Information Blocking Rule Expands to Full Designated Record Set
Effective today, October 6, 2022, the Information Blocking Rule will expand in scope to prohibit interfering with access or exchange of information in a designated record set. With this expansion of the Information Blocking Rule’s scope, it is a good time to confirm practices, policies, and technology can respond to requests under the expanded standard.
What is Electronic Health Information?
As a reminder, the Information Blocking Rule is meant to prohibit covered “actors” (i.e., those entities subject to the Information Blocking Rule) from engaging in any practice likely to interfere with, prevent or materially discourage access, exchange, or use of Electronic Health Information (EHI).
The Office of the National Coordinator for Health IT (ONC) previously limited the definition of EHI to the data elements in the United States Core Data for Interoperability (USCDI) standard. This limitation allowed covered actors time to prepare for information blocking compliance obligations with a limited subset of data to create a transparent, predicable starting point for data sharing. As of today, covered actors should wave goodbye to the USCDI limitation and prepare for data sharing with a larger, more complex data set – the designated record set.
What is the Designated Record Set?
The Information Blocking Rule generally relies on the definition of the “designated record set,” as established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The designated record set comprises:
- Medical records and billing records about individuals maintained by or for a covered health care provider;
- Enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or
- Other records that are used, in whole or in part, by or for the entity to make decisions about individuals.
The designated record set is the same data set subject to the HIPAA right of access. However, it is a broader data set than an entity’s legal medical record, as it includes more than clinical, medical records. The designated record set includes billing records, retained raw data, and any other information used to make decisions about the individual.
Covered actors should review their information blocking compliance program to confirm that the expanded scope of the Information Blocking Rule is addressed. As a practical matter, providers should dust off and review their designated record set policies and confirm that the policy adequately defines what constitutes the providers’ designated record set, which is subject to the expanded Information Blocking Rule and the HIPAA right of access (though be prepared to return to the policy with further enforcement and rulemaking on the right of access).
Providers may use the designated record set documentation to confirm whether any such data is not made available via the patient portal. If there are any gaps in what designated record set-data is not available in real-time, providers should be prepared to document which information blocking exception(s) support the practice.
These are proactive steps to take while we await enforcement rulemaking, as it is not clear how the U.S. Department of Health and Human Services (HHS) will enforce the Information Blocking Rule. We will continue to watch for enforcement rule progress and monitor guidance related to the Information Blocking Rule.
If you have any questions about the Information Blocking Rule or defining your designated record set, contact your Quarles & Brady attorney or: