Kusserow on Compliance: Physicians must comply with sharing patient information

Under the electronic health records (EHR) metric, The Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) (P.L. 114-10) requires attestations from doctors that they are not knowingly and willfully limiting or restricting their EHR’s ability to share information with providers that may have different record systems.  CMS has issued new guidance reminding providers of their responsibilities to promptly share medical information with patients and other clinicians, or else face financial penalties. The targets are providers participating in the Merit-based Incentive Payment System (MIPS) to comply with MACRA. The notice stated physicians will need to attest that they are not engaged in information blocking and that they give patients their data in a timely fashion. Many physicians and medical practices use vendors for their information management systems. They will now have to ensure their vendors enable them to comply with the information sharing mandates.

Under MIPS, providers become eligible for either bonus payments or penalties based on their performance, including evidence of quality improvement, cost reduction or maintaining current levels of spending; efficient use of EHRs; and clinical improvement activities such as later office hours and greater use of care coordination. The Prevention of Information Blocking Attestation has three related statements for MIPS eligible clinicians:

  1. They did not knowingly and willfully take action to limit or restrict the compatibility or interoperability of Certified EHR Technology (CEHRT).
  2. They implemented technologies, standards, policies, practices, and agreements reasonably calculated to ensure the CEHRT was connected and compliance with applicable law and standards for timely access by patients to their data and other health care providers.
  3. They responded in good faith and in a timely manner to request to retrieve or exchange EHR from patients and other health care providers.

CMS also stated that physicians would not be held accountable for things outside of their control, but must get adequate assurances from their vendors that they are able to comply with the information sharing requirements. On the other hand, physicians must take care that they don’t violate the HIPAA Privacy law for patient Protected Health Information (PHI).


Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.