OIG’s authority to begin enforcement of the Information Blocking Rule begins September 1, 2023.
Certain Actors subject to the Information Blocking Rule may be subject up to a $1 million penalty per violation!
Actors need to be proactive in ensuring their compliance with the Information Blocking Rule and not wait for the OIG to discover them.
Subscribe HERE to Legal HIE’s backend compliance library to gain access to tools, checklists, whitepapers, sample policies and a lot more to help your organization stay on top of the newest compliance challenges in 2023!
OIG’s authority to begin enforcement of the Information Blocking Rule (IBR) begins today, September 1, 2023 – which means that if the OIG determines that certain Actors subject to the IBR have engaged in impermissible information blocking, they may be subject up to a $1 million penalty per violation!
Currently, only the following Actors are on the hook for these penalties:
- Health Information Exchanges;
- Health Information Networks; and
- Health IT Developers of Certified Health IT, including entities offering Certified Health IT.
Each of these terms is specifically defined in the IBR and needs to be evaluated closely in order to determine if any of the activities your organization engages in might meet the definitional criteria for one ore more of these types of Actors. Here are those definitions:
“Health Information Network” or “Health Information Exchange” means:
an individual or entity that determines, controls, or has the discretion to administer any requirement, policy, or agreement that permits, enables, or requires the use of any technology or services for access, exchange, or use of electronic health information:
(1) Among more than two unaffiliated individuals or entities (other than the individual or entity to which this definition might apply) that are enabled to exchange with each other; and
(2) That is for a treatment, payment, or health care operations purpose, as such terms are defined in 45 CFR 164.501 regardless of whether such individuals or entities are subject to the requirements of 45 CFR parts 160 and 164.
“Health IT developer of certified health IT” means:
an individual or entity, other than a health care provider that self-develops health IT for its own use, that develops or offers health information technology (as that term is defined in 42 U.S.C. 300jj(5)) and which has, at the time it engages in a practice that is the subject of an information blocking claim, one or more Health IT Modules certified under a program for the voluntary certification of health information technology that is kept or recognized by the National Coordinator pursuant to 42 U.S.C. 300jj–11(c)(5) (ONC Health IT Certification Program).
One small sigh of relief is that the OIG has stated (see here) that it will not impose a penalty on information blocking conduct occurring before September 1, 2023. However, the OIG also noted that conduct that an Actor has engaged in starting from the April 5, 2021 compliance date for the Information Blocking Rule might still be taken into account during the course of an investigation. Therefore, Actors need to be proactive in ensuring their full compliance with the Information Blocking Rule and not wait for the OIG to discover them.
The Final Rule implementing penalties for violation of the Information Blocking Rule, which was originally published on June 27, 2023, can be found here. Note, that the OIG has not yet established a final rule for “disincentives” to be levied against health care provider Actors for violations of the IBR, but a proposed rule for such enforcement has been promised by the end of 2023 — so stay tuned for that.
For a better understanding of the OIG’s investigation process for enforcement of the Information Blocking Rule, the diagram posted on the OIG website here (reprinted below) is worth reviewing.
