The Office of the National Coordinator for Health Information Technology (or “ONC”) finalized an interoperability rule (“Interoperability Rule”) under its authority in the 21st Century Cures Act. The Interoperability Rule is intended to enable patients to seamlessly and securely access and use their health information stored in electronic health records through third-party applications.
Once fully implemented, compliance with the Interoperability Rule will be necessary for applicable health care businesses. The consequences for noncompliance can be significant.
Epstein Becker Green’s Privacy, Cybersecurity, and Data Asset Management practice has been following the development of the Interoperability Rule closely to guide our health care clients to full compliance as each new requirement goes into effect.
Epstein Becker Green is equipped to assist clients in meeting their compliance obligations. Our full range of services includes:
- Assisting clients with designing and building compliance programs to guard against information blocking
- Analyzing and revising existing HIPAA policies and procedures (and developing new ones, where needed) to allow for coordination with the organization’s information blocking compliance program
- Assisting clients with establishing a process and developing criteria for vetting app developers
- Updating and renegotiating services agreements and business associate agreements to reflect the requirements and responsibilities under the Interoperability Rule
- Defending clients in investigations of information blocking
- Defending clients against information blocking allegations
- Advising health IT developers on new conditions and maintenance of certification requirements, including real-world testing and biannual attestations required under the Interoperability Rule
- Assisting health IT developers with designing a methodology to address situations where exceptions apply and information blocking is an appropriate refusal to disclose electronic health information