When it comes to medical care, both providers and patients have a big part to play in achieving a successful patient journey. Patients have historically been at a disadvantage in taking control of their medical care due to lack of access to and limited understanding of their personal health information. The 21st Century Cures Act aims to bridge that gap by encouraging interoperability in healthcare IT and giving patients and providers easier access to patients’ protected health information (PHI). The hope is that more accessible patient health information will lead to open communication and more successful health journeys.
SEE ALSO: HIPAA complaint email
Signed by President Barack Obama in 2016 , the Cures Act has some wider general goals, like accelerated medical research as well as streamlined drug and medical device development. However, the legislation’s greatest business impact for healthcare providers is its requirements for more open exchange of medical information. These requirements encourage entities in the healthcare industry to adopt practices, technology, and interfaces that would ultimately make patients’ health information accessible, readable, and available through online patient portals and even smartphone applications.
The ONC Final Rule on the 21st Century Cures Act implemented provisions that are “designed to advance interoperability; support the access, exchange, and use of electronic health information (EHI).” These provisions most notably prohibit healthcare entities from engaging in what is referred to as “information blocking.”
According to the ONC Cures Act Final Rule’s definition, information blocking is any activity that could “interfere with access, exchange, or use of electronic health information (EHI).” This includes activities that:
The rules against information blocking apply to a wide range of healthcare entities, including:
As with many rules, there are exceptions to the ONC Cures Act Final Rule when it comes to instances of information blocking. These exceptions must meet certain criteria and conditions, which are considered on a case-by-case basis when reported. Activities that block information could be exceptions if the refusal of access, use, or exchange of health information is due to one of the following reasons.
A request causes harm to someone, whether it’s the patient or another individual.
A request violates the HIPAA Privacy Rule that protects the patient.
SEE ALSO: Does the HIPAA Privacy Rule allow healthcare providers to communicate with patients through email?
A request breaches the security of health IT or protected health information.
SEE ALSO: Ransomware is more common in healthcare than you think
Fulfilling a request poses practical and legitimate challenges, due to legal issues or limited technological capabilities, for example.
A request is not fulfilled due to maintenance, upkeep, or upgrade of health IT.
The Cures Act recognizes that healthcare entities may need some time to improve their ability to grant access, use, and exchange of electronic health information (EHI), so until October of 2022, only certain clinical notes must be shared in order to be in compliance with the legislation. For now, clinical notes that must be shared include:
After October 5, 2022, the definition of EHI is much broader and goes beyond these eight classifications of notes.
With the Cures Act of 2021 in full swing, it’s more important than ever to ensure that you are compliant in HIPAA regulations when you share medical records with patients. Make sure you are sending HIPAA compliant email with Paubox Email Suite. Once integrated, this email solution doesn’t change the regular email behavior for recipients or senders since emails are automatically encrypted and delivered to inboxes directly. There’s no password required and no portal to visit in order for patients to access your encrypted email messages. The transition to HIPAA compliant email with Paubox Email Suite is seamless since it integrates with Google Workspace, Microsoft 365, and Microsoft Exchange.