Information Blocking Rule 101: Just the beginning of connecting the dots to enable true interoperability

By Joe Ganley | September 27, 2021


To say that healthcare in the United States has been front and center since March 2020 would be an understatement. We’ve since seen the country swim headfirst into an ebbing and rising tide of COVID-19 cases – and tragic deaths.

A CBS survey published this summer found that 62 percent of Americans are concerned about the delta variant, now the dominant strain in the U.S. Seventy-two percent of vaccinated Americans said they are concerned about the delta variant.

But even as the pandemic continues to dominate the headlines, last year also saw government action related to healthcare that didn’t lead the evening news — yet holds the potential to transform healthcare as we know it.

In March 2020, the federal government finalized a new set of rules that govern how information is shared among hospitals, doctors’ offices, and other healthcare stakeholders. The new regulations come from a law called the 21st Century Cures Act passed by Congress in 2016. These regulations, colloquially called the “Information Blocking Rule”, require healthcare entities to broadly share a wide breadth of electronic health information upon request (with just a few exceptions).

Simply put, under the regulations, if a healthcare provider requests healthcare data from another healthcare entity, the request has to be responded to and the information has to be shared (unless an exception applies). The government’s goal in enacting these regulations is to provide access and choice. Patients will be able to more easily obtain their electronic health records at no charge. Doctors and healthcare organizations will now be able to select the IT tools that allow them to provide the best care, without excessive costs or technical barriers.

Information needs to flow more smoothly in our healthcare system and the result should be greater cost transparency and improved health outcomes. Beyond patients and providers, the new regulations have implications for health IT developers. Vendors will now have to provide access to all data elements of a patient’s electronic health record – to the extent permissible under applicable privacy laws — through an application programming interface (API), a software intermediary that allows two applications to communicate with each other. This, in turn, promotes new business models of care and facilitates a modern health app economy that will support transparency and give patients greater insights into healthcare decisions.

These are all positive goals, but we’ve got a long way to go. While 2011’s Meaningful Use program incentivized the adoption of electronic health records systems, interoperability across the healthcare ecosystem remains a challenge when disparate systems don’t always fully “talk to each other.” Although we’ve largely converted to electronic instead of paper records, doctors don’t always have access to all records they need at the point of care to make the most informed decisions. Patient requests for their own records often require physical paperwork to be filled out and lengthy wait times.

At athenahealth, we envision a thriving healthcare ecosystem that delivers accessible, high-quality, and sustainable healthcare for all. By definition, an ecosystem relies on connectivity, collaboration, and interdependence. But those are not adjectives often used to describe the U.S. healthcare system. Surely, technology is not standing in the way of a connected healthcare ecosystem. Instead, the promise of technology to transform healthcare is stymied by government regulation, cultural norms around privacy, and business incentives that promote fragmentation and disconnected data siloes.

Which brings us back to the pandemic. During last spring’s peak in cases, we saw many of these barriers to greater connectivity torn down, particularly in the case of virtual care. Before COVID-19, HIPAA, the main federal privacy law — which passed in 1996, 11 years before the first iPhone — limited the technology platforms that could be used for telehealth and the government and many insurance companies had set lower reimbursement rates and limited scope for telehealth services. Fast-forward to March 2020. The government relaxed enforcement of HIPAA privacy and security rules, and dramatically expanded the services and reimbursement for virtual care. The result: In the athenahealth network of approximately 140,000 providers, there was a 3,400 percent increase in telehealth visits at the height of the pandemic. Moreover, patients express deep satisfaction with telehealth.

A study published in 2020 by healthcare technology company Kyruus shows that the majority of patients surveyed are “very satisfied” with their virtual care experiences, and close to three-quarters say they want virtual care to be a standard part of their care moving forward.

So, what does all of this mean for the future? To be sure there is significant momentum to make these telehealth changes permanent. Former HHS Secretary Alex Azar was quoted as saying: “I think we’d have a revolution if anyone tried to go backwards on this,” and former CMS Administrator Seema Verma, whose agency sets government reimbursement rates said: “I can’t imagine going back.”

Still, there’s more work to be done. As we look to technology to transform healthcare, we must continue to balance the need to protect patient privacy. This balance will be critical this year as policymakers continue to look at consumer data and consider new regulations to give consumers more control over the data that technology companies compile.

Despite all of the attention on consumer data privacy and security, we know that patients feel largely confident about the security of their healthcare data. According to the Office of the National Coordinator of Health Care Technology, the vast majority of Americans feel comfortable with the security of their healthcare data, even when it’s exchanged electronically, and fully one-third of Americans track healthcare charges and costs online.

As American patients take on more responsibility for their healthcare through higher-deductible healthcare plans, and more costly co-pays, we can expect that they will want to be smarter consumers, using technology and data to make informed healthcare choices that make sense for them and their families. In short, they’ll be looking for healthcare to be more of a connected, transparent ecosystem.

While we still have a ways to go to make that vision a reality, the flexibility that both government regulators and private payers have rolled out to combat the COVID-19 pandemic may just provide a foot on the gas to these long-awaited changes to our healthcare system.

Want to hear more?
Get insights from athenahealth’s open and connected ecosystem delivered right to your inbox.
Sign Up

Joe Ganley is Vice President of Government and Regulatory Affairs at athenahealth.

Hear more from Joe Ganley and his athenahealth colleague, Government Affairs Manager Jen Michaels, by watching this webinar: Interoperability and Data Privacy: Two Sides of the Same Coin.