One of the biggest sources of anxiety for a chiropractic practice is HIPPAA compliance. Now, the 21st Century Cures Act adds another layer of complexity to rules surrounding privacy and accessibility. 

As of April 5, 2021, the program rule on Interoperability, Information Blocking, and ONC Health IT Certification, which implements the 21st Century Cures Act, requires that healthcare providers give patients access all the health information in their electronic medical records “without delay” and at no charge. 

CONFUSED? LET'S TALK

Some background on privacy and accessibility laws for healthcare providers

Ever since 2013, when the OMNIBUS rule went into effect, remaining HIPAA compliant has been more complicated and time-consuming than ever. 

HIPAA — the Health Insurance Portability and Accountability Act — was enacted by Congress in 1996. The Privacy Rule was adopted in 2003, followed by the Security Rule in 2005. The main purpose of the Privacy Rule is to protect patient information while keeping medical information flowing between providers. 

According to the CDC, chiropractors must do the following to meet the Security Rule standards:

  • Ensure the confidentiality, integrity, and availability of all electronic protected health information
  • Detect and safeguard against anticipated threats to the security of the information
  • Protect against anticipated impermissible uses or disclosures
  • Certify compliance by their workforce

As technology has advanced, the laws surrounding patient privacy have as well. HIPAA laws address cell phones and laptops, as well as things like electronic billing. 

What is the Cures Act and how does it fit in?

Confidential Concept. Colored Document Folders Sorted for Catalog. Closeup View. Selective Focus.The Cures Act is not a change to HIPAA. Rather, it’s a stand-alone rule that is intended to make it easy for patients to access their electronic health information. According to a recent webinar by HIPAAMATE, half of EHR developers and a quarter of hospital providers and health systems making getting patient records harder than it should be. 

The part that went into effect on April 5 prohibits information blocking. This means preventing anything that prohibits patients from getting access to records, or new doctors from getting access when patients change providers. Certified Compliance Professional Wendy Lee said in an interview with HIPAAMATE that she has seen instances of hospital systems locking a patient out of their records. 

The Cures Act gives complete transparency into the costs and outcomes of their care, but at this point in time, it’s designed to offer more control over medical records. Other items in the Cures Act will roll out over the next couple of years. Patients will increasingly be able to choose apps to assemble and read their records, shop for care by comparing costs, and understand possible treatment and expected health outcomes. 

Book Demo

What is information blocking in the Cures Act?

Information blocking is engaging in a practice, which is a policy or procedure, that is likely to interfere with, prevent, or materially discourage access, exchange or use of electronic health information. Policies or procedures can’t interfere with access to records, and that includes delays. 

Accessing information has to be user friendly. If a health IT company blocks this information, that can result in a $1 million fine per violation. For healthcare providers, consequences are not quite as severe. 

For nearly all EHI requests, physicians must respond and release patient medical records unless an appropriate exception can be identified and used. 

Don’t:

  • Refuse to disclose EHI 
  • Misquote HIPAA
  • Delay release of information
  • Impose fees to patients 
  • Make it difficult
  • Not follow through because of disorganization
  • Use shorthand in your notes or records
  • Create unnecessary delays

Do: 

  • Review your compliance program
  • Add policies to prevent information blocking
  • Amend your records request policies and procedures to ensure they don’t violate information blocking
  • Train your staff
  • Implement the new policies
  • Regroup when new information is released 

In some cases, not just records need to be shared, but notes as well. Some examples of notes that must be shared include:

  • consultation notes
  • discharge summary notes
  • history & physical
  • imaging narratives
  • laboratory report narratives
  • pathology report narratives
  • procedure notes
  • progress notes

Using Platinum as your EHR to stay in compliance 

Contrary to what many people believe, just because your EHR says it is “HIPAA-compliant,” does not mean that you are HIPAA-compliant. You have to ensure that each staff member is trained, everything is recorded, and your risk analysis is complete. 

The key, when it comes to compliance, is keeping your records clean. Stay organized, and create systems in your practice that help you streamline note-taking and record keeping. While most people have already switched from paper records to electronic, not all EHRs are created equal. 

Our 15-second SOAP notes are one of the most powerful features Platinum offers. You can back up your assessments with X-rays and whatever other documentation you need. This also helps when it comes to filing insurance. 

When it comes to the Cures Act, Platinum keeps your records easily accessible so you don’t have any delays when your patients ask for them. The two big things to remember are: don’t delay, and don’t charge. 

If you want to adopt Platinum as your chiropractic EHR software, just schedule a free demo!