Childhood Obesity Preventer

Patient use of their health information accessible to them through online tools (e.g., patient portals and smartphone apps) can help empower them to make informed decisions about their health and track progress on health-related goals, potentially resulting in improved patient outcomes (1). Enabling patients to access and use the information contained in online medical records and patient portals may also provide significant health system benefits, including decreased healthcare costs and strengthened patient- physician relationships (1). In 2020, ONC published the Cures Act Final Rule to increase patient and provider access to health-related data, specifically through health IT developer adoption of secure standardized application programming interfaces (APIs) that make this information more widely available across smartphone apps (2). The API requirements, which as of 2023 have been rolled out to health care providers, enable patients to electronically access their electronic health information using apps. This brief analyzes recent data from the 2022 Health Information National Trends Survey (HINTS), a nationally representative survey of U.S. adults, to assess progress in patient access amidst implementation of Cures Rule provisions during the COVID-19 pandemic, which likely increased demand for access to online medical records. This brief also reports on methods and frequency of individuals’ access and use of online medical records and patient portals.

CoE-PHI resource that describes the Information Blocking Rule and explains that it does not preempt stricter privacy laws and regulations such as 42 CFR Part 2.

Key Points:

• Information blocking includes practices that would “interfere with, prevent, or materially discourage the access, exchange, or use of electronic health information.”
• Following a legal requirement to obtain patient consent for a disclosure meets the “privacy exception” in the Information Blocking Rule and is not considered information blocking.
• If a portal cannot segment Part 2-protected records or prevent a patient’s proxy from unconsented access to such records, the healthcare provider should not share Part 2-protected records on the portal.

The Office of the National Coordinator for Health Information Technology’s (ONC) 21st Century Cures Act Information Blocking Rule (Info Blocking Rule) prohibits covered actors – including health care providers, health IT developers of certified health IT, and health information exchanges/health information networks– from engaging in practices likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information (EHI). The Info Blocking Rule includes eight exceptions that provide actors with certainty that, when their practice interferes with the access, exchange, or use of EHI and meets the conditions of one or more exception, such practice will not be considered information blocking. An actor’s practice that does not meet all the conditions of an exception will be evaluated on a case-by-case basis to determine whether information blocking has occurred.

This resource provides guidance to health centers for implementing FHIR in compliance with the Information Blocking Rule.  

In an increasingly connected healthcare landscape, health centers face a dual challenge: the rising tide of cyber threats and the need to comply with stringent data protection regulations, all while managing limited resources. The ever-evolving nature of cyberattacks and the complexity of compliance requirements make it essential for health centers to prioritize cybersecurity tasks effectively.
Many Health Center leaders, IT Managers, and Compliance Directors are trying to ensure that they are properly addressing the ongoing tasks related to compliance and security. This guide provides the baseline of day-to-day tasks that health center IT and Compliance staff should consider to protect their systems and comply with regulatory requirements.

Many healthcare providers, including health centers, are concerned about reconciling the need to protect patient privacy under HIPAA and 42 CFR Part 2 while avoiding interference with electronic health information sharing and violating Information Blocking regulations.

There are many questions about patient portals and the related requirements under the Information Blocking Rule. In this session, our expert speaker will review the impact of the Information Blocking Rule on implementation and use of the patient portal.

Over the last few years, the Office of Civil Rights has focused much of its enforcement efforts on ensuring patients are afforded their HIPAA right to access their protected health information (PHI). The Privacy Rule generally requires HIPAA covered entities to provide individuals, upon request, with access to the PHI (including electronic PHI) about them in one or more “designated record sets” maintained by or for the covered entity. This includes the right to inspect or obtain a copy, or both, of the PHI. It also includes an individual’s right to direct the covered entity to transmit a copy of their PHI to a designated person or entity of the individual’s choice.

This webinar discussed the importance and unique considerations for cyberthreats in pediatric health care settings, followed by a Security Risk Assessment (SRA) Tool walkthrough.

HHS Office of Civil Rights (OCR), the entity responsible for enforcing regulations under HIPAA, stated, effective immediately, it will exercise enforcement discretion and will not impose penalties for HIPAA violations against covered healthcare providers if patients are served on a good faith basis during the COVID-19 nationwide public health emergency. Find out what this means in implementation by accessing this issue brief.