The 21st Century Cures Act (Cures Act), signed into law on December 13, 2016, is designed to help accelerate medical product development and bring new innovations and advances to patients who need them faster and more efficiently.
ONC’s 21st Century Cures Act Final Rule supports seamless and secure access, exchange, and use of electronic health information.
The rule is designed to give patients and their healthcare providers secure access to health information. It also aims to increase innovation and competition by fostering an ecosystem of new applications to provide patients with more choices in their healthcare.
It calls on the healthcare industry to adopt standardized application programming interfaces (APIs), which will help allow individuals to securely and easily access structured electronic health information using smartphone applications.
The rule includes a provision requiring that patients can electronically access all of their electronic health information (EHI), structured and/or unstructured, at no cost.
WCH IT developer does not prohibit or restrict any communication regarding usability, interoperability, security, user experiences, business practices related to exchanging EHI, and how a user of the health IT used such technology unless such prohibition or restriction was permitted under § 170.403(a)(2)(ii).
The 21st Century Cures Act and the “Communications Rule” at 45 CFR 170.403 protect open communication about specific health IT subjects as set forth below. Pursuant to 45 CFR 170.403(a)(2)(i), WCH Service Bureau, Inc will never prohibit or restrict any communication regarding the following:
Making a disclosure required by law;
Communicating information about adverse events, hazards, and other unsafe conditions to government agencies, health care accreditation organizations, and patient safety organizations;
Communicating information about cybersecurity threats and incidents to government agencies.
Communicating information about information blocking and other unlawful practices to government agencies; or
Communicating information about a health IT developer’s failure to comply with a Condition of Certification requirement, or with any other requirement of this part, to ONC or an ONC-ACB.
WCH notifies that any communication or contract/agreement provision that violates the Communications Condition of Certification will not be enforced by WCH.
WCH notifies all customers annually up to and until WCH amends any contract or agreement that violates the Communications Condition of Certification to remove or void the contravening contractual provisions.
Clarifications:
WCH does not prohibit or restrict communications whether written, oral, electronic, or by any other method if they are protected, unless such prohibition or restriction is otherwise permitted by this Condition of Certification.
If you do want to share something publicly – an article, a blog post, a TV show, etc. – about iSmart EHR software, it’s your responsibility to make sure it fits within the Communications Rule (including that any screenshots are only about iSmart EHR certified features) and these guidelines, or, if you are unsure, is approved by WCH in advance.
Screenshots and video are considered visual communications and are included in the definition of “communication” for the purposes of the Communications Condition of Certification. However, developers are allowed to place certain limitations on the communication of screenshots and video.
(1) Not alter the screenshots or video, except to annotate the screenshots or video or resize the screenshots or video;
(2) Limit the sharing of screenshots to the relevant number of screenshots needed to communicate about the health IT regarding one or more of the six subject areas in paragraph (a)(1) of this section; and
(3) Limit the sharing of video to:
(i) The relevant amount of video needed to communicate about the health IT regarding one or more of the six subject areas in paragraph (a)(1) of this section; and
(ii) Only videos that address temporal matters that cannot be communicated through screenshots or other forms of communication.
The Condition of Certification does not impose any limit on the identity of the communicators that are able to benefit from the protection afforded, except that employees, contractors, and consultants of WCH may be treated differently when making communications that are not afforded unqualified protection under § 170.403(a)(2)(i).
Notification applies to developers of iSmart EHR certified under the ONC Health IT Certification program (Program) and to the conduct of such developers with respect to iSmart EHR certified under the Program.
It is not a violation for WCH to respond to false or unlawful comments under applicable law, as they do now, and to pursue litigation or any other available legal remedy in response to any protected communications that are covered by this Condition of Certification.
The Condition of Certification applies to both formal prohibitions or restrictions and those that arise by way of the developers’ conduct. However, the conduct in question must have some nexus to the making of a protected communication or an attempted or contemplated protected communication.
The Communications Condition of Certification provides protections against retaliation and intimidation by developers with respect to protected communications.
https://www.healthit.gov/condition-ccg/communications
45 CFR § 170.403 - Communications. | CFR | US Law | LII / Legal Information Institute (cornell.edu)
The 21st Century Cures Act (Cures Act), signed into law on December 13, 2016, is designed to help accelerate medical product development and bring new innovations and advances to patients who need them faster and more efficiently.
ONC’s 21st Century Cures Act Final Rule supports seamless and secure access, exchange, and use of electronic health information.
The rule is designed to give patients and their healthcare providers secure access to health information. It also aims to increase innovation and competition by fostering an ecosystem of new applications to provide patients with more choices in their healthcare.
