EHR Vendors: Don't Punish Us, Physicians for Information Blocking

Ken Terry

August 13, 2021

UPDATED August 27, 2021 // Editor's note: The attributions of some of the remarks in this article have been changed.

The trade association for electronic health record (EHR) companies is asking the government to postpone civil monetary penalties for EHR developers and health information networks and exchanges that run afoul of new information-blocking regulations. The group contends that the industry needs to become familiar with the requirements and figure out how to comply with them.

Officials of the Electronic Health Record Association (EHRA) revealed the request during a press conference at the Health Information Management and Systems Society (HIMSS) convention in Las Vegas this week.

In addition, the EHRA wants the Office of the Inspector General (OIG) to "focus on guidance, industry education, and corrective action plans in place of the application of penalties for a period of time" for healthcare practitioners as well as other entities covered by the 21st Century Cures Act regulations, said Leigh Burchell, vice president of government affairs and public policy for Allscripts.

Although healthcare professionals who violate the regulations aren’t subject to civil monetary penalties, they will be referred "to the appropriate agency for appropriate disincentives," notes an HIMSS report.

At the press conference, the EHRA officials also stressed the importance of improving the health information technology (IT) infrastructure of public health agencies and of creating data standards to facilitate the exchange of data between those agencies and healthcare professionals.

The EHRA includes 30 companies that together have 80% to 90% of the hospital EHR market and 70% to 80% of the ambulatory care EHR market, according to Hans Buitendijk, EHRA chair and director of interoperability strategy for Cerner.

Association Seeks Kinder, Friendlier Regulation

The EHRA supports the section of the Cures Act that bans information blocking between healthcare professionals, between healthcare professionals and patients who request access to their electronic health records, and by EHR companies that restrict information exchange, said Burchell. However, she stated, "It's been a challenging process for the industry to get ready for this."

Although the effective date of the law's implementation was in April, she noted, the OIG has not yet issued a final rule on how the information blocking provisions are to be enforced. That rule, expected in September, will specify civil monetary penalties for EHR firms and health information networks that violate the regulations. The OIG has not yet released a proposed rule on the "disincentives" for healthcare professionals who fail to comply with the provisions, she added.

Medscape Medical News asked the OIG about the proposed rule for professionals, but the office had not responded by press time.

Regarding the parties that will be affected by the OIG final rule, Burchell said, "There remains a fair amount of confusion in parts of the industry as to what is required of them under the information blocking part of the legislation. Because of that confusion, we have recommended to policymakers that there be a delay in the civil monetary penalties as part of the enforcement."

When the HIPAA law was implemented many years ago, she recalled, the government did not impose financial penalties on healthcare practitioners for some time. Instead, "there were corrective action plans, guidance documents, [and] industry education. We think that this merits the same approach."

Same Law, Different Data Set Definitions

The Cures Act specifies that healthcare practitioners must provide certain kinds of electronic health information (EHI) upon request by patients or by other healthcare professionals. The definition of EHI is the same as that of the "designated record set" covered by HIPAA's privacy rules. Among its data elements are patient demographics, progress notes, lab results, and billing information.

Between April 5, 2021, and October 6, 2022, EHR developers will update their products to enable the exchange of this EHI. During this time, healthcare practitioners must respond to requests for access to a more limited dataset known as the United States Core Data for Interoperability. After that, the full designated record set must be made available.

The problem with this approach, said Sasha TerMaat, director of Epic, the largest EHR company, is that the designated record set "has been interpreted differently by providers across the country, and there's no standard set. That makes it more challenging for uses in the [Cures Act] regulations, because different parties don't agree on what EHI is, making it harder to exchange data and to decide how the regulations might be enforced."

The Need for Greater Public Health IT Upgrades

The other major topic of the association's meeting at HIMSS was the state of public health infrastructure, which has become a major issue during the COVID-19 pandemic.

EHRA chair Buitendijk noted that the association has held discussions with public health agencies to figure out how public health IT can be upgraded.

The main areas that need to be addressed, he said, are the following:

  • There is a need to increase the resources available to state and local health departments to enable the kind of public health reporting that's required.

  • There is a question as to how to fill technology gaps in existing programs and EHR certification criteria.

  • There is a need for incentive programs that promote interoperability between healthcare practitioners and public health agencies.

In addition, he said, the COVID crisis has highlighted the need for a unique patient identifier for every American. The lack of such an identifier has made it more difficult to identify patients and connect the relevant data for public health purposes.

It was also noted that Congress has passed legislation increasing immunization registry funding and tying it to the adoption of standards for public health surveillance and monitoring.

Notes Janet Campbell, vice president of R&D Relations with Epic: "Standards-based exchange of public health data is critical to ensure that we're ready for the next public health emergency, so we all have a clear view of what's happening and a way to communicate what's happening across stakeholders."

"Patchwork Nature" of Public Health Infrastructure

Working with public health agencies during the pandemic, she said, "helped us understand the patchwork nature of public health [infrastructure]." Recently, she added, there has been a new emphasis on data standardization among developers, states, and immunization registries.

Association members further emphasized that provider and public health agency budgets need to be enhanced to expand upon data connections that are already in place, while also building new ones to ensure that the data can flow unimpeded. "It's important to get this done to be ready for future emergencies. But the funding isn’t easy to come by," said Buitendijk.

Burchell noted that some funds for this purpose were included in the various COVID-19 relief bills passed by Congress in the past year. This money will help public health departments determine what they must do to modernize their systems so they can exchange information more easily with practitioners.

"We're just trying to get ahead of it and get everyone on the same page now for things that will benefit us 3, 5, or 10 years down the road,” she said.

For more news, follow Medscape on Facebook, Twitter, Instagram, and YouTube.


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.