Provider Obligations to Patient Portal under the 21st Century Cures Act

When Congress Banned ‘Information Blocking’ 21st Century Healing In 2016, it made no mention of patient portals through which many healthcare providers share clinical information with patients.Likewise, the word “portal” is used in 6000 word information blocking regulationsDepend on Office of the National Health Information Technology Coordinator (ONC) in 2020. Such regulations define information shielding as a practice that may interfere with the access, exchange, or use of electronic health information, subject to some important limitations.

However, nearly two years after the ONC issued the rules, hospitals and other providers across the country have significantly changed the information patients have available on their portals as a direct result of the information blocking rules. While portals once provided limited information, many providers now provide their patients with a wealth of data, including lab results, surgical reports and physician notes.Suppliers are continuing to adjust their practices as new regulation The requirements will take effect later in 2022. The changes to the patient portal are by far the most visible manifestation of the practice shift caused by the information blocking rules.

However, key aspects of information blackout remain widely misunderstood. Access requirements under the Health Insurance Portability and Accountability Act (HIPAA) can be fairly prescriptive — directing or even specifying the exact dollar figure a provider might charge a patient for the record. By contrast, information blocking rules look like Rorschach tests, with countless possible interpretations. while ONC Limited guidance issued, the government has yet to answer key questions: What types of information do patients have access to through the portal? When can a provider withhold information when not required by law? Providers are grappling with these issues just as patients are beginning to understand their rights under this new regulatory framework.

Origin of Portal Push

The shift to the patient portal reflects a fundamental difference between information blocking rules and long-standing access rights under HIPAA. HIPAA access rightsAdopted in regulation in 2000, it reflects the old medical record model. The Department of Health and Human Services (HHS)’s Office of Civil Rights (OCR) envisions that patients will call their providers or send written requests for copies of their medical records, and the providers will respond to the records by providing copies of those records. While the agency understands that some information will be provided electronically, it is more typical to provide paper records by mail or make them available for in-person pickup. Therefore, HIPAA gives providers 30 days to communicate with patients about what information needs to be provided, find documents, make copies, and assemble mail if applicable (the 30-day time frame can be extended to 60 days).

By contrast, information blocking laws are employed in a world where most health information exists in electronic form. This rule only applies to “Electronic Health Information” (EHI); therefore, information that exists only in paper form is completely exempt from its scope. Since the government is expected to provide information electronically, it is also expected that EHI could be provided much faster than 30 days.

The rule itself does not require immediate or real-time access to information.but Congress Defines Information Blocking Part means practices that “may interfere with, prevent, or substantially impede the access, exchange, or use of electronic health information.” The ONC concluded that delayed access may interfere with patient access to EHI. While the agency declined to require providers to proactively provide their data to patients through the patient portal, The agency said “Delayed delivery of EHI via ‘patient portal’ or API [application programming interface] Potential disruption to patients, thus implicated with information blocking regulations. “

ONC’s recent focus on patient access to information reflects a broader trend of federal and state agencies seeking to provide information to individuals who are the subject of record. Last year, the OCR proposed changes to HIPAA to strengthen access, including reducing the 30-day response time frame to 15 days. Likewise, the Centers for Medicare and Medicaid Services finalized its interoperability rules, which require certain health plans to provide more information directly to their members through APIs.More broadly, these rules reflect a push by some states for consumers to California Consumer Privacy Act.

Scope of provider obligations

In effect, the ONC is interpreting the 21st Century Cures Act to mean that patients have the right to get their data from a healthcare provider as quickly as possible. As a result, patient portals—allowing patients to view a wealth of information about themselves as soon as they log in—have become a key tool in fulfilling this obligation.

But the ONC’s stance leaves many questions. Providers have struggled to comply with government regulations and determine if they must upload every piece of information they have about their patients to their portals.

Vendor concerns generally fall into three categories. The first is a clinical question: If the lab has to publish the results on the portal after the work is done, how can doctors have a conversation with patients about unexpected lab results? Information blocking rules admit that “Abnormal damage prevention,” which allows providers to withhold information if the disclosure is “likely to endanger the life or physical safety of anyone.” But sharing an unexpected cancer diagnosis is unlikely to meet such standards in most cases.

The second is a legal issue: In many cases, there is tension between information blocking rules and privacy laws that restrict access to information. Striking a balance can be difficult, especially with minors. Parents and guardians generally have the right to view their children’s health information; therefore, information blocking rules recommend that providers should upload pediatric information to a portal for their parents to view. But nearly all states have “minor consent” laws that prohibit providers from sharing information about a minor with a parent or guardian if the minor requests services such as family planning, abortion, mental health care or medication. It is not always easy to draw the line between pediatric records that cannot be shared with parents and guardians and those that must.

The third is a practical issue: in some cases, publishing certain records to the portal can be time-consuming and expensive. Is the provider obligated to upload all records, even those from many years ago? What if large data files, such as detailed imaging results, may not be compatible with the portal’s current configuration? Is there an obligation to retrieve records that exist outside the provider’s primary electronic health record (EHR) system? What if the provider doesn’t have an EHR system at all?

While ONC does not provide answers to these questions, the information blocking rules themselves can help address some of them. This rule applies only to records that exist in electronic form. This means that providers are not obligated to go through a trove of paper documents and put this information into the patient portal. In addition, the rule does not apply to the presence of patients”specified recordset,” which essentially refers to records that can be used to make decisions about patients. Therefore, if a provider maintains an electronic system of employee assessment records containing patient information, that system will not be part of a patient-specified record set, as long as the clinical Physicians do not have access to it about that particular patient for the purpose of making treatment or billing decisions. Therefore, there is no need to link this dataset to the patient portal.

However, even if a provider determines that some information is part of an electronic designation record, it does not mean that the provider will always need to provide that information in its portal. While it may be argued that the failure or inability to upload such information to the Portal may constitute “interference” with access to EHI, such failure or inability to constitute information shielding may not constitute information shielding. Only if the non-applicable information prevents the exception and “Supplier knows this is unreasonable. “

Reasonable limits are critical to the enforcement of information shielding regulations. Congress does not want suppliers to be financially responsible for every failure to share information that happens to fall under one of the narrow exceptions to information blocking. Instead, the law focuses on practices that the provider knows are unreasonable. Adopting a policy that prevents all laboratory test results from being uploaded to the patient portal may be an unreasonable position, especially if providers have the technical capacity to make these records accessible. But providers have a better argument that if they prevent parents from being able to access their teen’s records to ensure compliance with minor consent laws, their actions are reasonable, even if providers aren’t sure whether a particular record falls within the scope of that law .

The future of portals

So far, no information blocking rules have been enforced. The HHS Office of the Inspector General has released a proposed rule to enforce information blocking requirements in 2020, but the rule has not yet been finalized. In addition, the proposed rule only addresses actions against health information exchanges and health information technology providers, not providers. The federal government has yet to develop plans to implement information blocking requirements for suppliers.

However, suppliers will eventually face enforcement of these rules. Data released by the government to date suggests that such enforcement may focus on patient complaints against providers, including portals and others.this The government recently discovered Nearly 80% of information blocking complaints received as of February 2022 were for providers, while patients accounted for about two-thirds of complainants. ONC officials noted a common complaint Whether the patient indicated that their provider had unnecessarily delayed providing access to their information.

In short, efforts by healthcare providers to give patients better access to their information will come under scrutiny in the coming years.

Author’s Note

The authors are employees of Manatt, Phelps & Phillips, LLP, which advises organizations seeking to comply with information blocking rules.

Leave a Reply

Your email address will not be published. Required fields are marked *