New Rules for Sharing Employee Health Information

all right hello everyone and thank you for attending today's webinar on new rules for sharing employee health information my name is jeff dinell and i'm president of enterprise health and i want to welcome everyone to uh today's session uh this is actually the tenth in a series of webinars that we initiated last year in response to the kovid 19 pandemic although i'm happy to say that today's session is really the first one that won't center around covid which is actually a very encouraging sign in many ways uh also happy to report that we have more than 275 individuals who've registered for today's session uh so we really appreciate all of you making time to uh to attend today just a few housekeeping items we're muting everyone upon entry except for our moderators and panelists so that we can minimize background noise i do want to point out that we are recording this session and we will email everybody early next week with a link to access the recording and feel free to share that more widely in your organizations we're very pleased to have another fantastic panel today it's a group of legal and occupational and employee health experts and we've asked each of our panelists to make some initial remarks about their observations on today's topic and then we'll open it up for a q a session you can actually submit questions via the q a feature in webex and we'll certainly get to as many as we possibly can today and our panelists include stephanie eckerle who's with the law firm of creig de vault dr kenji seito who was with med law and emily mccomb who is with enterprise health so before we turn it over the panelists i'm going to provide a little bit of context on our organization as well as today's topic and now that so many of us are vaccinated and we're starting to write in elevators again i'm going to give you the enterprise health elevator pitch which you'd be forced to hear if you were unfortunate enough to find yourself stuck in an elevator with me so we're the only cloud-based health it solution that combines occupational health and compliance clinical care and employee engagement on a single interoperable certified electronic health platform and our focus is on equipping enterprise clients and their employees for a healthier future and we work with mostly blue chip global organizations government agencies as well as hospitals and health systems most of our clients are operating their own on-site employee health clinics and in many cases they also provide third party employee health services to other organizations we're going to start off you know we want to be very upfront today that we're we're going to be trying to do a little bit of reading of the tea leaves and you know the focus of today's webinar is around some new legislation in the united states that actually went into effect last week and it governs the practice of sharing electronic health information with individuals however it's not yet entirely clear if and to what extent these new rules are going to extend to employers who are providing occupational and employee health services to their workforces so our panelists today are kind of relying on their experience and expertise to gaze into the crystal ball and they'll certainly provide you with some some valuable context uh their sense of how this will will shake out as well as their thoughts on best practices so we can't promise that you're going to leave this with complete clarity but we're confident you're going to get some some very valuable information and insights to certainly start the ball rolling in your organizations as you have discussions on this topic you know with people who are interested in policy and and legal matters so just to give you a little bit of history the u. s department of health and human services created the office of the national coordinator for health information technology many years ago and i realized that's a mouthful and the original acronym for this office was on chit which led to a lot of inappropriate jokes so today it's actually known more simply as the onc so the onc was created really to help promote and coordinate the adoption of health information technology uh by healthcare providers and and really when when this group was started uh adoption of electronic health records uh by most in the at least the u. s healthcare industry was was around maybe 15 percent uh and they have been very successful because uh you know now we're getting uh closer and closer to 100 percent and and really what what drove a lot of this was back in 2009 stimulus funding was approved by congress uh in the wake of the 2008 financial crisis and a big chunk of that 900 billion dollar package was used to fund health i.

t adoption uh so to qualify for that funding uh health care providers had to do a couple of things they had to deploy a certified electronic health record and then they had to comply with what were called meaningful use rules to demonstrate proper use of those certified ehrs now at that point in time you know which goes goes back a ways now i know i was deeply involved in electronic patient engagement and i actually attended some of the early hearings that the onc hosted as they were drafting these meaningful use rules and i went to these hearings planning on advocating for the concept of making electronic health information available to patients and i quickly realized that i could stay in my seat because there was a sizeable group of individual consumers who showed up and they were extremely vocal about the need to include the patient in the equation and they argued quite successfully that their health information belongs to them and they they should be able to easily get access to it so as kind of an early pioneer in the electronic patient engagement space i know our organization along with others did a lot of uh pick and shovel missionary work with physician practices hospitals health information exchanges and employers and and there was i have to tell you a significant amount of early pushback especially among clinicians to the concept of sharing electronic health records with patients and i i recall many heated debates with physicians who were dead set against sharing things like electronic lab results with patients especially without building in some sort of a delay period for physician review and and you know most of them said hey i'm worried that i'm going to get that midnight phone call from a patient who got a lab result and doesn't understand it and i you know i don't want to have an onslaught of those sort of things but invariably you know those same clinicians would come back after two or three months and say you know what now that we've done this i'm going to give you the green light to go ahead and share the the the lab results without delay let the patient have them the same time that i get them because they realize that their worst fears didn't come true and and in fact in most cases patients who had more access to their data were more active they were more involved they were more compliant now certainly it changed the nature of some of the conversations that clinicians had with patients and and they would actually do maybe more pre-counseling to say hey we're going to do this lab test here's the kind of results that you know that we're looking for and if you get this kind of result here's what it may mean but after you get the results and i've had a chance to look at them we'll get together we'll talk about it so it actually led to in many cases you know better more meaningful dialogue now despite you know the the gains that we've seen in the adoption of electronic uh health records and and other health information technology the health care industry is is really probably the last remaining market sector that still struggles a great deal with interoperability you know health information is still far from being extremely liquid and for years um there the the hymns conference which is actually the major gathering for health i. t professionals and it attracts more than forty thousand uh visitors a year uh they've hosted what's called an interoperability showcase and that's what the picture that you see on the screen now and the idea was to demonstrate you know how data could flow between disparate health i. t systems uh and it was sort of a hey here's here's what could happen if we could make all this work now the fact that hims has been putting on this massive demo year after year for now well over a decade to show what could be done what might be done only underscores how far we still have to go you know in an ideal world they would have done this for a few years it would have all been worked out and there'd be no reason to have this showcase anymore uh and and we used to participate in this event but frankly we grew frustrated because we would demonstrate interoperability with all these other vendors only to have those same vendors afterwards say oh that's just the trade show thing or we haven't productized it yet and you know to add on to that historically many health care providers weren't overly interested in making it easy for patients to take their data somewhere else and and many health i.

