HIPAA/HITECH,
Standards, Regulations & Compliance
U.S. Government Intensifies Enforcement of 21st Century Cures Act Regulations; Fines May Reach $1 Million
The U.S. Department of Health and Human Services (HHS) is intensifying its crackdown on healthcare providers, health IT developers, and health information networks accused of obstructing the exchange, access, and use of patients’ electronic health data. This initiative aims to enhance compliance with regulations established under the 21st Century Cures Act.
Initially introduced as part of the Trump administration’s healthcare policy, the enforcement will now see penalties reaching as high as $1 million for violations related to information blocking. After several years of being on the books, these regulations are being actively enforced by HHS, aligning with broader efforts to improve health IT interoperability and patient access to data.
As outlined by the 21st Century Cures Act, the law’s ultimate objectives include improving patient outcomes through better care coordination and health data exchanges. Establishing clear definitions and regulatory frameworks, this act also delineates the responsibilities of certified health IT vendors, health information exchanges, and healthcare providers regarding information blocking.
Healthcare stakeholders must recognize that any practice perceived as interfering with the access to electronic health information could fall under the scope of information blocking, unless it meets specific exceptions identified by HHS. Importantly, compliant practices will allow patients to have easy electronic access to their health information, without added costs or technological barriers.
Jim O’Neill, HHS Deputy Secretary, underlines the importance of this endeavor, stating that unblocking health data is essential for transformative health IT innovation. Current investigations into various health IT developers suggest that HHS is serious about addressing this paradigm of blocking access to healthcare information.
These regulations apply to three categories of “actors”: certified health IT vendors, healthcare providers, and health information exchanges. The complexity of compliance exists in the necessity for HHS to prove knowledge and intent when pursuing enforcement actions. The legal framework necessitates that healthcare providers cannot act on practices they view as reasonable even if those practices are deemed obstructive under the regulation.
As we move forward, compliance is not merely advised; it is essential for organizations that aim to avoid substantial fines and ensure optimal patient care through legitimate access to electronic health and information. Health IT developers, healthcare providers, and networks are urged to proactively assess their practices to eliminate any friction points that may hinder patients’ lawful access to their health information.
In light of the recent changes, healthcare stakeholders must consider aligning their operational frameworks with the rigorous standards set forth by the Cures Act. This includes establishing transparent data access protocols that foster innovation while ensuring compliance with legal requirements surrounding health information access.
