Practices and patients will be able to export electronic health information (EHI) more easily thanks to a 21st Century Cures Act requirement that all certified electronic health records (EHR) systems provide such functionality by Dec. 31.
The requirement – stemming from the act’s electronic health information export condition – was designed to provide a way for practices switching health IT systems and patients seeking access to their health information to export any EHI that a certified health information technology system produces, per the Office of the National Coordinator (ONC) for Health Information Technology.
“Previously, physicians changing EHR vendors would be charged by developers to switch electronic data to a new system. Now, physicians are allowed to export without developer interference,” said Shannon Vogel, the Texas Medical Association’s associate vice president of health information technology.
The requirement applies to all developers of certified health information technology systems that store EHI. By the end of this year, developers are required to provide this functionality to physicians and other health practitioners and certify with ONC that their products meet the act’s export functionality requirements, which includes obligations to:
- Electronically export all EHI that is stored as of the date of product certification; and
- Facilitate single-patient EHI access requests and entire patient population EHI exports.
Per ONC, EHI is protected information that is included in a designated record set. The HIPAA privacy rule defines record sets as groups of records that may include:
- Patient medical and billing documents;
- Enrollment, payment, claims, adjudication, and cases or medical management record systems maintained by a health plan; and
- Information used in whole or in part to make care-related decisions.
EHI does not include psychotherapy notes or information assembled for use in a civil, criminal, or administrative case or proceeding. ONC states that EHI is the same information that “covered entities must make available for patients to access when they exercise their HIPAA right of access.”
Starting Dec. 31, if a system’s data qualifies as EHI, then the system:
- Must be able to export patient data at any time the user chooses, without the system developer’s support;
- Must provide data in an electronic and computable format; and
- Must limit which users can use an EHI export.
Additionally, systems must include a publicly accessible hyperlink that allows any user to directly access the export file information that describes the structure and syntax (not the EHI itself).
If your vendor is not compliant, ONC outlines steps you can take to either resolve the issue or file a complaint with the agency.
For more information on the 21st Century Cures Act, EHRs, and other technology resources, visit TMA’s Health Information Technology webpage.
Alisa Pierce
Reporter, Division of Communications and Marketing
(512) 370-1469