Choosing the Right EHR Can Safeguard You Against Cures Act Penalties
Digitizing patient records has become a convenience and necessity. To encourage the adoption of Electronic Health Records (EHRs) and ensure the secure sharing of Electronic Health Information (EHI), the 21st Century Cures Act (CURES Act) was enacted in the U.S. While the Act offers many benefits, it also carries penalties for non-compliance.
What is the CURES Act?
The CURES Act is a significant piece of legislation in the U.S. that was signed into law on December 13, 2016. It aims to balance the need for faster medical innovation with maintaining rigorous safety and efficacy standards to protect patients.
Key Aspects of the CURES Act:
- Medical Research Funding- provides increased funding for the National Institutes of Health (NIH) to support biomedical research.
- FDA Approval Process- streamlines and modernizes the approval process for drugs and medical devices, aiming to bring new treatments and innovations to patients more quickly while maintaining safety standards.
- Mental Health and Substance Abuse- includes provisions to enhance mental health services, combat the opioid epidemic, and improve access to substance abuse treatment programs.
- Health Information Technology (HIT)- promotes the use of HIT by encouraging the development and adoption of interoperable EHRs and HIT standards.
- Innovation and Regulatory Reform- promotes innovation in healthcare by removing regulatory barriers and providing incentives for developing new therapies, particularly in regenerative medicine and antibiotics.
- Patient Access- includes measures to improve patient access to healthcare data, promote telehealth services, and enhance patient engagement in healthcare decisions.
- Antibiotic Development- encourages the development of new antibiotics to combat antibiotic resistance, a growing public health concern.
- Rare Diseases- contains provisions to support research and development for treatments for rare diseases.
The CURES Act and Information Blocking
Information blocking became more prominent with the passing of the CURES Act. Information blocking refers to practices by health information technology (HIT) developers, exchanges, networks, and healthcare providers that unreasonably limit the access, exchange, or use of electronic health information (EHI). These practices hinder the ability of authorized individuals, such as patients, healthcare providers, and other authorized entities, to access and share essential health data.
Why is Information Blocking a Concern?
The Cures Act includes penalties for those engaging in information-blocking practices, so agencies must comply. Healthcare providers, health IT developers, and organizations participating in such practices may face financial penalties and potential exclusion from federal healthcare programs.
Information blocking practices can take various forms, including:
- Refusing to Share Information
This occurs when a healthcare provider or HIT vendor refuses to share patient health records or other relevant health information with authorized individuals or entities, such as patients themselves or other healthcare providers.
- Charging Unreasonable Fees
Some entities may impose excessive fees for accessing or exchanging health information, making it financially burdensome for patients or healthcare providers to obtain the necessary data.
- Technical Interference
Information blocking can involve technical measures to impede data sharing or exchange, such as implementing non-standard data formats or network protocols that make communicating between different systems difficult. - Privacy and Security Misconceptions
Some entities may incorrectly interpret privacy and security regulations as reasons to withhold or limit data sharing, even when the sharing is legally permitted and necessary for patient care.
- Delaying Information Sharing
Deliberate delays in accessing health information can also be considered information blocking. For example, unnecessarily delaying the release of test results to patients or healthcare providers can negatively impact patient care.
What is an EHI?
EHI is the digital representation of a person’s health information, medical history, and clinical data. It encompasses a wide range of health-related data stored and transmitted electronically. It’s also a crucial component of modern healthcare because it enables the efficient and secure exchange of patient information among healthcare providers, facilitates clinical decision-making, and supports patient-centered care.
EHI can include but is not limited to:
Electronic Health Records (EHRs) - Digital records of a patient’s medical history, including diagnoses, treatments, medications, laboratory results, imaging reports, and more.
Clinical Notes - Electronic versions of physicians’ notes, progress notes, and other documentation related to a patient’s medical care.
Medical Images - Digital images such as X-rays, MRIs, CT scans, ultrasounds, and associated reports and interpretations.
Medication Records - Information about a patient’s prescribed medications, dosages, and administration instructions.
