The Anti-Information blocking provisions of the 21st Century Cures Act have become enforceable as of April 5th, 2021. Particle decided to test this out and see if our employees now had control of their own medical information. Find out how it went.
For as long as clinical data has existed, patients have been trying to get their medical information into the right hands.
Who hasn’t filled out a stack of forms when switching providers or gotten locked out of a patient portal account because they forgot their password to that specific portal? Once you’ve finally gotten your hands on your information—did you look at it? Was all your data there? Or were records from certain visits or providers missing?
Are you seemingly… blocked from your access?
The Anti-Information blocking provisions of the 21st Century Cures Act were finally, after much delay, officially enforceable on April 5th. We’ve talked about Anti-Information Blocking here a few times but to give you a quick refresher (in case you’re not as obsessed with this as I am), anti-information blocking is a real paradigm shift in the ability to access patient records. Before this, while a patient technically had the right to access and share their own information, provider institutions and their associated systems were able to use any excuse in the book to not share that information back to the patient. There were no penalties associated with not sharing, no way to understand the reason for not sharing and no meaningful oversight over who was sharing information and who wasn’t. Under the Anti-Information Blocking provisions however, all of this changes. Instead of requiring a reason to share the information requested, providers and their systems now need a reason not to share the information requested. Oversight and fines have been built in and while it might take a while to get there—I’m feeling pretty optimistic that data access will really start to open up.
I’m optimistic now, but I’ve been a little skeptical about this kind of access in the past. I first got into this space because I (naively) believed that all that was needed to fix clinical record access was amazing technology. I worked hard to build it, thinking that if the technology was there, the access would come. Twelve years later, I’m still waiting for that access to be realized. I understand now that the greatest technology in the world can’t force systems to share data or adhere to what we all think they should be doing.
But you know what can force them? Federal policy and of course the associated fines and oversight from not following it.
Which brings us to the here and now. Federal policy around Information Blocking is here. Does that mean that patients now have control of their information?
We at Particle decided to find out. And who better to be the proverbial guinea pigs for a patient access experiment than employees of a company focused on opening up clinical data access across the country? We created an internal alpha program to test out whether we’d get any records back by giving ourselves explicit access to do so. Now, here at Particle, I’m kind of the Caveat Queen. So the first thing that we did was ensure the program was completely optional, providing employees with detailed documentation that informed them exactly what they would be signing up for by querying themselves. Cleverly, this also enabled us to test our e-sign Act compliant signature tool implementation in a real world scenario.
After making sure that our people knew exactly what they were getting into, as some information is always saved in our logs, we had employees notarize authorization documents that provided us with explicit permission to pull their records. The identity proofing requirements of pulling a patient’s records have not been completely defined or implemented so we decided that a notarized form, at least for this initial run, was the best way to go—since that meets the highest level of identity proofing defined by NIST. Once that was completed, we loaded the authorization documents so they would be available to any organization we were requesting records from, provided our team the needed permissions within our systems and used this as a training opportunity to show some of our newer employees exactly how a customer would use our APIs to pull records (yup, always multitasking here at Particle Health.) So far, we’ve had over half of our employees query themselves using this process, and guess what we got back?
Not much. One employee got a single file back from a single provider the first time we queried.
And so it’s clear: our industry isn’t quite there yet. But Particle is going to keep trying because we know that we will get there. And nothing shows non-compliance with a regulation like data showing that nothing came back from systems that a patient can identify has their information.
Don't worry—we'll open this up to all those interested as soon as we can. Together, with consumer-facing solutions, we'll work to enable access to your users' medical data via the largest national health exchanges.
We're going to change the world. Are you ready to help?