Frequently Asked Questions
Yes, any individual or entity that meets the definition of at least one category of actor—“health care provider,” “health IT developer of certified health IT,” or “health information network or health information exchange” —as defined in 45 CFR 171.102 is subject to the information blocking regulations in 45 CFR part 171. The information blocking regulations in 45 CFR part 171 apply to a health care provider, as defined in the Public Health Service Act and incorporated in 45 CFR 171.102, regardless of whether any of the health IT the provider uses is certified under the ONC Health IT Certification Program.
Yes, any individual or entity that meets the definition of at least one category of actor —“health care provider,” “health IT developer of certified health IT,” or “health information network or health information exchange” — as defined in 45 CFR 171.102 is subject to the information blocking regulation in 45 CFR part 171. The information blocking regulations in 45 CFR part 171 apply to an entity that meets the HIN or HIE definition regardless of whether any of the health IT the HIN or HIE uses is certified under the ONC Health IT Certification Program.
The definition of “health information network (HIN) or health information exchange (HIE)” in 45 CFR 171.102 is a single, functional definition. We did not specifically exclude any particular entities from the definition, nor did we specifically identify particular entities in the definition. In order to determine whether your organization is a HIN/HIE for information blocking purposes, you should assess whether your organization’s functional activity meets the HIN/HIE definition in 45 CFR 171.102. The Information Blocking Actors fact sheet on HealthIT.gov presents the actor definitions in an easy-to-use format.
The answer depends on whether your company or organization meets the definition of “health IT developer of certified health IT” in 45 CFR 171.102. Under the definition, an individual or entity that develops or offers health IT is a “health IT developer of certified health IT” so long as that individual or entity develops or offers at least one Health IT Module certified under the ONC Health IT Certification Program. However, the definition explicitly excludes a health care provider that self-develops Health IT that is not offered to others. The Information Blocking Actors fact sheet on HealthIT.gov presents the actor definitions in an easy-to-use format.
Updated:
This FAQ has been updated to reflect the effective date of the HTI-1 Final Rule.
Yes. For purposes of the information blocking regulation, a “health IT developer of certified health IT” is defined in 45 CFR 171.102. With the sole exception of a health care provider that self-develops certified health IT that is not offered to others, this definition is met by any individual or entity that develops or offers health IT certified under the ONC Health IT Certification Program. If an individual or entity offers certified health IT for any period of time on or after the applicability date of 45 CFR part 171, then they would be considered to be a “health IT developer of certified health IT” for purposes of their conduct during that time. The information blocking provision would not apply to conduct the individual or entity engaged in after they no longer have or no longer offer any certified health IT. However, claims of information blocking with respect to conduct occurring while the individual or entity had certified health IT could be acted upon by HHS after the individual or entity no longer had or offered certified health IT. (See also ONC Cures Act Final Rule page 85 FR 25797).
Updated:
This FAQ has been updated to reflect the effective date of the HTI-1 Final Rule.
For purposes of the information blocking regulation in 45 CFR part 171, the term "actor" includes health care providers, health IT developers of certified health IT, and health information networks (HIN) or health information exchanges (HIE), as defined in 45 CFR 171.102. Although health plans and other payers are not specifically identified within any of these definitions, they also are not specifically excluded. To the extent an individual or entity that is a payer also meets the 45 CFR 171.102 definition of "health care provider," "health IT developer of certified health IT" or "health information network or health information exchange," that individual or entity would be considered an "actor" for purposes of information blocking. In addition, the HIN/HIE definition is a functional definition and should be reviewed for potential applicability to a health plan’s activities. The Information Blocking Actors fact sheet on HealthIT.gov presents these definitions in an easy-to-use format. (See also Cures Act Final Rule page 85 FR 25803)
In some instances, a business associate will be an actor under the information blocking regulation in 45 CFR part 171 and in other situations, it may not be an actor. The information blocking regulations in 45 CFR part 171 apply to health care providers, health IT developers of certified health IT, and health information networks (HIN) and health information exchanges (HIE), as each is defined in 45 CFR 171.102. Any individual or entity that meets one of these definitions is an “actor” and subject to the information blocking regulation in 45 CFR part 171, regardless of whether they are also a HIPAA covered entity (CE) or business associate (BA).
Not necessarily. The information blocking exceptions defined in 45 CFR part 171 are voluntary and offer actors certainty that any practice meeting the conditions of one or more exceptions will not be considered information blocking. However, an actor’s practice that does not meet the conditions of an exception will not automatically constitute information blocking. Instead, such practices will be evaluated on a case-by-case basis to determine whether information blocking has occurred.
Whether information blocking occurred in a particular case would be based on whether:
- the individual or entity engaging in the practice is an "actor" as defined in 45 CFR 171.102;
- the claim involves "EHI" as defined in 45 CFR 171.102;
- the practice was required by law;
- the actor's practice met the conditions of an exception under 45 CFR 171;
- the practice rose to the level of an interference under 45 CFR 171; and,
- the actor met the requisite knowledge standard.
Please note, the knowledge standard varies based on the type of actor. For health care providers, the standard is that the actor “knows that such practice is unreasonable and is likely to interfere with access, exchange, or use of electronic health information.” For health IT developers of certified health IT and health information networks (HINs) or health information exchanges (HIEs), the standard is that the actor “knows, or should know, that such practice is likely to interfere with access, exchange, or use of electronic health information.” In addition, we recommend review of the examples included in the Final Rule of what is and is not considered interference at 85 FR 25811.
Updated:
This FAQ has been updated to reflect the effective date of the HTI-1 Final Rule.
The “Manner” exception does not require the use of any specific standard or functionality. Instead, the “Manner” exception (45 CFR 171.301) outlines a process by which an actor may prioritize the use of standards in fulfilling a request for EHI in a manner that supports and prioritizes the interoperability of the data. This means that, for the purposes of information blocking, before October 6, 2022, an actor could have fulfilled a request with the EHI identified by the data elements represented in the USCDI standard, first in the manner requested and, if not, in an alternate manner agreed upon with the requestor, following the order of priority specified in the exception.
Updated:
This FAQ has been updated to reflect the effective date of the HTI-1 Final Rule.