Cures Act Information Blocking Compliance Readiness Assessment

Does everybody in your organization understand the definition of information blocking?

Can your organization share all electronic PHI that a patient may access under HIPAA in any compliant format a patient may request?

Does your organization have a secure, electronic process for records release that uses SMART on FHIR? (This is a required API designed to help health IT apps communicate with EHR systems.)

Can your organization produce bulk EHI exports?

Has your team received training about the Cure Act requirements, their roles in preventing information blocking, and how to use the information blocking exceptions?

Does your organization consistently release records within the 30-day HIPAA turnaround deadline (or faster if state statutes apply)?

Is your team trained to understand what is and is not a secure, compliant method of releasing EHI?

Does your organization have a documentation process to track request submissions, fulfillment, and use of exceptions?

Does your organization have a process to document system downtime or uncontrollable events that limit access to PHI?

Has your organization reviewed current ROI policies and procedures to verify they’re all compliant with the Cures Act regulations?

Has your organization reviewed and/or updated business associate agreements (BAAs) to reflect the Cures Act requirements?

Does your organization provide requestors with clear, simple instructions to access or request their medical records?