How Not to Lose $1 Million: Preparing for OIG’s Information Blocking Enforcement

By and on October 4, 2023

OIG’s long-awaited final rule on investigating and imposing penalties for information blocking dropped in July 2023 and is effective as of Sept. 1, 2023 – almost three years after OIG released its proposed rule (April 2020) and two years after the start of information blocking compliance on April 5, 2021. The final rule codifies OIG’s authority to investigate information blocking complaints, including against developers of certified health IT and health information networks/health information exchanges (HIN/HIEs), and assess CMPs of up to $1 million per violation.

OIG defined a “violation” as a practice that constitutes information blocking as set forth in ONC’s information blocking regulations—a broad definition that is important because each distinct act or omission could be subject to a separate $1 million CMP. OIG also provided examples of what it would consider constituting a single violation versus multiple violations subject to multiple CMPs:

  • Single Violation: A certified health IT developer denies a single request by a healthcare provider to receive multiple patients’ EHI via an API and no legal requirement or information blocking exception applies. OIG would consider this a single violation even though it would result in preventing access to multiple patients’ EHI.
  • Multiple Violations: A certified health IT developer takes multiple separate actions to improperly deny multiple individual requests by a healthcare provider for EHI through an API. Each separate action would be considered a separate violation.

OIG has stated that while it does not intend to impose CMPs on conduct that occurred before Sept. 1, 2023, it may consider a regulated entity’s behavior from the April 2021 compliance date onwards in deciding if alleged information blocking conduct was part of a pattern of behavior. Other factors OIG anticipates considering when deciding penalty levels include the nature, circumstances, and extent of the information blocking and resulting harm, including the number of patients and/or providers affected and the number of days the information blocking persisted. OIG will also consider other factors, such as the degree of culpability, history of prior offenses, and other wrongful conduct.

When deciding whether to pursue a particular information blocking allegation, OIG indicated that it plans to prioritize enforcement for actions that:

  • Resulted in/had the potential to cause patient harm;
  • Significantly impacted providers’ ability to care for patients;
  • Are of long duration;
  • Caused financial loss to Medicare, Medicaid, or other federal healthcare programs or private entities; and
  • Were performed with actual knowledge.

Each allegation will require a facts and circumstances analysis, which OIG will conduct in coordination with ONC and other federal agencies as appropriate. Further, while OIG’s enforcement priorities may inform its decisions about which allegations to investigate, OIG states that the priorities are not dispositive, meaning it can investigate any allegations it chooses.

READ THE FULL ARTICLE ON THE HIMSS ELECTRONIC HEALTH RECORD ASSOCIATION BLOG HERE.

James A. Cannatti III
James A. Cannatti III* practices at the intersection of today's most pertinent health care issues, including digital health, health IT policy, and fraud and abuse, including Anti-Kickback Statute/Stark Law matters. With more than 10 years of experience in the US Department of Health & Human Services’ (HHS) Office of Inspector General (OIG), most recently as Senior Counselor for Health Information Technology, James is well-attuned to the regulatory issues impacting the rapidly evolving digital health landscape. Read James A. Cannatti III's full bio.  *Not admitted to practice in the District of Columbia; admitted only in Ohio. Supervised by principals of the Firm who are members of the District of Columbia Bar.


Alya Sulaiman
Alya Sulaiman helps clients navigate complex regulatory, privacy and transactional matters, with a focus on artificial intelligence, machine learning and data strategy in digital health. Alya has substantial experience with product counseling and provides guidance during the conception, development, launch and support of new digital health products and services. She regularly advises organizations on developing artificial intelligence governance and compliance frameworks, including guiding artificial intelligence risk assessments and mitigation plans, vendor oversight and training of key stakeholders.

STAY CONNECTED

TOPICS

ARCHIVES

2021 Chambers USA top ranked firm
U.S. News Law Firm of the Year 2022 Health Care Law
U.S. News Law Firm of the Year 2022 Health Care Law