HHS Publishes Final Rules Implementing Interoperability and Information Blocking Provisions
The Department of Health and Human Services (HHS) issued two final rules related to interoperability and information blocking. The final rules clarify when healthcare providers can provide electronic information and certain activities that are not considered information blocking, amend exceptions to previously published information blocking rules, and aim to make sharing health information easier and more secure.
The first final rule was issued on December 11, 2024, and implements provisions related to the Trusted Exchange Framework and Common Agreement (TEFCA) that were proposed in August 2024 in the Health Data, Technology, and Interoperability: Patient Engagement, Information Sharing, and Public Health Interoperability (HTI-2) proposed rule. TEFCA is a nationwide Federal framework required by the 21st Century Cures Act that allows healthcare organizations to easily share health information securely while allowing patients to control what information about them is shared. The provisions implemented by the final rule are intended to advance equity, innovation, and interoperability by promoting the use of electronic health information per the Health Information Technology for Economic and Clinical Health (HITECH) Act.
The final rule simplifies health IT certification by removing confusing terms such as “Complete EHR” and “EHR Modules” and adds a new privacy and security requirement which includes tools to help physicians make better decisions about using technology. Rules have been set for how Qualified Health Information Networks (QHINs) are approved, suspended, or removed, helping to ensure that high standards are maintained, and the final rule encourages the use of Fast Healthcare Interoperability Resources (FHIR) APIs for sharing health data. The addition of new tools and improved security will also make it easier to share health data nationwide. The rule also includes guidelines to prevent information blocking.
On December 16, 2024, the HHS issued a final rule – Health Data, Technology, and Interoperability: Protecting Care Access – that addresses information blocking practices and amends information blocking exceptions, expanding them to allow healthcare providers to honor patient requests not to share their health data when other laws compel disclosure. The final rule also adds flexibilities concerning other rules that create legal uncertainties, such as the sharing of reproductive health information, and patients have been given greater control over the sharing of their health data, especially reproductive health information.
The final rule clarifies that providers will not be penalized for information blocking if they lack the technical ability to segment data under the final rule and providers are permitted to withhold electronic health data under the exceptions, including the Protecting Care Access Exception established in the final rule. The Protecting Care Access Exception allows entities to restrict electronic health information sharing under certain conditions to mitigate the risk of legal repercussions for patients, providers, or care facilitators involved in the lawful provision of reproductive health services.
The first rule was published in the Federal Register on December 12 and takes effect 30 days after publication in the Federal Register. The Health Data, Technology, and Interoperability: Protecting Care Access final rule was published in the Federal Register on December 17 and is effective immediately. Other provisions proposed in the HTI-2 final rule are still under review by the White House.
