October 2024
Ready to take the next step towards enhanced IT preparedness? The resources linked below, organized by topic, share actionable strategies that health centers can implement to move towards greater resilience.
Virtual Learning Collaborative
In this session participants learned about the data privacy laws as they relate to digital health. Attendees had a better understanding about HIPAA, data privacy laws, telehealth regulations and more.
A Case Study of the Family Health Center of Worcester’s Ransomware Incident, February 2024
The use of ransomware — malicious software that restricts access to computer systems with financial demands — has escalated, targeting health centers and putting countless lives at risk. This dire reality came to the forefront during the alarming ransomware attack on the Family Health Center of Worcester, Inc. (FHCW), where the personal health information and care continuity for thousands of patients were compromised. This resource uses FHCW's experience as a case study to demonstrate the imperative of preparedness and the strength of a community-centered response in ensuring the continuity of healthcare services amidst the ever-growing tide of cyber vulnerabilities.
ONC Data Brief | October 2023
Patient use of their health information accessible to them through online tools (e.g., patient portals and smartphone apps) can help empower them to make informed decisions about their health and track progress on health-related goals, potentially resulting in improved patient outcomes (1). Enabling patients to access and use the information contained in online medical records and patient portals may also provide significant health system benefits, including decreased healthcare costs and strengthened patient- physician relationships (1). In 2020, ONC published the Cures Act Final Rule to increase patient and provider access to health-related data, specifically through health IT developer adoption of secure standardized application programming interfaces (APIs) that make this information more widely available across smartphone apps (2). The API requirements, which as of 2023 have been rolled out to health care providers, enable patients to electronically access their electronic health information using apps. This brief analyzes recent data from the 2022 Health Information National Trends Survey (HINTS), a nationally representative survey of U.S. adults, to assess progress in patient access amidst implementation of Cures Rule provisions during the COVID-19 pandemic, which likely increased demand for access to online medical records. This brief also reports on methods and frequency of individuals’ access and use of online medical records and patient portals.
Considerations for Entities that Maintain Part 2-Protected Data
CoE-PHI resource that describes the Information Blocking Rule and explains that it does not preempt stricter privacy laws and regulations such as 42 CFR Part 2.
Key Points:
- Information blocking includes practices that would “interfere with, prevent, or materially discourage the access, exchange, or use of electronic health information.”
- Following a legal requirement to obtain patient consent for a disclosure meets the “privacy exception” in the Information Blocking Rule and is not considered information blocking.
- If a portal cannot segment Part 2-protected records or prevent a patient’s proxy from unconsented access to such records, the healthcare provider should not share Part 2-protected records on the portal.