What the 21st Century Cures Act Deadline Means for Patients, Revenue Cycle, and Compliance

April 8, 2021
April 8, 2021

April 5, 2021 marks another significant compliance deadline for healthcare organizations. On that day, certain rule provisions take effect as part of the 21st Century Cures Act from the Office of the National Coordinator (ONC) for Health Information Technology. According to the ONC, “The rule supports secure patient access to their electronic medical record data. Patients will be able to use applications they authorize to receive data from their medical records.” As part of the rule, clinical notes must be made available electronically, free of charge to patients. To facilitate patient access, healthcare entities will need to incorporate secure, standardized application programming interfaces (APIs) that allow an automated and inexpensive way for patients to access their records.

A Focus on Prohibited Information Blocking

According to the American Health Information Management Association (AHIMA), this final rule is focused on preventing information blocking, for which it includes eight defined exceptions, and “prohibits health providers, technology vendors, health information exchanges, and health information networks from practices that inhibit the exchange, use, or access of” electronic health information (EHI). AHIMA goes on to define information blocking as “a practice that:

  • Except as required by law or covered by an exception, is likely to interfere with access, exchange, or use of electronic health information
  • If conducted by a health information technology developer, health information network, or health information exchange, such developer, network, or exchange knows, or should know, that such practices is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information
  • If conducted by a healthcare provider, such provider knows that such practice is unreasonable and is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.”

What Information Is Protected from Being Blocked?

Until a subsequent deadline occurs on October 5, 2022, the EHI to which this regulation applies is somewhat limited. AHIMA shares that “These data elements include allergies and intolerances, assessment and plan of treatment, care team members, clinic notes, goals, health concerns, immunizations, laboratory, medications, patient demographics, problems, procedures, provenance, smoking status, unique device IDs for implantable devices, and vital signs.” The same source advises, however, that “After October 5, the standard narrows to electronic protected health information (ePHI) in a designated record set, excluding psychotherapy notes and information gathered for use in a civil, criminal, or administrative action.”

Suggested Measures for 21st Century Cures Act Compliance

AHIMA recommends that healthcare organizations establish the “infrastructure and governance standards to attest to and maintain compliance with the final rules.” Suggested measures include:

  • “Establishing a governance structure to review the requirements and develop an action plan—the committee should include compliance staff
  • Identifying the category to which an actor(s) belongs
  • Reviewing access policies and revising to meet the expectations of the final rule
  • Developing a process for evaluating access against the eight exceptions
  • Train staff on any policy changes
  • Evaluate your systems to understand any limitations”

What the Rule Means for Patients and Those Interacting with Them

Providers should focus on their interactions with patients about the new rule, especially early after it takes effect. HealthStream partner nThrive reminds organizations that patients will have access to their clinical notes, and consistent communication will be critical for healthcare staff whose positions involve regular patient contact, including patient access, patient financial services, and extended business offices. Even though organizations may feel trepidation about this increased access, it can help patients make more informed decisions, which can also enhance clinical care and improve health outcomes.

Personnel will need to be provided with easy-to-follow instructions for assisting patients with access, and revenue cycle personnel should also know when to direct patients to health information management or the provider. Providers are advised to develop scripting and actions (e.g., when to transfer or refer a patient) around several likely scenarios:

  • The patient finds something upsetting in the record.
  • The patient disagrees with the documentation or feels information is missing.
  • The patient has questions about terminology or information presented in the record.

In preparation, every healthcare organization should make sure that all applicable staff members are clear on the information they can share and how to communicate it. Consistent procedures and scripting will improve patient satisfaction, enhance accountability, and engage patients.

Training for Healthcare Revenue Cycle Staff

In addition to a wide range of education for patient access and other revenue cycle staff, HealthStream and our partner nThrive regularly offer updated training materials that incorporate regulatory changes. Learn how HealthStream and nThrive can help healthcare organizations optimize their revenue cycle staff training to improve outcomes.

To meet healthcare organizations’ compliance requirements, HealthStream provides online healthcare compliance training solutions to help health systems, facilities, and providers across the care continuum comply with government regulations and accrediting body requirements. These online training courses span the areas of Billing & Corporate Compliance, HIPAA, Privacy & Security, Research Compliance, and Workforce compliance. These courses are recognized for using video and other interactive elements to engage learners, increase retention, and change staff behavior.