(a) Definition
(1) In general
In this section, the term "information blocking" means a practice that—
(A) except as required by law or specified by the Secretary pursuant to rulemaking under paragraph (3), is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information; and
(B)
(i) if conducted by a health information technology developer, exchange, or network, such developer, exchange, or network knows, or should know, that such practice is likely to interfere with, prevent, or materially discourage the access, exchange, or use of electronic health information; or
(ii) if conducted by a health care provider, such provider knows that such practice is unreasonable and is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.
(2) Practices described
The information blocking practices described in paragraph (1) may include—
(A) practices that restrict authorized access, exchange, or use under applicable State or Federal law of such information for treatment and other permitted purposes under such applicable law, including transitions between certified health information technologies;
(B) implementing health information technology in nonstandard ways that are likely to substantially increase the complexity or burden of accessing, exchanging, or using electronic health information; and
(C) implementing health information technology in ways that are likely to—
(i) restrict the access, exchange, or use of electronic health information with respect to exporting complete information sets or in transitioning between health information technology systems; or
(ii) lead to fraud, waste, or abuse, or impede innovations and advancements in health information access, exchange, and use, including care delivery enabled by health information technology.
(3) Rulemaking
The Secretary, through rulemaking, shall identify reasonable and necessary activities that do not constitute information blocking for purposes of paragraph (1).
(4) No enforcement before exception identified
The term "information blocking" does not include any practice or conduct occurring prior to the date that is 30 days after December 13, 2016.
(5) Consultation
The Secretary may consult with the Federal Trade Commission in promulgating regulations under this subsection, to the extent that such regulations define practices that are necessary to promote competition and consumer welfare.
(6) Application
The term "information blocking", with respect to an individual or entity, shall not include an act or practice other than an act or practice committed by such individual or entity.
(7) Clarification
In carrying out this section, the Secretary shall ensure that health care providers are not penalized for the failure of developers of health information technology or other entities offering health information technology to such providers to ensure that such technology meets the requirements to be certified under this subchapter.
(b) Inspector General authority
(1) In general
The inspector general of the Department of Health and Human Services (referred to in this section as the "Inspector General") may investigate any claim that—
(A) a health information technology developer of certified health information technology or other entity offering certified health information technology—
(i) submitted a false attestation under section 300jj–11(c)(5)(D)(vii) of this title; or
(ii) engaged in information blocking;
(B) a health care provider engaged in information blocking; or
(C) a health information exchange or network engaged in information blocking.
(2) Penalties
(A) Developers, networks, and exchanges
Any individual or entity described in subparagraph (A) or (C) of paragraph (1) that the Inspector General, following an investigation conducted under this subsection, determines to have committed information blocking shall be subject to a civil monetary penalty determined by the Secretary for all such violations identified through such investigation, which may not exceed $1,000,000 per violation. Such determination shall take into account factors such as the nature and extent of the information blocking and harm resulting from such information blocking, including, where applicable, the number of patients affected, the number of providers affected, and the number of days the information blocking persisted.
(B) Providers
Any individual or entity described in subparagraph (B) of paragraph (1) determined by the Inspector General to have committed information blocking shall be referred to the appropriate agency to be subject to appropriate disincentives using authorities under applicable Federal law, as the Secretary sets forth through notice and comment rulemaking.
(C) Procedure
The provisions of section 1320a–7a of this title (other than subsections (a) and (b) of such section) shall apply to a civil money penalty applied under this paragraph in the same manner as such provisions apply to a civil money penalty or proceeding under such section 1320a–7a(a) of this title.
(D) Recovered penalty funds
The amounts recovered under this paragraph shall be allocated as follows:
(i) Annual operating expenses
Each year following the establishment of the authority under this subsection, the Office of the Inspector General shall provide to the Secretary an estimate of the costs to carry out investigations under this section. Such estimate may include reasonable reserves to account for variance in annual amounts recovered under this paragraph. There is authorized to be appropriated for purposes of carrying out this section an amount equal to the amount specified in such estimate for the fiscal year.
