HHS Proposes Rule to Establish Penalties for Committing Information Blocking: What Providers Need to Know

On October 30, 2023, the U.S. Department of Health and Human Services (HHS) released a proposed rule (Proposed Rule) to establish disincentives for healthcare providers that engage in information blocking under the 21st Century Cures Act (Cures Act). 

Prior to issuing the Proposed Rule, healthcare providers were not subject to any specific penalties for failing to comply with the information blocking requirements under the Cures Act.  Information blocking is defined by the Cures Act as “a practice that interferes with, prevents, or materially discourages access, exchange or use of electronic health information” and is not otherwise permitted by law or one of the exceptions outlined under the Cures Act.

While the proposed disincentives will not be effective until, at the earliest, the date the Final Rule is published by HHS, healthcare providers should use this interim period to carefully review their policies and procedures to ensure that they are in compliance with the Cures Act information blocking requirements.  In addition, healthcare providers should identify any gaps in their software programs that may make compliance with the provisions of the Cures Act difficult.  For vendor-provided software programs with gaps, healthcare providers should work with vendors to resolve such gaps, and failing vendor co-operation, evaluate contractual and other remedies to mitigate risk of non-compliance.

Not all healthcare providers will be subject to the disincentives under the Proposed Rule (described in more detail below), but HHS has asked for public comment on penalties it may impose on non-compliant healthcare providers in the future.

Under the Proposed Rule, if a healthcare provider is found by the Office of the Inspector General (OIG) to have engaged in impermissible information blocking, such provider is referred to the Centers for Medicare & Medicaid Services (CMS) where it may be subject to the disincentives described below:

• Under the Medicare Promoting Interoperability Program, an eligible hospital or critical access hospital (CAH) would not be a meaningful electronic health record (EHR) user in an applicable EHR reporting period. The impact on eligible hospitals would be the loss of 75 percent of the annual market basket increase; for CAHs, payment would be reduced to 100 percent of reasonable costs instead of 101 percent. HHS estimates a median disincentive amount of $394,353 and a 95 percent range of $30,406 to $2,430,766 across eligible hospitals.
• Under the Promoting Interoperability performance category of the Merit-based Incentive Payment System (MIPS), an eligible clinician or group would not be a meaningful user of certified EHR technology in a performance period and would therefore receive a zero score in the Promoting Interoperability performance category of MIPS, if required to report on that category. The Promoting Interoperability performance category score typically can be a quarter of a clinician or group’s total MIPS score in a year. HHS estimates a median individual disincentive amount of $686 and a 95 percent range of $38 to $7,184.  For groups, assuming 6 clinicians, HHS estimates a group disincentive of $4,116.
• Under the Medicare Shared Savings Program, a healthcare provider that is an Accountable Care Organization (ACO), ACO participant, or ACO provider or supplier would be deemed ineligible to participate in the program for a period of at least one year. This may result in a healthcare provider being removed from an ACO or prevented from joining an ACO. HHS did not provide an estimate for the value of the disincentive rate related to ACOs. 

Public comments to the rule are due back by no later than January 2, 2024.

BCLP has significant experience in navigating the Cures Act.  Please contact Jennifer C. Hutchens, Kelly Koeninger, Christian Auty, Amy de La Lama or any member of the Healthcare & Life Science industry team or the Data Privacy & Security practice group to discuss.