We are proud to announce the publication of "Patient information access automated with the Cures Act" in the May issue of Compliance Today Magazine. The following is an excerpt from Kelly's article, and can be either read online in its entirety, or can be downloaded below.
United States healthcare professionals and patients stand upon the cusp of unprecedented, burdensome regulatory changes that will affect automation and how we manage access to patient information while maintaining privacy and security. The 21st Century Cures Act (Cures Act) information-blocking and interoperability regulations are complex, unprecedented, and intertwined with the HIPAA rules. However, diligence in studying the new rules, the government’s online guidance, and educational materials such as this article will provide clarity for healthcare providers on how to implement and what automation technology may be used to relieve some of the burdens.
Regulations spur change
The Cures Act from Office of the National Coordinator for Health Information Technology (ONC); Centers for Medicare & Medicaid Services (CMS) final rule; the expected HIPAA final rule; the Coronavirus Aid, Relief, and Economic Security Act; and 42 C.F.R. Part 2 (substance abuse) rules will significantly affect how we manage electronic patient health information. We have a fair amount of guidance and new tools developed, like the Trusted Exchange Framework and Common Agreement, a sample health information exchange trust agreement issued by governmental regulators. However, we have almost no professional practice to learn from, and vendor stakeholders are only now getting their updates and certifications implemented. Therefore, best practice development will follow and will probably take a few years to mature.
Rarely have standards and protocols been published by the government mandating the use of specific healthcare automation approaches to promote access to and exchange of patient information. The 21st Century Cures Act refers to persons and companies subject to those rules as “actors,” reflecting a wider scope of parties that can or must access and exchange patient health information. Such access and exchange will become much more commonplace among not only HIPAA entities (e.g., providers and payers), but also non-HIPAA entities such as personal health, mobile health (e.g., smartphone based), and related digital apps, along with innumerable other third parties and their applications that have a stake in healthcare processes involving patients, providers, and payers.
Copyright 2022 Compliance Today, a publication of the Health Care Compliance Association (HCCA).