(ii) Application to other programs
The amounts recovered under this paragraph and remaining after amounts are made available under clause (i) shall be transferred to the Federal Hospital Insurance Trust Fund under section 1395i of this title and the Federal Supplementary Medical Insurance Trust Fund under section 1395t of this title, in such proportion as the Secretary determines appropriate.
(E) Authorization of appropriations
There is authorized to be appropriated to the Office of the Inspector General to carry out this section $10,000,000, to remain available until expended.
(3) Resolution of claims
(A) In general
The Office of the Inspector General, if such Office determines that a consultation regarding the health privacy and security rules promulgated under section 264(c) of the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 1320d–2 note) will resolve an information blocking claim, may refer such instances of information blocking to the Office for Civil Rights of the Department of Health and Human Services for resolution.
(B) Limitation on liability
If a health care provider or health information technology developer makes information available based on a good faith reliance on consultations with the Office for Civil Rights of the Department of Health and Human Services pursuant to a referral under subparagraph (A), with respect to such information, the health care provider or developer shall not be liable for such disclosure or disclosures made pursuant to subparagraph (A).
(c) Identifying barriers to exchange of certified health information technology
(1) Trusted exchange defined
In this section, the term "trusted exchange" with respect to certified electronic health records means that the certified electronic health record technology has the technical capability to enable secure health information exchange between users and multiple certified electronic health record technology systems.
(2) Guidance
The National Coordinator, in consultation with the Office for Civil Rights of the Department of Health and Human Services, shall issue guidance on common legal, governance, and security barriers that prevent the trusted exchange of electronic health information.
(3) Referral
The National Coordinator and the Office for Civil Rights of the Department of Health and Human Services may refer to the Inspector General instances or patterns of refusal to exchange health information with an individual or entity using certified electronic health record technology that is technically capable of trusted exchange and under conditions when exchange is legally permissible.
(d) Additional provisions
(1) Information sharing provisions
The National Coordinator may serve as a technical consultant to the Inspector General and the Federal Trade Commission for purposes of carrying out this section. The National Coordinator may, notwithstanding any other provision of law, share information related to claims or investigations under subsection (b) with the Federal Trade Commission for purposes of such investigations and shall share information with the Inspector General, as required by law.
(2) Protection from disclosure of information
Any information that is received by the National Coordinator in connection with a claim or suggestion of possible information blocking and that could reasonably be expected to facilitate identification of the source of the information—
(A) shall not be disclosed by the National Coordinator except as may be necessary to carry out the purpose of this section;
(B) shall be exempt from mandatory disclosure under section 552 of title 5, as provided by subsection (b)(3) of such section; and
(C) may be used by the Inspector General or Federal Trade Commission for reporting purposes to the extent that such information could not reasonably be expected to facilitate identification of the source of such information.
(3) Standardized process
(A) In general
The National Coordinator shall implement a standardized process for the public to submit reports on claims of—
(i) health information technology products or developers of such products (or other entities offering such products to health care providers) not being interoperable or resulting in information blocking;
(ii) actions described in subsection (b)(1) that result in information blocking as described in subsection (a); and
(iii) any other act described in subsection (a).
(B) Collection of information
The standardized process implemented under subparagraph (A) shall provide for the collection of such information as the originating institution, location, type of transaction, system and version, timestamp, terminating institution, locations, system and version, failure notice, and other related information.
(4) Nonduplication of penalty structures
In carrying out this subsection, the Secretary shall, to the extent possible, ensure that penalties do not duplicate penalty structures that would otherwise apply with respect to information blocking and the type of individual or entity involved as of the day before December 13, 2016.
References in Text
Section 264(c) of the Health Insurance Portability and Accountability Act of 1996, referred to in subsec. (b)(3)(A), is section 264(c) of Pub. L. 104–191, which is set out as a note under section 1320d–2 of this title.