t companies and emr vendors uh were notorious for what came to be known as information blocking and ultimately that resulted in uh many emr vendor ceos having to get up in front of congress and explain themselves as to why they wouldn't make their data more liquid including making electronic help data available to patients and as a result of that um the the requirements around sharing and and not only among health care providers but sharing data with patients they've grown more and more stringent over over time and today significant penalties are being meted out to health care providers who actually failed to give patients timely access to their data i know my brother's father-in-law passed away last year from complications from covid in a nursing home and when they asked for a copy of his medical records the nursing home dragged their feet and they said that the legal team at their corporate office had a policy against sharing those records so i advised my brother and his wife to threaten to report this to the onc and miracle of miracles the next day the the records were produced but this sort of thing that reluctance or outright refusal to share data uh with with patients uh happens uh all too commonly and it's one of the reasons that the new legislation we're discussing today has beefed up provisions for sharing information with patients so while we still don't know the full impact of these new rules in terms of how they apply to occupational and employee health it's pretty clear that the information sharing train that has now been boarding for more than a decade is starting to pull out of the station and it's to create real momentum for deep and wide information sharing with patients or in the case of those of us on today's call with employees so while you you may have some trepidation and some very legitimate concerns i know i can speak from experience that an individual who has access to and more involvement in their health information is far more likely to take a more active role in not only their health care but the health care of their family members so with that as a little bit of background and context we're going to turn it over to our first panelists and our first panelist is dr kenji saito and kenji is president and chief medical and science officer at med law and they provide environmental medicine consultative services to companies professional organizations hospitals and clinics and he also serves as a medical leader for regulatory agencies consumer goods and transportation agencies in industries previously uh dr seito served as a medical director for anak health services clinic with multiple locations in central maine and he's currently president of the new england college of occupational and environmental medicine and vice president elect of the american college of occupational and environmental medicine dr cyto earned a dual medical degree from temple university and a law degree from rutgers law school and kenji's going to really help us illustrate some of the challenges and confusion that we're seeing in knockhealth around this topic as well as talk about some best practices on information sharing so kenji let me stop sharing here great thank you jeff well good afternoon everyone and thank you for joining today and we're going to have a really fun time i'm going to make it this talk very interactive so for those of you who are in front of a computer if you have a cell phone it might be a little easier unless you have dual monitors and there's a qr code here you can go to um just put your camera on and put it over the qr code and it should take you to the website otherwise if you want to stick on the phone browser or your computer you can go to pulley v dot com backslash med law i'll go through a couple slides of just introductory so you'll have some time to log in and we're going to make this a live polling and interactive talk because i really like to hear from from everybody in the audience today so before i get started i'm sorry the lawyer me always wants to make sure that you get full disclosure sort of look back when i'm coming from the conflict answers i have and certain disclaimers that i have since this is more of a educational purposes and these opinions are especially are thoroughly mine and not necessarily those my employers and clients that i work with um i do have a lot of images here as well i do not necessarily have information permission to use all the images i'm sort of invoking fair use here just for purely educational purposes today so a little bit about me um you know i am a dual physician and an attorney and luckily i found a passion of mine in sort of uh nutritional sciences as well and so well-being is that i'm also a sushi chef so i kind of balance it out being a physician a chef a lawyer and luckily found the field of occupation and environmental medicine where i'm actually able to practice all three i get to go out and pretend to be different workers and different setting different sectors whether it's out using a skinner uh being a scientist flying a plane it's it's been an exciting time and i really enjoy it and i hope that i'll be able to share some of my experiences especially from a hospital setting where i used to work in a clinic base whether it's a near site or on-site clinic in a corporate world looking at corporate medicine and how do we set policies uh benefit plan design and whatnot and sort of being a consultant and private practice uh solo practitioner so juggling everything so i'm kind of bringing those experiences with me in addition to some of my governmental experiences uh rotating and working in central office the va through osha niosh epa etsdr and the surgeon general's office doing some public health work too during my training and um we'll have to share that experience with me so let's see if our polling is up and running it should be activated i'm curious to see where everybody's coming from so i can hopefully carry this conversation towards uh where our needs are whether you're in a healthcare setting providing uh maybe a third party employee employer or a juror through a near-sight onsite clinic whether you're in corporate any government folks uh and there's a few others so mostly healthcare great so i'll get my talks towards mostly healthcare but also incorporate some of the sort of corporate policy perspectives as well to make sure everybody's understanding of that and then for those of us in healthcare are you a nurse an mppa physician mdo maybe other clinical support staff technician are you an administrator perhaps doing some non-clinical work just get a better idea of where you're from and uh sort of your background here so most of us are nurses here great so i'll um try to gear towards some of the nursing staff which is like presumed uh maybe cohn's running different clinics understanding what these uh rules are so i'll be able to explain that as well and some decision makers here in administration perfect so this is a word cloud i like to start up with this because this is a brainstorming session as well so why do you think information sharing is important is it uh is it due to some process that we need to understand and the philosophy of why information sharing is important yes a continuity of care i think that's really important to understand and i think jeff talked about this briefly about the idea of interoperability meaningful use so sort of the philosophy behind why we need to understand information is important especially when sharing with the patient is not only engagement but also be able to provide good child quality care and to do that you know i think impacts us in very different ways and engaging our patients and make sure to understand what we're prescribing for them really does affect patient care their experience their engagement but then today outcome as well so i think it's really understandable you know important to understand why uh in different agencies now we're trying to regulate you know the more importance of not blocking information because we want to make sure there's transparency there's exchange and there's interoperability between different emrs as well and this is why i think the idea of electronic health information is so important and and as jeff mentioned you know we are kind of looking to crystal ball because we're