ONC’s Info Blocking Rule is Officially in Effect — Now What?

Starting next week, a large number of healthcare entities and vendors must comply with ONC’s information blocking final rule, which ensures that patients have seamless, electronic access to their health data. This rule was a key component of enabling seamless data access and exchange as part of the 21st Century Cures Act. Originally intended to go into effect in November of last year, it was delayed until today to give providers, who were focused on patient care during the pandemic, more time to prepare. 

Over the past few months, healthcare organizations have sprinted to comply with the new provisions. First and foremost, this requires establishing a secure, standards-based API to let patients access their data from their EMR system. More specifically, health systems and providers must provide the endpoints to their EMR so that patients can download their medical records onto their smartphone. Given that compliance for the Conditions and Maintenance of Certification requirements for APIs also went into effect today, EMRs and digital health platforms must develop tools that enable this functionality. 

The new rule also enforces that if a patient (or their provider) requests personal health information from an institution and the particular request does not qualify for an exemption, it must be provided in a secure, cost-free, and electronic way. Not sharing this information would be considered information blocking and would subject the provider to penalties. 

Our team at Health Gorilla knows a lot about the challenges in building and implementing APIs that transport clinical data. Earlier this year, we launched our Patient Access API, which serves as the back-end for personal health record apps. It allows your patient users to authenticate their identity and instantly retrieve their medical records electronically from tens of thousands of care sites across the country. This API serves a single pipe that gives your patients the ability to retrieve data from dozens of major EMRs systems. 

We’re also looking forward to the rollout of the Trusted Exchange Framework and Common Agreement (TEFCA), which is an integral part of the 21st Century Cures Act. TEFCA will enable the exchange of clinical data across multiple health information networks, acting as a single network comprising all the disparate networks that exist. This means that patients and providers will have instant access to a complete set of clinical data.

Providers will need to certify they are using TEFCA to access and exchange healthcare data using FHIR-based APIs. Digital health developers will also need to design their technology to adhere to TEFCA standards to ensure that patients and providers can pull their data. Every developer will need to support real-time requests for healthcare data. Rather than building this functionality from scratch, complying with these rules work seamlessly with our APIs. We’re thrilled that TEFCA is pushing the entire industry to connect based on standards like FHIR and set minimum standards for data quality and identification. It helps the entire ecosystem share data, coordinate care, and reduce administrative waste. 

Have questions about how TEFCA or the ONC Final Rule affects your organization? Drop us a line and we’ll connect you with our internal experts.