State-Level Activities on Information Blocking

Requires health carriers to establish and maintain a patient access application programming interface (API), provider directory API, provider access API, payer-to-payer API, and prior authorization API in accordance with CMS interoperability standards for these APIs by the compliance date(s) set by CMS for these APIs. Certain exceptions and extensions may apply.

Prohibits a health care provider requesting medical laboratory tests for a patient from engaging in information blocking (as defined by federal law), including a requirement that the following reports or test results in the patient’s electronic health record must be disclosed within 72 hours or when the provider directs the release (whichever occurs first): reports or test results that may show a finding of malignancy, could reveal genetic markers, a positive HIV test, or hepatitis infection

Prohibits a health care provider requesting a medical laboratory test from engage in information blocking (as defined by federal law)

Notwithstanding this prohibition, the law expressly prohibits a provider from disclosing to a patient as part of the electronic health record or pathology report the following types of reports and tests until 72 hours after the results are finalized, unless the provider directs the release of the results before the end of that time: reports that have a reasonable likelihood of showing a finding of malignancy, or could reveal genetic markers

Requiring that the California Health and Human Services Data Exchange Framework (Cal DxF) align with the federal information blocking provisions of the 21st Century Cures Act (Public Law 114-25)

With respect to the amendments to Title 63

• Requires healthcare professionals who are considered business associates to comply with HIPAA and the federal Information Blocking Rule
• Prohibits a health care provider requesting a medical laboratory test from engaging in information blocking (as defined by federal law)
• This section does not apply to persons or entities licensed under Title 63 or Title 68

With respect to the amendments to Title 68

• Requires a business associate (as defined by HIPAA) to comply with the federal Information Blocking Rule
• Authorizes the State Attorney General to institute an action for injunctive relief to restrain violations of the federal Information Blocking Rule and/or to seek civil penalties

With respect to the amendments to Title 47

• Prohibits a business associate from entering into a contract with a person or entity that would restrict a patient or their representative from accessing the patient’s electronic health record
• Makes it an unlawful restraint of trade or commerce to intentionally violate federal laws relating to information blocking and subjecting such violations to the same civil and criminal penalties as a violation of Section 47-25-101

With respect to the amendments to Title 56

• Requires a health insurance entity to establish and maintain a patient access application programming interface (API), provider directory API, provider access API, payer-to-payer API, and prior authorization API in accordance with CMS interoperability standards for these APIs by the compliance date(s) set by CMS for these APIs
• Provides that the commissioner of commerce and insurance may promulgate rules to implement these requirements

Prohibits a person who administers or control the electronic health record of a patient from disclosing sensitive test results to a patient or patient representative by electronic means before the third day after the sensitive test results are finalized

Defines “health information blocking” as: “(A) knowingly interfering with or knowingly engaging in business practices or other conduct that is reasonably likely to interfere with the ability of patients, health care providers or other authorized persons to access, exchange or use electronic health records, or (B) knowingly using an electronic health record system to both (i) steer patient referrals to affiliated providers, and (ii) prevent or unreasonably interfere with patient referrals to health care providers who are not affiliated providers but shall not include legitimate referrals between providers participating in an accountable care organizations or similar value-based collaborative care models.”

Makes a hospital’s failure to comply with all requirements of Section 19a-904c evidence of information blocking

Establishes that information blocking is an unfair trade practice subject to penalties set forth in Section 42-100o(b)

Provides that health information blocking by a hospital, health system or seller will be subject to such penalties

Requires Oregon Managed Care Entities (MCE) to comply with all federal regulations set forth in the CMS Interoperability and Patient Access Final Rule. It also requires MCEs to review the federal Information Blocking Rule to determine whether the MCE qualifies as an “actor” subject to the no information blocking requirements.

It provides that an electronic health record system vendor that is fully integrated with the state’s prescription monitoring program must make information available in a way that is unlikely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information, in accordance with the information blocking provisions of the federal twenty-first century cures act, P.L. 114-255.