not really sure where this is or if there's any unintended consequences from these roles but i think it's at least understanding why behind it helps understand this the process that needs to occur to get to the why so so thank you for this i think you're right it's focused on patience transparency continuity engagement so do you routinely share health information with um with your patients employees uh claimants so it seems like most of us do so the question then becomes you know why is it important that there is an information blocking world now so there's a survey that just came out last month that just published last week looking at 4 000 health care entities and the clinical technology administrative leaders from providers payers it's another organization done by life image that i like to sort of benchmark what we're going to do today so that the questions they ask i think is quite relevant so let's see uh the questions they asked versus how we respond so overall are you familiar with the term of information blocking do we know what that is so we're fighting there almost 50 50 50 50 45 60 40. so yeah i would assume that he's around 50 50 right and this is why we're here today um and most of us do not know information blocking and it's probably another reason why you're here today um and stephanie will go definitely go into one of the details of what the definitions and meanings are but i think it's important to understand it's out there terminology exists uh and that you know a lot of people are not familiar you know 47 which is close to where we were a little bit higher but the survey uh participants actually said they were not familiar with the idea either so what is the primary exchange method that you offer to your to the employees are asking for this information how are you sharing that information to them is it paper cds do you have an online portal are you emailing it securely hopefully um great so it seems like we have some sort of online portal so it makes the access a little easier uh the process and methodology might be easier so probably the question we'll focus on today is for those on paper what does that mean especially now it's requiring uh electronic means and how do we transition uh from paper to some sort of digital format um and then to online portals so let's see what the results of the survey showed so 65 66 basically relied on paper so i'm surprised you know we're pretty close and then it went down to 40 for us majority relied on cds so i think this is looking at some of the imaging as well you know if you look at the pac system for the mris and ct's x-rays uh i think a majority of them answered that and that reason too because most of them still offer cds and i haven't seen an online portal like a pack system where can't you look at images quite yet for the patient portal side but i think the portal is the way to go and the majority of healthcare institutions uh you know do not have that capability but we're hoping they'll be the case soon enough so those who do offer um do you charge for your patient records i know this became a big issue especially from a business perspective when we had a lot of people requesting records and especially when you do paper i'm curious to see what you do charge and and i'll be happy to share with the survey results too to see where the benchmark is some states offer especially if you're making records a copy of records that you can bill for the expenses of that so i think some people do charge patients but it looks like a majority of us especially those in the portal where patients go in and download their images they are you're not charging anything so that's good news hopefully i'll make stephanie happy so survey says 15 uh currently charge 25 or more so i know there's a four percent or so that charge about that much from our survey here so the good news is it sounds like most of us have portals and most of us are actually exchanging data through that method and that's why there's almost no cost to be able to do that and this is exactly what the onc rule states however there are some exceptions to this right so if you look at the final act uh at the bottom right there i kind of i highlighted that it should be offered in a structured or unstructured matter but at no cost to the to the patients and to your employees that are accessing this right now so i think that's really important to emphasize but as we any kind of regulations there's always exceptions to it and i'll leave this as definitely talk about more but there are there is a fee exception where you could bill however you know there are purposes that need to be met but the recommendation i think the best practice here still is to be able to provide it at no cost to the employee and provide any uh prevent any hurdles that you might have uh especially for those who may not have access to their own personal records so i think that's really important we do that so have you or your facility meeting changes to meet all the rule requirements especially those through paper um have you done anything or maybe you don't know because you're not part of the decision making process i know we do have a couple administrators on the call today in an audience so most of us don't know whether um we've made changes so that's probably the other 50 or so who uh say that we don't know but much about information blocking so hopefully after today's talk will at least be aware of what the rules are and then have some guidance as to what back best practices are before uh some of these rules are challenged or solidified into our regulatory framework so most of us don't know so services 48 are not aware so we're pretty much on target here with that the cohort of 4 000 employees that took the survey before um so exactly so this is why we had this webinar today and we have a lot of registrants as well but also 39 um sorry i missed one survey so another survey that i was going to ask was um whether there is any penalties assessed for um for any kind of wrongdoing or information blocking practices sorry i know the survey didn't pop up here but the results did show that about 39 uh did not know that they could incur uh civil penalties uh associated with this so it is the world with some teeth so keep that in mind so what happens if you or your facility does not share health information with your patients oh well here it is i guess sorry that information came first but i guess most you know now good we're paying attention i guess that's a good test i did that on purpose so i wanted to go through some hypotheticals now too especially this is relevant to the occupational health realm is you know do you normally release workers comp injury records when when requested interesting almost 60 40 of us do not okay here we go so some of us do and we can save this for q a towards end as well after you hear about or about information blocking from council it's going to go right afterwards stephanie how about post offer pre-placement exam records what are your thoughts about that so let a little less okay so most of us said they would but 30 would say they wouldn't interesting how about surveillance exams the exams are required by osha or other uh people come in routinely periodically for different surveillance exams do you think they should get those records as well whether it's the physical exam component or the uh results of those um blood work that you probably do for biomonitoring okay so it seems like most of us agree that we should release these records as well and aren't you are releasing it how about dot exams the department of transportation for federal commercial motor vehicles good so everybody knows you know that you are supposed to here as well uh and it's actually um in the regulations that you should provide these exams and in some cases employers do have a right to some of the copies of the of the exam itself as well this has been controversial in the past but fmcsa does have recommendation guidance on this as well how about audiograms results any kind of hearing loss or standard threshold shifts in or without the hearing conservation programs you normally release those records to the patients as well okay so it seems like most of us would actually all of us would so far that's responded so yes that's helpful right because especially if