It calls on the healthcare industry to adopt standardized application programming interfaces (APIs), which will help allow individuals to securely and easily access structured electronic health information using smartphone applications.
The rule includes a provision requiring that patients can electronically access all of their electronic health information (EHI), structured and/or unstructured, at no cost.
Finally, to further support access and exchange of EHI, the rule implements the information blocking provisions of the Cures Act. The rule outlines eight exceptions to the definition of information blocking.
What is information blocking?
In general, information blocking is a practice by a health IT developer of certified health IT, health information network, health information exchange, or health care provider that, except as required by law or specified by the Secretary of Health and Human Services (HHS) as a reasonable and necessary activity, is likely to interfere with access, exchange, or use of electronic health information (EHI).
What are examples of practices that could constitute information blocking?
Section 4004 of the Cures Act specifies certain practices that could constitute information blocking:
⦁ Practices that restrict authorized access, exchange, or use under applicable state or federal law of such information for treatment and other permitted purposes under such applicable law, including transitions between certified health information technologies (health IT);
⦁ Implementing health IT in nonstandard ways that are likely to substantially increase the complexity or burden of accessing, exchanging, or using EHI;
⦁ Implementing health IT in ways that are likely to—
⦁ Restrict the access, exchange, or use of EHI with respect to exporting complete information sets or in transitioning between health IT systems; or
⦁ Lead to fraud, waste, or abuse, or impede innovations and advancements in health information access, exchange, and use, including care delivery enabled by health IT.
We provide many additional examples of practices that could constitute information blocking in ONC’s Cures Act Final Rule.
What are the information blocking exceptions?
Section 4004 of the Cures Act authorizes the Secretary of HHS to identify reasonable and necessary activities that do not constitute information blocking.
In the final rule, we have identified eight categories of reasonable and necessary activities (PDF - 555 KB) that do not constitute information blocking, provided certain conditions are met (referred to as “exceptions”). The exceptions support seamless and secure access, exchange, and use of EHI and offer actors (PDF - 243 KB)—health care providers, health IT developers, health information exchanges (HIEs) or networks (HINs))—certainty that practices that meet the conditions of an exception will not be considered information blocking.
A practice that does not meet the conditions of an exception would not automatically constitute information blocking. Such practices would not have guaranteed protection from civil monetary penalties or appropriate disincentives and would be evaluated on a case-by-case basis to determine whether information blocking has occurred.
The exceptions are divided into two classes:
• Exceptions that involve not fulfilling requests to access, exchange, or use EHI; and
• Exceptions that involve procedures for fulfilling requests to access, exchange, or use EHI.
Preventing Harm Exception: It will not be information blocking for an actor to engage in practices that are reasonable and necessary to prevent harm to a patient or another person, provided certain conditions are met.
Privacy Exception: It will not be information blocking if an actor does not fulfill a request to access, exchange, or use EHI in order to protect an individual’s privacy, provided certain conditions are met.
Security Exception: It will not be information blocking for an actor to interfere with the access, exchange, or use of EHI in order to protect the security of EHI, provided certain conditions are met.
Infeasibility Exception: It will not be information blocking if an actor does not fulfill a request to access, exchange, or use EHI due to the infeasibility of the request, provided certain conditions are met.
Health IT Performance Exception: It will not be information blocking for an actor to take reasonable and necessary measures to make health IT temporarily unavailable or to degrade the health IT's performance for the benefit of the overall performance of the health IT, provided certain conditions are met.
Content and Manner Exception: It will not be information blocking for an actor to limit the content of its response to a request to access, exchange, or use EHI or the manner in which it fulfills a request to access, exchange, or use EHI, provided certain conditions are met.
Fees Exception: It will not be information blocking for an actor to charge fees, including fees that result in a reasonable profit margin, for accessing, exchanging, or using EHI, provided certain conditions are met.
Licensing Exception: It will not be information blocking for an actor to license interoperability elements for EHI to be accessed, exchanged, or used, provided certain conditions are met.
How do I submit an information blocking complaint to ONC?
Information blocking complaints can be submitted through ONC’s online Health IT Feedback Form.
As specified by the Cures Act, information blocking claims and information received by ONC in connection with a claim or suggestion of information blocking are generally protected from disclosure under the Freedom of Information Act.
References:
DISCLAIMER: The information contained in this email is for general notification purposes only and is not intended to provide specific professional medical or legal advice, nor to constitute a "standard of action" for healthcare professionals and should not be used as a basis for making business decisions. WCH accepts no liability for any loss or damage arising directly or indirectly from action taken, or not taken, in reliance on information or materials contained in this email or otherwise provided by WCH.
