Privacy Officer's Roundtable

Information Blocking Rule

  • 1.  Information Blocking Rule

    Posted 08-11-2020 11:57 AM

    I am trying to decipher what impacts the Information Blocking Rule will have on our privacy program and what forms and policies, if any, need to be updated in response to the Rule. Is anyone willing to share steps their organizations has taken to comply to the Rule from a privacy perspective?​

    Thank you in advance for your feedback.

    Amanda Levine
    Director of Corporate Privacy, Privacy Officer
    Virtua Health
    SCCE Membership

  • 2.  RE: Information Blocking Rule

    Posted 08-12-2020 06:55 AM
    As first steps your organization needs to look at the "Actor" definitions in the Information Blocking Rule and define which of the 3 buckets you fall into. "Provider" is obvious for most organizations but you may also fall into other buckets. You will also need to look at your Designated Record Set Policy, or make one if you don't have one. The DRS is under the HIPAA Privacy Rule. Then collaborate with individuals across your organization to figure out what systems house the PHI that comprise your DRS because those systems are your sources of truth, for lack of a better description, for purposes of the Information Blocking Rule. You will also need to collaborate with those leading the project to figure out if HIPAA and/or federal/state law exceptions operate to permit Information Blocking in certain situations and what those situations are. Hope that helps.

    Brenda Manning J.D., C.H.C., C.H.P.C.
    Privacy Director
    Interim Privacy Officer
    Carilion Clinic

    The views expressed herein are my own and do not represent those of my employer. They are not meant to constitute legal advice or create an attorney-client relationship.

    SCCE Membership

  • 3.  RE: Information Blocking Rule

    Posted 08-12-2020 07:40 AM
    Hi --

    We have a working group that includes HIM, Compliance/Privacy, IT (Patient Portal), Physician Practices, and Customer/Patient Access. We will be looking at our Patient Portal as a primary way of providing our patients' access to their data, and are assessing if all elements of the USCDI are published to our portal in a timely manner. We do have some work on labs - there is currently a delay before labs are published and a wholesale delay of all labs is probably not supported with the new information blocking rules. In addition to looking at our portal, we will be doing work around policy; revising or creating a new policy on overall access and to specifically look at the exceptions defined within the Cures Act and defining in policy, our approach to these exceptions. We will also be reviewing our current ROI process and HIE policies and procedures.

    Timothy Koob
    Compliance Officer & Director


    SCCE Membership

  • 4.  RE: Information Blocking Rule

    Posted 08-12-2020 06:56 PM

    Here's a link to three information blocking webinars.  There is no cost to view the webinars.


    Chris Apgar, CISSP, C|CISO

    CEO & President

    (503) 384-2538 (o)

    (503) 816-8555 (c)

    (503) 384-2539 (f)


    Privacy | Information Security | Compliance | Certification Readiness | Security Incident Response


    The information contained in this email message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by email, and destroy the original message.


    SCCE Membership

  • 5.  RE: Information Blocking Rule

    Posted 08-12-2020 07:02 PM
    MRO Corp had some really good free webinars on Information Blocking -


    Aurae Beidler
    Compliance/ Privacy Officer
    Linn County Health Services

    SCCE Membership

  • 6.  RE: Information Blocking Rule

    Posted 08-13-2020 08:14 AM
    Edited by David Holtzman 08-13-2020 08:21 AM
    In addition to the MRO webinars, ONC has published a nice set of fact sheets on the IBR. Virtua may have some unique challenges because it may find it must comply both as a health provider and an operator of a HIE/HIN.  One recommendation would be to set up inter-disciplinary discussions with other departmental areas that manage the IT and information management groups. If Virtua also offers Medicare or Medicaid plans (Part C, Part D or Medicaid Managed Care) there are additional requirements that must be met to comply with the CMS Interoperability Regulations.

    Check these out:

    David Holtzman
    HITPrivacy, LLC

    SCCE Membership