you have any conductive or neurosensory hearing losses you definitely want to make sure they get follow-up care because you know we're not the pct primary care provider in the occupational health clinic so it's always nice to make sure that they have a good follow-up uh to fun whether it's emt specialist or with their pcp to continue following whether this is an age-related uh hearing loss or any other perspective as well how about spirometry for those of us who used to do them and maybe starting to do them again now especially during covid are we releasing the spirometry records to the patients looks like we're having some technical difficulties with this one actually got locked up okay that's fine my suspicion is if you're going to release the audiograms the question that becomes is why wouldn't you release the spirometry records especially for those who are following asbestos silicosis uh standards and whatnot uh whether there is a requirement um for you to release it or not and uh some of the information and best practices here is also to provide that to the patient especially if there's any concerns for any obstructive or um disease processes that you see that are constricted as well that restrict it as well that could potentially be uh helpful if their pcp knows about it the patient knows about it and aware that they need to seek some care at least to get a baseline documentation you'll be surprised how many people have uh sort of borderline asthma and or some other lung disease that they never knew about until they had spirometry done and referred them or to get a real pft um to be done with some of the specialists to follow up in their care this is an interesting question how about drug screening results and records yeah so most of us do not release these or okay we're going back and forth do we release them or not the battle for the 50s so this is why i thought that this i left this question for last because it's quite an interesting question is you know are we required to you know some of these are done without um any kind of uh surveillance component to it or a regulatory component but more of an hr policy component to it and it comes a really interesting labor for an employment uh bargain for labor uh questions but also employment law questions as well uh what the employer can and cannot do so we're almost split here so this is what osha says right so there's uh the standards for 1910. 1020 is access to employee exposure and medical records and if you want to look up this link it's the bottom left here it does indicate and provide employees and or their representative with access to relevant exposure medical records so there's a huge definition maybe we can talk about this q a if you're interested um for the sake of time i want to make sure that we leave stephanie enough time to talk about her component but the exposure is the question is whether that drug screening is an exposure or not um some places do not so i always look at this as a balance between of what your risk perceptions are and how do you manage those risks and i don't know if you've seen this imaging before but i think this is a really helpful concept to understand is and hazard is something that can potentially cause harm but when you're looking at risk you have to look at hazard and exposure so what kind of exposure you do do you have by not doing this but not following the rules and uh for example drug screening what do you do if you don't provide it uh what kind of hazards uh are there because of that and that's how you manage your risk and i think at the end of the day we need to go back and look at the idea of what and why we're doing this so i think by doing so it makes us understand that the importance of um why we need to be able to offer these to the employees uh but also to their design representative under osha and let me see if i can stop sharing so i can see the chat screen real quick yeah and feel free to type in some chat question but i think we're going to save some questions towards the end and i can't see my screen now ah there we go so it looks like i don't see any questions in the chat right now but yes so the idea and the transparency uh behind information sharing is very important and i think we have the data now to show you what we're doing in an occupational health clinic our best practices around uh information sharing even though it might not be required especially those of us in paper i think we really need to focus on priorities here you know what do you need to do to transition because the idea of transparency exchange interoperability sort of philosophy behind why information sharing is so important you know sometimes it's better to do the right thing first rather than having regulations tell you what to do i think in those cases it would be great to be able to do that so um jeff should i answer some questions now or do you want to save it towards the end so while we're waiting for jeff to come back on uh let's see assuming all requests include proper signed release some exams such as imes are owned by the requestor and not the patient and should not be released without the client's consent yeah so that's actually very state dependent so that's a great question what do you do for imes uh in different states there's different regulatory frameworks that usually sits under the workers comp board if you have one in your state otherwise it's somewhere within the department of labor because as we all know workers comp is very state specific so uh depending on on those imes coming from um requests from the workers comp board or their attorneys in those in those uh litigation or cases it's important to understand what your state laws allow for because the federal laws only give you the minimum standards and the state can raise that bar a little higher so great question and correct congratulations hey kenji i think what we're going to do is go ahead and um and uh pass it over to stephanie and that that way we can uh you know we'll we'll have time for uh questions at the end sounds good thanks everyone all right and uh so next up is uh uh stephanie eckerly and stephanie as an attorney and partner at the creek devaught law firm and stephanie provides regulatory compliance and corporate advice to the healthcare industry and she specializes in working with employers that provide occupational and employee health services at on-site clinics she's also on the board of directors for the national association of worksite health centers and right now she's working with a number of organizations as they come up to speed on the 21st century cures act so she's going to get dive into some of the specifics of the cures act and other legal and regulatory requirements so take it away stephanie great thank you jeff can you see my screen and hear me okay yes awesome okay well thank you everyone and um jeff i really enjoyed the introduction about onc and the history there you know i can start onc the uh health it you know highway and then kenji i really like the polls i'm gonna have to remember to do that on future presentations so i'm going to dig into the nuts and bolts of sharing employee health information today for you guys so a little bit about me there if anyone's interested and i think the slides will be provided sometimes afterwards too so you'll have my contact information if you guys have follow-up questions but before we dig into the information blocking rules i really want to talk about you know the puzzle that is employee health records i think it's a really complex area from a record-keeping standpoint and so whenever you know i start working with a new organization whether it's an employer or a health care provider we don't even dig into the law first we dig into let's unravel this puzzle and figure out what laws we need to be looking at here and so for example you may have an employer that has an occupational on-site health clinic but also provides primary care at that clinic and they may also provide eap services at that clinic so there you know you're going to have a huge overlap with different regulations and so um i put together the questions i ask when i'm first starting to work with new clients you know that kind of inventory that you guys should all be thinking about when you're trying to figure out where do i even begin here