HHS Posts Final Rules Requiring Sharing of Patient Data

March 13, 2020

The Department of Health and Human Services unveiled its final rules governing the exchange of health care data (interoperability) and patient access to their health care records, as required by the 21st Century Cures Act.

The rules require hospitals, providers, and insurers to make patient data easily shareable using certain data formatting standards.  Administration officials state the rule will give patients control over their health care records, a necessary step in the move towards a value-based health care system.

Patients will be able to access their health data from mobile apps as well as share their data with other providers and third parties. 

Final rule protects patient privacy but health IT vendors continue to raise concerns that under the new rules when individuals share information with other parties, HIPAA protections may no longer apply.

The CMS rule requires Medicare Advantage, Medicaid, CHIP, and federal exchange plans to share claims data with patients electronically through third parties. It also requires states to send enrollee data for Medicare and Medicaid daily to improve the coordination and accessibility of care.

While the rules have the potential to provide much-needed access to a patient's health data, they also open the door for abuse of private information as apps could be hacked and patients may not be fully aware of how much access they are giving to third parties.