Big changes are coming to the 21st Century Cures Act next week, on October 6, 2022. You can read about the Cures Act and the October 6th changes in more detail here.
The main thing to know about the upcoming changes is that the term electronic health information or EHI has an expanded definition when it comes to the information blocking rules that includes all ePHI included in a patient’s designated record set.
WHAT’S IN A NAME?
The biggest challenge to understanding this upcoming change is that there are a lot of different definitions of patient health data out there that can be easily misunderstood as being the same: the United States Core Data for Interoperability (USCDI) talks about EHI with respect to the USCDI dataset, HIPPA uses the term Protected Health Information or PHI for some groupings of data, and the Cures Act’s term of choice is often EHI, though PHI and ePHI are also in play in that set of laws and regulations. And unfortunately, you’ll often find these terms used interchangeably without distinction or a specific definition. It’s as clear as mud.
The infographic below helps explain the relationship between the different definitions for patient health data, and highlights the expanded definition of EHI that is coming soon as part of the Cures Act.
THE CHECKLIST
Below is a checklist that distills down the broad guidance in the Cures Act to actionable tasks that your organization can implement to ensure you’re prepared to handle patient data appropriately and effectively as the October 6th changes take effect.
(Hint: if you’re a HealthMark client, you can check off the first four items! We’ve got our antennae up and will of course be proactive as requests come across after the change.)
We have a workflow in place to comply with record request turnaround time requirements.
We are following processes that are compliant with the Cures Act; in particular, we are aligned on an internal definition for a designated record set (DRS) that complies with the regulations.
We are prepared to handle this new category of requests (all EHI).
We can identify what types of requests have state regulated fees associated with them.
My staff understands our organization’s definition of the DRS.
My staff understands information blocking and how it relates to the processes they manage.
We have identified any processes, systems and/or operational requirements in place today that may be considered information blocking under the expanded dataset, and have a plan to make changes as appropriate.
Even though the deadline is just around the corner, it’s not too late to start digging into your processes to ensure that your organization is prepared.