so i won't go through all of these but just a few here so you know what type of health services again is that akhel nanak health primary care workers comp mental health substance use disorder through the eap that's all really really going to matter um and you know who are the services provided to is it just your employees or do you guys also wrap independents at an on-site clinic or minors this is going to have a lot of implications again on what laws you guys are following in addition to plan design and benefits um you know who pays for the services are we having the employer pay because it's health related is it workers comp or do you have a primary care clinic where you are also billing third-party payers like an anthem and i've even worked with a few clinics recently that see retirees so you get a medicare population in there although that's a little more unusual so all of these questions are really what you need to go through to try to unravel and figure out what you're looking at so once you do that you're really needing to think about what i call interlocking and overlapping requirements and so i listed a few here of the um you know regulatory frameworks and agencies that we're thinking about on the legal side so you've got osha eeoc ada you know onc because of the new information blocking rules and we've got samsa because of sud and eap records so you know lots of laws here that we're going to need to consider as we unravel the puzzle and one thing that we're going to be providing afterwards is a resource list that's going to have um the various flaws and different opinions from agencies linked in it and so you'll have that too after this um sometime after the seminar for reference okay let's talk about information blocking you know we could have an all-day seminar on all the other requirements but we're here today because of this specific law the information sharing the interoperability all this that came about not just because of the 21st century cures act but historically hipaa and high tech and others so why should you care about information blocking well under the new law information blocking applies to all health care providers and this is defined very very broadly under the cures act so in the regulations it includes physicians practitioners therapists hospitals federally qualified health centers i mean you name it it's included here although a few aren't maybe like an industrial hygienist i didn't see them on the list and when you look at the term physician and practitioner you know you think okay of course we know what that is right but i want to point out because this is a question i'm getting a lot it is any doctor of medicine it is any pa nenp clinical nurse specialist social worker registered dietitian nutrition professional are just a few and it does not depend on if that physician is billing a third party payer or if that you know physician is enrolled and medicare or medicare so it would encompass the occupational therapists too um but you know one question is is my clinic a hipaa covered entity the information blocking rules do not differentiate based on a covered entity or business associate status so i've also heard this from some employers you know we just have an occupational health clinic it's not a covered entity because we are not billing any um third-party payers here and so it's really important to understand that the information blocking rules do not differentiate based on that so you can just have an awk health clinic and as long as there is a physician in it that physician is a health care provider they do not have to be a covered entity or a business associate and this was actually addressed in an onc faq that said an individual that meets one of these definitions is an actor and subject to information blocking regulations regardless of whether they're a covered entity or a business associate and so again we will be sure to give you those faqs and this resource list that we will be providing okay another question i'm getting often is but i only maintain occupational health records again i don't think this matters um you know what i was really hoping before i gave this presentation is that we would get some guidance from osha on this but unfortunately that has not happened yet nor have we gotten guidance from onc on how this would apply to health rights providers or occupational health records so in light of that you know we look at what type of records are affected by the information blocking rules well before october 6 2022 electronic health information or ehi is limited to the subset of data represented by the elements in the us cdi standards and we'll link to those too but that is going to be very broad it's patient demographics problems procedures clinical notes which includes you know your consultation notes history and physical imaging lab reports path reports immunizations medications allergies and intolerance so when you think about your occupational health records you know you're going to include these data elements and then after october 6 2022 information blocking regulations apply to all ehi is defined and the regulations here and that's really any health information you would find in a designated record set okay so now that we've talked a little bit about who this applies to your health care providers and what type of records know that you cannot engage in information blocking and and what's what is information blocking that's a question we get a lot too and i'll tell you we're getting this question not only from our occupational health clients but also frankly from from health systems from position practice groups you know it's it's a concept that some people are very knowledgeable about but frankly as i think kenji's um surveys showed a lot or not so if you're one of those don't feel bad about it so information blocking is a practice that if conducted by a health care provider again defined very broadly the provider knows so you have to know that such practices is unreasonable and is likely to interfere with the access exchange or use of electronic health information and so it's a really really fact sensitive inquiry here this can result from individual actions corporate policies contracts or even technological limitations which is why we're really encouraging our occupational health and healthcare clients to work with their ehr vendors like enterprise health to understand these rules examples include you know refusing to respond to a patient's request so just like what jeff said with the nursing home example just outright refusal and we do see that um another one refusing to share clinical information with a competing provider that has been an issue in some cases in the past and one of the reasons that onc passed these roles is to really you know keep innovation alive lessen competition among providers and so you know you cannot refuse to share just because someone else is your competition um or you can you cannot share only because someone you know is competition and so you're going to make it expensive or inefficient you can't request a patient consent where no patient consent is needed so just going through you know all the different ways that information blocking um can apply to different situations unless there's an unless there unless an information blocking exception applies which we're going to get into here okay so if a request for access is denied an information blocking exception absolutely has to apply and all elements of it must be satisfied and so when you think about this we're going to go over these in some of the elements but you really need to understand every element and have documentation of why you are meeting every element if you were not going to give a patient access and think about the overlapping laws there right so if you are a covered entity not only must you follow the information blocking rules but if you deny access to a patient you also have to follow the hipaa rules for denial or the osha rules um we're really recommending that healthcare providers develop a process and policy to evaluate requests and then have documentation to demonstrate why a request was denied and so that documentation can be in the emr um or on a separate form so let's dig into these exceptions now okay so i categorize these two different ways one is denial of access so