When it comes to medical care, both providers and patients have a big part to play in achieving a successful patient journey. Patients have historically been at a disadvantage in taking control of their medical care due to lack of access to and limited understanding of their personal health information. The 21st Century Cures Act aims to bridge that gap by encouraging interoperability in healthcare IT and giving patients and providers easier access to patients’ protected health information (PHI). The hope is that more accessible patient health information will lead to open communication and more successful health journeys.
SEE ALSO: HIPAA complaint email
What exactly is the Cures Act of 2021?
Signed by President Barack Obama in 2016 , the Cures Act has some wider general goals, like accelerated medical research as well as streamlined drug and medical device development. However, the legislation’s greatest business impact for healthcare providers is its requirements for more open exchange of medical information. These requirements encourage entities in the healthcare industry to adopt practices, technology, and interfaces that would ultimately make patients’ health information accessible, readable, and available through online patient portals and even smartphone applications.
The ONC Final Rule on the 21st Century Cures Act implemented provisions that are “designed to advance interoperability; support the access, exchange, and use of electronic health information (EHI).” These provisions most notably prohibit healthcare entities from engaging in what is referred to as “information blocking.”
What is information blocking?
According to the ONC Cures Act Final Rule’s definition, information blocking is any activity that could “interfere with access, exchange, or use of electronic health information (EHI).” This includes activities that:
- Restrict a patient, provider, or health IT from accessing, using, or exchanging health information.
- Make accessing, using, or exchanging health information unnecessarily complex or burdensome.
- Hinder health information innovation or advancement.
The rules against information blocking apply to a wide range of healthcare entities, including:
- Healthcare providers
- Healthcare IT developers
- Health Information Networks (HINs)
- Health Information Exchanges (HIEs)
Are there exceptions to the information blocking rule?
As with many rules, there are exceptions to the ONC Cures Act Final Rule when it comes to instances of information blocking. These exceptions must meet certain criteria and conditions, which are considered on a case-by-case basis when reported. Activities that block information could be exceptions if the refusal of access, use, or exchange of health information is due to one of the following reasons.
A request causes harm to someone, whether it’s the patient or another individual.
A request violates the HIPAA Privacy Rule that protects the patient.
A request breaches the security of health IT or protected health information.
Request is not feasible
Fulfilling a request poses practical and legitimate challenges, due to legal issues or limited technological capabilities, for example.
Improving health IT performance
A request is not fulfilled due to maintenance, upkeep, or upgrade of health IT.
What health information must be shared according to the Cures Act of 2021?
The Cures Act recognizes that healthcare entities may need some time to improve their ability to grant access, use, and exchange of electronic health information (EHI), so until October of 2022, only certain clinical notes must be shared in order to be in compliance with the legislation. For now, clinical notes that must be shared include:
- Consultation notes
- Discharge summary notes
- Imaging narratives
- History & physical
- Lab report narratives
- Pathology report narratives
- Procedure notes
- Progress notes
After October 5, 2022, the definition of EHI is much broader and goes beyond these eight classifications of notes.
The Cures Act of 2021 and HIPAA compliance
With the Cures Act of 2021 in full swing, it’s more important than ever to ensure that you are compliant in HIPAA regulations when you share medical records with patients. Make sure you are sending HIPAA compliant email with Paubox Email Suite. Once integrated, this email solution doesn’t change the regular email behavior for recipients or senders since emails are automatically encrypted and delivered to inboxes directly. There’s no password required and no portal to visit in order for patients to access your encrypted email messages. The transition to HIPAA compliant email with Paubox Email Suite is seamless since it integrates with Google Workspace, Microsoft 365, and Microsoft Exchange.