On October 30, 2023, in what could have only been an attempt to add some extra scariness for healthcare providers this Halloween season, the Office of the National Coordinator (ONC), the Centers for Medicare and Medicaid Services (CMS), and the Department of Health and Human Services (HHS) issued a joint proposed rule outlining the first set of disincentives for information blocking. The information blocking provisions were first introduced by the ONC in 2020 as part of the 21st Century Cures Act, and were implemented to prohibit any covered actor (namely a healthcare provider, a certified health IT provider/developer, or a health information network/exchange) from taking part in any practice that directly or indirectly interferes with, prevents, or materially discourages access, exchange, or use of electronic health information.
Prior Enforcement Penalties
While these requirements were codified as a final rule in 2020, enforcement penalties, or in the case of healthcare providers, disincentivizes, while included generally as a concept in the final rule, were not expressly specified or defined. In July of 2023, the Office of the Inspector General (OIG) in tandem with HHS did take the first step towards enforcement by jointly publishing the Civil Monetary Penalties (CMP) final rule, which enforced monetary penalties for certified health IT providers/developers and health information networks/exchanges that were deemed to be information blocking. However, this current proposed rule is the first time we are seeing any sort of enforcement penalties for healthcare providers.
Unlike with the CMPs that are more expressly defined by OIG and HHS, disincentives can vary, as any governmental agency with the appropriate authority can establish its own disincentives. While all of the proposed disincentives are ultimately likely to have a financial impact, unlike the express monetary penalties imposed on the other actors covered by the regulation, the amount is far less predictable and may vary based on the actor.
The New, Proposed Disincentives
As outlined in the regulation, the first set of proposed disincentives have been issued by CMS and would apply specifically to any healthcare provider that is eligible to participate in one or all of the following programs:
- Medicare Promoting Interoperability Program;
- Medicare Merit-based Incentive Payment System Program (MIPS); or
- Medicare Shared Savings Program (MSSP).
The specific disincentives for healthcare providers eligible to participate in one or more of these programs, are outlined below.
While the OIG is responsible for investigating any potential claims of information blocking, in the case of healthcare providers, following its investigation, OIG will refer the healthcare provider to the appropriate agency for the enforcement of its respective disincentives. This means that if multiple agencies have applicable disincentives, OIG can refer the healthcare provider to each discrete agency, and such provider may be subject to multiple disincentives. In addition, much like in the case of CMPs, OIG is also empowered to collaborate with other governmental agencies, like the Office of Civil Rights (OCR), who are also entitled to take any enforcement actions they deem necessary if there are claims that implicate HIPAAs privacy or security rules.
This proposed rule also outlines a public reporting requirement where any actor that has been deemed to have committed information blocking must be listed on the ONC public website where, in addition to basic identifying information, ONC must include a description of the practice found to be information blocking (in the case of providers, what disincentives were applied, and in the case of certified health IT developers/providers and health information networks/exchanges, whether monetary penalties have been paid) and where to find any additional information available about the determination of information blocking that is publicly available via HHS or another part of the government.
While the wait for any sort of enforcement penalties for healthcare providers has been quite long, the timing of this regulation is not that surprising now that the Trusted Exchange Framework, Common Agreement (TEFCA) has been published, and a handful of qualified health information networks/organizations have been selected and announced. It is pretty clear that ONC is attempting to encourage participation in TEFCA as an easy way for healthcare providers to mitigate potential risks of information blocking. This was made more evident in the proposed ONC regulation in April of 2023, which added a TEFCA Condition to the Information Blocking’s Manner Exception that essentially stated that participation in TEFCA removes the actor’s requirement to provide an alternative manner. It is also not entirely surprising that CMS is the first regulatory agency to propose disincentives for healthcare providers, as a key emphasis within its proposed regulation in December of 2022 was interoperability between payers and providers, thus requiring more robust data sharing between both parties.
Despite the timing, this proposed regulation is a crucial first step towards unlocking the value of the information blocking provisions, which were designed to help drive continued efforts towards more robust communication and data sharing. However, without the teeth of enforcement penalties or disincentives, we have not been able to effectively leverage it to its full potential. While it is likely that the process for creating and enforcing disincentives is likely to be slower and more arduous than we would maybe like, as it seems each agency that creates disincentives would likely need to go through a similar rule-making process as the one outlined in this current proposed regulation, this will hopefully open the door for more agencies to take similar steps.
Specific Disincentives for Healthcare Providers
The specific disincentives for healthcare providers include:
Medicare Promoting Interoperability Program
Any eligible hospital or critical access hospital (CAH) under the Medicare Promoting Interoperability Program that has been referred by OIG for a determination of information blocking shall not be considered to be a meaningful use electronic health record (EHR) user during the reporting period when such referral occurred.
For eligible hospitals this would result in the hospital not being able to earn three quarters of the annual market basket associated with qualifying as a meaningful use EHR user. For eligible CAHs this would result in a reduction in payment from 101% of reasonable costs to 100% of reasonable costs that might have been earned in the applicable year.
Medicare Merit-based Payment System (MIPS) Program
A MIPS eligible clinician or clinician group that has been referred by OIG for a determination of information blocking shall not be considered to be a meaningful use electronic health record (EHR) user during the reporting period when such referral occurred.
A MIPS eligible clinician that reports on the Promoting Interoperability category of MIPS, would have to report a score of zero, and given that such category accounts for a quarter of the total performance score, it would materially reduce their overall score. The MIPS performance score is used to determine whether the clinician or clinician group gets a negative (performance score is below the baseline), neutral (performance score is equal to the baseline), or positive (performance score is above the baseline) MIPS payment adjustment factor.
Medicare Shared Savings Program (MSSP)
A healthcare provider that either participates in, or acts as, a MSSP Accountable Care Organization (ACO) that is referred by OIG for a determination of information blocking will be barred from participating in the MSSP for at least one (1) year.
A healthcare provider that is participating in an ACO will be removed from the ACO, while a healthcare provider that is acting as an ACO, will be barred in its entirety.