if you're going to deny access to records under the information blocking regulations it has to be for preventing harm or due to privacy security and feasibility or health id performance and then there's three exceptions that don't really go to denial but it goes to how you uh fulfill that request so the how the content of the request the manner the fees and the licensing so let's spend just a little bit of time today talking about these and again i'm not going through every element of these just um technical main points so you can deny a request for access to records in order to prevent harm so to meet this exception it has to be to substantially reduce the risk of harm to the patient it has to be determined on an individualized basis by a licensed health care provider who has a current or prior clinical relationship and and i put document again you need to document these exceptions if you're going to rely on them this is going to be really important because these rules were effective april 5th and i have already seen a complaint filed against the health care provider actually the complaint was filed before the rules became effective which was kind of funny um but i've already seen complaints and i think it's going to be a new area of litigation that you're going to see a lot of activity in and you're going to see a lot of i think companies trying to get patients and in your case employees to file complaints on this so one thing to think about with the preventing harm exception from a practical standpoint again is that overlap with other laws so for example if you have a occupational health or you're providing primary care on site in indiana and there's mental health records involved and you think that the mental health records need to be withheld from the patient you have to comply with the information blocking rules but also indiana's law on mental health records and under that law you have to determine for good medical cause upon the advice of a physician that the information would be detrimental to the health of the patient and so you know unlike the information blocking rules where you just have to be a licensed health care professional in indiana to withhold those medical records you have to get a physician opinion and so again it's all about those overlapping requirements and understanding what laws apply to you um you know you have to if you're a covered entity follow the procedures for denial to access um that are laid out and then under osha again another example of these overlapping laws osha has a standard in 1910 1020 e2 if you'd like to look that up that says whenever an employee requests access to his or her employee medical records and a physician representing the employer believes that direct employee access to those records regarding a specific diagnosis of a terminal illness or a psychiatric condition could be detrimental to the employee's health the employer can inform the employee the access will only be provided to that designated representative and so again another example of the information blocking rules osha state law and hipaa and how they all have standards that are just a little different so i think one you know complex thing here is going to be harmonizing all those standards and creating a really you know concise and clean policy that that pulls all those together for your clinic um other exceptions here and then we're going to get into some real life examples that we've been working through with clients the privacy and security exception so you can deny access to records if the restriction is required by and the denial is consistent with state or federal law so if your employee requests records but um you do not have to provide those let's say because they're eap records and they're governed by part two which is what governs substance use disorder records or there's a provision in osha that would allow you to deny access you may be able to deny that under the privacy risk exception here and i think that one you know it's going to take a while to see how this plays out from an enforcement perspective and and how these all are intertwined um security another one if the restriction is related to safeguarding the confidentiality of the ehi or there's a specific security risk that you believe could occur if you give access that's another reason you can deny access but again it has to be based on specific facts and circumstances and backtracking a little all of the exceptions it's an individualized determination based on every single request to access you really cannot do a blanket denial um for any of these every single time you've got to go back to the drawing board if you're going to deny uh and look at the individual facts um the next exception we're going to talk about is in feasibility and health i.

t performance so in feasibility um if you are going to deny access maybe because of an uncontrollable event your natural disaster your war your terrorism or probably more common here is an internet service interruption so this may not be something where you deny records you know forever but it may be the patient or employee calls wants the records immediately and your internet is down the portal is down you can't get to them so it's a temporary denial another one though is the inability to segment electronic health information so um maybe you can't segment the part of the records that would be detrimental to the physical safety of the patient because they're intertwined in the report that that primary care practitioner created you could potentially withhold all the records health i. t performance is another one if the health idea is temporarily unavailable in order to perform maintenance or improvements there's an exception for that but it must be for a period of time no longer than necessary and there's additional requirements restrictions there for the health it developer okay moving on so kenji did a nice job of framing this um the response here so when we think about the information blocking exceptions we talked about how you can deny but then we also talked about how you have to fulfill a response and so under the information blocking rules you must promptly respond to the request there can be no unnecessary delay and i think this is going to be a tricky one for providers and employers and the reason again is that overlapping requirement and so under hipaa for example a covered entity a health care provider that is a covered entity has up to 30 days to respond to a request from a patient but under the information blocking rules you really need to immediately respond um unless there's a reason to deny access and so even though that physician may be able to wait uh 20 days under hipaa they can't under the information walking rules and same with osha again another example of these overlapping requirements under osha you're supposed to provide access within 15 days and if that's not possible then the employer within that 15 working day period has to apprise the employee or the designated representative requesting the record of the reason for the delay and the earliest date when the records can be made available so again really harmonizing all these requirements is going to be you know a big job okay content and manner talking a little bit more about this so um the manner you have to provide the records in the um manner requested under the information blocking rules and so if you were able to upload those records via a portal or send them via email and that's what the patient wants you cannot send that patient a box of their records that would be information blocking however if you cannot fulfill the request in the manner requested there are alternatives under the information blocking rules to fulfill that request using a certified ehr or other alternative machine readable formats and fees again kenji i was really excited to see your poll on that one you set that up nicely so you cannot charge for electronic access to ehi just do not do it and i noted here um just knowing the audience is that's similar to osher's requirement that records um need to be provided without cost to the employee upon the initial request and there's some other exceptions there um you know under all the different regulations but that is absolutely a best practice um you know if the employee says i want paper records and it's