21st Century Cures Act and Patient Data

In March, the HHS Office of the National Coordinator for Health Information Technology (ONC) issued new rules to prevent health care providers, developers of certified health IT, and others in the healthcare industry from engaging in activities that block a patient’s access to their electronic health information. Building on the 21st Century Cures Act, these new regulations will further help improve patient access to electronic health information. The 21st Century Cures Act was signed into law on December 13th, 2016. The original compliance date was set for November 2, 2020, but HHS moved the date to April 5, 2021.

The information blocking regulations apply to nearly all health care providers (doctors, dentists, therapists, practitioners) and others who maintain health information. In general, as a health care provider, if you intentionally interfere with a patient’s requested access, exchange, or use of electronic PHI, it could be considered information blocking. The rule provides examples. Guidance on how they will enforce this rule has not been published yet. The purpose of the ONC rule and the rule published on the same day by the Centers for Medicare & Medicaid Services (CMS) is closely related to the OCR’s current Right of Access Initiative. The OCR has issued 9 enforcements related to the patient’s right to access their PHI since September of 2019.

While this is not an amendment to the HIPAA regulations, a lot of cross-references to HIPAA requirements are made. Most of the standards must be met by IT developers much like the EHR certification requirements.

As with most rules and regulations, there are exceptions. TMC will be publishing a series of articles over the next several months to help clarify the rules before the April 5, 2021 compliance date.