New rules ahead for patient access to electronic health records

January 7, 2021
Under new rules for the 21st Century Cures Act, doctors of optometry will need to prepare for changes going into effect April 5. Doctors should check in with their health IT vendor in order to make sure they meet the new requirements.
New rules ahead for patient access to electronic health records

Is your practice ready for new measures empowering patients with greater access to their health records and expanding interoperability under the 21st Century Cures Act Final Rule?

The new rules hold the promise of increased clinical collaboration between doctors, allowing for informed and better health care decision-making. Providers must comply with the new rules by April 5.

Signed into law in 2016, the Cures Act is intended to push the pace of innovation of drugs, biological products and medical devices in order to empower patients. The new rules, published last year, implement a portion of the Cures Act regarding health information technology improvements.

According to the Department of Health and Human Services, the new rules are potentially “transformative.”

“The new rules support patients’ control of their health care and medical records through the use of smartphones and other applications to provide them with more transparency and choices in their health care,” says Karen Perry, O.D., director of professional relations for health care IT vendor Compulink Healthcare Solutions.

“The new rules also will benefit doctors of optometry by giving them greater access to patients’ records and the opportunity to collaborate with other providers in the treatment of patients,” Dr. Perry says.

In a Q&A, Dr. Perry talks about what the new rules will mean for doctors of optometry and their patients.

What is the current state of affairs when it comes to patients’ access to their electronic health information?

The health care landscape communication and interoperability are fragmented and lack cohesive interconnectivity between providers, hospitals, patients and payors. For example, when a patient requests his or her health record, a provider may require the patient to come into the office to sign a release. The intent of these new Cures Act provisions is to support patient care when and where it is needed by addressing health information technology needs across the continuum of care.

How is the final rule different than the Health Insurance and Portability and Accountability Act (HIPAA)?

The Cures Act Final Rule pertains exclusively to electronic health information and the access and exchange of that electronic data. That sets it apart from HIPAA, which covers paper, electronic and verbal data as protected health information.

How do the new rules address the fragmentation?

The Cures Rule is designed to provide patients and health care providers secure access to their electronic health information (EHI) and support the easy exchange of that information. Using secure, standardized technology, called application programming interfaces, the new rules will support interoperability or the exchange of health information—without “special effort,” according to the Cures Act—between providers’ choice of certified health technology, such as an electronic health record (EHR). Additionally, the Cures Act’s rules prevent any activity considered to be “information blocking” and establishes penalties for “actors” who engage in activities or practices that interfere with access, exchange or use of EHI. The rules apply to three types of health care actors: health care providers, certified health IT developers and health information network and health information exchanges. The Final Rule also outlines updates for the 2015 edition health information technology certification criteria and provides exceptions to the blocking of information definition created by the Cures Act.

What is information blocking and what kind of information will patients be able to access and share?

Section 4004 of the Cures Act specifies certain practices that could constitute information blocking, which the Final Rule says would restrict patients’ access to all of their health records. There are eight exceptions to the information-blocking rule, which gives clinicians some flexibility to protect patient privacy and security and where data interoperability is not technically reasonable. Health care providers will be required to provide patients access to all health information in their electronic medical records, free of charge. To support interoperability, the new rules indicate eight types of clinical notes that must be shared with patients: consultation notes, discharge summary notes, history and physical examination, imaging narratives, laboratory report narratives, pathology report narratives, procedure notes and progress notes.

How should a practice prepare for these changes?

It is important to understand your practice strategy and develop processes to alleviate possible challenges. For example, what would be your process if a patient requests their health information from an app not connected with your EHR? Consider these next steps to prepare for the changes:

  • Make sure your health IT vendor is prepared to support these requirements of the Cures Act rules.
  • Confirm that your vendor is working on certification under the 21st Century Cures 2015 update certification criteria and maintenance of certification requirements. Ensure your vendor is planning to offer supporting USCDI data elements and interoperability improvements in the C-CDA workflows
  • Verify that your vendor is planning to meet the requirements for API-based certification criteria and will be prepared to support your practice before the regulatory deadline of December 2022.
  • Check if your IT vendor has educational resources on the rules.
  • Review your practice privacy and security policy to ensure operations are outlined for patient information access requests.
  • Review the information-blocking exceptions to exercise these options when appropriate.
  • Develop a process of communicating the steps of how patients will request access to EHI.
  • Consider developing a policy for incoming reports from other health care providers. Consider workflows for lab and test results needing physician review prior to access.
  • Establish timeliness for the data being made available for access, exchange and use.

Learn more by reading this Q&A by the AOA.

Related News

Keeping the 'medicine' in telemedicine

COVID-19 accelerated telemedicine’s years-long sprawl in health care, and now experts ponder whether telemedicine’s emergency expansion can be rolled back—or if it’s solidified its place in the new normal. This raises the question: Where’s the line between technology as a tool for patient care and corporate profit?

Know your options

There are insurance options to help protect against malpractice claims, property damage, cybercrime and more. Find out what you need to protect your practice.

Doctors of optometry offer transition tips, whether buying or selling

From personal chemistry to hiring consultants, doctors list a number of considerations in a sale. Are you making plans for the future?