Software Solutions/EHR

Are You at Risk of Being Reported for Information Blocking?

By Jim Grue, OD,
Ronald P. Snyder, OD, FAAO,
and Michael J. Lipson, OD, FAAO, FSLS

Nov. 2, 2022

The information-blocking rules that govern healthcare information sharing, mandated by the 21st Century Cures Act, are now the required norm. On October 6, 2022, the scope of the information covered expanded to everything in the “designated record set.” This basically means that you must have the ability to share everything you record during an exam with any other organization or provider that the patient authorizes to have access to their data.

Access to the information you record during an exam becomes significantly easier for outside organizations after Dec. 31, 2022, when your “certified” EHR is required to have a Fast Healthcare Interoperability Resources (FHIR) server in place. This server will share your patient health information with any other provider or organization your patient has authorized to have access to their data.

The website for anyone wishing to report bad actors, who block information sharing, is up and running. Claims for information blocking can be submitted online through the ONC’s Report Information Portal. As of the writing of this article, there have been about 480 instances reported through the ONC portal, and initial investigation by ONC suspects about 435 will ultimately be determined to represent information blocking.

It is important for you to understand the circumstances that might cause you to be in violation of these new rules.

FHIR servers make patient health information more widely available without compromising the security of your EHR system. The FHIR server is fed data from your EHR server, and that data is shared with other organizations from the FHIR server. For example, a payors’ FHIR server, in order to conduct audits, sends a query to your FHIR server which requests the information needed for their audit. Any online retailer that the patient has authorized to have their contact lens Rx or spectacle Rx will be able to access the FHIR server and get the information without you being able to interfere. If either you or your EHR system is unable or unwilling to provide this information, you can be subject to “substantial penalties” and your EHR system provider can be fined up to $1 million per patient episode.

It is expected that active enforcement will occur toward the end of the first quarter of 2023. There are eight exceptions to the information-blocking rules where patient health information can be withheld, but they will rarely apply to routine eyecare.

So, what are the odds that you get reported for information blocking? If you read the literature that describes the regulations in the 21st Century Cures Act, you will note that it is primarily focused on the patient. The authors of this article believe that the odds of a patient reporting you for a violation of the information-blocking rule are probably not high.

Although there are many scenarios where patients might report an issue to the ONC website, it is not likely that this will happen very often in the case of routine eyecare. The risk of you being reported is much higher from organizations that either you or the patient authorizes to access their information. Examples of these organizations include research facilities, payors, educational services and optical retailers and discounters.

Online Optical Retailers
Online optical retailers can gain access to your patients’ spectacle and/or contact lens Rx by simply asking the patient to place a check mark on their online order form which authorizes access to their Rxs. Now, you decide your risk. Do you think online retailers who can’t get the information they need to make a sale might be willing to turn in your office for information blocking?

To learn more: 844.393.3282. (toll free) or

Government Payor Audit
We expect a dramatic increase in the number of audits by Medicare and Medical Assistance programs.  They will have access to your data to audit at a much higher level and frequency than we have ever seen before. The days are over for audits which required you to print and e-mail a patient’s record. Payors will be able to conduct automatic audits through your FHIR server.

Recently, hundreds of millions of dollars have been allocated by the federal government to the IRS to expand its workforce with a goal of bringing in more income into the federal government. It is anticipated that Medicare audits could represent a significant source of income generation at the federal level. If government payors are not able to access your patient records, the penalty dollars for information blocking will be channeled back to the government. Also, the penalties from failed audits could be a significant source of revenue to the federal government. There is a political incentive for government programs to report violators of the information blocking rules.

Private Payor Audit
It is likely that private payors will rapidly eliminate their current expensive methods of auditing and replace them with automated audits through your FHIR server. Payors are required to conduct audits to comply with insurance requirements. If payors are not able to access patient health information for their audit, they could also potentially report you for information-blocking violations. It seems more likely that they would be inclined to just remove you from their provider panels. We do not know yet how they will handle this situation, but they could do both.

Audit Originating from Other Healthcare Organizations
Other healthcare practitioners or organizations could be audited to ensure they are receiving the required reports from your office on a patient. HEDIS regulations require a report be sent to the patient’s primary care physician following a patient’s annual diabetic eye exam. CMS co-management rules require that the co-managing eyecare provider send a report back to the surgeon for post-op cataract visits. In both of these cases, an audit or inquiry could begin in another office leading back to your office as the one that should have generated the required report.

If the auditor is not able to find a report from the co-managing practitioner, the possibility exists that it is not only an information-blocking violation, but an audit failure for not sending in a required report that could result in you having to pay back funds.

Malpractice Attorneys
If just testifying or supplying information on a case, attorneys will be authorized to access the patient’s health records. If an attorney is unable to get the patient’s health information, it is possible that they will report you for information blocking. You decide the risk.

One of the purposes of the information-blocking rule is to support more advanced research. The Office of the National Coordinator (ONC) of Health Information Technology is tasked by the 21st Century Cures Act to implement the information-blocking rules. They are currently conducting a series of educational webinars for researchers to educate them on how they can benefit from the information-blocking rules.

It is expected that the information-blocking rules will quickly enhance research, making analytics that were previously impossible, almost routine. For example, there is currently a huge amount of research on Alzheimer’s Disease. Some suspect that there is a connection between Alzheimer’s and glaucoma. It is, therefore, reasonable to expect that Alzheimer’s disease researchers might want to include IOP measurements in their nationwide analytics of patients who have as a diagnosis of Alzheimer’s or are at risk of developing the disease. It is possible that a researcher will report you for an information-blocking violation if they can’t get access to your data for these patients.

As you see, there are many ways that, we as providers, could end up being reported for information blocking. You and your EHR provider are equally liable for information blocking. We believe that many violations of information-blocking rules may be caused by the technical limitations in your EHR system. Since patients do not know anything about your EHR, most likely, you will be the target of the information-blocking investigation.

Time will tell how many information-blocking violations will be reported in eyecare. It seems reasonable for you, as a provider, to assess your level of risk. If you feel you have significant exposure to any of the possible ways to be involved in an information-blocking violation, you will want to read our next article in this series. Our next article will discuss the things that you should be doing to reduce your risk of penalties.

James E. Grue, OD, is a health-care reform speaker and consultant. To contact him:




Ronald P. Snyder, OD, FAAO, is the president and CEO of HealthCare Registries, LLC. To contact him:



Michael J. Lipson, OD, FAAO, is the chairman of the OrthoK Advisory Panel of HealthCare Registries, LLC.

To Top
Subscribe Today for Free...
And join more than 35,000 optometric colleagues who have made Review of Optometric Business their daily business advisor.