ONC and CMS 21st Century Cures Act: Establishment of Disincentives for Health Care Providers That Have Committed Information Blocking (HHS-ONC-2023-0018) NPRM
December 28, 2023 •MHDC (DGC)
This document is submitted by the Massachusetts Health Data Consortium (MHDC) and its Data Governance Collaborative (DGC) in response to the ONC and CMS 21st Century Cures Act: Establishment of Disincentives for Health Care Providers That Have Committed Information Blocking NPRM (HHS-ONC-2023-0018) posted in the Federal Register on November 1, 2023 and found here: https://www.federalregister.gov/documents/2023/11/01/2023-24068/21st-century-cures-act-establishment-of-disincentives-for-health-care-providers-that-have-committed
About MHDC
Founded in 1978, MHDC, a not-for-profit corporation, convenes the Massachusetts’s health information community in advancing multi-stakeholder health data collaborations. MHDC’s members include payers, providers, industry associations, state and federal agencies, technology and services companies, and consumers. The Consortium is the oldest organization of its kind in the country.
MHDC provides a variety of services to its members including educational and networking opportunities, analytics services on both the administrative and clinical side (Spotlight), and data governance and standardization efforts for both clinical and administrative data (the Data Governance Collaborative/DGC and the New England Healthcare Exchange Network, respectively).
About DGC
The DGC is a collaboration between payer and provider organizations convened to discuss, design, and implement data sharing and interoperability among payers, providers, patients/members, and other interested parties who need health data. It is a one stop interoperability resource. The DGC primarily focuses on three areas:
- Collaboration: Development of common understanding of and specifications for data standards, exchange mechanisms, and what it means to participate in the modern health IT ecosystem
- Education: helping members understand their regulatory obligations, the data and exchange standards they're expected to use, and modern technology and related processes
- Innovation: Identification and development of projects and services needed to make modern health data practices and exchange a reality
General Comments
This section comments on the general approach taken by ONC and CMS in their posted proposal or comments on items that cross multiple sections of the proposed rule.
Notification of Information Blocking Independent from Notice of Disincentive
One of the drawbacks of the proposed disincentives is that they are either on or off. Once a provider has been determined to be information blocking by OIG, that finding is referred to an agency (CMS in the case of these disincentives), and a notice of disincentive is sent to the provider there is no additional mechanism for communication. The provider is only deemed ineligible for one year and may rejoin or reap the benefits of the associated program the following year provided their information blocking practices have stopped.
However, a provider may be guilty of more than one type of information blocking. If only the first instance goes through the full notification process, they may not be aware that there are multiple practices that need to be fixed before they have cleared up their information blocking. This means that they may fix the one issue they were notified about in a disincentive notice only to get a new disincentive notice the following year because they did not fix another issue that was not part of the original notice, and so on through multiple rounds of notices and multiple years of not qualifying for their related payment program.
It is important that a provider receive a clear notice of each finding of information blocking whether or not any given instance was the one that triggered their disincentives. This allows the provider to fix all known issues within a single annual cycle and, hopefully, return to eligibility the following year without incurring new information blocking violations that could have been prevented.
Perhaps a form letter or common language that indicates that no additional disincentives are being assessed but violation #2, #3, etc. but they must also be cleared up to regain eligibility for their programs the following year is warranted.
Payer Network Adequacy Requirements
Payer participants in our Data Governance Collaborative noted that removal of some providers from ACOs (or dissolving entire ACOs) could have a negative effect on meeting their network adequacy requirements. If they are counting on a particular ACO having K of a particular type of specialty and they end up with K-3 because 3 of their providers had information blocking violations, this could trigger penalties for the payers as well if they cannot scramble to add other replacement providers to their network in a timely fashion. Further, the patients would no longer have access to those providers if they are no longer part of the ACO, meaning delays in care and potentially worse outcomes.
It is not clear exactly how to address this issue in a fair and equitable manner that does not penalize payers for the misdeeds of the providers under contract in their networks and that still gives patients robust networks that can handle needed care in a timely and appropriate fashion.
Provider Reaction to Potential Loss of Payments
Provider participants in our Data Governance Collaborative noted that most providers are struggling financially and it may cause severe distress to impose significant financial disincentives on them. At the same time, they acknowledge that there needs to be some type of financial penalties for information blocking or no one will pay attention to it or care if they violate the rules.
This likely is not an actionable comment, but we felt it worthwhile passing along the immediate reaction of provider representatives in our discussions when we reviewed the proposed disincentives and the sample financial impacts provided by CMS.
Timeframes of Disincentive Application
We understand the need to wait until the following program year to apply some disincentives, but wonder whether the two year latency between when a violation occurs and when a disincentive is actually applied that’s part of some of the discussed disincentives is too long. Several participants in our Data Governance Collaborative felt this timeframe was too far in the future to truly act like a disincentive on current behavior – there was a sense that any negative impacts would be pushed off as “something to worry about in the future” rather than as something likely to truly affect behavior now.
