The Cures Act: Empowering Patients

Implementation of the Cures Act is April 5, 2021.

The patient is at the center of the 21^st Century Cures Act. Putting patients in charge of their health records is at the center of the U.S. Department of Health and Human Services’ (HHS’s) work toward a value-based healthcare system. It is also the first step in transparency in healthcare information.

As outlined in the Act, patients need more power in their healthcare choices – and access to information is key to making that happen.

Nov. 2, 2020 was the original deadline for the implementation of the Act. This applicability date was changed to April 5, 2021, in light of the challenges associated with the COVID-19 pandemic.

In a nutshell, this legislation directs providers to cease all efforts of information blocking with respect to their electronic records, and to encourage and promote interoperability and allow for communication and cooperation with third-party application program interfaces. With respect to portions of the clinical notes, there appear to be certain exceptions, wherein physicians can block access to some items, including psychotherapy notes, HIV testing results, and any notes that, in a physician’s judgement, could cause harm to an individual.

For the American public as a whole, the Act promotes innovation in the healthcare technology system to deliver better information, more conveniently, to patients and clinicians. It also promotes transparency, leveraging modern computers, smartphones, and software to provide opportunities for the American public to regain visibility in the services, quality, and costs of healthcare.

Congress passed the Cures Act with the intent that we can start to unravel the obscure schemes that are so common in American healthcare today.

Enforcement of the information blocking regulations depends upon the individual or entity subject to enforcement actions. For health IT developers and health information networks, the HHS Office of Inspector General (OIG) is currently engaged in rulemaking to establish enforcement dates. For providers, HHS must engage in future rulemaking to establish appropriate disincentives, as directed by the Act.

According to the Act, the information blocking regulations do not require actors to have or use health IT certified under the Office of the National Coordinator (ONC) for Health Information Technology Certification Program. Actors subject to the information blocking regulations are not required to immediately upgrade their certified health IT as of the applicability date.

Following are a few of the FAQs available on the healthit.gov/curesrule to further clarify some of the confusion on what may be considered failure to fulfill the requirements of the Act:

When would a delay in fulfilling a request for access, exchange or use of EHI, be considered an interference under the information blocking regulation?
A determination as to whether a delay would be an interference that implicates the information blocking regulation would require a fact-based, case-by-case assessment of the circumstances. That assessment would also determine whether the interference is with the legally permissible access, exchange, or use of EHI; whether the actor engaged in the practice with the requisite intent; and whether the practice satisfied the conditions of an exception. Please see 45 CFR 171.103 regarding the elements of information blocking.

Unlikely to be an Interference
If the delay is necessary to enable the access, exchange, or use of EHI, it is unlikely to be considered an interference under the definition of information blocking (85 FR 25813).

For example, if the release of EHI is delayed in order to ensure that the release complies with state law, it is unlikely to be considered an interference so long as the delay is no longer than necessary (see also 85 FR 25813). Longer delays might also be possible, and not be considered an interference if no longer than necessary, in scenarios where EHI must be manually retrieved and moved from one system to another system (see, for example, 85 FR 25866-25887 regarding the manual retrieval of EHI in response to a patient request for EHI).

Likely to be an Interference
It would likely be considered an interference for purposes of information blocking if a healthcare provider established an organizational policy that, for example, imposed delays on the release of lab results for any period of time in order to allow an ordering clinician to review the results or in order to personally inform the patient of the results before a patient can electronically access such results (see also 85 FR 25842 specifying that such a practice does not qualify for the “Preventing Harm” Exception).

To further illustrate, it also would likely be considered an interference:

• Where a delay in providing access, exchange, or use occurs after a patient logs in to a patient portal to access EHI that a healthcare provider has (including, for example, lab results) and such EHI is not available – for any period of time – through the portal.
• Where a delay occurs in providing a patient’s EHI via an API to an app that the patient has authorized to receive their EHI.

Do information blocking regulations require actors (healthcare providers) to be proactive and make electronic health information (EHI) available through patient portals or other health information technology?
No. There is no requirement under the information blocking regulations to proactively make available any EHI to patients or others who have not requested the EHI. We note, however, that a delay in the release or availability of EHI in response to a request for legally permissible access, exchange, or use of EHI may be an interference under the information blocking regulations (85 FR 25813, 25878). If the delay were to constitute an interference under the information blocking regulations, an actor’s practice or actions may still satisfy the conditions of an exception under the information blocking regulations (45 CFR 171.200.303).

Are actors expected to release test results proactively, through a patient portal, or application programming interface (API or healthcare app), as soon as results are available by the ordering clinician?  
While the information blocking regulations do not require actors to proactively make electronic health information (EHI) available, once a request to access, exchange, or use EHI is made by a patient, actors must timely respond to the request (for example, from a patient for their test results). Delays or other unnecessary impediments could implicate the information blocking provisions.

In practice, this could mean a patient would be able to access EHI such as test results in parallel to the availability of the test results to the ordering clinician.

It appears that the information blocking criteria is based on whether the patient requested this information, versus whether it was readily available when there was no request in play.

Programming Note: Listen to Terry Fletcher report this story live during Talk Ten Tuesdays today at 10 a.m. Eastern.

Reference:

https://www.healthit.gov/curesrule/resources/fact-sheets