five boxes and there's um time spent on copying and mailing you know i think that's a bit of a different situation but any electronic access you should not be charging for and the content um the contents of the response must be based upon the request you cannot try to artificially limit that request or not respond fully unless that exception applies okay let's move on to some hot topics here okay so routine lab results and test results this is the number one issue i think that we get questions about and that we're dealing with so the information blocking rules do not require a health care provider to proactively make the ehi available but once a quote-unquote request is made you have to timely respond to that and what's tricky here is that onc has not stated what a request is so you know a good example is i get blood drawn at the doctor and i tell the um you know person drawing the blood or i tell the receptionist on the way out that i want those test results as soon as possible and so if that's the case the provider whether it's the physician nurse whoever has to push those results out as soon as they have them and what this could mean and this has been acknowledged by onc is that you are going to have patients or employees that may be getting test results or lab results prior to the ordering provider seeing and interpreting those results under the information blocking rules you cannot have a blanket delay of several days that allows the provider to first review test results so if a request is made we can't wait 10 days to allow the provider to review those results before giving them to me unless an exception applies one exception that could apply is the preventing harm exception and what onc has said about this is that um you know that physician is already going to have a nurse you know whoever is already going to have a relationship with the patient and so they should proactively determine whether there is a risk of harm that meets that exception document it and that will then allow you to delay the results in order to allow the provider to review them but again you have to strictly comply with that um two important things um moving on psychotherapy notes so we talked about what type of health records are included according to the information blocking rules but two types of records that are not included are psychotherapy notes is defined in hipaa so notes by a mental health professional that are kept in a separate file from the regular records and the second type is records compiled in anticipation of litigation so one of the things that kenji talked on was there's a lot of hr implications here when you think about not just the information blocking rules but um osha record rules and rules under the ada and the eeoc about employer access to examinations but one of those things is if it is documents prepared in anticipation of litigation it is not subject to these rules mental health records we talked a little bit about the example of the difference between indiana law and the information blocking rules as far as that preventing harm exceptions so those are a really really sensitive type of record you need to think about um substance use disorder records so i bring that up here only because of the issue of the eap programs if you have an eap program that provides substance use disorder treatment and holds itself out as doing that it may very well be subject to 42 cfr part 2 which is substance use confidentiality requirements for the sud records and you know just remember that the information blocking rules don't replace part 2 or any other law they just all go hand in hand uh the last two things i'm getting a ton of questions on one of those is clinical notes and so what onc has said about that is that draft clinical notes are examples of data points that may not be appropriate to disclose if there's a request for access but if such notes are used to make clinical decisions they would fall under the designated record set and be included in the ehi you have to produce and so you know really i think the question i'm getting a lot is i just want to document progress notes to remind myself you know is what the physician or nurse may think and i don't ever want the patient to have access to those well that doesn't really work anymore um it doesn't work under hipaa's right to access and now it doesn't work under the information blocking rules so if those progress notes are part of the record and you're making clinical decisions i mean they have to be included in that request for access and the last one is the hipaa authorization i'm just going to touch on this briefly especially knowing how many health care providers we have on the call and for those that are hipaa covered entities maybe they're running a primary care clinic on site and billing for that the information blocking rules also touch on the hipaa authorization issue so if you have a patient bring in a hipaa authorization that maybe actually isn't compliant with hipaa you know they pulled it off the internet it doesn't meet the strict requirements of hipaa you cannot just deny access anymore now under the information blocking rules you have to make sure the patient gets a hipaa compliant authorization um in order to release those records so again just that overlap there so um what now right i mean this is overwhelming it's overwhelming i think to attorneys to healthcare providers um so what do we do one work with your ehr vendor and i put enterprise health up here because i know that they have worked very very hard to understand the 21st century cures act both on the health i. t side um due to the certification but also you know the information blocking rules and how they can really assist um health care providers in compliance and so work with your ehr vendor whoever that may be review and update your policies you may need a new policy or you may need to amend current hipaa policies or osha record keeping policies uh provider and staff training is key you know your frontline providers and staff are the people who need to understand this just as much as the administrators and back office support there because when that patient leaves the clinic and tells the nurse or tells the receptionist or the physician hey i want those lab results as soon as possible that needs to somehow get to whoever is handling requests of information especially if you are not proactively pushing results out on a patient portal and then lastly monitor onc and osha updates and guidance again we are waiting to hear from osha on this i i don't know whether they will speak out on this um and i actually attended an onc webinar and asked about the applicability of these rules to occupational health providers and in the occupational health sector and and there was no response on that so keep monitoring updates and guidance and again the resource guide our page we're going to give you after this presentation we'll have links there where you'll be able to go back and check for updates okay and if you have questions i know we're going to have questions at the end but also feel free to email me or you know reach out happy to chat with any of you and then just like kenji i have my standard disclaimers at the end of the powerpoint okay thank you great thank you very much uh appreciate it our final panelist is emily mccomb and emily's responsible for customer success in enterprise health she leads our account management and application support teams so she's going to touch briefly on some of the capabilities of the enterprise health application to support sharing information with employees thanks jeff so using the employee portal many of our customers actually have already kind of started down this road of making some configuration changes i will say for our enterprise health customers on the line who are curious about what your colleagues who use eh are doing most of them are taking a proactive approach rather than on a one-off basis per request sharing information only as requested most are wanting to automate this and so we've been working with some of our customers to kind of fine-tune what those automations look like and we'll talk about that a little bit more here in a moment there is a lot of flexibility around those controls and what is shared so that you do have the ability to sort of blanket rule out