Digital Health Strategy to Enable Comprehensive Care: Navigating Regulatory Waters- Compliance and Considerations
Digital Health Strategy to Enable Comprehensive Care: Navigating Regulatory Waters- Compliance and Considerations
In this session participants will learn about the data privacy laws as they relate to digital health. Attendees will have a better understanding about HIPAA, data privacy laws, telehealth regulations and more.
Health Center Resilience in the Face of Cyber Adversity
The use of ransomware — malicious software that restricts access to computer systems with financial demands — has escalated, targeting health centers and putting countless lives at risk. This dire reality came to the forefront during the alarming ransomware attack on the Family Health Center of Worcester, Inc. (FHCW), where the personal health information and care continuity for thousands of patients were compromised. This resource uses FHCW's experience as a case study to demonstrate the imperative of preparedness and the strength of a community-centered response in ensuring the continuity of healthcare services amidst the ever-growing tide of cyber vulnerabilities.
Individuals’ Access and Use of Patient Portals and Smartphone Health Apps, 2022
Individuals’ Access and Use of Patient Portals and Smartphone Health Apps, 2022
Patient use of their health information accessible to them through online tools (e.g., patient portals and smartphone apps) can help empower them to make informed decisions about their health and track progress on health-related goals, potentially resulting in improved patient outcomes (1). Enabling patients to access and use the information contained in online medical records and patient portals may also provide significant health system benefits, including decreased healthcare costs and strengthened patient- physician relationships (1). In 2020, ONC published the Cures Act Final Rule to increase patient and provider access to health-related data, specifically through health IT developer adoption of secure standardized application programming interfaces (APIs) that make this information more widely available across smartphone apps (2). The API requirements, which as of 2023 have been rolled out to health care providers, enable patients to electronically access their electronic health information using apps. This brief analyzes recent data from the 2022 Health Information National Trends Survey (HINTS), a nationally representative survey of U.S. adults, to assess progress in patient access amidst implementation of Cures Rule provisions during the COVID-19 pandemic, which likely increased demand for access to online medical records. This brief also reports on methods and frequency of individuals’ access and use of online medical records and patient portals.
Information Blocking Rule Requirements for Part 2 Data in Patient Portals
CoE-PHI resource that describes the Information Blocking Rule and explains that it does not preempt stricter privacy laws and regulations such as 42 CFR Part 2.
Key Points:
- Information blocking includes practices that would “interfere with, prevent, or materially discourage the access, exchange, or use of electronic health information.”
- Following a legal requirement to obtain patient consent for a disclosure meets the “privacy exception” in the Information Blocking Rule and is not considered information blocking.
- If a portal cannot segment Part 2-protected records or prevent a patient’s proxy from unconsented access to such records, the healthcare provider should not share Part 2-protected records on the portal.
Navigating Compliance Challenges with the Information Blocking Rule: A Collection of Case Studies
The Office of the National Coordinator for Health Information Technology’s (ONC) 21st Century Cures Act Information Blocking Rule (Info Blocking Rule) prohibits covered actors – including health care providers, health IT developers of certified health IT, and health information exchanges/health information networks– from engaging in practices likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information (EHI). The Info Blocking Rule includes eight exceptions that provide actors with certainty that, when their practice interferes with the access, exchange, or use of EHI and meets the conditions of one or more exception, such practice will not be considered information blocking. An actor’s practice that does not meet all the conditions of an exception will be evaluated on a case-by-case basis to determine whether information blocking has occurred.