LAS VEGAS – The bipartisan drafted 21st Century Cures Act mandates the U.S. Department of Health and Human Services Office of the National Coordinator outline guidance for both info blocking and interoperability, which is expected to be rolled out throughout this year.

Included in this guidance will be what constitutes info blocking, the right conditions for the exchange of data -- and when it’s permissible to not share information.

At the HIMSS18 Compliance Symposium on Monday, Jon White, MD, ONC Deputy National Coordinator for Health Information said that after these rules are enacted, health organizations can expect to be audited by the Office of the Inspector General when they are accused of info blocking.

“At that point, it gets moved over to OIG,” said White. “At that point, people can bring cases of info blocking to OIG… If someone isn’t sharing information where they are supposed to, then you can be found to be info blocking. And there will be fines and enforcement.”

While White explained that he can’t outline what the agency has determined is info blocking, as the guidance has yet to be published, he did hint that HHS may be making some big reveals tomorrow morning during Centers for Medicare and Medicaid Services Administrator Seema Verma’s presentation at HIMSS18.

HIPAA outlines instances where information can be shared, and when it can’t, explained White. So when we talk about business practices, when can outside parties get access to clinical information? What authorization is needed? And what are the right conditions?

“We want to have access, but there are those situations where it’s complicated,” said White.

It’s not that all organizations are purposefully blocking information, White explained. But, for one, there are issues with fees associated with connecting information systems. Secondly, there are also misinterpretations of HIPAA

But even worse, there are some with an “out-and-out business practice” to not share data, said White. “People are not sharing information in a way that Congress wants us to share… That got put into the Cures Act for that reason.”

To Ken Mortensen, global trust and privacy and security officer for InterSystems, at the end of the day, it’s really about getting a grasp on governance and what’s permissible, to ensure that when OIG comes to audit your organization for info blocking that you can explain the rationale behind your actions.

“That’s going to be the key thing,” said Mortensen. “This has nothing to do with HL7 and other interoperable standards. It’s important to note data flows and how the data is being used… to document why it’s unreasonable to share the data, so when the OIG shows up saying you’re info blocking, you’re able to document that.”

“And HIPAA was already doing this,” he added.

“Interoperability is in the name,” White interjected.

So it’s not that everyone needs access to all of your data, explained Mortensen. But it’s that you can “document why there shouldn’t be access, and whether you understand your data flows.”

The reality is: this is about governance, he added. “Here it is now taking precedence. You need to do this.”

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com