Software Solutions/EHR

Do This to Avoid a Violation Penalty for Information Blocking

By Jim Grue, OD,
Ronald P. Snyder, OD, FAAO,
and Michael J. Lipson, OD, FAAO, FSLS

Jan. 4, 2023

The information-blocking rules that govern healthcare information sharing, mandated by the 21st Century Cures Act, are now in effect. That means you could be fined for violating those rules. Here is how to avoid being penalized.

In our last article, we discussed situations that could potentially place your practice in a position to be reported to the Office of the National Coordinator for Health Information Technology (ONC) for an information-blocking violation. In this article, we will discuss how to minimize the possibility of being reported for a violation.

Why Were the Information-Blocking Rules Enacted?
To understand how to avoid a penalty for information blocking, you must first understand why these rules were put in place. They were put in place for two specific purposes:

  • To reduce the burden on providers: If an Electronic Health Record (EHR) blocks information sharing, it puts an unnecessary extra burden on you, as a provider. Information blocking limits your ability to get patient health information from other providers, as well as your ability to share the patient health information you have with the rest of the patient care team. By avoiding information blocking you will significantly improve your clinical efficiency.
  • To enable providers to coordinate the care of patients: Indisputable studies indicate that patients have better outcomes when providers share protected health information (PHI) and coordinate care. The information-blocking rules are designed to make sure patient health information is available where and when it is needed.

To Avoid a Penalty, You Must Stop Faxing
Every time you send a fax, you increase the likelihood of being reported for information blocking. Faxes do not meet the requirements for sharing electronic health information and put an additional burden on the receiving office. Additionally, more effort is required of the primary care physician to find the fax you have sent, for example, related to a patient with diabetes. Often, the physicians never see your faxes. You should stop faxing reports to co-managing doctors, and encourage them to stop faxing as well.

A Better Way to Communicate
Your “certified” EHR has the ability to communicate electronically with any other provider’s certified EHR. Your certified EHR includes Direct Secure Messaging, which gives you the ability to share patient health information in a document called a Consolidated Clinical Document Architecture (C-CDA). The combination of those two technologies gives you a powerful way to share patient health information with all members of the patient’s care team.

Some of you may have already tried using Direct Secure Messaging and found it not to work. The reality is, it does work. In some instances, what may not work is the way your EHR vendor has implemented this technology. You need to demand that your EHR vendor fix your system by sending a certified letter to them. Keep a record as proof of your request, otherwise, it is likely that it won’t get fixed.

According to DirectTrust, the company that provides the backbone of the national Direct Messaging System, there are currently 2.6 million active Direct Addresses used in healthcare, and 3.5 billion direct messages were sent in just the second quarter of 2022 alone. The technology works!

It is your decision whether you allow your vendor to limit your ability to participate in coordinating the smooth flow of information that can enhance the care you provide to your patients. Both you and your EHR vendor take on increased risk of a penalty for information blocking if these technologies are not functioning properly.

What to Expect Once You Stop Using Faxes

1. How you get your patient’s health history
     a. If you currently use faxing, your practice most likely gets all of the PHI directly from the patient. This method is the least efficient and least accurate method of gaining PHI.

To learn more: 844.393.3282. (toll free) or

b. Your EHR should have an integration that automatically imports the patient’s PHI into your EHR from a service such as Kno2, Carequality or CommonWell Health Alliance. These services increase health IT connectivity nationwide. For a small monthly fee, you or a staff member simply clicks a button on your EHR and the service goes out and retrieves PHI and provides the data to be automatically consumed directly into your workflow. For a patient new to your practice, with just a few clicks of your mouse, you will completely populate the patient’s problem list, medication list, allergies, active lab results, all members of the patient care team and the patient’s family health history. You will also get required data on the patient’s height, weight and BMI.

2. How you generate referrals
Your EHR system should have the ability to generate a C-CDA for referral letters. The C-CDA will contain all patient information that can be consumed by the receiving office. The receiving office can consume the information from your referral the same way your system consumes the information received from Kno2 or Carequality.

A properly constructed referral C-CDA will include the reason for the referral right in the header of the document, along with who is sending the referral. It also lists which provider the document is being sent to, so all the proper content is sent with the referral. In addition, a referral C-CDA can be constructed so it contains only the pertinent information you want to share and that information can be prioritized in the order of importance.

3. How do I get my Direct Address?
Direct Secure Messaging is already built into your certified EHR system. If Direct Secure Messaging is not already turned on, ask your EHR to do so. A Direct Address is similar to an e-mail address. Ask your vendor for your Direct Address.

4. How do I get the Direct Address of a primary care physician?
The easiest method is to simply call the office of your primary care physician and ask for their Direct Address.

5. How to send reports to other providers after your exam
After your exam, your EHR system should automatically create and send the required report for a diabetic patient to the patient’s primary care physician.

If you co-manage cataract surgery, your EHR system should also automatically generate a progress report, C-CDA, that is sent back to the surgeon.

Your EHR system should also be able to automatically generate reports to the patient’s primary care physician when you diagnose significant ocular findings, such as hypertensive retinopathy, or any other ocular condition for which you should be coordinating the rest of the patient’s care team.

When these reports are received, the efficiency lies in the fact that the data can be consumed by the receiving office’s EHR system. So, in the case of a diabetic report to a primary care physician, if your diagnosis was diabetes without ocular complications, that is consumed right into the physician workflow. The physician will know the patient had their annual dilated eye exam and that there was no retinopathy during their review of the patient Problem List. This eliminates the primary care physician searching for a fax, which they likely wouldn’t find anyway or even know exists.

The same happens when you co-manage cataract surgery. MIPS scores are of paramount importance to ophthalmologists. The visual acuity that is included in your co-managed reports can be automatically consumed and entered into the surgeon’s EHR system, which can then be used in creating the cataract measure for the ophthalmologist’s MIPS score. If you don’t send this required information, you could fail an audit and may have to repay any co-management fees.

Using Direct Secure Messaging to send these reports, which should be automatically created by your EHR system, ensures you will perform well on an audit, but it also provides the information in an electronic format so the ophthalmology office staff does not have to go through the tedious steps of manually entering the VAs from a fax that you sent. Both the surgeon and the co-managing OD will expend considerably less effort using Direct Secure Messaging than using a fax for these reports.

The decisions you make in how you communicate with the rest of medicine will determine your risk of being penalized for an information-blocking violation. If you demand that your EHR vendor support you in joining the rest of medicine in communicating electronically, your risk of information blocking will be significantly reduced.

Every fax you send increases your risk, whereas every C-CDA you send through Direct Secure Messaging decreases your risk. We recommend that you read our March 2021 article, Why Faxing Instead of Direct Messaging Puts Your Practice at Risk for Not Meeting New Federal Requirements. This article explains how to activate Direct Secure Messaging, so you can work more efficiently and reduce your risk of being involved in an information-blocking violation.

One final note, HealthCare Registries is currently working on a project to improve the C-CDAs created by EHRs to include ophthalmic data. Our next article will report on the progress of this project.

James E. Grue, OD, is a health-care reform speaker and consultant. To contact him:




Ronald P. Snyder, OD, FAAO, is the president and CEO of HealthCare Registries, LLC. To contact him:



Michael J. Lipson, OD, FAAO, is the chairman of the OrthoK Advisory Panel of HealthCare Registries, LLC.


To Top
Subscribe Today for Free...
And join more than 35,000 optometric colleagues who have made Review of Optometric Business their daily business advisor.