Demystifying the 21st Century Cures Act: Healthcare Provider Obligations and Risks

Patient portals once offered limited information. But healthcare providers now use patient portals to make an array of information available to patients — from laboratory results and surgical reports to physician notes — to remain compliant with the 21^st Century Cures Act.

Healthcare providers sometimes struggle with the reality of being required to release tests and labs prior to their opportunity to review or discuss the results. However, the Cures Act prohibits “information blocking,” requiring providers to make those results available to patients immediately.

Explore your Cures Act obligations as a healthcare provider along with the risks necessary to remain in compliance.

What is information blocking?

Information blocking is referred to in a subsection of the Cures Act as a practice that prevents, materially discourages, or otherwise interferes with the patient’s right to access their electronic healthcare information.

Because of the legislation, the Office of the National Coordinator for Health Information Technology, (ONC) issued an extensive outline addressing the compliance mandates for information blocking. A complete copy of those guidelines can be found on the ONC website.

Under the longstanding rules of HIPAA, providers are given 30 days to provide a patient with access to their medical records upon receipt of a written request. Under the information blocking regulations, providers need to provide free access “without delay” to an expansive range of electronic personal health information to be compliant with the regulation.

Enforcement is expected to begin at the end of 2023, and those compliance checks will expose healthcare providers to potential disincentives.

What patient information must be shared?

According to the United States Core Data for Inoperability (USCDI), all clinical notes must be shared if the technology is currently in place. That list includes:

• Consultation Notes
• Discharge Summary Notes
• History and Physical
• Imaging Narratives
• Laboratory Report Narratives
• Pathology Report Narratives
• Procedure Notes
• Progress Notes

What are the top three risks of providing open notes access?

According to the American Journal of Medicine, clinicians’ concerns over providing access to open notes center around three main issues:

• The ability to communicate critical results before patient access
• Compliance with information blocking vs. privacy laws
• The task of uploading prior medical records contained

There are limited exceptions in situations where a patient may learn of critical test results through an online portal before the clinician has an opportunity to review those results and communicate with the patient.

Under the Cures Act Rule, there are exceptions about when information can be blocked or hidden from patient access on online portals. One exception allows for restricting portal access to a specific entry if they believe the patient may harm another person or themselves due to reading the information or if they need to protect the security of another person’s electronic health information (EHI). Detailed information on all exceptions is outlined by the ONC. The Final Rule itself only applies to records that exist in electronic form. Providers are not under obligation to upload paper files to portals.

On the positive side of the impact, based on a survey conducted by JAMA Network, seventy-four percent (74%) of clinicians surveyed regarding open notes felt it would lead to better patient care allowing for higher patient engagement and compliance. The ability to access private health information “without delay” through electronic health records will also address one of the highest reported complaints of patients according to NCBI — that patients feel they experience a significant delay in gaining access to complete information from providers.

Need More Resources?

Providers must review their concerns and be included in discussions on process changes and potential risk exposures evolving in the healthcare community. At LHA Trust Funds, we want to address [CD1] concerns the new requirements bring up and advise on areas that can lead to potential liability risks as healthcare providers navigate patient portal access.

Contact Director of Claims Operations Jamie Lamb at (225) 368-3817 or JamieLamb@LHATrustFunds.com to schedule a Cures Act presentation at your healthcare facility.

Disclaimer

This article is for informational purposes only and is not official technical or legal advice. The 21^st Century Cures Act and information blocking rule do not supersede any state law pertaining to privacy or data release. Healthcare providers should consult with their organization’s Health Information Management, compliance, legal, finance, and/or public relations experts and teams to find out how it applies to them.

Jamie Lamb, AIC, INC, SCLA
Director of Claims Operations

Jamie Lamb began her career in claims in 1997 and has obtained various insurance designations during her career. Her experience includes but is not limited to the management of complex claims in general liability, medical malpractice, excess coverage, and professional liability.

As the Director of Claims Operations, Ms. Lamb works closely with our members and our internal departments to assist with strategic goals and initiatives. She attended Evangel University in Springfield, Missouri, and Loyola University in New Orleans.