Skip to content

Share this Story

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

Ciox Health, a leading health technology company, is an official exhibitor at the AHIMA20 Virtual Conference. To learn more about Ciox or arrange a meeting with representatives during AHIMA20, please contact Deborah Hsieh, Ciox Chief Policy & Strategy Officer.

By Deborah Hsieh

While many providers have been focused fighting COVID-19, there is an important milestone looming this fall. November 2 marks the beginning of information blocking enforcement, as detailed in the Office of National Coordinator for Health IT’s (ONC’s) 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program.

As the largest provider of release of information (ROI) services, Ciox Health is helping healthcare providers prepare for enforcement of the information blocking prohibition. We have practical suggestions for ensuring readiness for November 2, as well as considerations for health information management (HIM) professionals as they continue to support interoperability and patient access to medical records.

What is Information Blocking?

Recall what information blocking is: a practice that is likely to interfere with, prevent, or materially discourage access, exchange or use of electronic health information. (Note that there is no narrowing to just patient requests. Information blocking applies to all requestors.) This leads to the question: what is “electronic health information”?

For the purposes of information blocking, ONC has created a phased definition of electronic health information. Until May 2022, electronic health information subject to information blocking is the data elements in the United States Core Dataset for Interoperability (USCDI). After May 2022, electronic health information subject to information blocking is electronic protected health information (ePHI) to the extent that the ePHI is included in a designated record set.

With these foundational definitions in mind, here are three suggested questions to ask your HIM department and assess readiness for November 2.

Question 1: When are requests for electronic health information not being fulfilled today?

First, make sure the requests are subject to information blocking. The definition of electronic health information in November 2020 is USCDI. Conduct an audit of requests that involve USCDI over the past year and determine what percentage of those requests were not fulfilled. That percentage will give you a sense of the scale of the problem. For example, is it 5 percent or 80 percent?

Question 2: Can you map reasons for those unfulfilled requests for electronic health information to one of the eight categories of exceptions to information blocking?

Next, ascertain the reasons those requests were not fulfilled. ONC defined eight categories of exceptions where an actor’s practice that is likely to interfere with the access, exchange, or use of electronic health information would NOT be considered information blocking. This requires a detailed review of the exceptions, as the requirements to satisfy the conditions of any exception are commonly layered. For example, the Preventing Harm Exception requires that a “practice meets the conditions in paragraphs (a) and (b) of this section, satisfies at least one condition (subparagraph) from each of paragraphs (c), (d) and (f) of this section, and also meets the condition in paragraph (e) of this section when applicable.”

That’s a total of four different conditions with some options for one of those conditions.

If the reason the request was not fulfilled does not map to one of the exception categories, it is possible your facility would need to adjust how it responds to those types of requests in the future.

Question 3: Are your policies in line with language in the exceptions?

Finally, make sure that the language in your facility’s policies has been updated to reference and comply with information blocking requirements. In several places, the rule requires that organizational policies be in writing (for example, in the Preventing Harm, Privacy and Security Exceptions). The rule also requires in several places that the policies be implemented in a consistent and non-discriminatory manner.

Many large hospitals are the product of mergers and acquisitions and may need to confirm that all facilities have and are implementing the same policies. In addition, these policies should be written so HIM professionals can reference policies as they fulfill requests for health information in a non-discriminatory manner.

Being ready for November 2 is just the first milestone in the ONC rule. As certification requirements for electronic health record technology change, healthcare providers will need to make choices about their technology as well as how to deploy new functionality. Technology choices that are being made now and over the next year will affect the daily operations of HIM. This is a critical opportunity for HIM to engage with IT colleagues and shape the evolution of HIM.

Access Upcoming Webinars

Policy & Election Implications for Interoperability & Patient Access. Join this webinar series featuring Ciox’s policy, privacy, and operations leaders, as well as guests from ONC and Sirona Strategies who will discuss interoperability, the 2020 election, HIPAA, PHI, and patient access. The series will wrap up with a session focused on the digital transformation of HIM and release of information. Click here to register for upcoming webinars and access recorded sessions.

Register for AHIMA20

The AHIMA20 Virtual Conference is the premier educational, exhibition, and networking event for health information professionals. Whether you are seeking cutting-edge education, evaluating the latest market innovations, or are seeking new professional connections, the AHIMA20 Virtual Conference is the place to be. Register today.


Deborah Hsieh ( ) is Chief Policy & Strategy Officer at Ciox. Ciox, a health technology company, is dedicated to improving US health outcomes by transforming clinical data into actionable insights. With an unmatched network offering ubiquitous access, Ciox can release, acquire, enhance, and deliver medical record and discrete clinical data from anywhere across the United States.

Hear from past attendees why they attend the AHIMA conference every year.

Play Video
Play Video