Nextech Named 2024 Best in KLAS: Ambulatory Specialty EHR

«  View All Posts


Provider Responsibilities Under the Information Blocking Requirements

By: Courtney Tesvich | October 29th, 2020

Provider Responsibilities Under the Information Blocking Requirements Blog Feature

UPDATE: This blog has been edited from its original version to reflect new changes to the CMS timeline for these requirements.

The upcoming Information Blocking deadline (November 2, 2020) is drawing near, and many providers are still unaware of, or confused by, what will be required of them under the new guidelines. In this blog, we will offer readers a bit more clarification.

Most providers have already heard about the 21st Century Cures Act and the rule that the ONC released earlier this year outlining new requirements for complying with it. The rule outlines the updates that EHR vendors must make to their platforms and receive certification for by early 2022, as well as electronic protected health information (EPHI) sharing requirements for providers. This rule is highly focused on allowing the free flow of information required for patient care between providers, as well as increasing patients' access to their own electronic health information (EHI). It accomplishes this goal by, among other things, updating EHI interoperability language to US Core Data for Interoperability (USCDI) and through requiring use of FHIR r4 APIs by EHR vendors. This will, in effect, make it so that disparate EHRs “speak the same language,” and will allow for the electronic exchange of previously unavailable EHI content, such as narrative notes, vital signs and test results.

What This Mean for Providers

One aspect of the new rule is that patients will have access to information about their care in much greater depth than they did under the old Consolidated Clinical Document Architecture (CCDA) method of information sharing. If your EHR vendor has already implemented this aspect of USCDI, your patients will now begin to see your notes in their portal. Vendors have until December 31, 2022 to fully implement the provisions of the USCDI, however, so your patients may not immediately see this information.

Providers must provide their patients with access to their notes upon request and in a manner of which they are capable, beginning November 2nd, 2020. As EHR vendors upgrade their systems to comply with USCDI, this information will become automatically available to your patients via upload to the patient portal. If your EHR vendor has not yet made changes to support this, or if the patient requests a different method of note provision, you can provide the notes in another manner that is acceptable to the requesting patient.


There are certain situations in which failure to share information will not be considered information blocking (for a more detailed explanation of these exceptions, check out this previous blog article). If one or more of these situations are present, the provider will receive an automatic pass and it will not be considered a violation. Other situations will be considered by the ONC on a case-by-case basis. The eight standard exceptions are as follows:

  1. Preventing Harm
  2. Privacy
  3. Security
  4. Infeasibility
  5. Health IT Performance
  6. Content and Manner
  7. Fees
  8. License

HIPAA Rule is Still in Effect

Providers are still expected to protect patient rights under HIPAA. The final rule requires EHI to be exchanged for purposes of patient access to their own EHI. It also ensures EHI is exchanged between providers treating the patient for care coordination and treatment purposes. However, all patient information remains under the protections of the HIPAA rule.

Enforcement Discretion

The requirement to give patients their information if requested goes into effect on November 2nd, 2020. However, as a result of the COVID-19 national healthcare crisis, ONC has stated that it will exercise its enforcement discretion for all new requirements under the rule for three months after the finalized due date of November 2nd. This means that no penalties will be levied against vendors or providers who do not meet the original deadlines for that 90-day grace period.

What You Need to Do

Practices should examine their current EHI provision policies. What are your processes today when a patient requests access to their data? Does your staff know how to handle these requests? These policies will likely need updating at your practice in light of the new rules. Ensure that you have policies in place to evaluate and respond to requests to access information in a timely manner.

As your EHR vendor updates their products to comply with the new rule, you will see more information available to patients through their portal. You may also wish to share these upcoming changes with your patients. Nextech is in the process of updating our solutions to comply with the new rule ahead of the December 31, 2022 deadline. We will continue to keep our users informed as we get closer to that date.