The rule is effective as of July 31, 2024, and could have significant consequences for eligible hospitals, critical access hospitals, eligible clinicians participating in the Merit-based Incentive Payment System (MIPS), accountable care organizations (ACOs), ACO participants, and ACO providers and suppliers participating in the Medicare Shared Savings Program.

OIG is seeking public comment on establishing disincentives for other health care providers that are subject to the information-blocking regulations but not implicated by this new rule (e.g., non-Medicare-enrolled providers).

Background

On June 27, 2023, OIG released a final rule regarding enforcement of information-blocking penalties for actors other than health care providers, defined as health IT developers of certified health IT, Health Information Networks (HINs), and Health Information Exchanges (HIEs). If OIG determines that any of these individuals or entities committed information blocking, they may be subject to a civil monetary penalty of up to $1 million per violation.

However, this rule did not apply (in general) to health care providers. Instead, OIG announced it would develop a separate rule to establish certain disincentives for health care providers who engage in information blocking. The June 24, 2024, rule establishes those disincentives. Together, these rules implement statutory provisions of the 21^st Century Cures Act.

What Is Information Blocking

Information blocking means a practice that is likely to interfere with (i.e., prevent, materially discourage, or otherwise inhibit) access, exchange, or use of electronic PHI, except as required by law or where a regulatory exception applies. Examples include refusing to transfer electronic PHI without a valid reason, unnecessary and prolonged delays in posting information on portals/websites, charging excessive fees to interface with health IT programs, and unfair restrictions on physicians’ access to and use of electronic PHI.

Health care providers who knowingly engage in a practice that is “unreasonable and is likely to interfere with access, exchange, or use of electronic health information” (such as interfering with patients’ access to medical information or records) will face penalties or “disincentives” going forward. Those include:

1. Certain hospitals losing their meaningful EHR user status. Under the Medicare Promoting Interoperability Program, an eligible hospital or critical access hospital that has committed information blocking may lose meaningful electronic health record (EHR) user status during the calendar year of the EHR reporting period in which OIG refers its determination to CMS. As a result, an eligible hospital subject to this disincentive will not be able to earn the three quarters of the annual market basket increase associated with qualifying as a meaningful EHR user, and a critical access hospital risks payment being reduced to 100% of reasonable costs, from 101%.
2. Merit-based Incentive Payment System (MIPS) eligible clinician losing their meaningful EHR user status. Under the Promoting Interoperability performance category of MIPS, a MIPS-eligible clinician (e.g., hospitals, physician groups and group practices) who has committed information blocking will not be a meaningful EHR user during the calendar year of the performance period in which OIG refers its determination to CMS. If one clinician within a group is found to have committed information blocking but not the whole group, the penalty will only apply to the individual, even if they report as part of a group.
3. ACO ineligibility. A health care provider that is an ACO, ACO participant, or ACO provider/supplier may be ineligible to participate in the Shared Savings Program for 1 year. This may result in a health care provider being removed from an ACO or prevented from joining an ACO. CMS will consider relevant facts and circumstances before imposing a disincentive under the Shared Savings Program. Any disincentive under the Shared Savings Program would be imposed after January 1, 2025.

OIG’s expected enforcement priorities around information blocking include practices that (i) resulted in, are causing, or have the potential to cause patient harm; (ii) significantly impacted a provider’s ability to care for patients; (iii) were of long duration; and (iv) caused financial loss to federal health care programs, or other government or private entities. OIG’s expected priorities are informational only and are not binding on OIG decision making.

According to the rule, OIG will not be investigating possible information blocking by health care providers until after July 31, 2024. With that in mind, now is an important time to ensure your organization is compliant with the information-blocking rules.