The right of access and information blocking are both related to the access and exchange of health information, but they are different in several key ways. HIPAA Privacy/Security and Compliance Officers and Health Information Management professionals need to know the difference. It is important to differentiate between Right of Access and Information Blocking to ensure your organization is compliant with both rules, as well as any applicable state privacy regulations.  

This initiative helps to empower individuals to take control of their own health information, allowing them to better manage their healthcare and make informed decisions about their health. By ensuring that individuals have access to their own health information, this initiative also helps to improve the quality and continuity of care, while also protecting the privacy and security of that information.

The right of access is a requirement under HIPAA that individuals have the right to access and obtain a copy of their protected health information (PHI) that is maintained by covered entities, such as healthcare providers and health plans. This includes electronic protected health information (ePHI).

ePHI is defined in HIPAA regulation as any protected health information (PHI) that is created, stored, transmitted, or received in any electronic format or media. The right of access also includes the right to request that their PHI be transmitted to another entity, such as another healthcare provider or a personal health record (PHR). Covered entities must provide individuals with timely access to their PHI and may only deny access under certain limited circumstances.

The exact regulatory definition of Information Blocking can be found in the Code of Federal Regulations in 45 CFR 171.103.

Information blocking is a practice in which a healthcare provider, health plan, or other covered entity intentionally interferes with the access, exchange, or use of electronic health information. The information blocking rule, which was established under the 21st Century Cures Act, requires covered entities to make EHI available for access and exchange in a way that is secure, timely, and appropriate to the circumstances. 

The ultimate goal of the Information Blocking Act is to promote greater collaboration and coordination among healthcare providers and other stakeholders, which can lead to improved quality of care, better patient outcomes, and more efficient use of healthcare resources. By breaking down barriers to the exchange of health information, this legislation aims to facilitate the development and implementation of innovative healthcare solutions that can improve the overall health of the population.

On October 6, 2022, the definition of electronic health information (EHI) expanded to include all of the digital components of an organization's designated record set (DRS). Prior to this date, the definition of EHI was limited to the data elements represented in the United States Core Data for Interoperability (USCDI) v1.

Covered entities may not use information blocking practices to prevent or interfere with access, exchange, or use of EHI, except in certain limited circumstances.

While both the right of access and information blocking are designed to promote the access and exchange of health information, the right of access focuses on individuals' access to their own PHI, while information blocking focuses on the sharing of EHI between covered entities. 

Additionally, the right of access is a long-standing requirement under HIPAA, while information blocking is a more recent requirement under the 21st Century Cures Act.

It is important to differentiate between Right of Access and Information Blocking to ensure your organization is compliant with both rules, as well as any applicable state privacy regulations. The charts below are provided as a comparison of similarities and differences between the two.