certain things like case management notes and such and we'll talk about that again in a moment and then for those of you who are not familiar with the employee portal it does work great on a desktop or mobile device so you do have some flexibility there and how your employees are accessing that i know for many of you who work with unions cell phones are out of the question so there are kind of non-mobile application options for you also so on the employee portal we do have two primary ways that we are helping our customers satisfy these requirements the first is through the message center and the message center is essentially a collection of documents that come directly from the patient's chart so for enterprise health employees this will be quite familiar to you you may have documents such as clinical summaries from your visits um proof of vaccination which is becoming all the more popular these days lab results and such and when the um documents become available on the employee portal you can see from the last screen here there was an inr on this example of this test chart here um this is made available to print or to view and then the employee can follow up as needed you're going to see i did this intentionally this goes back to clear back to 2010 you will have some control on what you would like to show here if you would like to cap um some of that information sharing you certainly can stephanie when we get through q a i would love to know your thoughts on you know for employers taking a proactive approach if you have any recommendations on how far how far back they should be proactive i'd love to hear those thoughts from you um but an employee can you know get this information in a proactive fashion where when a new test result or imaging report or something like that is put on their chart it can be made available automatically on the portal without a physician or clinician review the next area we're going to look at is the my medical information section part of what you'll need to consider is that yes visits visit summaries are important lab results imaging reports that type of thing those are those are certainly important but routine information like their immunization history allergies medications those can all be called into question as well and things that an employee could request and under the my medical information tab we have a few different configurations of this the option that i'm showing you here shows kind of the basics immunizations allergies meds and conditions and it shows it to you here in a completely view-only format so the employee can see what is on file for say their medication history they're taking a daily aspirin they can't interact with this they this data though excuse me um but we do have an interactive version where they can actually modify the information that's out here so they can keep their medical records up to date between visits with you if you want that option and you'll have that option kind of per section as it is so if you want them to be able to you know disclose that they've had a covet vaccine but you don't necessarily want them to modify their medication history you have an option per section to be able to let them modify that that certainly doesn't speak to the information sharing side of things but as you use this to leverage patient engagement and employee engagement that might be something that you would want to consider there are good questions coming in from the qa so i think we'll open it up um for for these folks here and i'm sorry jeff i'm gonna have to stop sharing my screen to get back to the qa which i'll help moderate here um first one's from tammy great question and um she asks are you required to provide drug screen results um so that's the first question just kind of two in here um specifically asking drug screen results paid for by the employer definitely or stephanie i'll have stephanie go and then i can chime in what practices are because i'm not sure what the what's the legal ramifications for that yeah okay sorry i was muted um can you hear me now yeah yep okay perfect yeah so this is a completely lawyerly answer it depends but let me try to go into that a little more so we've run into this issue let's say the employee goes to a med check clinic to get a drug screen right or goes to an outside provider to get a drug screen the issue you're going to have there and that we've seen is those providers um have their own obligations to provide access to uh the results uh to the patient so you know that whoever is doing it may be subject to the information blocking rules or maybe subject to some other law that would uh require allowing access such as hipaa so unless there is a law that says you do not have to give access then um then i think you would have to um but i think the drug screen is going to be a really tricky one there because there are certain situations where you do not want to have to give access um another example we've dealt with for health care systems a lot is diversion of drugs so we'll you know say the nurse or physician is caught diverting drugs if they are drug screened but it is part of the hr process you know and i think under the information blocking rules you could argue that was done in anticipation of litigation and outside of the health records um so maybe in that situation you want it so i think it's pretty fact um sensitive there kenji any other thoughts yeah i think this is very state specific too especially if you're an employer that has a department of labor-based drug screening program a policy that's required for example in maine you're required to have a policy that's passed by the department of labor in order to have a true drug screening policy within your workforce so and it stipulates there too what the results go how's it presented how it needs to be offered to the employee and the employer so i would say you know it depends as well and that and more so where your jurisdiction is and whether you have a other jurisdictional agency oversight as well so that's the reason why i asked that calling is 50 50 because it really depends and it's challenging too because i haven't seen any really good electronic uh chain of custodies even because some people won't want to see whole that whole system and sometimes you i've seen it stand in the charts the same way you know some of that needs to be parsed out because that's not medical records per se it's actually more um based on processes and whatnot that doesn't need to be part of that medical record so we have to be careful what's you know what's in the chart when it's scanned and haphazardly great thank you both question from alicia this came earlier in the presentation i believe stephanie before you started your presentation she asked given that the legislation is finally being treated as in effect despite it technically being enacted previously are there fines being issued for violations at this point yeah so um two-part answer there one um i want to address under hipaa hipaa um the office for civil rights which is the regulatory authority that enforces hipaa is on a roll on a right to access issue they have now i think entered into their 17th or 18th settlement agreement and enforcement action with health care providers that do are not providing access to patients so um you if you do not provide access and you are a hipaa covered entity or if you do not provide it under the osha regulations that we cited you know you can get fined by those two entities from an onc perspective under the information blocking rules they just just went into effect on april 5th and so we have not seen any enforcement action there yet and actually i think from a health care provider perspective um they have not finalized what those fines are but honestly i would need to double check on that and the um amended rules that came out a while back i know on the health i.

t developer side they have finalized those signs and penalties and they're hefty so um again i think enforcement is going to be my guess a ways out on this just because since it just went into effect you're just now going to start getting complaints and with the investigation process and the fact sensitive inquiry it'll be interesting to see when the first one actually uh comes out and i would just add that from certainly from a health i. you