We recently conducted a webinar focused on helping covered entities untangle recent changes within the 21st Century Cures Act. Here are some highlights and insights from our key speakers.
The Cures Act was created to combat information blocking and permit patients' unobstructed and secure access to their healthcare records. Information blocking has been an ongoing issue as health entities needlessly withhold or complicate access to electronic health information (EHI) and thus create a major hurdle for nationwide interoperability.
Previously, electronic health information (EHI) was confined to records falling under the U.S. Core Data for Interoperability (USCDI) Version 1, limiting patients’ access to portions of their health records. As of October 6, 2022, EHI’s definition will be expanded to include all of the designated record set (DRS) as detailed in HIPAA. Under HIPAA, the DRS is a group of records maintained by or for a covered entity (CE). Under HIPAA Privacy Rules, patients bear the right to unrestricted access, upon request, to their EHI.
“The smaller facilities are really struggling to be able to meet some of this interoperability requirements as they just don’t have the resources or expertise.” – Debi Primeau
After October 6, any patient data included in DRS will be subject to the information blocking regulations. However, enforcements by the HHS Office of Inspector General (OIG) will not include penalties and disincentives until rulemaking is finalized.
Exceptions are permitted, but they carry strict guidelines. Jonathan Friesen, chief privacy officer at Geisinger Health System, suggested that CEs should “err on the side of providing access,” unless there is “reasonable belief that releasing that record will cause significant physical harm or death to the patient or another individual.”
Covered entities must clearly define their DRS for the October 6 deadline to preserve Cures Act compliance—and be sure not to confuse legal medical records with DRS. Though you may find some overlap, each contain unique data used for different purposes. Kelly McLendon, RHIS, CHPS, an HIM practitioner and thought leader for over 43 years, warned hospitals and larger organizations “that part of your designated record set may not reside within your EHR and that data, if they're electronic in format, are also subject to the regulation.”
Many covered entities are grappling with lack of interoperability that is needed to ready them for the Cures Act’s requirements. Communication with your EHR vendor is key to preserve compliance. This is particularly true for smaller organizations. Founder and president of Primeau Consulting Group, Debie Primeau, said, readiness may be a challenge for “organizations that may or may not be a part of a large Epic- or OCHIN-supported EHR vendor. The smaller facilities are really struggling to be able to meet some of this interoperability requirements as they just don’t have the resources or expertise.”
Compliance readiness for the October deadline should be on all covered entities critical priority list. Compliance is an essential underpinning for patient care, patient satisfaction and trust. And yet there is another consideration that isn’t often discussed: the potential to create business value that comes from the exchange of data. Genzeon’s GM of Healthcare, Harsh Singh, said, “This act is here for a reason, which is to enable that value creation to happen as more clinical data is shared and more data is accessible and available. There are better decisions to be made across care management, there are better decisions to be made at patient level for their own care. This interchange of data in a standardized format is important. More focus on compliance is one piece of it, but actually enabling the value creation, that comes with exchange of data. Let's not seek out the concept of minimum viable compliance, but really, truly go get the business value that's out there.”
Learn more and dive deeper into demystifying the Cures Act and how covered entities can prepare for the deadline: