Key terms, definitions, and acronyms associated with the regulations.
- Information Blocking: The body of works that are the information blocking provisions of the 21st Century Cures Act.
- information blocking: The act of intentionally withholding patient information.
- AEU: Access, exchange, or use
- EHI: Electronic health information
- Health IT: Health information technology
- USCDI: United States Core Data for Interoperability standard; particularly, version 1.
- FHIR(R): Fast Healthcare Interoperability Resources
- ONC: Office of the National Coordinator for Health IT
- CMS: Centers for Medicare & Medicaid Services
- OIG: Office of Inspector General
- ADT: Admission, discharge, and transfer notifications
- PI Program: Promoting Interoperability program
- APIs: Application programming interfaces
- PHI: Protected health information
EHI incorporates the terms “electronic protected health information” (ePHI) and “designated record set” (DRS), as they are defined by HIPAA. The definition of EHI specifically excludes psychotherapy notes or information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding, regardless of whether the group of records are used or maintained by or for a covered entity. Like ePHI, the data that constitutes EHI is not tied to a specific system in which the EHI is maintained. Health information that is de-identified consistent with the requirements of the HIPAA Privacy Rule (at 45 CFR 164.514(b)) is not included in the definition of EHI for the purposes of information blocking. Thus, any individually identifiable health information that is transmitted by or maintained in electronic media is EHI to the extent that the information would be included in the designated record set.
Before October 6, 2022: The definition of EHI was limited to the data elements represented in Version 1 of the United States Core Data for Interoperability (USCDI) standard: consultation notes, discharge summary notes, history and physical, imaging narratives, laboratory report narratives, pathology report narratives, procedure notes, and progress notes.
After October 6, 2022: The definition of EHI will expand to include any electronic, individually identifiable health information included in the designated record set per HIPAA access requirements. Physicians and their care teams will be responsible for the access, exchange, or use of each patient’s entire EHI, no longer limited to just the USCDI elements.
Health information that identifies or reasonably could be used to identify an individual (individually identifiable health information) with certain exclusions such as Family Educational Rights and Privacy Act (FERPA) education or treatment records and employment records of a covered entity. Such health information not only identifies the individual, such as demographic information, but also relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or payment for care. The information may be maintained or transmitted in any form or media (e.g., electronic, paper, or oral).
Any PHI that is maintained or transmitted in electronic form.
Designated record set
Medical records and billing records about individuals; enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; and/or other records that are used, in whole or in part, to make decisions about individuals.
Any item, collection, or grouping of information that includes PHI.