In the past, clinical laboratories have been seen as somewhat of a “black hole,” where samples are sent never to be seen again and results mysteriously appear back from. New legislation enacted in 2021 is pushing to change that. The 21st Century Cures Act (“The Cures Act”) pushes to move paper results to the digital age. It is intended to give both patients and providers secure access to their health information while also increasing innovation and competition, by providing patients with more choices in their healthcare.
Signed into law on December 13, 2016, the Cures Act calls on the healthcare industry to implement standardized application programming interfaces (APIs) which allow individuals to easily and securely access their health information via smartphone applications, including lab results, at no cost.
Presently medical labs and healthcare providers can still use traditional methods to deliver lab results and access to health information as long as they respond to patient requests in a timely fashion. By December 2022, the Federal government anticipates standards for these smartphone apps to be finalized and for software developers and healthcare providers to catch up with their digital expectations, although mandates and deadlines are not in effect as of yet.
One provision of the Cures Act which was effective April 5, 2021, states that healthcare providers may not block or delay patient access to any eligible information that is stored in their electronic health record. Providers also have to make a core set of data available in a timely manner to fulfil the requirements of interoperability and portability. These provisions apply to both clinical and pathology labs.
The Cures Act takes HIPAA one step farther by making access to eligible data easier and essentially unrestricted. It would also require vendors and users to support computer and smartphone app versions of their software. Those found in violation of the Cures Act by practicing “data blocking” can be subject to penalties of up to $1 million per violation. Violators can also be subject to “appropriate disincentives” which are to be determined at this time.
While the new legislation doesn’t require providers to be proactive in making data available to patients, it does state that they must not delay the release or availability of data once a request for the information has been made. This poses potential complications for laboratory results as many providers like to review the data before releasing them to patients. The Act does have a “preventing harm” exception built in that can be used on an individual basis. If a provider believes receiving test results prior to counseling the patient could be harmful to the patient, they can withhold the data at their discretion. In these cases, disclaimers should be added to the patient’s medical records to reflect the provider’s reasoning for this decision.
Based on the new legislation, it is critical to have clear policies and procedures in place regarding how results will be shared to ensure compliance. For example, if lab results are mailed to patients, a disclaimer should be provided explaining that the postal service can cause delays in receipt of results. If using regular (unsecured) email, a disclaimer should be provided explaining that an unencrypted email is being used and have the patient sign a consent for its use.
Ultimately, the 21st Century Cures Act aims to put the patient first in regards to access and control of their healthcare information. By putting the patient first, the Cures Act intends to deliver transparency into cost and outcomes of patient care, provide competitive options for medical care, modernize technology by giving convenient access to health records, and promote innovation and choice in technology for both patients and providers.
*Information presented in this blog is for educational purposes only and does not represent the clinical practices nor availability of testing of Genesis Reference Labs.