logo
Is the Violation Right of Access or Information Blocking? Do You Know the Difference?

Practice Management


Is the Violation Right of Access or Information Blocking? Do You Know the Difference?

Date Posted: Wednesday, May 10, 2023

 

The right of access and information blocking are both related to the access and exchange of health information, but they are different in several key ways. HIPAA Privacy/Security and Compliance Officers and Health Information Management professionals need to know the difference. It is important to differentiate between Right of Access and Information Blocking to ensure your organization is compliant with both rules, as well as any applicable state privacy regulations.  

Right of Access Initiative 
Individuals' Right under HIPAA to Access their Health Information 45 CFR § 164.524.

This initiative helps to empower individuals to take control of their own health information, allowing them to better manage their healthcare and make informed decisions about their health. By ensuring that individuals have access to their own health information, this initiative also helps to improve the quality and continuity of care, while also protecting the privacy and security of that information.

The right of access is a requirement under HIPAA that individuals have the right to access and obtain a copy of their protected health information (PHI) that is maintained by covered entities, such as healthcare providers and health plans. This includes electronic protected health information (ePHI).

ePHI is defined in HIPAA regulation as any protected health information (PHI) that is created, stored, transmitted, or received in any electronic format or media. The right of access also includes the right to request that their PHI be transmitted to another entity, such as another healthcare provider or a personal health record (PHR). Covered entities must provide individuals with timely access to their PHI and may only deny access under certain limited circumstances.

Information Blocking
The exact regulatory definition of Information Blocking can be found in the Code of Federal Regulations in 45 CFR 171.103.

Information blocking is a practice in which a healthcare provider, health plan, or other covered entity intentionally interferes with the access, exchange, or use of electronic health information. The information blocking rule, which was established under the 21st Century Cures Act, requires covered entities to make EHI available for access and exchange in a way that is secure, timely, and appropriate to the circumstances. 

The ultimate goal of the Information Blocking Act is to promote greater collaboration and coordination among healthcare providers and other stakeholders, which can lead to improved quality of care, better patient outcomes, and more efficient use of healthcare resources. By breaking down barriers to the exchange of health information, this legislation aims to facilitate the development and implementation of innovative healthcare solutions that can improve the overall health of the population.

On October 6, 2022, the definition of electronic health information (EHI) expanded to include all of the digital components of an organization's designated record set (DRS). Prior to this date, the definition of EHI was limited to the data elements represented in the United States Core Data for Interoperability (USCDI) v1.

Covered entities may not use information blocking practices to prevent or interfere with access, exchange, or use of EHI, except in certain limited circumstances.

Confused?

While both the right of access and information blocking are designed to promote the access and exchange of health information, the right of access focuses on individuals' access to their own PHI, while information blocking focuses on the sharing of EHI between covered entities. 

Additionally, the right of access is a long-standing requirement under HIPAA, while information blocking is a more recent requirement under the 21st Century Cures Act.

It is important to differentiate between Right of Access and Information Blocking to ensure your organization is compliant with both rules, as well as any applicable state privacy regulations. The charts below are provided as a comparison of similarities and differences between the two.



Conclusion

It is important to respect patient access to information while protecting confidential information. This can be a daunting task for any size of organization. After reviewing the information above, if you still have questions, consider additional training in HIPAA and the release of health information.  

We also encourage consulting with your malpractice risk attorney. Your insurance company prefers your organization to seek advice before an incident or investigation from a complaint occurs. If consulting with your malpractice company is not an option, it is highly advised to seek legal advice from a HIPAA privacy expert.

A. Michi McClure, J.D. Principal 4C Compliance, LLC
https://www.4ccompliance.com 
Member of the American Institute of Healthcare Compliance, www.aihc-assn.org






Search BCA Magazine

Search here

List Articles

Select below

Sponsor

 

 

Search BCA Magazine

Search here

List Articles

Select below