Background - Digital Health

Health Data: Privacy, Patient Access, Interoperability, and Information Blocking


Health data is at the core of health care delivery and payment, is key for leveraging innovative digital health technology, and is needed for research to advance health care improvements. Federal and state data laws and policies historically have addressed health data privacy, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations. While these rules continue to be important, there are new laws and policies that have attempted to balance patient privacy with access to data for important purposes, including patient access to data.

Since the enactment of the Health Information Technology and Clinical Health (HITECH) Act of 2009, the Department of Health and Human Services (HHS), particularly its Office of the National Coordinator for Health IT, has been focused on facilitating the free flow of electronic health information among health care providers, payors, and patients – commonly known as “interoperability.” In 2016, the 21st Century Cures Act (Cures Act) strengthened the agency’s authority to promote interoperability by imposing a new legal prohibition against information blocking – defined as any practice that is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information – and further requirements elevating the primacy of ensuring patients’ access (based on the Cures Act and other statutory authority):

On March 9, 2020, through ONC and CMS, HHS promulgated final rules that detail the regulatory and enforcement framework that will govern health care stakeholders’ obligations regarding interoperability, information blocking, and patient access:

Both regulations will impact existing agreements, policies, and partnerships with other health care stakeholders. In the case of information blocking, penalties can be up to $1 million per violation for many actors.

Below is a list of links to key resources and analysis that will assist you and your organization in determining the policies, procedures, and business arrangements that will need to be reviewed for compliance with these key health IT regulations, as well as others that may govern your operations and relationships with health care providers, payers, and patients.

Summaries of Final Rules (March 2020)

Relevant Blogs and Analysis for Stakeholders

For more information, please subscribe to C&M’s Health Law Blog by clicking here.

Summaries of Proposed Rules (February 2019)

Information About Other Relevant Regulations Under Development

Key Federal Regulations, Policies, and Guidance

Our Team

Crowell & Moring’s Digital Health team helps leading companies and innovators navigate emerging business opportunities and the regulatory challenges that follow. Our first-hand experience on digital health issues—including data use and interoperability, direct-to-consumer applications, telemedicine, health IT safety and oversight, reimbursement, electronic health records, value-based care, and new product and service development—provides clients with unparalleled insight into the competitive landscape and the objectives of regulators and lawmakers for the expansion of digital health and health IT-driven care coordination and data sharing models.