What IBR compliance updates mean for providers and patients

In 2016, the 21st Century Cures Act made sharing of electronic health information, or EHI, the expected norm in health care. The secretary of the U.S. Department of Health and Human Services identified "reasonable and necessary activities that do not constitute information blocking.” As a result, patients gained control over their own health information, with unimpeded access to their data and records.

The act was intended to increase patient engagement in care, increase safety and decrease costs. A secondary benefit is an improved continuum of patient care. The legislation allows patients access to providers’ notes in real time, and a section known as the information blocking rule, or IBR, prohibits health care organizations from blocking the authorized sharing of EHI. As of Oct. 6, 2022, the IBR covers the full scope of a patient’s EHI.

When provider organizations do not share data, they are subject to fines. Complaints are received by the HHS Office of the Inspector General, which can investigate to determine whether any actions interfered with access to or the exchange or use of EHI—and, if so, can impose penalties.

For health information networks and exchanges and health IT developers, penalties may be up to $1 million per violation. Note, the IBR’s enforcement component was not finalized as of November 2022, so although the IBR is in effect, penalties have not yet been imposed. The Office of the National Coordinator for Health Information Technology is working to finalize the details of enforcement, which the HHS secretary has said is long overdue.

Meanwhile, the following table indicates eight exceptions to the IBR that health care organizations should be aware of, and update their internal policies accordingly.

8 exceptions to the information blocking rule

In this new era of health care, patients are viewed more as consumers—and organizations continue to focus on how to improve the consumer experience. HHS assumes the role of educating providers about health information exchanges, with the goal of helping providers improve patient care and clearing up common misunderstandings about how exchanges function.

Patients are encouraged to remain vigilant with their data and monitor the platforms they use to receive and review it. The availability of apps for both mobile devices and computers continues to increase at an explosive rate. These apps are useful to physicians, medical offices, hospitals, health care systems and, of course, patients. However, shared information must be secure. The Cures Act calls for secure access to apps, while also supporting continued digital innovation.

The takeaway

Health care organizations must proactively develop, implement and maintain internal policies to comply with the act and avoid penalties. While many organizations will be evaluated on a case-by-case basis to determine if information blocking occurred, those that are able to maintain a positive patient experience will have a competitive edge in the marketplace.

Consumers want a positive health care experience, with minimal obstacles, so they can make the right decisions. Providing consumers with proper access to secured data can help health care organizations gain their trust and their loyalty. Consumers will continue to seek out services where they feel valued and comfortable