The 21st Century Cures Act, passed in 2016, includes a provision requiring that patients can electronically access all of their electronic health information (EHI), structured and/or unstructured, at no cost beginning November 2, 2020.
The idea behind the Cures Act is a vision where a patient’s health information can move seamlessly between health plans and providers. It marked a huge shift in health care and information sharing.
The Cures Act’s information blocking provision defines information blocking as any practice that interferes with the access, exchange, or use of electronic health information (EHI). Going into full effect on April 5, 2021, the rule defines information blocking as any practice that interferes with the access, exchange, or use of EHI.
Health care organizations are required to provide open clinical notes as part of the 21st Century Cures Act and the Office of the National Coordinator for Health Information Technology (ONC) information blocking final rule.
The Cures Act’s information blocking provision initiated new thinking, new practices and lots of changes and adjustments.
It’s been more than six months since the Information Blocking Rule compliance deadline, and there are still open questions. “The Centers for Medicare & Medicaid Services (CMS) has not yet provided clarity about the potential penalties that could be imposed on providers for noncompliance, and the Office of Inspector General (OIG) has not finalized its proposed penalties for certified EHR vendors and health information exchanges.”
While many providers have implemented updated Application Programming Interfaces (APIs) for controlling the flow of patient data, others are still working to adapt and update their data-sharing practices to ensure compliance and patient data access. However, obligations, expectations, and information blocking enforcement mechanisms often remain unclear.
The interoperability plan relies heavily on APIs that operate on the Fast Healthcare Interoperability and Resources (FHIR) standard.
“Although the rule went into effect in April, healthcare organizations are not required to migrate to Fast Healthcare Interoperability Resources (FHIR) v4 APIs until December 31, 2022. The delayed timeline is meant to promote interoperability and give developers and providers enough time to comply and activate the updates.”
The ONC’s Cures Act Final Rule will require healthcare organizations to provide all health information to patients next year, with data flowing freely between providers. Currently data is sent from provider A to provider B, usually stored separately from patient data in the EHR.
Technical challenges within the API developer ecosystem are a high risk to patient privacy and security.
The Health-ISAC released new guidance to support provider organizations with the adoption of identity-centric approaches to data sharing and the implementation of identity solutions to keep electronic health information secure.
Clarity is essential to make electronic health data more accessible for patients or other entities as permitted by HIPAA. New rules and regulations transparency, as well as ease of access to patient data, are vital.