HHS proposes ‘powerful’ penalties for providers found information blocking

Regulators on Monday proposed a long-awaited rule tying payments for hospitals and doctor’s offices in three popular Medicare programs to compliance with data-sharing regulations.

Medicare payments could soon be on the line for hospitals and doctor’s offices found blocking the free electronic flow of health information.

That’s if a new rule proposed by the HHS on Monday is finalized.

Under the rule, providers that block the access, exchange or use of electronic health information could lose out on select annual payment increases, receive lower quality scores or be kicked out of a value-based program in Medicare.

“I think these are going to be very powerful incentives to change the whole national conversation,” said Don Rucker, who led the Office of the National Coordinator during the Trump administration. The ONC oversees U.S. health IT.

“The way they resonate through the payment system — this directly affects the payment systems of providers,” Rucker said.

Long-awaited penalties

Providers have been waiting for regulators to add teeth to rules forbidding information blocking that were finalized in early 2020. Specific punishment for health IT vendors found information blocking was included in the law backing the rules — an up to $1 million fine per violation, which regulators officially enacted this summer.

The statute — the 21st Century Cures Act passed in 2016 — did not include specific penalties for providers. Instead, Congress left it up to the secretary of the HHS to establish disincentives, without granting the department any additional authority. That lack of clarity complicated oversight efforts, according to senior government officials.

Monday’s proposal “starts the process to fill in the last remaining oversight aspects” of the information blocking rules, Steve Posnack, deputy national coordinator for health information technology, told reporters during a Monday press conference.

Experts have slammed the lack of data-sharing enforcement on healthcare providers as a major oversight, since providers account for the majority of information blocking complaints, according to government data.

The new rule attaches providers’ Medicare payments to information blocking compliance. The move was appropriate given the intent of the statute, according to Rucker.

“It’s highly in line with public policy and the pretty clear intent of Congress in the Cures Act,” Rucker said.

Under the proposed rule, hospitals participating in the Medicare Promoting Interoperability Program (MPIP) — which pays providers for EHR adoption and use — won’t qualify as meaningful EHR users if they’re found guilty of information blocking.

As a result, hospitals could lose 75% of the annual market basket increase. Critical access hospitals would have their payments associated with successful participation lowered to 100% of reasonable costs, instead of 101%, according to the HHS.

Similarly, in the Merit-based Incentive Payment System, or MIPS — Medicare’s reimbursement program for physicians that includes bonus payments for EHR use — clinicians that block data sharing would not be certified as meaningful users of EHR technology.

As a result, they would receive a zero score in the interoperability performance category. That category typically accounts for one-quarter of a medical group’s total MIPS score in a year, according to the HHS.

In addition, providers in accountable care arrangements in the Medicare Shared Savings Program (MSSP) would become ineligible for the program for at least a year if found information blocking.


‘A little less’ severe

The proposed rule is not economically significant, meaning regulators don’t expect the financial effect of those penalties to stack to more than $200 million a year. Still, providers could lose out on significant Medicare dollars under the proposal.

In MPIP, the size of a penalty would depend on the guilty hospital’s Medicare payments, but the average penalty would be $394,353, according to an ONC blog post Monday.

For MIPS, the median disincentive amount is an estimated loss of $686 per clinician. Providers removed from MSSP would lose any revenue from that program as well.

Those financial penalties could be powerful, especially for smaller medical practices where every dollar matters, said Kyle Meadors, a principal consultant at health IT consultancy Chart Lux.

But “I was kind of surprised that it was frankly a little less expensive and probably less harsh than [penalties for] corresponding EHR developers,” Meadors said. “The bar seems to be higher for developers across the board.”

The ONC also plans to publish the names of actors found guilty of information blocking, along with any penalties they received. Stakeholders have previously called for more transparency in the data-sharing oversight process, though the ONC has declined to share names of entities accused of, but not found guilty of, information blocking.

That “wall of shame” could be a successful disincentive for providers looking to avoid embarrassment, Meadors said.

The HHS is likely to face provider backlash against the proposals, given they impose additional costs, according to Rucker.

But “it’s hard to complain about being dinged for information blocking when you’re getting paid under a program called Promoting Interoperability,” Rucker said.


Looking forward

The ONC said Monday’s proposed disincentives, which would kick in upon finalization of the rule, are a first step toward provider enforcement.

That’s because the CMS programs that would include the disincentives don’t include all types of providers — for example, entities like renal dialysis facilities, emergency medical services providers, pharmacists and labs wouldn’t be affected, though they do fall under the regulatory definition of a healthcare provider.

The ONC is working to identify applicable programs and authorities where it could enact disincentives for those groups, according to Posnack. Currently, regulators don’t have a set timeline for proposing additional penalties.

But “we’ll continue filling in pieces of the puzzle,” Posnack said.

Regulators face other thorny questions as they look to finalize the disincentives, including how the new rule squares with other regulations that affect information blocking, such as the HIPAA privacy rule.

Investigating information blocking complaints will also be tricky, since in many cases it may be unclear whether providers or their health IT systems are to blame, experts said. There may also be cases where a provider acts as a health information exchange, so could be exposed to multiple types of penalties.

“It is going to be hard to draw the line,” Meadors said.


To read more about these penalties and industry news visit.

Share with your community

Sign up to get the latest insights and updates from 1upHealth