Disincentives After the Initial Violation
We understand that ONC and CMS are somewhat handcuffed by the way the 21st Century Cures Act was written, but the current system means that once a provider has been hit with a disincentive during a program year, they have absolutely no incentive to stop their poor behavior until the following program year begins. If a disincentive is applied in January and they cannot be hit with another until the following January for a program that aligns with the calendar year, there may be a tendency to deal with it later in the year, just in time to fix the issue for the next year’s activity. Many organizations work to deadline and the deadlines for these disincentives are both broad and lenient.
We do not know if it is legally viable to assess month-by-month or quarter-by-quarter disincentives for any of the three programs but perhaps that might be a better option if it can be done. On the other hand, that would increase the administrative complexity and therefore cause problems from that perspective.
Know vs Should Know Requirement
We realize this may be out of the scope of what can be done in this rule, but participants in our Data Governance Collaborative were really struck by the difference in what constitutes information blocking for a provider vs a health information technology developer, health information exchange, or health information network. As a group, we very strongly felt that “should have known” should be the standard applied to all actors including providers.
Date of Information Blocking in Referrals
When looking at the information OIG is required to include in findings that a provider committed information blocking, we did not see any requirement that the referral include the date or dates of the actions that lead to that determination. Our Data Governance Collaborative feels strongly that this should be required for all referrals.
Time for Appeals
We note that some of the built in delay for when disincentives apply for providers is to allow for any appeals process, should there be one allowed by a program, to play out. However, we note that by tying the application of disincentives to program years, there is inherently a wide scope of possible time windows between notification of a violation and the time when the related disincentive should be applied. If a notice is received toward the end of a program year and the related disincentives are scheduled for the following program year, there may not be time to go through any allowed appeals process prior to the application of the disincentive at the start of the new program year.
We also note this comment may seem contradictory to our previous comment that suggested a two year waiting time for applicability of disincentives outlined in some of the provisions of this rule seems too long to participants of our Data Government Collaborative. As we are stating the following year may be too soon, it’s clear there may not be a good answer within the frameworks outlined in the rule.
We strongly urge CMS, ONC, and OIG to look for any possible way to have a more standard appeals process that could then be designed into the timelines in a more consistent way across all disincentives and in such a way to allow for appeals but still apply disincentives in a reasonably timely fashion.
Response to Specific Questions
This section will list specific questions asked in the proposed rule and our responses to them.
For investigations of health care providers, OIG expects to use four of these priorities: (i) resulted in, are causing, or have the potential to cause patient harm; (ii) significantly impacted a provider's ability to care for patients; (iii) were of long duration; and (iv) caused financial loss to Federal health care programs, or other government or private entities. Again, although not a regulatory proposal, OIG welcomes comments on these priorities, including comments on whether other issues specific to information blocking by health care providers should warrant changing these priorities or adding others.
As health data standards evolve and interoperable data exchange becomes more widespread, it is becoming common to expect providers to exchange certain data with payers. Payers requesting this data in FHIR or other common formats may find resistance to the idea and leverage information blocking rules to get cooperation from providers. We believe these types of data exchanges are an essential part of the healthcare system and that any reports of information blocking related to these types of requests are also worthy of investigation and should get some priority from OIG.
We invite public comments on these proposals, including comments on whether we should publicly post additional information (and why) about health care providers, health IT developers, or health information networks/health information exchanges that have been determined by OIG to have committed information blocking.
We believe “public shaming” has an important role to play as a disincentive in its own right. We believe that it is important to include the dates of known information blocking and also to indicate when the practice was fixed by an actor. We would also like to see some type of highlighting or other mechanism for making repeat offenders and actors who continue to perform the same type of information blocking for an extended period of time more obvious than actors who perhaps had a single violation that they cleared up fairly quickly.
We would also like to see lessons learned from some of the actual cases of information blocking find their way into the information blocking FAQs to help educate everyone on what does and does not qualify as information blocking.
CMS invites public comment on these proposals, particularly on its approach to the application of a disincentive for OIG determinations that found that information blocking occurred in multiple years and whether there should be multiple disincentives for such instances (for example, disincentives in multiple calendar years/reporting periods compared to only the calendar year/reporting period in which OIG made the referral).
We believe that the disincentives should match the impact of the information blocking activity as much as possible. That said, we do not believe providers should be penalized for exhibiting the same behavior for multiple years unless they were explicitly given an information blocking finding in one year but continued the same behavior in subsequent years.
We believe that CMS/ONC/HHS should continue looking for programs and statutorily-compliant means to impose a wider range of disincentives beyond on/off for a program year. Unless or until this happens, it will be very difficult to match the disincentive to the level of the behavior found. There should be a larger disincentive on someone who is found to have six different violations of information blocking in a year than someone who has one. There should be a larger disincentive for someone who does not fix bad behavior once they’re notified about it compared to actors who fix it once notified of the issue.