Starting on October 6, 2022, the definition of electronic health information (EHI) in the 21st Century Cures Act expanded beyond the United States Core Data for Interoperability (USCDI) Version 1 to all electronic Protected Health Information (ePHI) that a patient has the right to access under the Health Insurance Portability and Accountability Act (HIPAA).
Read on to learn what clinicians and health administrators need to know. For background on the Cures Act, and how it applies to open notes, read this resource about how U.S. Federal Rules Mandate Open Notes.
In October 2022, the definition of Electronic Health Information (EHI) was expanded to include electronic Protected Health Information (ePHI).
Background: In the HIPAA Privacy Rule, protected health information (PHI) is considered any identifiable health information used, maintained, stored, or transmitted by a covered entity.
A covered entity health care provider is one that bills an insurance company for services provided to any patient. Covered entities include health plans and healthcare clearinghouses. Note: The Information Blocking Rule also applies to some organizations that are not covered entities; however, it is not applicable to all covered entities
Starting on October 6, 2022, instead of being limited to the USCDI Version 1*, the definition of EHI expanded to include all information in a Designated Record Set, as defined under HIPAA.
In other words, EHI is not be limited to the specific data classes listed in the USCDI and consists of medical and payment records about a patient and any information of a type that may be used to make decisions about individuals, including patients. For actors covered by the Information Blocking rules, all ePHI in a Designated Record Set is considered to be EHI and subject to those rules.
EHI could include:
- Medical records and billing records about individuals maintained by or for a covered healthcare provider;
- Enrollment, payment, claims adjudication, and case or medical management record systems; or
- Other records that are used, in whole or in part, by or for the covered entity to make decisions about individuals.
More information about about EHI and ePHI can be found at HealthIT.gov, and downloaded as PDFs: