Information blocking is a practice by a health care provider, health information network, or health information exchange that they know, or should know, will likely interfere with, prevent or materially discourage access, exchange or use of electronic health information. The Health Insurance Portability and Accountability Act (“HIPAA”) defines Electronic Health Information (“EHI”) as the electronic protected health information in a designated record set, regardless of whether the records are used or maintained by or for a covered entity.
The Cures Act is meant to comply with federal and state laws which grant patients a right to access their health information, by preventing information blocking. It gives patients a right to access health information that is maintained in their designated record set, including their medical records, billing records, and any other information used to make decisions about the patient.
As a healthcare provider, your primary goal is to remain in compliance with the Cures Act, which went into effect on April 5, 2021, by complying with a variety of laws governing patient access to health information, including HIPAA, state laws, the Promoting Interoperability Programs (“PI”), and the federal law governing substance use disorder treatment records, which may become confusing to a provider. The standard for providing the requested information is that the information is provided in the form and format the patient requests, but only if you are able to do so. This means you do not have to purchase other technology you do not already possess in order to comply with the patient’s requested form or format, such as a new patient records portal, if you do not already have it.
When there is a discrepancy between state law and federal law, the rule of thumb is that whichever law provides greater access to the patient is the rule you must comply with. For example, if a state law requires that physicians provide patient records to the patient within fifteen (15) days following a records request and HIPAA requires the physician to provide records within thirty (30) days following a request, then the provider must produce the records within fifteen (15) days, since the state law provides greater access to the patient. Denial of records requests may be acceptable if they fall under an exception found in the Cures Act, or if the requests are made by a third party, as those do not fall under the patient’s right of access under HIPAA.
Overall, the purpose of the Cures Act is to prevent information blocking by providing patients with greater access to their medical records.
The information included here is for informational purposes only, is not exhaustive of all considerations when creating documents, is not intended to be legal advice, and should not be relied upon for that purpose. We strongly recommend you consult with an attorney and do not attempt to create your own documents.