medical record
Rules & Regulations

Patient Access to Health Care Records: What the Cures Act Does & Doesn't Mandate

Samuel A. Collins

The good news for you and other acupuncturists who currently do paper records only is that the stipulations in the Cures Act do not affect you, as the act does not outline requirements for electronic access to paper records. This act specifies that clinical notes collected in an electronic format must be made available in that format and made available free of charge to patients. Practices may continue using paper charts, so if you do not use electronic records, then the 21st Century Cures Act likely has little impact on your practice.

The concern that led to the Cures Act (the act itself passed in 2016, but only recently underwent final regulatory rule-making – implementation of which was subsequently delayed until now due to the pandemic) is for health care providers not to be "information blockers." As described in the definition above, information blocking relates only to electronic records. Since you are not using electronic health records, you wouldn't be information blocking or in violation of the Cures Act by not having records available via electronic format, as you do not maintain them in that form. (However, if you plan on migrating to EHR in the near future, you will want to know this information beforehand.)

How Is This Act Any Different Than HIPAA?

The 21st Century Cures Act is different from HIPAA in that it covers not just patient data access – which in some cases could start and end with a copy of the patient's health records; but also clinical notes. In essence, the Cures Act is putting into action widespread "OpenNotes," the health data philosophy that all patients should have access to the notes their clinicians take during health encounters.

This requirement is different from those indicated in the HIPAA Privacy Rule because it requires patients to have immediate access to their digital data, such as via a patient portal. The eight (8) types of clinical notes that must be shared are outlined in the United States Core Data for Interoperability (USCDI) and include:

  • Consultation notes
  • Discharge summary notes
  • History & physical exam notes
  • Imaging narratives
  • Laboratory report narratives
  • Pathology report narratives
  • Procedure notes
  • Progress notes

Exceptions are psychotherapy notes or records compiled in reasonable anticipation of or use in a civil, criminal, or administrative action or proceeding.

Under this new rule, clinical notes must be shared by health systems as of April 5, 2021, and shared with a patient's third-party application ("app") that may be downloaded to a smartphone or other device by Oct. 6, 2022. There are some exceptions to the patient data access rules, but by and large, all health care providers, health information exchanges and certified health IT developers must comply with the law.

How to Ensure Compliance

Providers must be in contact with their EHR vendor as to how this access is being made. I would assume most vendors are aware of this rule, but as the holder of patient health information and records, it is the provider's responsibility ultimately. Make no assumptions about your system and clarify how your system will be able to comply. There is no acupuncture provider exception; if you utilize electronic health records, the rule applies to you.

Is "Information Blocking" Ever OKay? Some Important Exceptions to the New Rule

The following is a summary of the circumstances under which you could not allow a patient access to their electronic records:

Preventing Harm Exception: It is not information blocking to engage in practices that are reasonable and necessary to prevent harm to a patient or another person, provided certain conditions are met.

Security Exception: It is not information blocking to interfere with the access, exchange or use of electronic health information (EHI) to protect the security of EHI, provided certain conditions are met.

Infeasibility Exception: It is not information blocking if a provider does not fulfill a request to access, exchange or use EHI due to the infeasibility of the request, provided certain conditions are met.

Health IT Performance Exception: It is not information blocking to take reasonable and necessary measures to make health IT temporarily unavailable or to degrade the health IT's performance for the benefit of the overall performance of the health IT, provided certain conditions are met.

Content and Manner Exception: It is not information blocking to limit the content of a response to a request to access, exchange or use EHI, or how you fulfill a request to access, exchange or use EHI, provided certain conditions are met.

Fees Exception: It is not information blocking to charge fees, including fees that result in a reasonable profit margin, for accessing, exchanging or using EHI, provided certain conditions are met.

Licensing Exception: It is not information blocking to license interoperability elements for EHI to be accessed, exchanged or used, provided certain conditions are met.

Note that each of these exemptions states specifically that certain conditions must be met. This summary above does not provide all that detail. Before making a denial for an information request, be sure to research and fully understand the requirements of the exception.

Shouldn't Health Insurers Have a Similar Requirement?

One final thought: Overall, the new rule is a good thing for consumers (patients), but I suggest health care providers should push for a similar act mandating that insurance providers provide a portal with clear and detailed information about what a plan does and does not cover, and what it would pay, so the consumer (and provider) can make a well-informed choice of care.

Editor's Note: Have a billing question? Submit it to Sam via email at sam@hjrossnetwork.com. Submission is acknowledgment that your question may be the subject of a future column.

June 2021
print pdf