21st Century Cures Act Flashcards
Sector
Medical
Year Passed/Amended
2016
Original Purpose
Expedite medical research
Primary Requirements
Mostly relaxes restrictions on PHI for research purposes; clarifies that HIPAA applies to remote viewing of PHI
Entities subject to law
Mostly entities subject to HIPAA
Term for relevant PII or regulated data
PHI
Definition of relevant PII or regulated data
See HIPAA:
(a) individually identifiable
(b) health information
(c) held by a covered entity or its business associate or an employer
(d) which identifies the individual or offers a reasonable basis for identification, and
(e) relates to a past, present or future medical condition, provision of health care or payment for health care
Civil or criminal penalties?
Both civil and criminal, but nothing for criminal separate from HIPAA
Enforcing authority - Civil
Same as HIPAA, plus for certificates of confidentiality, NIH:
HHS (Department of Health and Human Services)
For Privacy Rule, Office of Civil Rights (OCR)
For non-preempted state laws, state AGs
For non-preempted FTC subject matter, FTC
Penalties - Civil
Same as HIPAA, plus for information blocking, up to $1 million
Preemption?
N/A
Private right of action?
No
FIP individual rights provided
Consent (does not modify other HIPAA rights)
Consent requirements
Clarifies that information blocking (unreasonable behavior to prevent information sharing, subject to HIPAA requirements) is not permitted.
Provides for “certificates of confidentiality,” such that PHI used for research cannot be disclosed in a legal or administrative proceeding without consent.
Consent exceptions
“Compassionate sharing” exception for alcohol/substance abuse