Laboratory Results - Digital records of blood, urine, genetic tests, and other diagnostic tests.
Immunization Records - Records of vaccinations and immunizations received by a patient.
Allergies and Adverse Reactions - Information about a patient’s allergies, intolerances, and adverse reactions to medications or treatments.
Patient Demographics - Personal information such as name, date of birth, address, contact details, and insurance information.
Appointment Scheduling and History - Electronic records of past and upcoming medical appointments and scheduling information.
Healthcare Provider Communications - Digital communications between healthcare providers about a patient’s care, including secure messaging and email.
Telemedicine Records – Records of telehealth or telemedicine consultations, including audio and video recordings, if applicable.
Healthcare Billing and Claims Data - Information related to healthcare billing, insurance claims, and financial transactions associated with medical services.
What is NOT an EHI?
What is not considered EHI typically includes non-medical or non-health-related information:
Non-Medical Personal Information - Information unrelated to an individual’s health, such as their social security number, driver’s license number, or other personal identification information.
Non-Health-Related Financial Data - Financial information that is unrelated to healthcare.
Non-Medical Communications - Personal or business emails, text messages, or other electronic communications that do not pertain to healthcare or medical care.
General Personal Data - Information like a person’s educational history, employment records, and personal preferences, unless directly relevant to their healthcare decisions or medical treatment.
Non-Healthcare Legal Documents – Documents such as wills, contracts, or legal correspondence that are not directly related to a person’s healthcare.
Non-Healthcare Research Data - Scientific data unrelated to a patient’s medical history or clinical care.
Social Media Activity - Social media posts, comments, and other interactions on platforms like Facebook, Twitter, or Instagram, even if they may contain health-related discussions.
Non-Clinical Administrative Data - Administrative data unrelated to healthcare management, such as office supply orders or facility maintenance records.
Does Information Blocking Apply to Me?
Information Blocking rules apply to mental health care providers, health IT developers, and health information networks:
Health Care Providers
- Physicians
- Hospitals
- Pharmacies
- Laboratories
- Group Practices
- Ambulatory Surgical
- Centers
Click here for a complete list
Health IT Developers
An individual or entity other than a healthcare provider that self-develops health IT for its own use develops or offers health information technology for EHRs and other health IT software applications.
Health Information Networks
An individual or entity that coordinates access, exchange, or use of Electronic Health Information (EHI), primarily between or among a particular class of individuals or entities or for a limited set of purposes.
How the Right EHR Can Protect You
- Compliance with Cures Act Standards: The correct EHR system will adhere to the standards and requirements set forth by the Cures Act. It will ensure that EHI is shared securely and without unnecessary delays, reducing the risk of information-blocking penalties.
- Interoperability Capabilities: The Cures Act centrally focuses on interoperability. An EHR system that supports seamless data exchange with other healthcare providers and systems enhances compliance efforts and promotes the sharing of vital patient information across different platforms and organizations.
- User-Friendly Design: Complex or cumbersome EHR systems can lead to unintentional information blocking. A suitable EHR will be user-friendly, reducing the likelihood of errors or delays in sharing EHI.
- Data Privacy and Security: The Cures Act strongly emphasizes protecting patient data. A compliant EHR will prioritize data privacy and security, helping you avoid penalties for unauthorized access or data breaches.
- Patient Engagement Features: Engaged patients are more likely to request their EHI, a key Cures Act component. An EHR that facilitates patient engagement, such as secure patient portals, empowers patients to easily access and share their health information.
- Comprehensive Documentation: Proper documentation of data-sharing activities is essential for compliance. The right EHR system will provide robust documentation features, ensuring you can demonstrate your compliance efforts when necessary.
- Regular Updates and Support: Healthcare regulations can change, and EHR systems must adapt. Choosing an EHR vendor that provides regular updates and ongoing support ensures that your system remains compliant as regulations evolve.
Ready to Make the Switch?
A compliant EHR, like PIMSY EHR, will help you comply with the law, improve patient care, streamline operations, and ultimately shield you from information blocking and the associated penalties.
Click here to learn more about PIMSY and compliance, or watch a webinar.