There are always lots of changes in the healthcare industry. The list of new government regulations never seems to end. One of the bigger changes that leaves a huge impact on healthcare is the 21st Century Cures Act (Cures Act) that is designed to prohibit information blocking and to advance the interoperable exchange of health information. It includes the Patient Right of Access rule.
The Information Blocking Rule may come into effect where an actor engages in a practice that imposes terms or conditions that are objectively unreasonable and, therefore, they amount to a refusal to provide access.
“The information blocking regulations have been in effect since April 5, 2021. Currently, the information blocking definition applies only to a subset of EHI. However, starting on October 6, 2022, actors will be subject to a claim of information blocking for the full scope of electronic health information (EHI), unless an exception applies or a law requires that the information not be shared.”
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has made enforcement of the Patient Right of Access rule a priority. OCR announced four enforcement resolutions at the end of March 2022 and has already engaged in 30 enforcement actions with fines and corrective action plans.
One of the most common reasons provider organizations are being cited is that healthcare organizations need to understand the term “Designated Record Set” (DRS). It’s vital to understand what constitutes the Designated Record Set in order to comply with the Patient Right of Access rule.
Often providers are having problems determining what the DRS includes and how to make it flow seamlessly from different systems.
According to Health Insurance Portability and Accountability Act of 1996 (HIPAA), a DRS is defined “as a group of records maintained by or for a covered entity, including medical records and billing records about individuals, enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan, and other records that are used to make health care decisions about individuals. Any electronic health data used to make health care decisions about an individual should be easily accessible to that person.”
HIM professionals play an important role in the release of information and in providing information about issues around patient access to records and compliance. Defining your organizations Designated Record Set prior to October 2022 is critical to ensure compliance with the Cures Act.
But many organizations are still operating without the expertise of a privacy, security or compliance officer who know how to implement policies that ensure compliance. As it’s such a complex process all covered entities must ensure compliance with the standards.
Hospitals and health systems need to take relevant steps now to comply with the rules and avoid OCR enforcement. Developing a practical compliance plan by analyzing recent actions is critical as OCR will surely continue to make patient access a main priority in the future.