According to the Office of the National Coordinator for Health IT (ONC), the 21st Century Cures Act “supports seamless and secure access, exchange, and use of electronic health information.” The Cures Act also intends to better connect patients with their healthcare information. So what will the Cures Act mean for outpatient providers like pediatricians? What should a small practice do to prepare? Learn the answers to these questions to prepare your patients and practice for changes that will help keep pediatricians and patients connected in a busy world.
What is the 21st century Cures Act?
The 21st Century Cures Act (or just Cures Act) was signed into law in December of 2016. Its final rule went into effect on June 30, 2020, and while the law has a broad range of changes across the healthcare landscape, the sections pertaining to pediatric practices are outlined by the Federal Register and primarily pertain to information blocking (see What’s Information Blocking? below).
The Cures Act is intended to ensure that physicians use technology to offer and exchange electronic health information with patients efficiently, as well as offer patients their health data in situations where that data is available to use, exchange, and access. The Act also serves to advance interoperability, so that electronic health information can be shared between healthcare sources. For a closer look at the pediatric-specific provisions of the Cures Act, visit this summary, which also details the AAP’s stance on each regulation.
The Cures Act for Pediatricians: What to Expect
The requirements of the Cures Act for individual practices can be understood by taking a look at the entities responsible for each provision. To summarize briefly, the Cures Act enacts changes within the Advisory Committee on Immunization Practices (ACIP), the Food and Drug Administration (FDA), and the National Institutes of Health (NIH). These federal entities and committees would then pass relevant regulations into the health IT industry, EHR vendors, and finally, pediatric practices.
It is unprecedented that the Office of the National Coordinator for Health IT has expanded its reach beyond health IT vendors; this rule has three types of “actors”, health IT vendors, HIE/HINs, and healthcare providers. Pediatricians are answerable to the Centers for Medicaid & Medicare Services (CMS), who will enforce compliance of information blocking. The penalty structure is forthcoming from CMS.
It’s important to note that while the ONC Cures Act Final Rule is an active law, it is a large document of requirements which do not require compliance all at once. Here are the important dates for practices to note:
- April 5th, 2021: This is when the ONC’s Information Blocking provision goes into effect. We’ll cover Information Blocking in the next section.
- October 6th, 2022: Regulatory compliance around information blocking will be expanded to include all ePHI instead of only USCDI data.
- December 31st, 2023: Various requirements for certified health IT vendors will extend into 2023. Visit the ONC’s Fact Sheet to learn more.
The key idea for providers to know is that information blocking requirements go into effect on April 5th, 2021. These requirements will extend to all ePHI by the fall of 2022. As this is the provision physicians are subject to, let’s explore what the requirements for information blocking will be for pediatric practices in 2021 and beyond.
What to Know About Information Blocking
What is information blocking? Essentially, if a patient requests their healthcare data and you can share it but do not, this is information blocking, which is an unfair practice that blocks important data from patients or places unreasonable obstacles to their data. As such, information blocking is not allowed under the Cures Act’s provision. There are some exceptions which pediatricians should be aware of, such as if you cannot provide electronic data, but you can and do print and mail the requested data to the patient.
Information blocking is “a practice that…is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information,” unless such practice is required by law (e.g., HIPAA), or it meets an exception established through federal rulemaking.
Eliminating information blocking is a good thing -- it requires practices to respond to requests for electronic health information (ePHI) in a fair and consistent manner.
To learn more about information blocking, the first part of the 21st Century Cures Act that will affect your practice, we encourage you to check out our webinar, hosted by PCC’s Megan Maddocks. Megan covers definitions, dates, requirements, and the exceptions to the information blocking rule that pediatricians should know about -- learn more below.
Preparation and practice should be on every practice’s to do list. Now is a great time to review your HIPAA policy and practice policies about sharing your patients’ data. The Information Blocking rule requires written policies for the Preventing Harm, Privacy, and Security exceptions. These will complement your existing HIPAA-related privacy and security policies. For more information regarding the eight Information Blocking exceptions, please see this ONC Fact Sheet.
Before, during, and after revision, be sure to communicate what the Cures Act’s changes will mean for your practice. Everyone in your practice should learn to recognize what a patient request for data looks like, and the appropriate ways that information can be delivered privately, securely, and efficiently.
Compliance to the 21st Century Cures Act can sound complex and overwhelming at first, but PCC is here to support you during each step. Please take a few minutes to visit our webinar to learn more about information blocking.