Get Your Free Practice Vulnerability Audit!
Get Started
User Login
Call Now - 844.738.0624
Schedule a Free Demo

Do you have to change your software to comply with the CURES act?

Nov 11, 2022 | HIPAA, IT, Legislation

The CURES and the 21st Century Act are all about interoperability and the exchange of information (typically through highly regulated APIs). The goal is to someday have seamless ways for patient information to move from provider to payer, provider to lab, provider to provider and payer throughout the reimbursement process.  It also includes the concept of information blocking.  How or does this apply to providers right now?  To understand, it helps to look at the groups affected by these new rules. There are several groups:

  • Patients
  • Providers
  • EHR companies
  • Payers
  • Clearinghouses

Patients

These rules are designed to benefit patients by making it easier for them to access claims data from payers and to make it easier for patients to get copies of their records or information from their records.

Payers / Clearing Houses

All the regulations, as they are currently, impose interoperability standards on PAYERS.  There are no current regulations that providers must do anything different other than to continue to secure transmission of patient data under HIPAA rules.  There are no current regulations MANDATING interoperability standards for EHRs. However many EHRs are starting to put that capability in their software. API or similar standards are NOT mandated for providers at this time.  You certainly may elect to use them if available through your EHR but as you have seen this is a costly decision. It is not known if these kinds of requirements will ultimately be imposed on providers but PCS thinks it is likely, but not in the near future.

Providers / EHR companies

Information blocking – these regulations state that the patient has total access to everything in their medical record (as defined by HIPAA) and that EHRs cannot in any way block access to that information.  In the full implementation, these rules will also be extended to the other entities.  As you have heard PCS say before it is definitely moving in that direction, the preferred method of communication is through the EHR portal.  There are rules which require that the patient be able to access ALL their information through the portal.  The law does not MANDATE the use of portals but does state the provider is still responsible for providing TOTAL access to everything in the medical record.  That access can be through portal access, printed copies, emailed, or faxed to the patient. So information-blocking regulations absolutely apply to providers right now. You are NOT mandated to use portals or, APIs but you are still obligated to follow the patient’s request on this – paper, email, FAX.  Your obligations are still under HIPAA rules.

3 Comments

  1. Stephen Hand,o.D.
    Stephen Hand,o.D. on November 16, 2022 at 3:42 am

    Thanks. We are a small private practice less than 5 employees 1 location.

    Reply
  2. Cindie Lee
    Cindie Lee on November 16, 2022 at 3:47 pm

    What if the patient email or fax is not secure?

    Reply
  3. Nicole W.
    Nicole W. on November 28, 2022 at 2:34 pm

    Are practices able to still charge patients for printed copies of their medical record or that a form of information blocking?

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *