The 21st Century Cures Act and
The HIPAA Privacy Rule
The 21st Century Cures Act (Cures Act) of 2016 was passed to encourage innovation in medical research. One purpose of the law was to give patients greater control over their electronic health information (EHI). A provision in the law required the Department of Health and Human Services (HHS) to develop a rule allowing for easier flow of electronic health information, among developers, between providers and patients, providers and EHR vendors, etc. A rule was developed by the Office of the National Coordinator for Health Information Technology (ONC), an agency of HHS. The rule is known as the Interoperability and Information Blocking Rule (“Final Rule”). The rule becomes final – goes into effect – on April 5, 2021. The differences between the 21st Century Cures Act and the HIPAA Privacy Rule are discussed below.
What is Interoperability?
According to section 4003 of the 21st Century Cures Act, the term ‘interoperability,’ with respect to health information technology, means such health information technology that:
- Enables the secure exchange of electronic health information with, and use of electronic health information from, other health information technology without special effort on the part of the user;
- Allows for complete access, exchange, and use of all electronically accessible health information for authorized use under applicable State or Federal law; and
- Does not constitute information blocking.
What is Information Blocking?
Information blocking is a practice by a health IT developer of certified health IT, health information network, health information exchange, or health care provider that, except as required by law or specified by the Secretary of Health and Human Services (HHS) as a reasonable and necessary activity, is likely to interfere with access, exchange, or use of electronic health information (EHI) (another word for ePHI).