact Vasilios J. (Bill) Kalogredis, Esq. or Sonal Parekh, Esq.