CURES ACT – FAQ’s
Q: What purpose does the Cures Act serve?
A: It serves the purpose of promoting innovation in patient data delivery and enhancing electronic health information sharing with patients.
Q: Who is regulated by this rule?
A: Health care providers, health IT developers of certified health IT, health information networks/health information exchanges
Q: What is considered Electronic Health Information for the purposes of this Rule?
A: Consultation notes, discharge summary notes, history and physical notes, imaging narrative, laboratory report narrative, pathology report narrative, procedure notes, progress notes
Q: Are draft clinical notes or incomplete test results that are pending confirmation required to comply?
A: No, because they may not be appropriate to disclose until they are finalized
Q: What patient information is excluded from having to comply with this?
A: Psychotherapy notes (similar to HIPAA) and information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding
Q: Do the preventing harm exception requirements for the type of harm align with the HIPAA rules of it?
Q: Would the “preventing harm exception” cover a blanket several day delay on the release of laboratory or other test results to patients so an ordering clinician can evaluate each result for potential risk of harm associated with the release?
A: No. Blanket delays that affect a broad array of routine results do not qualify for the Preventing Harm Exception. The Preventing Harm Exception is designed to cover only those practices that are no broader than necessary to reduce a risk of harm to the patient or another person. This is made from an individualized determination by the clinician that withholding the results of the particular test(s) from the patient would substantially reduce a risk to the patient’s or another person’s life or physical safety – or – that withholding the results of the particular test(s) from a representative of the patient would substantially reduce a risk of substantial harm to the patient or another person.
Q: What are the exceptions to complying with this?
- Preventing harm
- There must be a reasonable belief that withholding the information will substantially reduce a risk of harm that is reasonably likely to endanger the life or safety of the patient or someone else
- Required by law to fulfill a certain condition before disclosing the information, such as receiving the patient’s authorization
- Ex) patient verification is required before disclosing
- Practical challenges that hinder disclosure, such as technical difficulties or legal rights
- Health IT performance
- Content and manner
- Requiring a fee before disclosure
Q: Is there going to be a complaint process available for patients?
A: Yes, ONC will have a standardized process for the public to submit reports
Q: What enforcement actions may be undertaken for failure to comply?
A: CMPs up to $1M per violation for health IT developers of certified health IT, health information networks/health information exchanges and appropriate disincentives by applicable agencies for health care providers