Are your Cures Act compliance strategy and technology HIPAA compliant?

As the 21st Century Cures Act’s information blocking enforcement deadline approaches, long term care providers are understandably uncertain about their risk exposure.  There are multiple considerations from data sharing practices and policies to data security and user experience.  Other existing standards also come into play – especially HIPAA and HITECH regulations – that must be met.  Are your information sharing practices compliant with both HIPAA and the Cures Act?  Do your technologies support seamless and secure information sharing?  Are your residents and their families readily able to easily access their health information?  Are your facilities ready to comply?

What is Information blocking?

Rules issued under the Cures Act are designed to prevent “information blocking.”  Providers are not allowed to engage in information blocking, which is defined as anything formally restricting the access or use of electronic health information (“EHI”) through contracts or policies. It also prohibits unnecessarily slowing or delaying access or limiting the timeliness of access to EHI or charging for EHI.  Read our full blog post to learn more.

The Cures Act and its requirements were built with the existing HIPAA and HITECH standards.  As a result, the same structures and limitations govern the Cures Act.  Long term care providers must have both policies and technologies in place that avoid blocking access to health information from residents and their families.  In a nutshell:

  • HIPAA establishes the legal framework for protecting residents’ privacy
  • HITECH provides guidance on information sharing methodologies
  • Cures Act defines interoperability standards for health data sharing and penalties for information blocking.

Information sharing policies define technical requirements

What information sharing and data security policies have your facilities implemented?  Do they support easy resident access to their health information?  Without clear HIPAA-compliant data sharing policies, it will be difficult to define the best technologies for your facilities.  The following checklist spotlights the key policies that inform health data sharing technology selections.

HIPAA policies and procedures checklist

We’ve compiled a list of HIPAA requirements that long-term care facilities need to address, and in some cases modify, in their Cures Act policies and procedures:

  • Access Policies
    • Individual access rights
    • Personal representatives
  • Security Policies
  • Use and Disclosure Policies
    • Use and disclosure of health information without individual authorization
    • Required use and disclosure of health information
    • Use and disclosure of sensitive health information
    • Minimum necessary standard procedures
    • Safeguards for use and disclosure/verification of identity and authority
  • Administrative Policies
    • Record retention
    • Data use agreements (DUA)

What can and should technologies do for your facilities?

By definition, resident data sharing technologies should make it easy for residents and their families to access the residents’ health data.  These technologies must also insure compliance with HIPAA and Cures Act regulations.  For facilities, they should also minimize the work required of staff to provide residents’ data.

How’s Mom’s Can Help

The How’s Mom Family App and Connection Hub provide residents' health information to authorized family members – on demand.  Your facility decides which health records to make available to families.  There’s no need to respond to individual information requests – the data is available right on the resident or family member’s mobile device. How's Mom ensures that resident data is secure at all times.

Data availability:

  • Medication Lists​: Current list of medications
  • Vitals: Numerous vital readings including temperature, blood sugar, weight, and more
  • Conditions: Any change to current conditions and brief summary update of existing conditions
  • Nutrition Orders​: Listing of allergies and food restrictions. Updates on recent meals and consumption levels

HIPAA and Cures Act compliant features and technologies

  • End-to-end data encryption
  • User access restrictions
    • Resident account verification (name and date of birth)
  • Staff data access restrictions
    • Role-based data access permissions
    • 2 Factor Authentication

Read to learn more?  Read our free 21st Century Cures Act Guide.  – link to:

Schedule A Demo

Contact us today to learn how the How’s Mom Family App and Connections Hub can help you comply with the Cures Act, easily and efficiently.

Schedule A Demo