Roll back the curtains and cue the drumroll because it’s the moment we’ve all been waiting for… the 21st Century Cures Act is finally making it’s big debut. The newest legislation directed by the Office of the National Coordinator for Healthcare Technology (ONC) is officially effective on April 5, bringing several advancements to healthcare and technology that are sure to live up to the hype. So if you’re a healthcare provider and you use any sort of healthcare application, we hope you have your popcorn ready because this one’s for you!
So let’s take it from the top – what even is the 21st Century Cures Act?
The HITECH Act and more recently the HIPAA Safe Harbor Law have already set the stage, providing legislative requirements that put technology and healthcare in the spotlight. But the Cures Act goes one step further as the sequel to these health IT related laws, outlining how practices and healthcare app developers can overcome the balancing act of giving patients easy access to their electronic protected health information (ePHI) while still maintaining data privacy and security.
Ultimately, patients play the starring role in the Cures Act requirements. Getting the red carpet treatment to access their health records in the ways that they want to receive it – whether that be an app, another EHR, or similar electronic system. Having this ‘patients-first’ focus is at the center of HHS’s work toward a value-based health care system and enables:
- Transparency into the cost and outcomes of patient care
- Competitive options in getting medical care
- Modern smartphone apps to provide convenient access to their records
- An app economy that provides both covered entities and patients with innovation and choice
How does it impact me?
This star-studded set of legislation features a ton of improvements for healthcare and technology that you definitely don’t want to miss.
- The first enhancement, making data requests easier and less expensive to fulfill. As app developers create standardized application programs otherwise known as API’s, there is no extra staff time or money needed to be spent in providing records in alternate formats that require time consuming methods like printing or copying.
- Second, patients now have more of a choice in the apps they want to work with PHI on which means that they are more likely to access their data and use that information to improve health outcomes.
- The third and probably most important improvement – preventing information blocking. This addresses the deliberate blocking of information that should be shared with patients and other appropriate covered entities when there’s no reason not to share that information, which can ultimately prevent or delay proper treatment and ultimately reduces the effectiveness of patient care.
- It wouldn’t be a law if there weren’t some exceptions to the rule, and there are a few that apply to information blocking. While generally these exceptions are common sense, here’s the full list of what does and doesn’t qualify as information blocking to brush up on.
- And for the grand finale – the law improves patient safety by encouraging and promoting access to health data.
So now what?!
Wondering how this new law changes HIPAA requirements? Spoiler alert – it doesn’t. All of those HIPAA requirements surrounding data privacy and security, proper disclosure, and patient record access requests are still featured within the new legislation and should not be forgotten. Having a complete HIPAA compliance program in place is the groundwork for protecting patient data, and underscores what the Cures Act entails.
Now, if recent enforcement efforts haven’t given you enough of a preview, the government is a tough critic for noncompliance. So much so that in the latest round of HIPAA audit results, 94% of covered entities’ compliance efforts were rated as a total flop. So having a complete compliance program that meets all requirements (including the new ones we just covered) is key to keeping your practice out of the limelight of enforcement and avoiding an Oscar-worthy HIPAA fine.